Posted on July 19, 2014
Have you read Andrew Campbell‘s recent piece in the Toronto Star on how online privacy protection for kids is lagging in Canada? If you have, then you will know that much is still unanswered about security, privacy, and terms of service for our students online. You may also have noticed that there is a resounding silence in educational technology discourse around this perplexing topic when it is ironically the realm to which the issue is of utmost relevance. There are many reasons for this, and that discussion is better suited to another blogpost. Today, I want to spend a few paragraphs imploring all of us to get our wheels squeaking at least a little bit. To help me do this, I want to go back a few months in time.
The recent #heartbleed security flaw in Open SSL online security was major (and it’s not over, folks). How big? Well, the Canada Revenue Agency and other government sites were shut down in an unprecedented move to attend to the hole. They also went to the trouble of creating a whole information page to reassure users they were dealing with the matter (click screenshot to visit the page).
‘Cause, man, I sure didn’t (oh, wait, I did receive one from Evernote, eager to remind me that, ‘unlike everyone else’, they did not use Open SSL and, as a result, were not effected). Do you know how many accounts I currently hold with various education read-write websites and apps as a teacher that has loved using these tools and spaces with students? Hundreds (and times that by hundreds more to get the number of students that have made accounts under my charge). None of them emailed me.
The deafening silence from these ‘free’, ‘educational’ sites on a crucial security hole such as #heartbleed, what some call the biggest ever in the history of the internet, left me dumbfounded and disappointed to say the least. Let’s attempt a comparison here.
Just recently, Evenflo, a large company that sells infant car seats recalled 1.3 million car seats because of a rarely noticed flaw which might make it difficult to remove your child from the seat easily in an emergency. Then there’s General Motors, one of the largest car companies in the world. A few weeks ago they recalled 2.7 million cars due to manufacturing defects. In 2014 alone, they have recalled more than 11 million cars. Needless to say, it is not a good time to be a shareholder in GM, but I digress.
Sure, there’s a huge difference between the risk of dying and having your Edmodo account compromised. But here’s the thing: car seat and auto companies do not mess around when it comes to risking public and customer perception. It’s the same reason why your local ice cream shop will not hesitate to give you a new scoop if your child drops hers on the ground; or why Starbucks will never refuse to remake your latte if it’s not perfectly to your liking. They value your custom, loyalty, and they protect their brand like a parent does a child.
We should have leverage as users of these sites and apps, not the other way around. And if we don’t have any kind of influence, if these companies were under the impression that there was no communication necessary regarding something like #heartbleed to its users, if they have zero concern about public relations in this realm, how important are we, the users, in this equation? I just know that my mamma always told me that there ain’t no free lunch.
#Edtech companies rely on social media, blogs, and conferences to spread and sow their seeds, so to speak. If they felt any amount of pressure at all to address important security, privacy, and terms of service concerns, you can bet they would start moving on it. So, that’s what we can do. We can turn the noise into a signal. We can demand that our favourite educational websites and apps be far more explicit and transparent about these matters.
Is it really any more complicated than that?