A (3:36)

Sure. So something interesting you had said right off the Jump is that Ferp is 50 years old. I didn't know that. I just thought it was something that was a little more current. Being that it is 50 years old and when it was enacted in the world today is very different than when it was 50 years ago. Do you still feel that the majority of FERPA language is relevant to schools and what, if anything, beyond what you had mentioned already, do you think kind of needs to be addressed to make it a little more current? I'm thinking, especially in the age of artificial intelligence and the amount of data that is being used by not just school districts, but private companies trying to leverage data themselves. Is FERPA still relevant?

B (4:17)

FERPA is absolutely still relevant. This is where I go down a geeky rabbit hole. FERPA was actually created because of computers. So 1974, yes, computers were pretty big, filled up a quarter of the room, if not a full room.

A (4:35)

Right.

B (4:35)

But there was a lot of concerns in Congress and across the country about this idea of computerized records, that there wouldn't be a human looking at them, that it was easier to make mistakes, that people would know less about what data was being collected about them and how it was being used. And so Frippa was really built around that idea of being able to access records. So parents and students have pretty much an absolute ability to request and receive any records. It includes the ability to challenge records, the ability to request deletion of records. You have even employees. Cybersecurity requirements. Where FERPA is less useful is when it comes to third parties. Because 50 years ago you didn't have 10, 20, 30, 40, 50 third parties involved in education.

A (5:43)

And cloud computing wasn't a thing. Right?

B (5:46)

Yeah. I mean, you had the single textbook provider maybe, and you had maybe outsourcing. The folks working in the cafeteria. School bus drivers may or may not be employees, but it was a really narrow number. And you also didn't have schools doing as much sort of holistic care of kids as many schools are trying to do. And parents are requesting today around things like mental health care support, social emotional development. So you come to today and you have numerous third parties, ed tech vendors that have replaced or supplemented the traditional textbook. You have another example, nurses that travel from school to school or district to district who certainly are generally not full time at any school. And may one particularly sad example keep their notes in Google Docs that are accessible through just a link in order to keep their treatment safe. Their treatment. Say that again. In order to keep their treatment records up to date. So then you bring in all of the other third parties and this massive job of school business officials. And when we look at FERPA, it wasn't clear for a very long time in 2000s, 2010s how it fit into this third party landscape. Now Department of Ed put out guidance that's really helpful pretty much since 2014, talking about what needs to be in place for cloud computing, for education technology, etc. But you have to know to look for it. And if you read the statute and the regulations, it'll actually give you the wrong impression of what FERPA protects. And that's a massive problem because most people, if they're going to look up ferpa, well, first of all, these days they're going to go to ChatGPT. But ChatGPT is maybe not prioritizing the guidance from the Department of Education on these issues. It's going to bring up statutory texts or regulations or somebody's interpretation. And unfortunately, this law is so messy and so difficult to find the information about that you constantly have inaccurate information about it everywhere online, which is how I got my career in a way. So yeah, dealing with those third parties is the really difficult part. The other aspect with FERPA is it obviously doesn't directly govern those third parties. They don't. They are not on the hook for any FERPA violations except in very rare circumstances that have never happened. So it is the responsibility of the school district, state education agency to make sure the vendors are in compliance. And of course, when you're dealing with massive vendors, folks who are working across states, convincing them to follow your interpretation of ferpa, let alone your student privacy bill, if it's an outlier, is incredibly difficult. Difficult. But there are some very interesting strategies that have been applied for that. But I'll pause there.

A (9:59)

Sure. So that's a lot just on ferpa and I'm thinking just kind of broader lens wise. Schools are navigating a lot of federal and state laws and just a patchwork of those, as I had mentioned before. What is making that especially challenging for school districts these days? Trying to navigate all of that.

B (10:19)

I think a large part of it on the student privacy side, other than the general uncertainty in education right now, which is just adding a lot of chaos to the day to day work. You have the Department of Education enforcing FERPA and prioritizing student privacy even as they are moving aspects of the department to other agencies. So I've told people, as far as I know, the Student Privacy Office at the Department of Ed is the one office that didn't remove anyone in the rips that has constantly shown up in press releases from the administration, that has been tied in to. To some of the LGBT debates that the administration is having and investigations they've opened up. So privacy is oddly in the spotlight. And first of all, you wouldn't think that would happen. It feels like an odd thing for the administration to focus on until you think about how student privacy is a mix of parental rights, access to records, disclosures, ability to opt in or opt out of sensitive surveys. If you look at it through that parental rights focus, it then makes sense that this is a top administration priority. And they have announced multiple investigations against districts, states, and really have been putting schools on notice that they are open to the ultimate penalty, which is removal of all federal education funding.

