Schools in internet privacy battles

From a proposal to better track student achievement to a recent federal court ruling on wiretaps, the fight over internet privacy has landed squarely on college campuses.

The anti-terror expansion of an 11-year-old wiretap law could force universities to upgrade campus computer networks, likely at their own expense, to allow for easier access by lurking law enforcement agents.

And a federal Department of Education proposal to analyze individual student performance–a system that requires disclosure of Social Security numbers and other unique identifiers–also has privacy watchdogs crying foul.

The government has long had the power to compel disclosure of data, typically through subpoenas, warrants, or court orders, said Jim Dempsey, executive director of the Washington-based Center for Democracy and Technology.

But now “the government is mandating the collection of more and more data” without scrutinizing whether those legal standards are adequate, he said.

“That’s a privacy disaster,” said Dempsey.

The Federal Communications Commission wants to expand the 1994 Communications Assistance for Law Enforcement Act (CALEA) to encompass internet phone calls and broadband wireless providers. A federal appeals court in Washington sided with the federal agency last month in a series of legal complaints filed by Dempsey’s group and the American Council on Education (ACE) (see story:

Universities and other affected computer providers, such as airports with wireless internet access, have until May 2007 to comply. Law enforcement agencies reportedly would need a court order for such wiretaps.

On July 13, ACE released an internal legal analysis of the court decision that suggests a higher-education institution is exempt from the broader CALEA law if it limits campus computer use to students, faculty, and employees while also relying upon an outside vendor to construct or operate its actual internet network.

“It could come down to something as basic as who owns the cable that connects a campus’s network to the internet,” said David Ward, ACE president.

Yet at the same time, the Federal Bureau of Investigation is circulating a legislative proposal on Capitol Hill that would expand the scope of CALEA, according to both Dempsey and Terry Hartle, ACE’s senior vice president for government and public affairs.

Earlier cost estimates suggested a collective tab of $7 billion for affected colleges and universities, but further scrutiny of the FCC ruling has now reduced that amount to an estimated $30,000 to $100,000 per affected campus, Hartle said. Based on approximately 4,000 institutions of higher learning, those estimates would add up to somewhere between $120 million and $400 million nationwide.

Community colleges, which traditionally are more accessible to the public, could make up a disproportionate share of institutions needing to comply with the new standards, he said.

The national student database proposal is also raising the hackles of critics who point to such lapses as the recent theft of a Department of Veterans Affairs computer from an employee’s home in suburban Washington. The stolen equipment contained personal information on 26.5 million veterans and active-duty troops.

The proposal, which has yet to advance through Congress, was among the recommendations for both public and private colleges and universities made by the federal Commission on the Future of Higher Education.

The database would include information on a student’s course load, major, financial aid level, and graduation status as well as name, date of birth, gender, race, and Social Security number–albeit with a unique 10- or 14-digit identifier.

Supporters point to the regular use of such detailed student databases in 39 states, including Missouri. Having a nationwide sample would enable better tracking of part-time students, transfers, and those who opt to attend college outside their home states, they say.

“If the only thing you can do is take the slices [of data], you don’t have any idea of what [students] do as they travel in the system,” said Paul Lingenfelter, executive director of the State Higher Education Executive Officers.

“There’s no argument over privacy. The only question is, can you do a better job of monitoring educational outcomes and preferences than we do now?”

In Missouri, state officials have collected and analyzed similarly detailed information from college students for the past 20 years, said Robert Stein, associate commissioner for academic affairs with the state Department of Higher Education.

With a similar data tracking system now in place for Missouri’s elementary, middle, and high school students, state officials hope to link the databases and economic development data to even further analyze educational performance.

“We can’t unravel how all these factors influence [educational] outcomes just by looking at aggregate measures,” said Mark Ehlert, a University of Missouri research analyst.

Ehlert called the privacy concerns of wary watchdogs and citizens legitimate but said he’s confident that security precautions will prevent the abuse or misuse of such information.

Hartle countered that such assurances won’t withstand the pressures of modern information technology.

Even though current federal graduation rates are “erroneously inaccurate and woefully inadequate,” he said, “there is no way that such a database will not be used for other purposes. It is too rich and too expansive.”


Center for Democracy and Technology

Missouri Department of Higher Education

Want to share a great resource? Let us know at