Proposal Aims to Bolster Student Privacy in California
At the beginning of the Covid pandemic, schools confronted new difficulties when they were tossed into remote learning due to prolonged lockdowns. Resorting to online classes, schools relied on obtrusive software to proctor online tests. State Senator Dr. Richard Pan is recently advancing with a proposed revision to California’s Business and Professions Code relating to student privacy. The California Student Test Taker Privacy Protection Act aims to curb the invasive surveillance of remote students by their schools.
The proposal would direct schools to guarantee that their proctoring software minimizes unnecessary data collection of student information while also limiting the data’s retention and disclosure. Moreover, the Act gives students and their families the right to a private remedy if a proctoring software gathers data beyond what is needed to proctor the test.
Despite the slow return to in-person classes, online tests remain, but the pernicious software should not. Not only does the use of what is effectively malware constitute both an attack on privacy and a potential network safety risk, schools have overlooked better alternatives. Schools all too often did not adopt sensible and effective strategies like remote proctors that record the live screen sharings of students or turning off settings that show the correctness or incorrectness of answers. Instead, schools drove straight into invasive surveillance.
Some proctoring software monitors computer inputs, such as peripherals like monitors, mice, webcams, microphones, headphones, and USB, HDMI, DP, and Thunderbolt connections. Some access computer administrative controls, which opens up security vulnerabilities. Several proctoring services also possess and collect facial recognition and emotion detection, which scan other people in the environment. One vendor, which initially received notice for previous work with the Transportation Security Administration’s facial recognition efforts, uses an algorithm to monitor student behavior and categorize students as having high or low “integrity.”
Beyond privacy and security concerns, the wide net cast by proctoring software is also the cause of needless interruptions for both students and teachers. One student reported that crying during an exam activated the cheating eye tracker, saying, “My French prof had to watch 45 min[utes] of me quietly sobbing.” Another student was reported to be unable to take a math class because the sound of his laptop fans triggered the proctoring software.
So prevalent are these stories that University of Kentucky Professor Josef Fruehwald, who lambasted his colleagues for using tracking software in a viral TikTok, has set up a Twitter thread cataloging testimonies.
One of my best friends is just finishing nursing school. She plugged in her laptop during an exam and the proctoring software flagged her movement. The prof said [it’s] an auto fail for that exam and that decision is out of their hands. She was so incredibly stressed over it.
— TiredPhoenixRising (@TiredPhoenixie) May 1, 2022
Before the 2020 November election, we wrote about how Section 15 of California Proposition 24 should not have exempted certain school-related businesses from privacy requirements. But Prop 24 did exempt these businesses from complying with parts of the California Consumer Privacy Act concerning certain student information. Numerous establishments, like schools and school service vendors, have a perilous inclination to hold data in a centralized spot with few network safety safeguards.
We warned that students and their families should have more power over their personal information, especially when held by third parties.
As Electronic Frontier Foundation wrote about ProctorU, one of the most prominent proctoring software vendors:
ProctorU is being sued for violating the Illinois Biometric Information Privacy Act (BIPA) after a data breach affected nearly 500,000 users. The lawsuit States biometric data from the breach dated back over eight years.
Making matters worse, schools collect troves of sensitive information such as birthdates, social security numbers, addresses, and more. In a past op-ed of ours featured in The Hill, we described how the University of California (UC) system was victim to a massive data breach. The university system was just one of the roughly 100 institutions targeted. Consequently, students and staff had their sensitive information stolen and risked identity theft.
California and other states fail to recognize a right to private action to remedy damages caused by negligent data holders. Some universities across California have already started moving away from the invasive software, including UC Berkeley and UC Santa Barbara.
Schools and universities should protect test integrity and ensure honest answers—that’s not the issue. But recent trends in proctoring software invade students’ homes and encroach on their overall privacy. Students deserve to know that their institutions are proctoring exams in a reasonable way. In order to pursue their education, students should not have to surrender their computer and data security to an all-seeing Big Brother. The Student Test Taker Privacy Protection Act is a start.