By Pat Elder
Over the last two years, more than half of the states have enacted legislation aimed at protecting the privacy of high school students. A Student Privacy Pledge has attracted the support of 200 companies in the business of providing online services to students in America’s classrooms. The White House, too, has proposed a Student Digital Privacy Act, modeled after California’s stringent Student Online Personal Information Protection Act, (SOPIPA), that was passed in 2014 and went into effect in 2016.
Meanwhile, the military, the nation’s most egregious violator of student privacy rights, gets a pass.
Several elements are common to most of these laws, according to Jules Polonetsky and Brenda Leong of the Future of Privacy Forum. They summarize the new laws regulating school-based digital data collectors:
[Data collectors] are barred from selling student information, delivering targeted advertising to students, or changing privacy policies without notice and choice. They must use data for authorized educational uses only, support requirements for parental access to data, and delete data when required.
If a school promotes an online product and requires or encourages students to use it, then it has responsibility for making sure the tool complies with many of these new privacy laws.
Like yearbook and ring companies that sell student information to the highest bidder, DOD recruiters and civilian employees routinely pass sensitive information about underage students to the Joint Advertising and Marketing Research Systems (JAMRS), a DOD program. JAMRS subcontracts the massive, Orwellian database of approximately 30 million youth, ages 16-25, to the data goliath Equifax.
On a scale that dwarfs corporate competitors, the DOD delivers targeted advertising to students. It changes privacy policies without notice or choice to consumers. (The recent changes to USMEPCOM Regulation 601-4 concerning the Armed Services Vocational Aptitude Battery, ASVAB, provide an example.) The military does not use the data it collects for educational purposes, and it works against providing for parental consent or access to data. Furthermore, the military retains data collected on students long after laws demand their destruction.
While proposing the Student Digital Privacy Act last year, President Obama forcefully declared, “data collected on students in the classroom should only be used for educational purposes — to teach our children, not to market to our children.” However, the president’s proposal leaves the DOD alone.
The framework of the President’s proposal is taken from the California law:
Operators may not collect information that is descriptive of a student or otherwise identifies a student, including, but not limited to, information in the student’s educational record or email, first and last name, home address, telephone number, email address, or other information that allows physical or online contact. discipline records, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, social security number, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious information, text messages, documents, student identifiers, search activity, photos, voice recordings, or geolocation information.
The DOD collects most of this through the ASVAB enlistment test alone. More than a thousand schools require students to take the test. Overall, 650,000 high school kids take the test in 12,000 schools.
Minnesota, New Jersey, Colorado, New Mexico,and Mississippi, allow students to take the ASVAB as an alternative end-of-year assessment. Kentucky and Missouri encourage students to take the ASVAB to be considered “Career Ready.” These policies provide a treasure trove of unregulated data for the Pentagon, all without parental consent. On the other end of the spectrum, Hawaii, Maryland, and New Hampshire do not allow results from the ASVAB to be used for recruiting purposes.
Federal law says military recruiters may request the names, addresses, and numbers of students for direct marketing purposes, an act prohibited in all the new privacy laws. The law, however, allows parents to request that their child’s name not be forwarded to the Pentagon. Maryland is the only state that has a law requiring an “opt-out” form to be placed on the mandatory emergency contact card, leading most parents to remove their child’s information from lists being sent to recruiters. The new data privacy laws fail to address this obvious invasion of privacy in the 49 states that are reluctant to check this military overreach.
The military has multiple avenues of data flowing into its databases. High school guidance offices and career centers encourage students to visit the websites of each of the military branches, reserves, and Guard units. They all collect volumes of personally identifiable data. Schools also promote the following websites, and they often provide instruction in navigating a host of military or military-supported sites like: www.todaysmilitary.com, www.ecybermission.com,www.march2success.com, www.armystrongstories.com,www.military.com,www.asvabprogram.com,www.march2success.com, and www.myfuture.com.
Unwary students are prompted to click on military links to Facebook, YouTube, and Twitter where newly formed units of recruiters in recruiting companies across the country spend countless hours trolling these sources to assemble a virtual portrait of children before first contact.
The DOD also works in state houses to loosen privacy protections. Kentucky is the worst. Their law says, “All student academic records are made available upon request to any agency of the federal or state government for the purpose of determining a student's eligibility for military service.”
When President Obama endorsed the Student Privacy Pledge, he called for companies to make a firm commitment to using student data only for educational purposes. The Student Privacy Pledge asks data collectors to abide voluntarily by the same standards taken from many the new state laws
“We pioneered the Internet,” Obama said at the Federal Trade Commission. “But we also pioneered the Bill of Rights and a sense each of us as individuals have a sphere of privacy around us that should not be breached by our government but also by commercial interests.” The DoD has not signed the pledge and is not likely to do so on anytime soon because so much of the Pentagon’s strategy for recruiting the nation’s youth depends on deception.
The Pledge applies to all personal student information whether or not it is part of an “educational record” as defined by federal law. It is an important distinction because the DOD has claimed for years that the administration of the ASVAB in the schools is not subject to the Buckley Amendment, so results do not need parental consent to be released to recruiters. The Buckley Amendment says schools may not release educational records to third parties without seeking parental consent. The DOD claims ASVAB results are not educational records. Instead, they say test results are military records. The DOD has a long and despicable history of dodging privacy mandates.
Meanwhile, other giants in the student testing industry, like the College Board and Houghton Mifflin Harcourt, have signed on.
When the ACLU settled their lawsuit with the DOD over the illegal JAMRS database in 2007, the DOD agreed to the following:
· limit to three years the length of time that DoD retains student information;
· stop collecting student Social Security Numbers; and,
· establish and clarify procedures by which students can block the military from entering information about them in the database and have their information removed.
The DOD has fallen short on all three accounts. Student information is retained indefinitely, although JAMRS data is placed in a “suppression file” after three years. The Recruiting Command routinely collects social security numbers through the ASVAB program and the DOD has failed to make anything clear to students or their parents regarding the JAMRS database or ways to have information removed.
This is not what democracy looks like. The DOD defends its actions arguing that this heavy-handed arrangement is preferable to the return of the draft, although the problem is much deeper.
Relatively few want to enlist and those that do increasingly come from a shrinking number of deep red states in the south. The realities of a vicious and unresponsive command structure after 15 years of unnecessary warfare have filtered down to potential recruits and their families. The Pentagon feels it must violate our 1st Amendment rights while operating a highly deceptive recruiting apparatus to achieve its yearly quotas. What’s needed is a sincere national discussion on the size, cost, and mission of the Department of Defense, particularly as it relates to the inability of this nation to address the overwhelming needs of its citizenry. We may discover we don’t need all of these troops and that reduced recruiting quotas will engender a more democratic and transparent defense establishment.
Pat Elder firstname.lastname@example.org is the Director of the National Coalition to Protect Student Privacy. The organization works to expose the military’s unconstitutional and deceptive recruiting practices in the nation’s high schools. www.studentprivacy.org