A (12:29)

So when we think about states individually and how they're kind of addressing the student privacy legal landscape, we're seeing states pass phone bans and screen time restrictions to try and get ahead of that. I know where I am in New York. We. New York state has implemented a statewide cell phone ban, which actually seems to be going exceptionally well in terms of just student discipline and educational engagement. How do those policy trends intersect with student privacy concerns?

B (12:59)

So you certainly, of course, have privacy issues that come up when you are trying to comply with E Rate. For example, if you receive E Rate funds, you have to follow sipa, which requires filtering and some level of monitoring. It's unclear exactly how much in order to maintain getting E Rate funding. And so one thing that where there were a lot of critiques from parents and activists was you had these personal devices connecting to school networks, or you had students accessing personal information on school devices. And at that point, you start to have news stories that. I think the oddest one was a doctor who said that Google had pulled his patient records into the school system. And to be clear, there's no way that that could happen without pressing okay, at some point, or the fact that he, you know, was logged into his kid's account. But that definitely raises concerns, obviously, when what students are doing is tracked and watched. And so in a way, removing cell phones during the school day from the equation means that you might have different privacy issues, certainly, but that one maybe goes down a little bit. The other important thing there, which is fairly recent developments, is there was a belief that cell phone bans just couldn't happen, that there wouldn't be enough appetite for them. And since there was a huge multitude of factors that allowed them to happen, there's now another threshold. Well, we couldn't do cell phones, but we did. So what can we do next? There was a hearing in the Senate last week where the answer to what's next from some activists was let's get rid of tech entirely.

A (15:38)

Really?

B (15:38)

Let's go to. Yes, let's go to totally analog world. So the cell phone ban, well, you know, it feels disconnected in a lot of ways from education. Technology has partially opened the door to people who are unhappy with potential commercialization in education, who are concerned about the impact of screens on student mental health, who are concerned about what schools are or are not sharing the amount of screen time that kids have throughout the day. And all of this is culminating in this growing push at the federal level, at the state legislative level to remove tech generally from schools. Now is that going to happen? Probably not. But remember that focus on parental rights and education. It's absolutely possible that states, districts, school boards individually might pass policies that certainly limit the amount of screen time overall. Very likely that'll happen, but also that parents will be able to opt out or opt in to any technology used. And while that sounds like a great idea to some folks, of course the realities of day to day schools and how much that would complicate things not just for schools, but for parents and students is massive.

A (17:23)

Has the conversation focused on equity? I mean, I feel that would be a huge problem in the classroom if, you know, before I go down that rabbit hole, I mean, there's equity issues already. I mean, some, some families have means, some do not. A lot of districts are opting to provide technology to the kids to, to kind of level that playing field. But now if you take it a step further, where parents can opt in or out of student district devices or other digital curriculums or things like that, what's the potential issue there? I mean, I feel like that's just a new equity issue that's somewhat self inflicted by the family.

B (18:00)

Yes, absolutely, I agree. You have multiple equity issues there. So I'll start with something that really concerns me, which is if we move to a opt in system with EdTech, you, you end up with parents being able to waive all protections. FERPA is based on the school needing to do the vetting, make sure that things are in compliance with ferpa. But FERPA has consent as an ability to waive many aspects of the law, many of the protections, the vetting that schools need to do. A lot of advocates don't know that you'd actually probably be providing fewer privacy protections because parents would be waiving, for example, the application of COPPA as well as potentially FERPA schools are barely keeping up with their requirements to vet education technology now, and they've come up with a number of ways to do it, contracts, etc. But it is in many ways contingent on the fact that schools need to be able to say under FERPA that their vetting process has been compliant, that it aligns with the law. And if parental consent is the primary driver of whether or not kids use ed tech, well, at that point you have lost privacy protections for kids whose parents may have more time to review things, may know more about how technology works, some of the dangers, but also some of the positives. And you also have students who either are, you have a system that is separating out those kids who have parents who again don't have a second or third or fourth job that are able to have a device at home, an Internet connection at home that allows them to do things like apply for scholarships on the various websites that exist there. And the kids who don't have that connectivity, don't have a personal device, are limited in what they can do and are more heavily monitored by schools as part of that. And so it just throws a lot of, a lot of privacy issues related to equity into the mess. And then of course from there you get into the questions about the digital divide and this question about okay, if advocates are saying that one to one device program programs or device programs generally are universally harmful for kids, which to be clear is very much so a minority view, sure, among folks who study the science of learning, but it's been the sort of loudest view recently. If you remove that, you remove those kids abilities to, to interact with technology and with the Internet overall. Now some people think that is absolutely fantastic, sure, but it can get extremely, extremely messy.

