November 21, 2017

The Advocate's Toolbox

Illinois Law Lets Schools Request Students’ Social Media Passwords

FacebookKeyThis January, an Illinois act known as Public Act 098-0129 went into effect, allowing school districts and colleges to request students’ social media passwords. While the bill was designed to protect students from cyberbullying, parents and teachers alike expressed reservations that it was overly broad and violated students’ right to privacy.

“It’s one thing for me to take my child’s social media account in there and open it up for the teacher to look at, or even for a teacher to make a child pull up their social media account. But to have to hand over your password and personal information to your accounts to the school is not acceptable to me,” said Illinois parent Sara Bozarth, according to a FOX affiliate.

The bill stipulates that schools can only request passwords provided there is reasonable cause to believe an account contains evidence of a violated disciplinary rule or policy.

However, what constitutes “reasonable cause,” as well as the actions schools are authorized to take if a student refuses to hand over a password, remains unclear, says Elana Zeide, a privacy research fellow at New York University’s Information Law Institute. In general, “courts like to give schools a lot of leeway in determining the appropriate action for individual situations,” she says.

For now, school districts appear reluctant to request passwords unless it is absolutely necessary. “I haven’t heard of it happening yet—it’s seen as intrusive by some parents, and schools are relatively responsive to community values,” Zeide explains.

Still, the way Public Act 098-0129 is currently written “is completely unconstitutional, in my opinion,” says Bradley Shear, a social media attorney based in Maryland. “If you want access to someone’s personal content, you should have to obtain a court order or a warrant, and go through the proper legislative process; schools should not be in the position of making that call, because it leaves the door open for them to go on a fishing expedition.” It also, he says, creates thorny liability questions. “With access comes responsibility.… What if a school finds information about a parent, or an illegal activity, and they end up not reporting it? Are they, then, liable?” A new bill has been introduced to amend the Illinois act, which would require schools to obtain a search warrant before requesting a student’s password, but there is no clear sense of when, or if, it will pass both of Illinois’s legislative houses.

Elana Zeide, research fellow at New York University's Information Law Institute.

Elana Zeide, a research fellow at New York University’s Information Law Institute

The Illinois act raises questions about a broader issue: Namely, how educational systems are already monitoring students’ social media activity. There have been reported cases of school districts and colleges across the country hiring private companies to monitor students’ online activity and track their public posts on social media sites, such as Facebook and Instagram, for keywords and references to topics such as eating disorders, suicide, or drugs. When a keyword is flagged, an alert is immediately send to the district’s department of education, says Shear. Schools are doing this because “no one is saying they can’t.”

Besides a relatively new state law in California that addresses social media monitoring in schools, there is little legislative oversight. In Shear’s opinion, it’s an unconstitutional practice, not to mention an unethical one: “Schools are being snake oiled by these outside firms. They do not have a legal duty to do this, and the amount of money they can spend on these [monitoring] services is troubling.” What’s more, continues Shear, “allowing third party to collect data provides more opportunity for a data breach or another security risk to occur.”

Social media monitoring for other purposes

Monitoring students’ social media for other purposes, including security during state testing, has come under scrutiny recently after Pearson State Assessment Services was outed for this practice following the publication of an email from New Jersey superintendent Elizabeth Jewett to a group of her colleagues in a former Star-Ledger education editor’s blog earlier in March. Other media outlets, including The Washington Post, picked up the story. Pearson subcontracts Caveon Test Security, a private security company, to monitor kids’ social media while administering tests, in this case, the Partnership for Assessment of Readiness for College and Careers (PARCC) tests, a Common Core test used for teacher evaluations.

Jewett’s email expressed concern over a notification she had received from the New Jersey Department of Education (DOE) that had informed her that Pearson had notified the DOE about a “Priority 1 alert about an item breach within the school.” The DOE suggested the student under investigation had tweeted a photo of a test question during testing. However upon further probing, it was discovered the student had tweeted about one of the test items, with no image, well after the examination was over.

Jewett spoke to the student’s parent, and the student deleted the tweet. There was no evidence of cheating discovered. However, she says in her email, the “parent was obviously highly concerned as to her child’s tweets being monitored by the DOE.”

In defense of its practices, Pearson spokesman Jesse Comart said that the company has found more than 70 instances in six states of students posting testing materials on a public social media site, according to The Baltimore Sun.

“We welcome debate and a variety of opinions,” said Stacy Skelly, another Pearson spokeswoman in an email reported in The Washington Post. “But when test questions or elements are posted publicly to the Internet, we are obligated to alert PARCC states. Any contact with students or decisions about student discipline are handled at the local level.”

How widespread is student social media monitoring?

While Zeide does not believe this practice of outsourcing student data analysis to private companies in general is common (due to the inherent controversy), she says, “it’s hard to know, because schools don’t have a lot of obligation to be transparent.” Zeide adds, “I do think this is something that schools are looking into more and more.”

There have also been high-profile cases of student monitoring to prevent cyberbullying. Glendale, California’s Unified School District hired the firm Geo Listening to monitor its students’ social media accounts for evidence of cyberbullying. In Alabama, Huntsville City Schools hired an outside security firm to investigate students’ activity on social media, leading to the controversial suspension of 14 students, 12 of whom were African American. (Only 40 percent of the student population is black.)

If students feel that school policies violate their privacy, it can have a detrimental effect on their education, Zeide says. “If it’s seen as intrusive, it may create distrust between parents and schools, students and teachers; it’s not conducive to a good learning environment.”

For librarians, who work in an environment where students expect a certain degree of privacy, such policies may “undermine the spirit of confidentiality,” she adds. What’s more, most librarians and teachers are not trained to manage and interpret all the information that is being collected, says Shear.

Paulina Haduong, a fellow at Harvard University’s Berkman Center for Internet & Society, believes that the pervasive attitude that young people don’t care about online privacy is a misconception. “It is very important to them,” she says. Haduong has found that teens generally understand that when posting online, the base assumption is that their posts are readily available and searchable. “For a lot of young people, this means that they don’t post things publically; we’re seeing a rise in Snapchat, Facebook group messaging, and group chats on other platforms,” she says. These are targeted posts designated for a specific group of people.”

“The overall debate over what to do with student data has been very loud. There is a push to gather more information about students in general…you tend to see rules that may restrict privacy, often in the name of protecting safety,” Zeide adds. “These are tricky issues: You have a lot of competing values and competing interests.”

What it boils down to in Illinois—at the moment—is student privacy. Christopher Ball, a parent of a sixth-grader at Oscar Mayer Magnet School in Chicago, says the Illinois act concerns him. “They should need a warrant,” he says, pointing to a recent case in Minnesota, where school administrators forcibly obtained a student’s Facebook password in order to investigate allegations that she had been sending sexually explicit content. Her parents sued, and the school district ended up paying $70,000 in damages.


Laura Entis is a staff writer for Entrepreneur.com where she covers tech, startups, and business psychology. She has also written for Psychology Today, The Hollywood Reporter and Bklynr.com.

Share