The following op-ed was written by Kade Crockford, Technology for Liberty director at the ACLU of Massachusetts. It was published in the MetroWest Daily News on November 12, 2016.
“You have no expectation of privacy.” That’s what too many Massachusetts schools tell students when it comes to the detailed personal information they generate when using school internet and electronic devices.
No privacy. Zero. None.
But that's not right. Students can and must have basic digital privacy protections at school—at a minimum, to keep companies from using kids’ data to sell them stuff, and prevent school personnel from snooping on their charges without appropriate justification. This is a matter of respect for long-standing American values and concern for vulnerable young people. That’s why, this week, the ACLU of Massachusetts will send model internet and cell phone privacy policies to nearly 70 school committees in the state’s largest districts, offering concrete recommendations that will protect both student privacy and school communities.
It’s terrific that schools have adapted to the digital revolution. Today, many schools offer students email accounts, educational apps, and even iPads and laptops to use in the classroom and at home. But as the ACLU showed in a 2015 report on student privacy in Massachusetts, districts that have adopted new technologies have often fallen short in terms of protecting the sensitive information about students (and sometimes even their parents) that schools are trusted to maintain.
Events that transpired during the 2009-2010 school year in a Pennsylvania town show what can happen in the absence of good school policies on privacy and digital tech. The Lower Merion School district, like many throughout the nation, had given students MacBooks to take home with them for the year. But unknown to parents and students, those computers were full of spyware that enabled school employees to secretly take photos through the computers’ webcams. The school used that power to surreptitiously snap photos of at least two students in their homes. The students and their parents sued, and the district ultimately settled with the families for over $600,000.
At almost every turn in that Pennsylvania saga, abuse and liability could have been averted if officials implemented and followed policies designed to protect students, teachers, and administrators.
First, searches of student information should never be secret. If a teacher or principal wants to search a student’s backpack, the student—who is probably wearing it—will be clued in. But in the digital age, software allows for secret searches of information much more sensitive and voluminous than what any student could carry on her back. For that reason, school policy must ensure students and their parents are made aware of any searches - and the reasons for them - before they are conducted. Parents should also have the opportunity to be present when the searches take place.
Second, school officials should not be permitted to conduct student searches on a whim. Rather, they must have individualized suspicion that a student has violated school rules before searching through a student’s cell phone or digital records such as websites visited, emails written, or files downloaded onto a computer. Officials should have a good reason to suspect whatever they intend to search will reveal evidence of a suspected violation.
Third, schools should keep track of searches. They should know how frequently officials conduct searches of student devices and information, and for what reasons. Otherwise, how can they evaluate their own practices? Schools should also be able to provide this information to parents and school committees. Transparency is fundamental to good government, and that’s especially true when it comes to protecting our children at school.
Art by Hallie Jay Pope, "Back to the Drawing Board"
And finally, regarding law enforcement access to students’ information, school officials should never - except in true emergencies - perform searches at the request of, or give student information to, police or prosecutors without a warrant. As the Supreme Court has repeatedly held, children’s Constitutional rights do not disappear when they go to school. To protect students, their families, and the integrity of serious criminal investigations, schools should only hand over student information and devices to police if they’ve gotten a warrant.
After we published our report on student privacy last fall, I had a conversation with a school administrator in a wealthy Boston suburb. When I raised concerns about the school’s policy, which said students had “no expectation of privacy” on the school’s digital networks, the administrator assured me his staff had neither the time nor the interest to snoop around in students’ affairs, and that they only searched through a student’s digital records when they had good reason to believe that student was up to no good. The obvious question is: why didn’t the school’s policy mirror its common-sense practice?
That’s exactly what our model policies call for: common sense. We hope school committees across the Commonwealth will adopt them. Instead of telling our young people they have no rights, let’s institutionalize the best practices already in place across our school systems, and safeguard students’ right to privacy in the digital age.
Learn more about student privacy by visiting aclum.org/student-privacy-policies