Tuesday, August 4, 2020
US flag

Feds report data security breach from China

Personnel data for about 4 million current and former employees of the federal government has been breached over a period that seems to extend at least from late last year until April, when officials in the Obama administration noticed it, the New York Times reports.

The intrusion into the computers at the Office of Personnel Management appears to have originated in China, according to reports. That office handles government security clearances as well as federal employee records.

This is the second breach of a sensitive and important federal computer system in the last 12 months—that we know about. Late last year, the White House and State Department said their email systems had been compromised in an attack by hackers in Russia.

This is why I have gone on the record (see here and here, for example) as opposing the transmission of student data over the Internet or its storage on any file server, at least if it might be sensitive, time-sensitive, or invasive of students’ lives at school, at home, or in their communities. If the federal government, the supreme taxing authority in this land, can’t spend enough money to protect data about its own employees, how can we possibly expect corporations to spend even a fraction of that to protect what has always been private information about students?

Gov Larry Hogan, Republican of Maryland, recently signed House Bill 298, the so-called Student Data Privacy Act of 2015, into law. As introduced by Delegate Anne Kaiser, the bill would have added a few safeguards against corporations grabbing student data that should remain private. Unfortunately, the state Senate ran with the bill and turned it into a lobbyist- and corporation-friendly hack job.

Last-minute amendments left the measure “riddled with loopholes,” and as it stands, the new law “puts the interests of tech vendors above those of Maryland’s schoolchildren,” according to an editorial in the Baltimore Sun. Companies now have carte blanche to use information collected in Maryland’s schools to market their products to our children and their parents, and to disclose students’ personal information to third parties.

So, it seems we have learned nothing from recent breaches. In fact, we continue to pass laws that essentially hold the door open for people of questionable morals and even for criminals.

But why should we worry, right? Corporations have no use for data, which should remain private, about our students, do they?

Just last month, as the federal government was taking a long look at data privacy, Education Week ran an article that spelled out five basic principles schools should use—whether they’re urban, suburban, or rural; small or large—to protect their students’ private information:

  • Build data-privacy policies into your school culture, so that every faculty and administrative staff member is thinking about it whenever student data is involved. Promote this approach among all employees, from the newest teacher up to the superintendent.
  • Be very wary of “free” technology solutions. You may end up paying with students’ data, rather than cash. (For more on this, see Ms Tufekci’s op-ed.)
  • When you work with a technology company, don’t just ask for a product demonstration. Demand an executive briefing that will show you step by step and scenario by scenario exactly how data will be protected.
  • Data privacy often has legal implications; make sure school or district lawyers are involved in the policy-making process.
  • Take advantage of reliable online resources that clarify why data privacy is important, best-in-class privacy standards, and strategies for tailoring a school’s or district’s data-privacy policies.

That’s some practical advice, but if data is online or transmitted over the Internet and some hacker wants to get it because someone else is willing to pay good enough money for it, it’s only a matter of time before it’s hacked. How many more times does this have to happen before we understand and accept the futility of safeguarding data from criminals, whistle-blowers, incompetent I/T staff, and school personnel who mean well but just don’t understand what it takes to keep data from falling into the wrong hands in a tech-savvy and criminal world?

And for Pete’s sake, don’t post anything private on public forums like Facebook, Twitter, Instagram, Ask.fm, YouTube, or any other social media site. It’s not even illegal to gather data from those places.

Zeynep Tufekci writes an op-ed in today’s New York Times entitled “Mark Zuckerberg, Let Me Pay for Facebook,” in which she tells us, “A recent Pew Research Center poll shows that 93 percent of the public believes that ‘being in control of who can get information about them is important,’ and yet the amount of information we generate online has exploded and we seldom know where it all goes.”

Soon, I wouldn’t be surprised if test delivery platforms like Pearson’s TestNav will allow login via Facebook ID, just as every other Internet site seems to allow. Even this blog has succumbed to the truth that Facebook and its personalized ads are everywhere, and you can login to post a comment using your Facebook login if you don’t care to set up a WordPress account.

Paul Katula is the executive editor of the Voxitatis Research Foundation, which publishes this blog. For more information, see the About page.

Recent posts

Voxitatis congratulates the COVID Class of 2020

2020 is unique and, for high school graduates, different from anything they've seen. Proms, spring sports, & many graduation ceremonies are cancelled. Time for something new.

Vertical addition (m3.nbt.2) math practice

3rd grade, numbers and operations in base 10, 2, 3-digit vertical addition practice problem

Rubber ducks (m3.oa.1) math practice

3rd grade, operational and algebraic thinking, 1, rubber ducky modeling practice problem

Distance learning begins as Covid-19 thrives

What we learn during & from coronavirus, a challenging & imminent crisis, will provide insights into so many aspects of our lives.

Calif. h.s. choir sings with social distancing

Performances with the assistance of technology can spread inspiration across the globe even as the coronavirus spreads illness and disease.

Families plan to stay healthy during closures

Although schools are doing what they can to keep students learning and healthy during the coronavirus outbreak, that duty now shifts to parents.

Illinois temporarily closes all schools

IL schools will be closed on Tuesday, March 17, through at least March 30. Schools in 18 states are now closed due to coronavirus.

Coronavirus closures & cancellations

Many schools are closed and sports tournaments cancelled across America during what the president called a national emergency: coronavirus.

Coronavirus closes schools in Seattle

The coronavirus pandemic has caused colleges to cancel classes, and now Seattle Public Schools became the nation's first large district to cancel classes due to the virus.

Most detailed images ever of the sun

A new telescope at the National Solar Observatory snapped the most detailed pictures of the sun's surface we have ever seen.

Feds boost Bay funding

Restoration efforts in the Chesapeake Bay watershed received a boost in federal funding in the budget Congress passed last month.