When I was a kid, I loved the movie Short Circuit. (I know: I’m both dating myself and making you question my taste in movies). I always wondered if the day would come when I would have my own walking, talking robot friend like good old Jimmy Five. We aren’t quite there yet, but today you can buy a Roomba™ to roll around cleaning your living room (and even control it with your phone), and yes that was the drone your neighbor got for Christmas flying around your back yard, so I’d say we are a lot closer today than we were in 1986. In the special education realm, we are even closer, with a host of robot products available to help special education students in their educational pursuits. Of course, their use raises the question: Are school leaders taking the necessary precautions to keep from turning our robot dream into a legal nightmare? Since I am speaking at LRP’s Special Education School Attorneys Conference this week in Austin, Texas, I thought this was a perfect time to think about the intersection between technology and special education, so here are my thoughts on robots in school.
First, some examples of how robots are being used for special education purposes. For those of you who subscribe to LRP’s Special Ed Connection service, you can read a recent article there on the topic of robots used to help students who cannot attend class face-to-face. And there are also stories of dancing robots redefining special education inclusion and the ASK NAO robot that can help students with autism develop social skills.
What are the legal concerns that should be considered with robots in the special education realm? Here are a few considerations:
- If a robot records the classroom, be cognizant of student records concerns under FERPA or state laws, like Illinois’s School Student Records Act. Remember, however, that with respect to other recording devices for special education students, OCR has taken the position that under Section 504, student use of a recording device cannot be conditioned on a release from other students in the classroom or the parents of those students. One would assume OCR would take the same position with a recording robot, as well. Fairfield-Suisun (CA) Unified School District (OCR San Francisco Mar. 30, 2012).
- Even if there is no recording, if the robot transmits a “live feed” of the classroom to a student in a remote location, who will be watching the recording and where? Although student records concerns may not be implicated because there is no “record” created, privacy considerations may still come into play, especially if there is not some level of control by the school over who is watching the feed. Deal with these issues in your written agreement with the student and his/her guardian.
- Carefully understand the robot maker’s security controls to prevent an outsider hacking into the recording or feed on a robot. You put together security concerns about baby monitors with live internet feeds and concerns about the safety of education technology products more generally, and you can see why security would be a top concern for me (and should be for school leaders, too) when it comes to robots in the special education realm. Make sure to review carefully, preferably with assistance of legal counsel, any agreement or terms of service with the company to make sure security is top notch.
- What data, if any, does the company operating a robot see or retain? By now, we’ve all heard reports of the pitfalls that come with the spread of education applications and services that store or use student data. Again, a careful review of the contract or agreement with the company should be sufficient to address these concerns.
- If a student is allowed to take a robot home, remember the importance of an agreement with the student and his/her guardian about caring for school property, acceptable use of the technology, and other expectations.
- Finally, what notice should be given to parents of other students? To teachers and staff (and their unions)? In my experience, any recording or transmission of the classroom can lead to raised antennas by parents and teachers alike. And parents may also want to know generally what technology students are using the classroom, even if there is no transmission or recording. But notification must balance the rights of privacy of other students, so as always take care.
As usual, this emerging technology offers real value in the schoolhouse. It’s exciting to see how clients and friends are innovating and using robots in powerful ways. If we all keep in mind the legal considerations that may arise with these robots, we will be in the best position to avoid conflict or concerns down the road and avoid our own legal “short circuit.”
Google Apps for Education has recently come under fire with a Federal Trade Commission complaint filed by a nonprofit organization, Electronic Frontier Foundation. In a press release issued last week, EFF claims that Google’s “Chrome Sync” function allows it to mine student data in violation the Student Privacy Pledge signed by Google earlier this year. If true, EFF’s claims could establish not only a violation of FTC rules, but also a violation of federal and some state laws. Google denies that the claims have any merit, claiming that it strips all identifying information from Sync data before using it for non-school purposes, and that it does not improperly advertise or market to students. At this time, there has been no finding that Google’s actions violate its Pledge or any other state or federal law. Understanding the issues at play in this case is essential for school leaders, however, who are tasked with ensuring that school-supplied electronic devices, software, apps, and services comply with relevant state and federal student data privacy laws.