A (22:16)

So are legislators responding to, I'm going to use this term, may not be the right one, but the vocal minority. Do you feel there's a knee jerk reaction to this small but mighty crowd trying to strip technology out of the classroom and digital interaction with students? Or is there a balanced approach with the research showing, as you just stated, maybe it's not as bad as this minority is kind of saying.

B (22:42)

Privacy issues are particularly difficult in the political context because it is technologically complicated. It is often driven by the loudest voices, the people who have time and energy to devote to lobbying legislators, to speaking on these issues. And I think some of the best, maybe the best reflection of that is that the Senate hearing I mentioned last week about screen Time in schools. Three of the four witnesses advocate, at minimum, allowing parents to opt out of tech. And that's just one of the witnesses that was the least extreme of those witness positions. The others pushed for tech to be removed entirely. And so this is a viewpoint that legislators are hearing more and more. There's a book that came out in December, the Digital Delusion, which reads very well, but again, doesn't, doesn't mention that the viewpoint in that book is not what the majority of neuroscientists say. And so it seems like one could assume that from that book, from the testimony last week, that there is scientific consensus that tech is bad for learning, that tech is bad for kids. And that's just not the case. And so at the local level, state level, you're going to see more and more parents showing up saying, I saw that. The science says this, let's get rid of tech. And this is a really nuanced issue and there are serious problems related to tech. The issues regarding commercialization are real. Part of the reason that you have some companies providing free products to schools, like, there's certainly a philanthropic aim there, but it's also to get people accustomed to their products because they want it to become people's, part of people's daily lives. You have so many products in edtech that started out with a free model and we're showing advertising, though those products have dropped dramatically in what is actually used by schools in recent years. You have schools that don't know the answer. I just saw a news story where I think it was a parent was suing the district because there was a video of, was either her, her child being hit by someone, another student or someone at the school. And the school said, well, FERPA doesn't allow us to show this to you. There is very clear guidance that you have to know to look for that says no, you have to show that video.

A (26:01)

Right.

B (26:01)

And so you have people who think the problem is that FERPA says that you don't have to show the video, that privacy protections are actually denying parents access or that protections aren't sufficient. And I think it's essential that when you're dealing with any issue, but particularly something like this, you look at what the actual problem is, because you can't fix it. If you think that, oh, there aren't enough laws. No, in fact, there's not enough enforcement. There are targeted areas where state laws, where federal law could be improved. But guess what, you can have 140 plus laws across the country on student privacy that Covered a wide range of things. Lots of ways they could be made better. But the primary thing is enforcement. And the one state that has brought enforcement actions, New York, is the state that has the most vendors worried and focused on compliance. It works.

A (27:14)

Yeah, because not only are we banning cell phones and things like that, but we have something called education law Section 2d, which are privacy protection specific for families and students. And I remember when that was first rolled out, the onus really was on the district to ensure that those ed tech companies were complying. And we were scrambling trying to make sure that all of these vendors were complying with it. And this was back in, oh, geez, 2017, maybe beyond a little after that.

B (27:42)

2014, 2015.

A (27:44)

Yeah. See, I have no concept of time. It's just like. Yeah, it's crazy, but I remember it's. We were thinking as a school district, is Google really going to reply to us and fill out this very specific form? And it took a little bit of.

B (27:57)

Doing, very much so an outlier among state laws. And so there was a long time where people just weren't. They didn't feel like they possibly could add to, you know, the huge addendum that's required. And let's be clear, 2D was on, I think, like page 700 of the budget bill. It hadn't really been looked at closely. It was one of the earliest bills passed. It had some of those issues related to not actually focusing on the major problems before passing a solution. And you have ended up with a law that has so many duplicative documentation requirements, it can be a pain in the butt. But what it does have is the best enforcement mechanisms and setup in the country, and therefore they have the leverage.

A (28:58)

One of our biggest concerns was going from fiscal year A to B was we had all of these vendors that we were using. And then all of a sudden we, over the course of a summer, we were scrambling to get all of these education law 2D forms filled out. And you know, that, that was just, that was a huge lift. And I mean, it's kind of just part of the process now. We're used to it, but because of its newness and it's how thorough it was, it was a real challenge to, to make sure that we were in compliance.

