eBackpack Bankruptcy May Put Student & Teacher Data in Peril

kelly-sikkema-266805-660x400@2x

 
Teachers put their assignments into an on-line data base.

 

Students access them on their computers, iPads or other devices and then submit their work via the Internet.

 

What could go wrong?

 

Plenty. Especially when the company that provides this service goes bankrupt.

 

And that’s exactly what’s happened with Texas-based educational technology company eBackpack.

 

All those teacher assignments and student works are still there in computer servers somewhere. And now that eBackpack has filed Chapter 7 bankruptcy, all of it has become assets the company could decide to sell off to pay its debts.

 
The company explicitly reserves the right to do so according to its own Privacy Statement:

 

“The information we collect is used to improve the content of our Web pages and the quality of our service, and is not shared with or sold to other organizations for commercial purposes, except to provide products or services you’ve requested, when we have your permission, or under the following circumstances:

 

-We transfer information about you if eBackpack or part of it is acquired by or merged with another company. In this event, eBackpack will notify you before information about you is transferred and becomes subject to a different privacy policy.” [Emphasis mine]

 

Well that’s comforting. I wonder how a company that will no longer exist will have staff to notify former customers about what’s happening to the mountains of data we put in its hands.

 

Even under the best of circumstances, who will it notify? Teachers? Students? Parents? Or just the administrators or school boards who managed the over all accounts for individual districts?

 

eBackpack’s Terms of Service Agreement contains several red flags that someone should have noticed before students’ privacy was jeopardized:

 
“-eBackpack may assign its rights and obligations under these Terms to a third party without your consent.

 

“-You agree to use the Service at your own risk, without any liability whatsoever to eBackpack.

 

-1.1. Your use of the Service is at your sole risk. The Service is provided on an “as is,” “as available” and “with all faults” basis. The Service is owned and copyrighted by eBackpack and offered through a subscription, not sold, to you.

 

-10.1. eBackpack reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Service (or any part thereof) with or without notice.

 

-By submitting Content to eBackpack, you grant eBackpack a perpetual, worldwide, non-exclusive, royalty-free right to copy, display, modify, transmit, make derivative works of, and distribute your Content for the purpose of providing or developing the Service.

 

-14.2. You consent to eBackpack’s use and/or references to your name, directly or indirectly, in eBackpack’s marketing and training materials. You consent to eBackpack’s use of your communication with eBackpack for marketing and training materials. You may not use eBackpack’s name or trademark without eBackpack’s prior written consent.”

 
It’s not like schools weren’t warned.

 
Less than a year ago, the Federal Bureau of Investigations (FBI) issued a strong statement cautioning consumers that edtech companies put student data at risk.

 

 

The bureau advised parents, teachers and administrators to take several steps to safeguard children’s privacy. The organization also pushed for the federal government to revise privacy laws to better protect kids from this industry.

 

In addition, commonsense.org – a nonprofit studying education issues – conducted a three-year review of 100 edtech companies. It concluded that 74% of these businesses hold the right to transfer any personal information they collect if the company is acquired, merged, or files for bankruptcy.

 

The authors wrote that there is “a widespread lack of transparency, as well as inconsistent privacy and security practices” in how student information is collected, used, and disclosed.

 

 

Why would any company want such student data?

 

It helps market products and, itself, can be a very marketable product.

 

For instance, imagine how much more effective the hiring process would be if businesses had access to applicants school attendance records. Imagine if businesses had an applicant’s entire academic record.

 

Employers could buy vast amounts of data and use algorithms to sort through it looking for red flags without fully comprehending what was being compiled. Imagine an applicant being turned down for a job because of low middle school attendance but not being able to explain that this was due to a legitimate illness.

 

There are reasons we protect people’s privacy. You shouldn’t have to explain your score on a 3rd grade spelling test the rest of your life or have the need for special education services become a liability on your credit record.

 

Yet all of these things are possible when student data is up for grabs as it may be in this instance.

 
This is personal to me.

 

My district uses eBackpack.

 

Yet it was for these exact reasons that I never jumped on the bandwagon with my own students in my classroom.

 

I experimented somewhat with the platform, myself, to see what it offered and to weigh whether the advantages canceled out the disadvantages.

 

If I had decided to move forward, I would have asked parent permission first, but in the end, I decided it wasn’t worth the risk – and boy am I glad!

