Cross-posted on the EdTech Strategies blog:

In the three weeks since “Tracking: EDU” officially launched, a growing number of news outlets, associations, and organizations have highlighted the findings and significance of the work, including Boing Boing (which helpfully excerpted some of the study’s recommendations), Dark Reading, DataBreaches.netEdScoop, EdSurge (with commentary from state officials from Connecticut and Tennessee), Education Week, FERPA|SHERPA, the IAPPPOLITICO, and T.H.E. Journal.



And, while I am grateful for the coverage of the study, I recognize the complexity inherent in raising security and privacy deficiencies in SEA and LEA websites that are not readily observable by the (untrained) naked eye. After all, it is no secret that many people don’t read website privacy policies, and it is the nature of the technical handshake between a user’s web browser and a website that the complex machine-to-machine communications that happen when viewing a website are all done silently and automatically. That’s what allows all of us non-technical folks to experience the wonder of the world wide web without resorting to arcane command line expressions. It is very much a feature, not a bug.

Well – that is – with the exception of when our trust in otherwise invisible website security and privacy practices is misplaced:

Facebook’s tracking of non-users ruled illegal again

Another blow for Facebook in Europe: Judges in Belgium have once again ruled the company broke privacy laws by deploying technology such as cookies and social plug-ins to track internet users across the web. Facebook uses data it collects in this way to sell targeted advertising.

Hackers Take Over U.S. Government Websites to Mine Cryptocurrency

Hackers have hijacked government websites in the U.S. and the UK in order to secretly mine cryptocurrency through the computers and smartphones of any visitors to the sites. The illicit cryptocurrency mining, known as cryptojacking, took place on more than 4,200 websites on Sunday, February 11, using


The purpose of “Tracking: EDU” was to motivate SEAs, LEAs, and schools to improve their website (and other) security and privacy practices. The study offers concrete recommendations for doing so. Whether by heeding the warnings, insights, and advice from this study now – or by being forced to make changes by the practices of the technology companies with a vested interest in better practices later – we all have a stake in keeping schools off the K-12 Cyber Incident Map.