Institutions have access to more student data than ever before—but it's hard to really grasp what that means, since many of the digital tools that colleges use are from third parties or companies that keep their algorithms private. That makes it hard for students, professors or even journalists to get a glimpse inside.
That didn’t stop Bryan Short, who was a student at the University of British Columbia in 2016 when he got curious to know what information the learning management system at his university had collected on him and how it was being used. And what he found—that is, once he got a hold of it—left him feeling pretty uneasy.
These days Short is a program director at the BC Freedom of Information and Privacy Association. EdSurge caught up with him recently to hear the story about his hunt for his own data and what he thinks colleges could do to make that technology a bit more transparent.
Listen to the discussion on this week’s EdSurge On Air podcast. You can follow the podcast on the Apple Podcast app, Spotify, Stitcher, Google Play Music or wherever you listen. Or read a portion of the interview below, lightly edited for clarity.
EdSurge: What does the Freedom of Information and Privacy Association do in Canada, and what are some of the areas that your organization is trying to tackle?
Short: We’re a non-profit, non-partisan organization, founded in 1991—way before there was any freedom of information or privacy laws here in B.C. The organization back then was instrumental in passing what’s now known as the B.C. Freedom of Information and Protection of Privacy Act. These days we do a lot of workshops and special projects around freedom of information and privacy issues and advocacy work because that act was passed back in 1992. A lot has changed—they were using fax machines back then and now we have the internet. So some updates are in order.
You had some experience in research and advocacy for privacy before you started there, while you were a student. Can tell us about that?
It all started with a job I had as an undergraduate student at the University of British Columbia. That job was with the Digital Tattoo Project, which is run out of the Center for Teaching, Learning and Technology at the UBC Library. In that job we were empowering students to take control of their digital identities. And one thing that we began to look into was how does the learning management system at UBC collect information about students and how is that information then used and stored and accessed. Is there an awareness about this happening in the student population? I credit my prompting to do that exploring to my supervisor at the Digital Tattoo Project, Cindy Underhill.
The Digital Tattoo Project started initially for the teacher candidates at the UCB Education Department. So high school and elementary school teachers as they were going out into the world and starting their careers and starting their practicums, there became a concern that the lives that they were leading online through their social media profiles would have an impact on their professional reputation. As time progressed, this became a concern for students more generally in careers and jobs outside of teaching. Now the website that Digital Tattoo runs is a resource website that has a lot of information for people who are looking to clean up or take control over their digital identities.
So you decided you would start looking into some of the data that the system had collected on you?
Yeah, so at first I just assumed that UBC would have some sort of very transparent piece of information out there about what they were doing—how they were collecting the information and how they were using it. I was disappointed to find out that there wasn’t just sort of one document that I could access and say hey, this is exactly what we collect, this is exactly how we use it. This is the authority by which we store it and use it.
So I went through the terms of use and I think there was a section somewhere in there about if you want to get to access to your data the only way you can do it is by submitting a request under the Freedom of Information and Protection and Privacy Act which the organization I now work for helped to bring into place. Essentially this gives individuals the power to access their own information, information that exists about them. So I used that recourse and I submitted a formal request to the Office of Counsel at UBC for my information that was collected through the Learning Management System. That sort of started this system of chain reactions and snowballed from there.
That’s a lot of trouble to go through just to get access to your own personal data.
Yeah, it was really, I gotta say frustrating and disempowering. So when I submitted the request I met shortly thereafter with some of the managers at UBC from Information Technology, who worked directly with the learning management system. And they said, “You know we’ve never received a request like this before. We’ve never heard any privacy concerns expressed by students. This is a new frontier for us.”
I was comforted by the fact that they were taking it quite seriously and from the staff side of things they had put a lot of thought into privacy. But from the student side of things it seemed like the student body wasn’t putting a lot of thought into their privacy, they were just kind of trusting in the system, that the system would work.
So, what did you find?
So it wasn’t a very straightforward process of accessing this data. It ended up taking over 60 business days, and then I had to file a complaint with the Office of the Information and Privacy Commissioner, who then ordered UBC to give me the information. But what I found was that they were collecting information on basically every single interaction I had with the learning management system from the time I logged in to the pages I visited, to the amount of time I spent on those pages. All of this data was compiled into these statistical reports that were accessible by instructors and administrators and I was kind of overwhelmed by that.
We all kind of had the idea in the back of our head that when we’re using a digital system, there might be some kind of surveillance or some kind of monitoring going on on the back end. But to see exactly how precise it was, that was unsettling.
This week’s podcast sponsor is Emporia State University’s Instructional Design and Technology program: designed for those interested in creating dynamic, interactive learning environments in both public and private sectors, the master’s in IDT from ESU can be completed quickly and entirely online, preparing educators for the new age of the technology-driven learning environment. Learn more here.
The promise of these tools is that they might allow instructors to see data to better evaluate how students are learning. But what are some of the new risks that you see?
My initial concern was that these could unfairly bias instructors against students based on kind of arbitrary statistical information. You log in to the system and you leave the window open. You’re not really using it, you’re not really engaging with it, but it thinks that you are. So maybe your participation grade in an online course is better than a student who would just log in quickly, log out.
I don’t think that those are reflective of actual student effort, or true to the academic rigor that professors would normally put into an in class sort of setting. So that was a real concern for me. Then ostensibly, the purpose of the whole thing, so I was told, was to identify students who were struggling. So they could offer additional supports for those students. I asked, “Has the system been able to do that? Have you identified a struggling student, intervened, offered support and have you seen the student turn it around?” They said, “Well no, the data’s not there yet, the system’s not there yet, we’re not quite there. So, no we haven’t done it.”
So in my mind, balancing the privacy risks, the risk to unfair assessment against this potential outcome that does seem positive, I just didn’t think it was worth it.
I should say that all this is to do with their old learning management system at UBC, which was Blackboard Connect. They’ve recently switched to a new one called Canvas by Instructure. It might have greater capabilities in terms of learning analytics, but based on what I learned with Connect, I ultimately decided not to opt into using Canvas, and at this point I was a graduate student at UBC.
What happened when you tried to opt-out?
I decided not to opt into Canvas because I was unhappy with the way that my data was being collected. I was unhappy with the way that I had to go about accessing it. I was proposing the creation of a bill of rights around student data, a policy at the university [for using student data]. So, I didn’t opt into the use of it and it really caused quite a bit of tension of me. It put a huge burden on the instructors who relied upon this technology to conduct their courses because they would have to email me things separately rather than just blasting stuff out to a class. I couldn’t participate in discussions that were taking place online through the learning management system. Ultimately, I think it probably hurt my grades in certain circumstances.
What could the institutions that use these tools do to improve some of those of those practices?
I think allowing people to use the systems anonymously if a student had a privacy concern would be beneficial. I think reorganizing and sort of interrogating the way that they are achieving consent with students would go a long way. And allowing some customization there, saying you know you can collect this for this use or you can collect that for that use, but maybe not this one thing. So, having options to opt in and opt out and a positive consent model. Then transparency, just saying, “we’re doing this and we’re doing it because we’re hoping to help you.”