 

Yet having interacted with the platform at all, I received the following email from the company yesterday:

 

“Dear User,

 

We regret to inform you that this 2018-2019 school year is the last year eBackpack will be operating.  We will not be accepting any renewals going forward and we will not be providing any services past July 31, 2019. All services will be terminated on that date. Please download and save to your own devices any data prior to July 31, 2019. Once the services for eBackpack are turned off, your files and data will no longer be accessible, and we will not have staff available to respond to any customer inquiries. We appreciate your support over the past years and we will truly miss working with you all!

 
If you have any questions or concerns, please feel free to send an email to edison@ebackpack.com or billing@ebackpck.com.
Again, we appreciate your time with us and all of your support.

 
Thank you,
 eBackpack Team”

 

I haven’t tried to contact the company, but I’m seeing on Reddit that others have been unable to do so.

 

One customer wrote:

 

“We use eBackpack and we are unable to pay our bill as no one answers their number or responds to emails. A quick Google search shows recent bankruptcy procedure. Anyone know anything? Am I the only one still using them?”

 

EBACKPACK, LLC did in fact file a chapter 7 bankruptcy case on Feb 8, according to docket information on-line.

 
Chapter 7 is sometimes called straight bankruptcy or liquidation bankruptcy. In general, the court appoints a trustee to oversee the case, take the company’s assets, sell them and distribute the money to the creditors who file claims. However, the trustee doesn’t take every last bit of company property. Owners are allowed to keep enough  “exempt” property to get a “fresh start.”

 

 

This is big business. Venture capitalists have invested more than $1.8 billion in the edtech industry in 2015, alone.

 
At this time, it is still unclear exactly how many students and teachers have been put at risk.

 

I can’t find information anywhere about how many student or teacher accounts are in jeopardy or how many districts used the platform.

 
Hopefully this will be a wakeup call that the edtech industry needs to be more closely monitored and regulated.

 
We cannot continue to put convenience and profit ahead of student and teacher safety.

 


 

Like this post? I’ve written a book, “Gadfly on the Wall: A Public School Teacher Speaks Out on Racism and Reform,” now available from Garn Press. Ten percent of the proceeds go to the Badass Teachers Association. Check it out!

thumbnail_IMG_8249

FBI Warns EdTech Puts Student Safety at Risk

students-99506_960_720

 

Pandora’s box may not be a heavy wooden chest.

 

It might just be a laptop or an iPad.

 

The Federal Bureau of Investigations (FBI) issued a warning late last week about the proliferation of educational technologies (EdTech) in schools and the dangers they pose to student safety and privacy.

 

The devices and applications singled out by US domestic intelligence services all involve software that asks for and saves student input.

 

This includes classroom management tools like Class Dojo and eBackpack as well as student testing and remediation applications like Classroom Diagnostic Tools and StudyIsland.

 

The alert cautions schools and parents that the widespread collection of student data involved in these applications could cause safety concerns if the information is compromised or exploited.

 

It’s just such technologies that have proliferated at a breakneck pace in districts throughout the country while legislation, cybersecurity and even awareness of the danger has lagged behind.

 

The Bureau is concerned about EdTech services because many are “adaptive, personalized learning experiences” or “administrative platforms for tracking academics, disciplinary issues, student information systems, and classroom management programs.”

 

The Bureau clarified that use of EdTech applications was not, in itself, the problem. They are a tool, and like any tool, they can be used for good or ill.

 

Advocates say when used correctly, these systems offer the potential for student collaboration, and for teachers to collect and compare information about students to help design better lessons. On the other hand, critics warn that the problems with most EdTech is essential to the way it operates and that it is designed more for the purposes of student data mining and profitization by corporations than with academic success for children in mind.

 

In either case, the dangers posed by such devices are indisputable.

 

The amount and kinds of data being collected about students has not been well publicized or understood. Many school boards, administrators, teachers, parents and students may be using EdTech without a full appreciation of how it often surreptitiously collects data on children.

 

Analysts listed several types of student particulars being stockpiled:

 

  • “personally identifiable information (PII);

 

  • biometric data;

 

  • academic progress;

 

  • behavioral, disciplinary, and medical information;

 

  • Web browsing history;

 

  • students’ geolocation;

 

  • IP addresses used by students; and

 

  • classroom activities.”

 

This is highly sensitive information that could be extremely harmful to students if it fell into the wrong hands.

 

Pedophiles could use this data to find and abduct children. Criminals could use it to blackmail them. It could even be sold to unscrupulous corporations or exploited by other children to bully and harass classmates.