The EFF says it came across concern with Google’s Apps for Education, or GAFE, while researching its “Spying on Students” campaign, which aims to raise awareness about privacy risks of school-supplied electronic devices and software. In the Complaint, EFF argues that Google is violating the Student Data Privacy in three ways:
• When students are logged in to GAFE, student personal information in the form of data about their use of non-educational Google services is collected, maintained, and used by Google for its own benefit, unrelated to authorized educational or school purposes.
• The “Chrome Sync” feature of Google’s Chrome browser, which is turned on by default on all Chromebook laptops, enables Google to collect and use students’ entire browsing history and other data for its own benefit, unrelated to authorized educational or school purposes. In its press release, EFF argued that Sync “allows Google to track, store on its servers, and data mine for non-advertising purposes, records of every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords” without obtaining permission from students or parents.
• The administrative settings, which enable school administrators to control settings for all Chromebooks, allow administrators to choose settings that share student personal information with Google and third-party websites in violation of the Student Privacy Pledge. The EFF press release explains further that “the administrative settings Google provides to schools allow student personal information to be shared with third-party websites in violation of the Student Privacy Pledge. The ability to collect and potentially share student information follows children whenever they use Chrome to log into their Google accounts, whether on a parents’ Apple iPad, friend’s smartphone or home computer.”
If true, these allegations could establish not only a violation of FTC rules, but also potentially could establish a violation of federal laws, like the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA), and some state laws, such as, in Illinois, the Illinois School Student Records Act (ISSRA) and specific student data privacy laws in other states. Such a violation might occur if the school did not obtain express prior written authorization from parents/guardians before requiring students to use GAFE, because in such cases, schools are required to ensure that the company offering the products only use personally identifying information collected from or created by students when using the products for the school’s purposes. This means personally identifying data and information cannot be used for any other purpose, including marketing or targeting ads to students.
Google, while commending EFF for its “focus on student data privacy,” completely denies the allegations, saying that its products and services “comply with both the law and our promises, including the Student Privacy Pledge….” Google defended its actions with the following description:
Personally-identifiable Chrome Sync data in GAFE accounts is only used to power features in Chrome for that person, for example allowing students to access their own browsing data and settings, securely, across devices. In addition, our systems compile data aggregated from millions of users of Chrome Sync and, after completely removing information about individual users, we use this data to holistically improve the services we provide. For example if data shows that millions of people are visiting a webpage that is broken, that site would be moved lower in the search results. This is not connected to any specific person nor is it used to analyze student behaviors. If they choose to, educators, students and administrators can disable Chrome Sync or choose what information to sync in settings whenever they choose. GAFE users’ Chrome Sync data is not used to target ads to individual students.
EFF has asked the FTC to investigate Google’s use of Sync and to, if warranted, initiate proceedings for injunctive relief to require Google to destroy all student data so far collected, maintained, or used in violation of the Student Privacy Pledge and to prevent Google from further improper collection or sharing of data in the future. At this time, however, there has been no finding of any wrongdoing by Google.
School leaders should still take note of this case, however, even assuming the FTC finds in Google’s favor. Google may be the most sophisticated Ed Tech company out there, and if they are being accused of failing to fully comply with the law, you can bet less sophisticated Ed Tech vendors are engaging in behavior that will cause concerns for community members and watch groups, too. School districts must be on high alert when it comes to contracts with all companies that require sharing, collection, or creation of student identifying data. If your district has not conducted an audit of existing contracts (which we discussed in an FR Alert earlier this year) and set up a process by which future contracts will be vetted by legal counsel, it may be asking for a student data privacy complaint of its own down the line.
Student data privacy is the “it” issue right now in edtech, as evidenced by a recent special Student Data Privacy Report (free registration required) issued by Education Week. Education Week prefaces the report with a fact that school leaders know all too well—while technology brings great benefits in the way of innovation, it also brings great risks, especially to the privacy of student data and other information.
The report covers a number of important student data privacy issues for schools, including:
All of these issues are of crucial importance for school leaders to understand, but in my opinion two deserve the greatest attention.
The first is the growing trend toward obtaining cyberinsurance. Cyberinsurance policies focus on protecting a school district in case of a data breach or network security failure. As the Education Week report points out, these policies were born to serve the private sector, but have evolved to help schools who fear that they may be the next to deal with costly breaches like those that rocked companies like Home Depot and Target. We are seeing more and more of our clients looking into the policies. As always, we advise that you talk with your insurance representative to understand if such a policy is a good fit for your school district.
