Technology companies completely control the software used at schools. This problematically allows them to spy on you and lock you in to their set of programs. The enforced usage of this software is unjust and must be stopped, especially in schools, a place of massive future influence.
First, through direct collection and passive surveillance, corporate programs creepily amass insurmountable piles of information about people—amounting to 72 million data points by the time they turn thirteen. Because it is being collected by uncontrolled third parties, schools and students lose control over their information, and it can be used for any purpose. The foremost reason that companies collect data is creating profiles for advertising to you, but a malicious actor can use the data for identity theft or breaching trade secrets, among other things.
We also believe that the constant expansion of the advertising industry through veritably obscene infrastructure deployments is a ridiculous use of time and money.
The external security of the data is also a serious concern, given that these platforms are completely under the control of a third party with little or no transparency. The source code of most popular platforms is completely closed off, with no potential for external auditing. A slight oversight can cause devastating data breaches, which could have been avoided with outside reviews. All of our software is thus open-source and freely auditable.
Whether an internal or external threat is responsible, in a school, data exposure can have serious consequences for many, many years in the future. Consider the amount of sensitive information contained in these massive platforms, and moreso confided within schools’ systems: social security numbers, birth certificates, socioeconomic status, and obviously marks and “risk indicators.”
There are laws intended to protect student data; for example, the Family Educational Rights and Privacy Act and its resulting regulations require that any disclosure of information must either meet certain requirements or have specific consent from the parent or student. These seem to be largely ignored and stickered on any program for marketing purposes, occasionally through insufficient “certification programs” like those from iKeepSafe. We believe all promises must be verifiable. And some random company’s promise isn’t self-evident.
More
The particular requirements, at CFR § 99.31(a)(1)(i)(B), are that—
- the service provided is one that would otherwise be done by employees;
- the provider is under direct control of the school with respect to how information is processed; and
- the information may only be used for the purpose for which it was initially disclosed.
Taking, for demonstration, Google, only the first is applicable. Google is not under direct control of a school, and their app personalization algorithms are both unnecessary and not the canonical reason for the disclosure, even if that data is not used for advertising as they consistently note.
Also note that, despite the regulations, when someone opens a Google account, they give consent to their data being used, which may include prior student data.
As for iKeepSafe, their certification process can easily be circumvented by temporarily changing software to remove privacy-violating material.
Technology companies are also notorious for vendor lock-in; for example, the proprietary file formats underlying many applications today. Photoshop files are essentially restricted to being used in Adobe products, because the format is complex and potentially illegal to reverse-engineer. Implementors of formats like those of Microsoft Office face a 6730 page document specifying every historical bug and feature of Office products, risking incompatibility with many documents without complete compliance. Standards must be open from the beginning. And bugs must be treated as bugs. This enforces compatibility between apps.
Large single sign-on systems, like those of Google, Facebook, Twitter, Apple, and, in education, Clever, are by their nature tyrannical. For public (centralized) platforms, decentralized authentication must be open to all. That’s why Dachen Identity relies on OpenID Connect 1.0. Without a protocol like that, it would not be possible for app developers to open the gates to, e.g., Red Hat SSO.
The agreements between technology companies and schools can be unduly restrictive. For example, MySchoolBucks, a payment processor, requires that users enter into an unconscionable individual arbitration agreement and give up their right to sue, which is probably a violation of some financial laws—but that’s not my department. In some instances, the contract is invisible to outside people upon request, as a Freedom of Information Act or similar law in each state would require, and the transparency of the system is further reduced. We believe that service contracts should be publicly visible without the need for an information request, and without the possibility of outright refusal.
To teach exclusively these programs is unjust. As Richard Stallman writes—
“To teach a proprietary program is to implant dependence, which goes against the mission of education.”
In simpler terms, by teaching exclusively proprietary softwares, students will in the future be biased towards those softwares, and will be unable to adapt to other systems (libre software or not).
He continues from above by proposing a new rule for all classes:
“If you bring software to class, you may not keep it for yourself. Rather, you must share copies with the rest of the class—including the program’s source code, in case someone else wants to learn. Therefore, bringing proprietary software to class is not permitted except to reverse engineer it.”
A “school software exchange” is perhaps not the best idea, nor is it a standard practice to bring your own software to school. But the rule itself I believe embodies the principles of the cause: software must be freely usable and distributable along with its source code, such that no one is left without a necessary program and everyone may learn to write software themselves. This is called free software, or for clarity, libre software to emphasize liberty.
This excerpt ignores two other fundamental freedoms that must be guaranteed to computer users: the right to modify programs and distribute changed versions of programs, such that everyone benefits. In their canonical form, the Four Freedoms are as follows:
- The freedom to run the program as you wish, for any purpose.
- The freedom to study how the program works, and change it so it does your computing as you wish. Access to the source code is a precondition for this.
- The freedom to redistribute copies so you can help others.
- The freedom to distribute copies of your modified versions to others. By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
Freedom 0 means that competition is allowed and encouraged. While we strive to be the best, we can’t stop you from leaving. We predominantly use the GNU General Public License family of licenses for our software, so that the quality of software cannot be a contributing factor, and even competitors may benefit from our improvements.
That said, we prefer to integrate than compete as for software itself. Competition is healthy, but integration is important to prevent locking in users to one specific distribution or provider of the software. Otherwise, a company can add auxiliary services bundled with the initial service, which may not be as freely licensed, and stop users from switching to another setup.
Where possible, we like to remove SaaS-S (service as a software substitute) from our apps. Obviously, cloud storage, messaging, etc. require dependence on an outside system, but we need not make the content editing programs into services themselves, like Adobe. Personalization should be entirely local such that the data under custody of a service is minimal, and where data is stored externally, it must be end–to–end encrypted.
We thus develop apps that—
- are open-source and auditable;
- leverage primarily open standards;
- use decentralized authentication systems;
- are libre software, allowing free use, distribution, and modification;
- do not per se lock users in to one provider;
- integrate nicely with other systems; and
- use cloud features sparingly, and remove most SaaS-S features.
Help us achieve our goal
- Campaign for your school to adopt libre software.
- Volunteer by reporting issues, documenting programs, or helping write essential programs.