You Can’t Spell FERPA Without FEAR

I was sad to read over on Mark Guzdial’s Computing Education Blog that potential FERPA violations were being invoked in order to close down a wiki experiment at Georgia Tech that’s older than Wikipedia.  Here is Mark’s rough reading of Georgia Tech’s interpretation of FERPA:

Georgia Tech’s interpretation of FERPA is that protected information includes the fact that a student is enrolled at all.  The folks at GT responsible for oversight of FERPA realized that a student’s name in a website that references a course is evidence of enrollment.  Yesterday, in one stroke, every Swiki ever used for a course was removed. None of those uses I described can continue.  For example, you can’t have cross-semester discussions or public galleries, because students in one semester of a course can’t know the identities of other students who had taken the course previously.

I obviously can’t speak for the particulars of Georgia Tech’s situation, but from the outside looking in this reading of FERPA seems to be the most rigid and draconian imaginable.  In many ways, a worst case scenario for openly teaching and learning online at an institution. What’s more, it speaks to a culture of fear, uncertainty, and doubt (FUD) in higher ed when it comes to social media. And it is such a reactionary response that has imbued this act, which was originally intended to give students more control over their personal data, with a deep sense of institutional dread over lawsuits. Here is a bit from Georgia Tech’s FERPA policy:

The Family Educational Rights and Privacy Act (FERPA) is a set of regulations written specifically for students guaranteeing them the right to inspect and review their education records; the right to seek to amend education record; and the right to have some control over the disclosure of information from those education records.

The right to have “some control over the disclosure of information from those education records” is an argument as to why we should have a technical architecture on campus that gives students more control over their own educational experience. We have created an architecture of centralized control and then used FERPA to cultivate fears of moving to distributed, open architecture for sharing. So much so, that just about any time I present about UMW Blogs or ds106 the first question I get is—what about FERPA? It’s a kind of zombie question at this point, something people are almost programmed to ask even if they don’t know what FERPA is or what UMW Blogs provides students. People immediately assume social media and FERPA are necessarily exclusive and frame the question in such a way that immediately puts a publishing platform like UMW Blogs on the defensive.

But thanks to a tweet by Mike Caulfield almost two years ago, I finally had a way to think UMW Blogs’ relationship to FERPA differently. Mike basically noted that by giving students their own spaces online wherein they control their online identities, decide what they will share and won’t, and take control over the disclosure of their own data we are more FERPA compliant than any other system on campus. In fact, that’s exactly right, UMW Blogs is focused on giving students control over their own learning process, reflections, and take back ownership of their data. What could be more FERPA compliant? I think it is time to reclaim the FUD around FERPA and reinterpret it as it was intended: an act that encourages universities to give students more control over their own data, and by extension their own teaching and learning. Fact is, FERPA is in many ways a parallel to Gardner Campbell‘s idea of “student as sysadmin of their own education” —that is what we should be actively pursuing as a community dedicated to teaching and learning in the open rather than heading down a road of prohibition further alienating higher education from its mission.

At UMW we are FERPA compliant because we are actively making students sysadmins of their education.  What’s more, we are encouraging them to interrogate the questions around privacy, digital identity, and the data landscape that will frame their future rather than precluding this conversation all together—what could be more anathema to higher education?

This entry was posted in experimenting, UMW Blogs. Bookmark the permalink.

18 Responses to You Can’t Spell FERPA Without FEAR

  1. Cole says:

    Smart stuff, Jim. This plays right into the ongoing tension between provisioning services for faculty and students and asking them to run their own. I continue to wonder going forward if it is realistic for us to provide new and open services at all. For lots of reasons, FERPA being just one, it has become nearly impossible to offer solutions that match expectations. I appreciate your perspective on this one.

  2. Jeff Bohrer says:

    Thanks for the thought-provoking post. Giving students more control of their identity and learning…how might this influence the products our institutions select? Is “student-control” an emerging requirement?

  3. Luke says:

    I love it when you blog with fire.

    I completely agree with your take on UMW Blogs and FERPA, but I wonder if it might be a bit idealized. Creating a system and a structure that offers users the ability to manage legal pitfalls does not guarantee those pitfalls are managed. Especially when the goal of circumventing “rules” played such a large part in the conceptualization and construction of that system and structure. Our greatest challenge has and continues to be wrapping curriculum and knowledge around the power unleashed by these tools. Although it continues to be a goal, because of our scale and limited resources, it’s very difficult for us to adequately constrain and support a student-managed syndication framework, while also doing the sisyphean task of getting faculty to adjust their expectations of students and deepen their knowledge of the privacy implications of doing work in the open… I mean, how can you do that absolutely when more than half of classes are taught by part-timers, many of whom see teaching as an extension of their training in performing narrow expertise? I’m sure it’s a bit different at UMW, but the challenges seem permanent.