 

These concerns are not merely academic. Data breaches have already occurred.

 

According to the FBI:

 

“…in late 2017, cyber actors exploited school information technology (IT) systems by hacking into multiple school district servers across the United States. They accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information. The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets.”

 

Though the Bureau did not mention them by name, it cited two specific cybersecurity failures in 2017 at two large EdTech companies where millions of student’s private information became publicly available.

 

The FBI seems to be referring to Edmodo and Schoolzilla. Hackers stole 77 million user accounts from Edmodo last year and sold that data to a “dark web” marketplace. Likewise, Schoolzilla stored student information on a publicly accessible server, according to a security researcher, thereby exposing the private information of approximately 1.3 million children.

 

It was these data breaches that prompted the Department of Education to issue a Cyber Advisory alert in October of 2017 warning that cyber criminals were targeting schools that had inadequate data security. Criminals were trying to gain access to this sensitive material about students to “shame, bully, and threaten children.”

 

In February, another cybercrime was reported by the Internal Revenue Service. The agency released an “urgent alert” about scammers targeting school districts with W-2 phishing schemes.

 

Of particular concern to the FBI are school devices connected directly to the Internet. They offer hackers an immediate link to private student information. This is true even if a school device is in the student’s home.

 

Tablets, laptops or monitoring devices such as cameras or microphones could be exploitable by tech savvy criminals – especially since many EdTech programs allow remote-access capabilities without the user even being aware of what is happening.

 

Indeed, some EdTech companies collect information on students’ feelings; become student data brokers and use voice-activated speakers in the classroom.

 

 

The FBI listed several recommendations for parents and families:

 

  • “Research existing student and child privacy protections of the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA), and state laws as they apply to EdTech services.

  • Discuss with their local districts about what and how EdTech technologies and programs are used in their schools.

 

  • Conduct research on parent coalition and information-sharing organizations which are available online for those looking for support and additional resources.

 

  • Research school-related cyber breaches which can further inform families of student data vulnerabilities.

 

  • Consider credit or identity theft monitoring to check for any fraudulent use of their children’s identity.

 

  • Conduct regular Internet searches of children’s information to help identify the exposure and spread of their information on the Internet.”

 

The warning concluded by asking those who have information about cybercrimes or who have been victimized by data breaches to file a complaint with the Internet Crime Complaint Center at www.ic3.gov.

 

For some, the FBI’s warning highlights the need for greater education funding for cybersecurity.

 

“While other industries are investing in greater IT security to protect against cyber threats, many schools are facing budget constraints that result in declining resources for IT security programs,” staff members from the Future of Privacy Forum wrote on their blog. “Schools across the country lack funding to provide and maintain adequate security,” they wrote.

 

Others see the problem as one of antiquated legislation not keeping up with changing technologies.

 

The FBI memo highlights a need for Congress to update federal student privacy laws, said Rachael Stickland, co-founder and co-chair of the Parent Coalition for Student Privacy.

 

At present, these issues are covered haphazardly from state to state, a situation Strickland finds intolerably inadequate.

 

The main federal law safeguarding student data privacy, The Family Educational Rights and Privacy Act, should be updated, she said. It must address exactly which ways districts should be allowed to share data with EdTech companies.

 

“What we need is a comprehensive approach at the federal level to address these outdated federal laws,” she said. “We really need these modernized to address not only the cybersecurity threats but also the potential misuse of this data.”

 

However, some critics are skeptical of the very use of EdTech in the classroom, at all.

 

They see the potential dangers being so massive and difficult to guard against that any remedies to fix the problem would be counterproductive.

 

Instead of spending millions or billions more on cybersecurity measures, we should use any additional funding for more essential budget items like teachers, tutors, nurses and counselors.

 

The goal is to provide a quality education – not to provide a quality education with increasingly complex technologies. If the former can be done with the latter, that’s fine. But if we have to choose between the two, we should go with proven methods instead of the latest fads.

 

EdTech corporations are making staggering profits off public schools while almost every other area goes lacking. In the nexus of business and industry, we may be losing sight of what’s best for students.

 

The question is have we already opened Pandora’s box, and if we haven’t, can we stop ourselves from doing so?

 


Like this post? I’ve written a book, “Gadfly on the Wall: A Public School Teacher Speaks Out on Racism and Reform,” now available from Garn Press. Ten percent of the proceeds go to the Badass Teachers Association. Check it out!

WANT A SIGNED COPY?

Click here to order one directly from me to your door!

book-3