GW’s data collection effort raises privacy concerns on campus

Revelations that George Washington University launched a data analytics pilot project last fall that monitored the locations of students, faculty and staff without their knowledge or consent have raised new questions about privacy. data on college campuses and brought to light a project that has deeply concerned many GWs. faculty members.

GW President Mark S. Wrighton apologized for the incident in a campus-wide email Feb. 11. He pointed out that the university had not analyzed the individualized data and said that all data collected as part of the project would be destroyed. Wrighton said the project aimed to test how data analysis could help GW officials assess building density and use. Wrighton said he heard about the data collection project shortly after taking over as president on Jan. 1.

The project was spearheaded by the university’s IT, student affairs and security and facilities divisions and collected data from Wi-Fi networks on GW campuses, Wrighton said. It was designed to help administrators better understand “the density and use of buildings by students, faculty, and staff as a whole,” Wrighton wrote.

A George Washington University spokeswoman said by email that administrators were seeking the information to “inform operational priorities during the pandemic.” The pilot program was first reported by The Washington Post.

Isha Trivedi, a junior and the reporter who covered the story for The GW hatchet, the campus newspaper, said students told him they were surprised GW had collected student data and felt Wrighton’s email was unclear. She said many students also felt that Wrighton’s email lacked context about the company GW retained to collect the data and the company’s previous work on campuses, particularly to help institutions track student attendance at class.

“I don’t think we really know how much of that data was used and what that means for students,” Trivedi said. “I’ve seen people online saying it’s awful and it shouldn’t happen.”

Rory Mir, a grassroots advocacy organizer at the Electronic Frontier Foundation, said the ongoing pandemic has led to more campuses experimenting with data analytics to track student and faculty locations.

“A lot of companies are throwing at schools, ‘Hey, we can track student locations for COVID safety purposes,’ and most of those claims are kind of nonsense, because you can’t really do Wi-Fi contact tracing. Fi, that’s what a lot of them claim,” Mir said.

Mir said data analytics is used to track student behaviors in a way that is disturbing and introduces potential bias. Students who work off-campus to get in school might spend less time in the library or miss class more often, Mir said, making institutional reliance on measures of how often they attend unfair.

Universities “use this big data to track student behavior issues…like how often they go to the library and how long they spend on campus and try to relate that to their performance in the classroom,” he said. Mr. . “It’s a huge invasion of privacy.”

Cristian Ponce, a freshman majoring in computer science at the California Institute of Technology and who has been active in grassroots data privacy organizing, said he urges other students to be skeptical about the collection of data. He called the practice of tracking data for student attendance in class “invasive”.

“It just sets up a structure that’s way too controlled, where the administrators have these details and the students don’t take charge of their own lives,” Ponce said.

GW officials pointed out that the data collected during the pilot was “anonymized,” meaning that identifying information was stripped from it and individual data was aggregated or combined into one data set. They did, however, acknowledge that the campus IT department attached “handles” to the data, so it was not completely anonymized.

“I want to be clear that while the technical capability may exist to track individuals on our campus, such capability has not been used or contemplated in this pilot project and no individualized tracking or data movement on our campus has never been shared,” Wrighton wrote. “Unfortunately, however, the university neglected to inform members of our community before beginning this analytical project.”

Mir said that even when anonymized data is aggregated, it’s still possible to identify specific individuals in the dataset.

“With enough information, these systems can re-identify individuals given the granularity of what was collected,” Mir said. “And the more accurate that data is, the greater the risk of anonymizing people in the dataset.”

Mir said it’s hard to know exactly how prevalent this type of data collection is on college campuses, but institutions are increasingly using Wi-Fi, key cards and other systems. simple to track students, even if they don’t rely on a system as sophisticated as what GW piloted.

Aaron Benz, founder and CEO of Degree Analytics, which partnered with GW on the data collection pilot, said institutions typically work with his company to improve student success initiatives or to understand density and volume. use of buildings. Benz declined to comment on GW’s situation, saying he does not discuss the work he does with specific clients. The student newspaper GW the Hatchet first reported Degree Analytics’ involvement in the campus data collection effort.

Benz said that since its inception in 2018, Degree Analytics has worked with about 25 colleges, about half of which have used the technology for more individualized data collection purposes, such as tracking student attendance in class.

“Most teachers don’t take attendance, but it’s the #1 predictor of perseverance and success,” Benz said. “If a student stops going to class, that’s the first indicator that they may drop out or fail.”

Degree Analytics offers a product it calls EnGauge Student, which, according to its website, allows institutions to collect “student behavioral metrics” which will allow them to “analyze more student behaviors that better align with student success”. Examples of EnGauge Student data collection options listed on the website include class attendance, absence alerts, student attendance, library time, and school time.

Degree Analytics’ EnGauge Campus product promises “billions of rows of data” and 6,000 location data points per student per day so administrators “get usage insights to optimize facilities,” according to the site. Company website.

Asked what he would say to privacy advocates concerned about the level of tracking of his company’s offerings, Benz said more higher education institutions should establish data governance structures.

“My problem is that there is no governance standard to say what is acceptable,” Benz said. “What is the standard? It shouldn’t be up to one person to try to make a decision. There should be some sort of governance structure so that each university can carefully consider the benefits as well as the consequences of any scenario.

Benz said he launched an open-source community on the Degree Analytics website to gather feedback from higher education officials, industry leaders and privacy experts to ” help relaunch governance in universities”.

However, better governance may not go that far. George Washington University has a Data Privacy Policy, which states that individuals must be notified when information is collected. This policy was violated when the GW community was not made aware of the Degree Analytics pilot project.

“The data processor must make available a privacy notice detailing how personal information will be used and who to contact with any questions or concerns,” the policy reads.

Harald W. Griesshammer, a GW professor and faculty senator, has been working with university officials to understand what has happened since Wrighton heard about the pilot program last month and immediately briefed faculty senators. Griesshammer said university management was not made aware of the project when it was underway last fall.

Griesshammer said he was encouraged by the way university leaders handled the episode, but he’s worried the pilot hasn’t been approved by the university’s compliance division and the general counsel, especially since university department heads have made it clear that they are not in favor of the project. GW Library officials told an information technology administrator that the data collected “would not be useful and would be unethical,” Griesshammer said, but the warning went unheeded.

“The really disturbing aspect is that there were clear signals from the academic side that you shouldn’t do it, and they did it anyway,” Griesshammer said. “This effort is against GW’s stated policy, and it’s mind-boggling, because someone had to sign a contract on this… If we can’t believe the administrative side of the university, the side university enterprise, follows stated university policies, then we have a huge problem.

Griesshammer said the incident is also “disturbing” because even though the data was anonymized, “anyone with half a brain could have de-anonymized a lot of the data pretty quickly.”

Mir of the Electronic Frontier Foundation said that with this type of data collection becoming more prevalent, there is a real risk to higher education campus cultures.

“This surveillance creates a very hostile environment for students which I think reduces trust on campus,” Mir said. “And once there’s less trust, I think it creates a lot more problems… [with] students feel watched all the time and feel like criminals doing nothing.

Comments are closed.