    So, to me, what’s most concerning about the GaTech move is that it’s absolutist, that it simply refuses to accept any gray area. Yet, gray areas are where the most interesting and important is usually done. In your syndication framework, if a faculty member commented on a student post that was published under an alias and included the student’s first name, and then in a subsequent comment included the last name: bing, FERPA violation, unless you have on file a waiver from the student. If this is the definition of FERPA going forward, I don’t see any way to do our work. If this is the future of higher education, I don’t think I’m being alarmist when I say that higher education has no future.

  4. Pingback: Learning Made Easy » Student Wikis Shut Down at Georgia Tech

  5. Ted Major says:

    FERPA lawsuits are indeed a zombie fear: it’s been nearly a decade since the Supreme Court ruled that FERPA does not create any right to sue.

  6. Reverend says:

    I think a move like this at GaTech is making a lot of folks consider whether trying to host a solution centrally isn’t ultimately the kiss of death. And that tension for me is where we need to be examining what would it mean for universities to start imagining their networks as more porous so that we can manage the flow of information that individuals own rather than coming up with an absolute, soup to nuts solution. It is the extremism in our approach wither way that seems to preclude the idea that we can do it well. When, in fact, I think universities need to take back some of the outsourcing they have done to re-imagine that architecture from the ground up. We should feel free to be interoperable with all those 3rd party solutions, but not sell the farm to them.

    I would love it if student control were at least a consideration. it seems right now it is the last question anyone considers when selecting a IT solution for managing data, teaching and learning, etc. In fact, more recent projects like Instructure’s Canvas that has the student central to the design and actually provides options of whether something is public or not–how radical!

    I try and limit my fiery posts on the bava these days because I don;t want too many comments from you given how awesome they are. In response to your points, idealized is how I roll and I think that is part and parcel of an abstracted response to an abstracted fear. What we want is to work towards one while not be subsumed by the other. And that also pushed me to say you are exactly right, the absolutism of this decision at GaTech reported by Mark Guzdial. I think the fact that institutions are unwilling to have this conversation and deal with the implications as a community reinforces the factory logic of highered. All of which reinforces the issues you underline: too many part-time, underpaid faculty who can’t afford to care, too many students who want to check a box, too many administrators who are afraid to be sued because they want the next bump. It is a system predicated on an efficiency of conservative convenience—which i think is more a tumorous growth that is distorting the mission of highered all together….but there I got again with my idealism. DAMN IT!!!

    Wow, isn;t that an interesting addendum to all this. So what are we really worried about then? Can we start talking conspiracy yet 🙂

  7. Chris Millet says:

    GT’s decision seems self-contradictory.. in a sense they removed information freely published by students, thereby removing some of that control which is explicitly stated in FERPA guidelines. As everyone has already said here, adding capabilities to allow students to control their privacy in these environments (blogs, wikis, etc.) should get you in compliance with FERPA, period. One issue I see from a practical standpoint is how you manage a course where you want students to collaborate openly, but a few students choose to be more private (as is their right). Again, if you provide options for those students, you should be clear of any FERPA issue and be able to move confidently towards teaching in an open environment. Flat out restriction of conducting classes in the open is short-sighted and ignores the relatively straightforward technical solutions to making this work and still respecting policies.

  8. Pingback: Openness As Accessory | Noise Professor

  9. Ted Major says:

    The scary thing is, I’m not sure Ga. Tech doesn’t have a point. No they can’t get sued, but they can lose federal money. In another case from 2002, the court made a big deal about “educational records” under FERPA meaning information maintained by the institution, like a database that might be maintained even after the student leaves. That sounds a lot like Ga Tech’s wikis. I wrote about it in a little more detail after leaving my earlier comment and re-reading the Owasso case.

  10. Ted Major says:

    Also, @Jim, as you say above, decentralization and not hosting services may be the way to go. Given the Court’s big emphasis on maintenance by the institution, any external service is by definition not going to be an “educational record” subject to FERPA.

  11. Pingback: EduGeek Journal » Dealing With The F Word in Education: FERPA.

  12. Pingback: Episode 83: FERPA Fear DTLT Today

  13. Pingback: wikis and blogs at a FERPA crossroads « AEC Instructional Technology

  14. Pingback: Protecting Student Privacy Without Going FERPANUTS - ProfHacker - The Chronicle of Higher Education

  15. Pingback: My latest at ProfHacker: Protecting Student Privacy Without Going FERPANUTS

  16. Pingback: Don’t FEAR the FERPA | HAPGOOD

  17. Pingback: A User’s Guide to Forking Education - Hybrid Pedagogy

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.