B (29:27)

Absolutely. I mean, so I was on the committee that pulled together the regulations after the lie. I think that was what, 2017ish? And the law had a really slow start. If you had looked at the 2D success rate within 3, 5, 7 years after the law passed, you Would shrug and say, did this do anything? Because I remember one of the things I mentioned at the committee meeting. You know, there was this push for these incredibly high cybersecurity standards. And there was the absolutely valid argument that this is what our kids should have. These are the protections that must exist. But for me, it was about asking schools to jump to the moon when maybe they hadn't even gone to the next town.

A (30:32)

Right.

B (30:33)

And so were they going to have the ability to even follow these protections? Setting up a law that cannot be followed isn't a good way to protect anybody. But after the regulations came out, I was so, so incredibly impressed. The regional education agencies in New York pulled together along with the chief privacy Officer who has finally sort of settled into place.

A (31:06)

Yeah, I remember that was kind of a revolving door for a minute there too.

B (31:09)

Oh, it was not worth the amount of money that they were offering to deal with the chaos that New York brings on privacy issues. Um, yeah. So you started to have some really great folks who could be there long term. And you have now some of the best guidance, clearest guidance in the country that again, people need to know where it is and to look for it. I refer vendors to it all the time where it's like, here's the checklist. What needs to be in that contract, of what needs to be included when it comes to security, of what to look for, of the governance requirements that you, the school, need to have. And so now, a little over a decade later, New York has been very successful. And again, with enforcement actions, there were, what was it? I think five outside enforcement actions in addition to dealing with individual complaints from parents over the past decade. But these five enforcement actions included pretty big fines against various types of organizations and companies. And that makes everybody sit up and pay attention.

A (32:37)

Right, right. So I want to talk and focus a little bit on AI, because that seems to be top of mind for, for everyone. But there seems to be growing, some growing anger and distrust towards tech companies, particularly around AI, and how it could be affecting children's well being. What are you seeing in terms of public perception around that?

B (33:01)

So there are some. There has been consistent polling recently about the negative perceptions of AI from the general public, but also from parents and students. And polling has also shown that at the same time, districts are finally more comfortable adopting AI. They see the push at the federal level to essentially be required to incorporate AI companies, providing more free products with actually decent privacy protections built into them. You have teachers who have said they are now more comfortable integrating AI, and that is all running directly towards these parents and students and policymakers who don't think the promise, well, the promises more generally that people have said about AI have come to fruition and are seriously questioning again, tech in general in schools, let alone some of the just horrific issues that have popped up when teens in particular have used chatbots. Not just, you know, those where you can have a fictional friend. But there was a lawsuit back in, I think September of a kid, Adam Rain, I think he was 15, who committed suicide and in many ways was urged by chatgpt, including saying things like he shouldn't leave the new sad. He asked chatgpt if, if he should leave it out so his parents notice that he's suicidal. And ChatGPT says, no, let's keep it between us. And it. He was using that for homework support. Now, to be clear, he wasn't enrolled in school, he had a medical condition, was out of school for at least part of the year. But the headline there is that this AI used for homework, used as part of education, had this horrific result. And how much have we introduced AI without doing sufficient safety checks or relying on vendors that say, oh, it's fine, like, you know, there's not going to be a big issue here. What's the worst that could happen? Well, we've seen now the worst that could happen. I hope it's. We've seen the worst. And at the same time you have vendors putting AI in products without any notice, let alone consent for this software that schools have already purchased or been using for years. I think the best example of that is the Google's cheat button that came up during some exams where all of a sudden students were asked, hey, it looks like you're working on. There was a math problem. If you, you know, basically create, trying to think of the best way to describe it, essentially, let us see the screen, right? Then we can tell you how to solve it. And teachers are like, what is happening?

A (36:50)

Yeah, yeah.

B (36:51)

And you know, it's that undercuts trust that furthers that anti tech narrative and the pushback not only against some of the problematic aspects here, but also against the many technology products and use of technology that has been proven to be beneficial to students.

A (37:18)

Well, Congress is paying closer attention as well. Can you maybe summarize the most recent House and Senate hearings on AI tech and its youth education?

B (37:27)

So there's much more skepticism than there was in previous years. So you had a hearing last Wednesday? Yes, there were two hearings last week, one in the House, one in the Senate, but the House had a Hearing on AI sort of generally so touched on education workforce, a couple things. But some of these issues were brought up. Many, many members sounded more skeptical about AI being used and sort of what the, what the process should be before adopting it, particularly with students. And you wouldn't have seen those sorts of statements, which are generally bipartisan.

A (38:14)

Right.