Training on Student Data Privacy
The second key issue is the need for better training on data privacy issues. School leaders should take steps to educate administrators and educators alike on the district’s policies and procedures regarding student data privacy. What information about a student can be posted online? When can a teacher use an online service or application with students that requires registered student accounts and/or the sharing of student data? What concerns should business managers be on the lookout for relating to contracts for operational services such as student information systems and assessment systems? This is a heavily regulated area of law, so if your school leaders and employees don’t know the answers to these and other important student data privacy questions, training may be necessary to avoid the pitfalls identified in the Education Week report. (Of course, before you can train, you have to have the policies and procedures in place. We talked about this issue in a recent FR Alert that you can check out here.)
I will be talking about these and other student data privacy issues with two of my colleagues, Brian Crowley and Nicki Bazer, at the upcoming “Triple I” Joint Annual Conference of IASB/IASA/IASBO, so hope many of you will come join the conversation then. (For attorneys, I will also be speaking on student data privacy at the ICSA Seminar on School Law that same week). What’s certain is that this issue is only going to grow in importance for school leaders, and staying on top of resources such as the Education Week Report is a crucial part of school leadership in the 21st century.
Our friends over at the EdLawConnectBlog in California published a blog about a case from the Golden State that school leaders from across the country may find interesting. The case addressed whether school boards have any copyright control over video clips of public board meetings that a citizen posts on the Internet. The California court that addressed the issue suggested they do not.
The case actually involved a city council, not a school board. A longtime critic of the mayor and other city officials took video footage of city council meetings and posted them online along with criticisms. A federal trial court found that the citizen could take and post such videos without violating copyright law. Part of its decision dealt with legal issues that do not affect public schools. But part of its holding is relevant for schools as well as municipalities. Here is the EdLawConnectBlog’s description:
Specifically, the court found that even if the videos were copyrightable, [the citizen]’s use of the council meeting videos was “fair use.” The videos were “transformative” works used for the purpose of criticism and commentary on matters of public concern. Additionally, the videos were fundamentally factual and incorporated only small segments of the city council meetings. Most important, [the citizen’s] videos did not compete with the City’s own distribution of the videos because under [California’s public records law], the videos must be made available to any person upon payment of the direct costs of duplication. Thus, the City had no way to profit from distributing the videos or to recoup the costs of creating the recordings.
Although the case relied on California open meetings and public records laws, most states have similar laws on the books. The Illinois Open Meetings Act and Freedom of Information Act, for instance, have provisions quite similar to California’s laws. School leaders across the country should thus keep this case in mind and consult with counsel before preventing recording or posting of recordings of public meetings.
Recent amendments to Illinois law draw back on rights of post-secondary, secondary, and elementary schools to request or require access to student social networking accounts such as Facebook and Twitter. School districts and nonpublic schools are now essentially “locked out” of student accounts, as they can no longer request or require access to the accounts even when there is reason to believe a violation of school rules has occurred. Now, schools can only require a student to “share the content” of an account, and only when the school has received a direct report of “specific information” about activity on the account that violates school rules or policies. The removal of the right to require a student to turn over password or other account information so the school can gain access to the student’s account or profile is a significant limit on schools’ ability to effectively address off-campus, online misconduct impacting Illinois schools, including cyberbullying and sexting.
The previous version of the Right to Privacy in the School Setting Act, which was signed into law in 2013 and became effective January 1, 2014, allowed post-secondary, secondary, and elementary schools to request or require a student to provide a password or other related account information where the school had “reasonable cause” to believe that the account contained evidence that the student had violated a school disciplinary rule or policy. Elementary and secondary schools were required to provide notice to parents of this right, which we advised be provided through student handbooks and formal school or school district discipline policy.
Recent amendments to the law in Public Act 99-0460 curtailed the rights so recently granted to schools. The amended law, effective August 25, 2015, now prohibits schools from requesting or requiring student password or other social media account information in any circumstance. Instead, schools only may require a student “to cooperate” in an investigation including social networking misconduct and only if there is “specific information about activity on the student’s account” that the student violated a school disciplinary rule or policy. The student may be required to “share the content that is reported” to help the school “make a factual determination,” but schools no longer have the right to “request or require” the student to relinquish his or her password or provide the school access to general account information.
