The Center for Democracy & Technology (CDT) applauds the ongoing efforts of the Federal Communications Commission (Commission) and Congress to close the homework gap. As part of its twenty-five year history advocating to advance civil rights and protect civil liberties in the digital age, CDT works to ensure that schools and educators are able to use technology and data to support students while protecting their privacy. CDT submits these comments to encourage the Commission to address two issues to protect student privacy in closing the homework gap:
- the Commission should clarify the meaning of the “monitoring” requirement under the Children’s Internet Protection Act (CIPA) and distinguish it from “tracking”; and,
- the Commission should adopt an approach to funding, documentation, and audits that relies on aggregate rather than individual student data to both protect student privacy and ensure use of reliable data.
First, under CIPA, schools are required to “monitor the online activities of minors.” That requirement is not defined and raises significant privacy concerns, which would be exacerbated if it were applied to devices and services used off-campus. Thus, if the Commission determines that CIPA does apply to devices and services funded through the Emergency Connectivity Fund, it should clarify the meaning of the monitoring requirement.
Schools have adopted overly broad, invasive means of surveillance, purportedly to fulfill CIPA’s requirements. That surveillance occurs at all levels of students’ online experience, including on school-issued devices, on school networks, through web apps, and even by “force installing” browser extensions. This surveillance has harmed students through:
- wasted resources spent on surveillance technologies that far exceed CIPA’s requirements,
- invasion of student privacy and loss of trust in schools as stewards of student data,
- the overcollection and potential misuse of data, and
- increased inequities for over-surveilled populations such as students of color, LGBTQ+ students, and low-income students.
These harms would be increased to the extent that monitoring were to occur in students’ homes. For example, some schools have accessed device cameras and microphones, which in an offcampus context could lead to monitoring of family conversations and activities.
To address those harms, the Commission should clarify that the “monitoring” requirement under CIPA may be satisfied by the community-centered, non-technical approach envisioned by Congress and should be limited to only the minimal data access and collection needed to achieve the statute’s requirements.
Second, the Commission should ensure that its funding, documentation, and audit requirements are protective of student privacy and effective at reducing waste, fraud, and abuse by relying on aggregate rather than individual-level data. The Family Educational Rights and Privacy Act restricts the sharing of students’ names and addresses, and schools may face legal obstacles in sharing that information with external auditors. That sharing also raises ethical and administrative obstacles in obtaining meaningful, non-coerced parental consent. Moreover, it will be difficult for schools to collect reliable individual data due to various factors including the significant percentage of students from vulnerable populations who change schools each year. Given these challenges, the Commission should adopt funding, documentation, and audit procedures that are based on school- or district-level aggregate data, such as those currently in place under E-Rate.