B (38:15)

Even a year ago, two years ago, if you watch all the hearings on education and AI over the past few years, it was very much so. What are the possibilities with maybe what are tiny concerns around, you know, potential privacy? Oh, we can fix this via, you know, contract not trained on student data. And now it's a lot more than that. At another hearing that was in September, you had the education witness, I think it was the Senate Health, Education, labor and Pensions Committee. And the education witness got, I don't even know the word to use beyond interrogated, really torn apart by certainly Senator Hawley, but other folks who pointed to the AI Companion lawsuits and said, I want these companies to stop killing kids, we shouldn't use this.

A (39:20)

Right.

B (39:21)

And it really was sort of this absolutist position, which granted, in the case of AI companions maybe warranted. But this ends up being painted. This ends up painting a much broader set of tools and instructional work than where we're actually seeing the problems or the harms.

A (39:48)

Well, I remember just 18 months ago, maybe two years ago, you had the CEOs of these AI companies pleading with Congress to establish guardrails and legislation and regulation. And it's the first time that I can think of in recent memory where a tech company is actually asking for the federal government to intervene. And I think what we have seen in the past few years, for good reason, and unfortunately, this being probably the least effective Congress in US History, hasn't really been able to get their act together and do that. And now it just seems like the horse is out of the barn. AI is just exponentially increasing in its use just in everyday lives of everyday people. Is it too late now? I mean, is Congress going to be able to kind of catch up and keep pace with technology and how quickly it's evolving?

B (40:38)

I don't know that it's going to be Congress that has the most impact here. I think it's going to be state legislatures. I think there's a general agreement among education advocates, civil rights advocates and others that the horse isn't quite out of the barn yet. There's still limited enough AI use in schools. That horse can go back in the stable that you can at least put guardrails around AI Use. If that doesn't happen soon, then yes, I think you're at a point where schools have sunk time and investments and resources into these tools. And once that happens, of course it's much harder to change course. Particularly, you know, your stewards of taxpayer dollars. You need to make sure you're actually justifying and showing that you're using the tools that you purchased and that student outcomes are improving. And so I think there's a little bit of time before you have sort of AI and schools in the same position as something like using education technology in general. Again, even if it does get embedded in schools. You have the anti tech movement and you have the pushback against schools being able to use tech altogether. Part of that is the pushback on AI. One number that I've been struck by, there's a education poll that has been going on for more than 50 years now, the PDK poll. One of the statistics that were hidden in the results. They asked on a variety of issues. This is sort of, this is in the section about sort of impressions of cell phones and then a little bit about AI. AI support for a number of education activities dropped significantly between last year and this year. I think it was interesting, dropped by 11 point points for AI to be used for lesson planning, let alone for student facing uses. You also have a statistic in there where 68% of parent respondents said they do not want any information from their child shared with AI, including grades. And so you have again this growing pushback that if it hasn't already, is going to show up at local school board meetings. And my hope is that enough people listen to this, see the news to begin to build in. Okay, how do we talk to parents about this? How do we get community engagement? How do we make good choices before this maybe becomes a school vs parents type situation? Because it absolutely doesn't need to be.

A (44:14)

Right? Right. So we are running up on time. But I do want to close by asking you, when we think about the CFO in the school district, what are the most important steps that school business leaders should be taking right now to prepare for all of this? That's kind of swirling around.

B (44:29)

So I will promote till the end of my days the student at a privacy consortium. You should be using that contract. If you are not using that contract, why? It will make your life so much easier. So STPC created a model national privacy agreement and this was a completely district level driven initiative. You had the CIO of Cambridge Public Schools who then partnered with Boston, who then, you know, spread to the state of Massachusetts. And now across the country, you have districts using these agreements and the ability to have a single agreement that somebody can put in front of a vendor to say, these are the requirements, you signed this in this other state, or, you know, if you don't sign this, here are all of the customers that you are losing. And so it provides some of that leverage I was talking about for schools to make sure they're in compliance with ferpa, which is so very important right now. As you have these investigations, as you have the tech pushback, trust is vital here. So that would be absolutely top of my list. Lean into the community efforts that people have been working on for years to make your life easier.

A (46:04)

All right. Well, Amelia, you've given me and our audience a lot to consider, and it doesn't seem like the end is in sight with kind of everything swirling around in Congress. And just technology, obviously, is always evolving. So thank you for coming on School Business Insider, and if I have any kind of crystal ball, I'm sure you'll be joining us again in the future as these topics evolve. But at any rate, thank you so much for joining me today.

B (46:25)

Thanks for having me.

A (46:28)

Thank you for tuning in to School Business Insider. Make sure to check back each week for your favorite topics on school business.