Legislative history suggests that the goal of the amendments was to address interactions between the Right to Privacy in the School Setting Act and recent cyberbullying legislation passed in Illinois (Public Act 98-0801). This “Cyberbullying Bill” amended the School Code effective January 1, 2015, to make clear that student cyberbullying in “non-school-related locations” or via a student’s own personal technology is prohibited if the cyberbullying causes a substantial disruption to the educational process or orderly operation of a school. The Cyberbullying Bill stated that this prohibition applies to cases in which a school administrator or teacher receives a report that cyberbullying occurred and that districts and schools are not required to staff or monitor non-school related activities, functions, or programs. Illinois Representative Mike Fortner, who sponsored the Bill that amended the Right to Privacy in Schools Act, explained that the law “restricts the school’s ability to access Facebook to only those specific cases of cyberbullying which are either reported to the school or were observed by school personnel.”
The law unquestionably is a significant draw back on the tools available to schools to effectively address misconduct by students on social media. Schools now essentially must rely on the word of students that they have in fact turned over all requested content, as opposed to being able to verify that all content has been obtained directly through the student’s social media account. Notably, this is not the first time that schools have been locked out of social media accounts that may have a serious impact on schools. As I discussed in an article for the Illinois School Law Journal and an FR alert, a 2012 Illinois law essentially locked school districts out of employee social media accounts under very similar circumstances to those at issue in this student law. Although an amendment to that so-called Facebook Password Law went into effect January 2, 2014, as we reported at the time that amendment did not make clear what access was allowed.
Schools can thus rely on lessons learned from the employee Facebook Password Law to address how to respond to the new limitations in the student sphere. For example, when schools learn of a cyberbullying or other online, off-campus student issue, they can use tools such as interviewing students, looking for publicly available information online, obtaining relevant documents in possession of law enforcement, and determining if another party may provide access to the social media account information. This, in addition to demanding the student turn over the content at issue, will help ensure that the school has as much information as possible when addressing an online misconduct situation. As with the employee Facebook Password Law, schools should not hide behind the amended Right to Privacy in the School Setting Act as an excuse for failing to conduct a thorough and prompt investigation into misconduct affecting the school.
The Right to Privacy in the School Setting Act continues to require that elementary and secondary schools provide notice to parents before the school can obtain the access authorized by the Act. School districts and nonpublic schools recognized by the Illinois State Board of Education thus should take steps now to provide parents the required notice. We continue to recommend that the notice language be contained in both student handbooks and the district’s and/or school’s formal discipline policy. In light of the timing of this new law, which comes just after the start of the school year when student handbooks likely have already been distributed to students, we advise that school districts and schools move forward with amendments to their discipline policies to provide the required notice at this time.
In a recent case, the Court of Appeals for the Fifth Circuit joined four other circuits in recognizing the right of school districts to discipline students for at least some off-campus, online speech if the speech reasonably leads school authorities to forecast a substantial disruption or material interference with school activities. The case is important because it recognizes that even where a student’s online speech may contain elements of social commentary, if the speech also is reasonably understood to be threatening, harassing, and intimidating in violation of school board policy, schools are within their rights to take disciplinary action.
In Bell v. Itawamba County School Board, the Fifth Circuit, which has jurisdiction over Louisiana, Mississippi, and Texas, addressed a rap song posted by a Mississippi high school senior, Taylor Bell, on his publicly accessible Facebook page and YouTube. The bulk of the song criticized two coaches at the school, who were named in the song, for allegedly engaging in improper sexual relations with female students. The song also included four references to violent acts that would be carried out against the coaches, however, presumably by Bell.
The court found that Bell threatened, harassed, and intimidated the coaches in violation of school policy by intentionally directing his rap recording at the school community. The speech was threatening, harassing, and intimidating, according to the court, despite Bell’s attempts to explain the comments as merely “foreshadowing something that might happen” by someone else or as merely “‘colorful language’ used to entice listeners and reflective of the norm among young rap artists.”
The court went on to find that because the song created a reasonable risk of a substantial disruption, discipline was justified. The speech pertained directly to events occurring at school, identified two teachers by name, and was reasonably interpreted as threatening to the teachers’ safety. Moreover, the potential consequences of the threats were serious, including potential serious injury or death to the threatened coaches. Especially in light of the numerous, recent examples of violence in schools, it was reasonable for the school to determine that there was a risk of disruption that justified discipline.
This case is another important victory for schools, which are tasked with protecting members of the school environment in a world where misconduct often occurs off-campus and online. The case is one in a growing trend of courts recognizing these realities in the current school environment.
