EFF files student privacy complaint regarding K-12 Chromeboxes

Privacy, Technology

by Mack Freeman

Google has come under fire from the Electronic Frontier Foundation (EFF) due to perceived privacy problems with their Chromebooks that have increasingly been incorporated in K-12 schools throughout the United States. The EFF’s complaint that was filed with the FTC makes the claim that the Google Apps for Education program that is supposed to only use student data for educational purposes is instead being used for advertising in violation of the Student Privacy Pledge. The Washington Post describes the problem this way:

The complaint by the EFF, which in the past has sided with Google on other issues, focuses on the so-called sync feature of Google’s Chrome Web browser that stores bookmarks, passwords, and browsing and search history. It alleges that sync helps Google use students’ browsing history and other data for uses beyond education.

In response to the EFF’s concerns, Google, a division of Alphabet Inc. said it agreed to change the sync settings on Chromebooks sold to schools. Under the new settings, data entered or generated by students while using Google Apps for Education would not be used outside of that context.

As more and more technology enters the daily lives of students, student privacy continues to be a hot-button issue with over 15 states passing laws in the last year regulating student privacy and how their information can be used.

The Future of Privacy Forum, a Washington-based think tank of which Google is a member, states that they do not believe that the complaint has merit, saying:

We have reviewed the EFF complaint but do not believe it has merit. Chrome Sync is a setting within the control of the school IT administrator, and can also be changed by parents or students. This feature allows students to log in at home or at a library and have access to their school bookmarks, favorites and other settings. Since Chromebooks may be shared among students in school (with password-protected accounts for each student using that particular hardware device), many schools rely on Sync so that multiple students have ready access to their accounts and settings on the same device. We understand that any data collected is not used for behavioral advertising and all other data uses are aggregated and anonymous. The Chrome Sync setting is a general feature of all Chromebooks, whether purchased by schools or the general public. We don’t believe the complaint raises any issues about data use that are restricted by the Student Privacy Pledge.

While the complaint is pending, neither side is ceding any ground. As more and more libraries start to use Chromebooks either in-house or circulating, however, it’s good to review the ways that individuals can increase the available privacy on these devices. The EFF has released a new guide to increasing privacy settings on Chromebooks specifically for students. It can be found here.

Although this technology issue is only one vendor, and it exists mostly in the IT world that I’m not a member of, it has given me pause for how I treat my own devices. I like to think of myself as a relatively privacy conscious individual who works to educate others about how to protect themselves, but I can think of far too many occasions where I have sacrificed a little bit of privacy for the sake of simplicity. Or usability. Or expediency. And I’m someone who thinks about this kind of stuff all the time; how are we training our students, especially our young students, to protect their privacy? In the case of these Chromeboxes, the technology and the Student Privacy Pledge were supposed to fulfill that role. But what do we do when that fails? And while there’s no evidence that Google has done anything wrong, what if what they or some other vendor has done in the past follows the letter of the agreement, but finds a loophole that violates the spirit of student privacy?

It’s because of these issues that I feel we must all remain vigilant to any potential breach in privacy. Because any small breach that loses ground means that that bit of privacy is gone forever. I’m reminded of the play and later film Doubt by John Patrick Shanley. In one scene, the priest is talking about how containing gossip is like ripping a pillow wide open and then trying to gather the feathers back together; in other words, it is impossible (you can view the scene here). Recovering privacy after it has been breached is similar. There is only one shot at keeping information secure before it becomes varying levels of insecure. And as information professionals and advocates for the right to privacy and intellectual freedom, we must stand against these leaks in the dam.


John “Mack” Freeman is the Marketing and Programming Coordinator for the West Georgia Regional Library. He is a past recipient of the Freedom to Read Foundation’s Conable Scholarship, and a 2015 ALA Emerging Leader.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.