Privacy Issues For Schools Using The Cloud

Posted by on Oct 10, 2013


Image from http://www.wired.com

Image from http://www.wired.com


 More and more schools are opting to embrace cloud services for storing student’s data, as they are cost effective, easy to use and provide streamlined services. Schools are encouraging students to use commercial cloud services for sending emails, storing and sharing documents, and for other educational purposes. By outsourcing email and data storage services, the school districts are saving a lot of money earlier spent on server, hardware, software and technical support. However, school’s use of cloud services poses significant risks to student’s privacy.

The major risk in using cloud services is that the collection of personal information by cloud service providers can be used for user profiling and online behavioral advertising. According to a survey report  released by SafeGov.org, the students are forced to use the commercial cloud services, as they do not have the opportunity to grant or withhold their consent. For example, if you are a student using school provided email service and without logging off your email account you decide to browse the web to conduct research on your school project. Then without your consent the service provider collects and stores your search history and contents of your email. Later, you might even get pop-up ads related to your web search. This is just one example. Apart from this there are several instances where your other sensitive data like field trip pictures, parent –teacher email exchange, social security numbers etc can be accessed by cloud computing vendors.  This is an increasing problem as more schools are embracing BYOD technology.

The schools and government customers of Google Apps are encouraged to add ad-based Google services such as search or YouTube with Google apps for educational purposes. As a result the students are driven from and ad-free to an ad-supported environment. On the other hand, Microsoft’s Bing for Schools is an ad-free and no cost version of its Bing search engine. It  can be used in public and private schools across the U.S.

Image from http://www.bing.com/

Image from http://www.bing.com/

While use of cloud services help schools to save thousands of dollars, the data security and privacy risks presented by these services cannot be ignored. The survey report by SafeGov.org says “there are a number of areas where advertising-oriented cloud services may jeopardize the privacy of data subjects in schools, even when ad-serving is nominally disabled.  Threats to student online privacy occasioned by the use of such services in the school environment include the following:

  • Lack of privacy policies suitable for schools: By failing to adopt privacy policies specifically crafted to the needs of schools, cloud providers may deliberately or inadvertently force schools to accept policies or terms of service that authorise user profiling and online behavioural advertising.
  • Blurred mechanisms for user consent: Some cloud privacy policies, even though based on contractual relationships between cloud providers and schools, stipulate that individual data subjects (students) are also bound by these policies, even when these subjects have not had the opportunity to grant or withhold their consent.
  •  Potential for commercial data mining: When school cloud services derive from ad-supported consumer services that rely on powerful user profiling and tracking algorithms, it may be technically difficult for the cloud provider to turn off these functions even when ads are not being served.
  • User interfaces that don’t separate ad-free and ad-based services: By failing to create interfaces that distinguish clearly between ad-based and ad-free services, cloud providers may lure school children into moving unwittingly from ad-free services intended for school use (such as email or online collaboration) to consumer ad-driven services that engage in highly intrusive processing of personal information (such as online video, social networking or even basic search). 
  • Contracts that don’t guarantee ad-free services: By using ambiguously worded contracts and including the option to serve ads in their services, some cloud providers leave the door open to future imposition of online advertising as a condition for allowing schools to continue receiving cloud services for free.”
Image from m2.files.wordpress.com

Image from m2.files.wordpress.com

SafeGov has also sought support from European Data Protection Authorities to implement rules for both cloud service providers and schools. As per these rules or codes of conduct-targeted advertising in schools and processing or secondary use of data for advertising purposes should be banned. In the privacy policy agreement contract between the schools and service providers it should be clearly stated that student data would not be used for data mining and advertisement purposes.

Keeping all these things in mind, the schools should make sure the data would be stored and managed by the service providers before moving to cloud services. They should demand assurance from the service providers that the information collected by them will not be used for data mining, targeted advertising or sold to third parties.

 Secure sensitive student data with SpiderOak

 Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.


Interested in SpiderOak Products?

SpiderOak carved its niche as the top choice for those most concerned with privacy.

The engineering goal was simple – devise a plan where users’ files, filenames, file types, folders, and/or any other personal information are never exposed to anyone for any reason (even under government subpoena). This describes SpiderOak’s ‘zero-knowledge’ privacy environment.SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Hive keeps all your files in sync across your computer and mobile devices. Here the end-user has the ownership of data and is the only one with the keys to unlock and look at plaintext data. You can signup for this product at SpiderOak Blue works seamlessly in your enterprise environment. To resolve authentication it deploys a virtual appliance that resides behind your firewall and integrates with Active Directory / LDAP for single sign-on. SpiderOak Blue is compatible in Mac, Windows, Linux, iOS and Android platforms. SpiderOak Blue is now available through a limited release. We have been working with several large enterprises through the beta period and will continue towards general release. If you’re curious about the product, please send an email to blueinfo@spideroak.com and we will get back to you soon.


One Response to “Privacy Issues For Schools Using The Cloud”

  1. Eddie Mayan says:

    They need to consult with best managed service providers like cloudways.com, to get a rid of hack and privacy leak.

Leave a Reply