School districts are under growing scrutiny and criticism for the lack of clear social media guidelines and policies. For instance, after a Michigan teacher reportedly was sentenced to 6 to 15 years for an inappropriate relationship with a minor student that involved numerous communications through Snapchat and text messages, a news investigation criticized the 44% of 84 school districts that had no specific social media policy on the books. In response, a state representative is now pushing legislation that would require all Michigan schools to have such a policy in place by next school year. Our friends over at LRP Publications also forwarded an interesting story about social media guidelines recently issued by Waco Independent School District in Texas, showing that many school districts are updating their social media guidelines for the coming school year. In light of these recent events, school leaders may be wondering if their school district is in need of a social media tune up. How do you know?
Although a board policy is not always necessary, it is prudent to have certain rules in writing for employees with respect to social media. This can be accomplished through handbooks or guidelines, and should cover more than just relationships between employees and students online. The following are just a few issues that should be addressed in good social media guidelines:
- Why can’t we be friends? As noted previously, what, if any, relationship employees can have with students (and parents!) via personal social media accounts is one of the most important issues addressed in social media guidelines. School districts are coming under fire for not having clear policies on this subject. The options on this issue run the gamut from full prohibitions to full permission, with outright bans being called into question as unconstitutional in at least one state. Most school districts’ guidelines fall somewhere in between. For instance, in Waco, certified staff can have personal social media connections with students with whom they have a separate social relationship, but other staff members may not. If you don’t have clear guidelines for employees on this subject, it can make it difficult to address misconduct if and when it arises. And because of the legal uncertainty in this area, legal review of any proposed guidelines is an essential step.
A lawsuit filed by a California teacher against the school district where she works puts a new spin on an old problem. As the National School Boards Association reported, the suit, filed last week by Amy Sulkis in the Los Angeles Superior Court, alleges that her school district employer failed to adequately protect her from cyberbullying and online sexual harassment by students who, among other things, created a fake Twitter account in her name and sent out inappropriate Tweets. Legal scholarship has long recognized that although liability for student-on-student and teacher-on-student harassment has led to successful lawsuits against public schools, courts have been less inclined to extend protections to teachers who allege they are harassed by students. Sulkis’s lawsuit shows how these concerns can be compounded by the use of online social media such as Twitter, and creates a new wrinkle in the question of what schools are required to do when teachers complain about online harassment by students.
According to CBS Los Angeles, Sulkis’s lawsuit reportedly alleges that the 16-year teaching veteran had an unblemished record and relationship with students until, in 2013, students created a false Twitter account in her name and sent out “disparaging and sexually suggestive statements” about her. A student who admitted to creating the account was initially given a two-day suspension, but after negotiations with the administration it was reduced to one day. Subsequently, students posted inappropriate and derogatory posts about Sulkis, but when Sulkis reported those posts to the administration she was told there was no available recourse. According to Sulkis, although she and her attorney asked for school-wide training for students on proper use of social media, that request was denied. A later post by a student allegedly included an image of Sulkis, an offensive caption, and a link to a pornographic Twitter page. Sulkis alleged that she was forced to take time off work to deal with the emotional distress and because she did not feel safe in her work environment. The lawsuit followed shortly thereafter. (more…)
With Guest Blogger Kendra Yoch
In a recent decision, Elonis v. United States, the U.S. Supreme Court held that in order to convict a man for alleged threats made against his wife on Facebook, the prosecutor must show some level of intent. It was not enough to show that a reasonable person would have believed the man’s comments to be a “true threat.” There are strong arguments that this criminal case did not change the standard for schools to address student, staff, or community member social media comments in the school environment. However, school leaders should be ready for challenges by individuals disciplined or otherwise sanctioned for such comments based on arguments similar to those raised in Elonis.
Anthony Douglas Elonis was convicted under a federal law prohibiting communication of any threat to injure the person of another. After his wife had left him and taken their children, he began posting graphically violent rap lyrics on Facebook under the pseudonym Tone Douggie. Elonis posted disclaimers that the lyrics were fictitious, therapeutic, and an exercise of is First Amendment rights. But his wife took the threats seriously and obtained a restraining order. The lyrics included a question as to whether the restraining order was “thick enough to stop a bullet,” references to smothering his wife with a pillow and dumping her body in a creek, and, perhaps the most troubling reference for school leaders, the following: (more…)