Cross-posted on the EdTech Strategies blog: https://www.edtechstrategies.com.
In the three weeks since “Tracking: EDU” officially launched, a growing number of news outlets, associations, and organizations have highlighted the findings and significance of the work, including Boing Boing (which helpfully excerpted some of the study’s recommendations), Dark Reading, DataBreaches.net, EdScoop, EdSurge (with commentary from state officials from Connecticut and Tennessee), Education Week, FERPA|SHERPA, the IAPP, POLITICO, and T.H.E. Journal.
And, while I am grateful for the coverage of the study, I recognize the complexity inherent in raising security and privacy deficiencies in SEA and LEA websites that are not readily observable by the (untrained) naked eye. After all, it is no secret that many people don’t read website privacy policies, and it is the nature of the technical handshake between a user’s web browser and a website that the complex machine-to-machine communications that happen when viewing a website are all done silently and automatically. That’s what allows all of us non-technical folks to experience the wonder of the world wide web without resorting to arcane command line expressions. It is very much a feature, not a bug.
Well – that is – with the exception of when our trust in otherwise invisible website security and privacy practices is misplaced:
Facebook’s tracking of non-users ruled illegal again | TechCrunch
Another blow for Facebook in Europe: Judges in Belgium have once again ruled the company broke privacy laws by deploying technology such as cookies and
https://uk.news.yahoo.com/hackers-over-u-government-websites-120130797.html
The purpose of “Tracking: EDU” was to motivate SEAs, LEAs, and schools to improve their website (and other) security and privacy practices. The study offers concrete recommendations for doing so. Whether by heeding the warnings, insights, and advice from this study now – or by being forced to make changes by the practices of the technology companies with a vested interest in better practices later – we all have a stake in keeping schools off the K-12 Cyber Incident Map.