Of student digital privacy & schools demanding passwords

For Data Privacy Day (today, 1/28), let’s take a look at students’ data privacy – as in the data on their cellphones and whether school administrators have the right to search the devices. The ACLU says they don’t. It called out a school board in Tennessee for violating the constitutional rights of students by implementing a policy that allows school officials to search digital devices kids bring to school and “to monitor and control what students post on social media sites,” Wired reports.

As for citizens of all ages, the Center for Democracy & Technology cites “a very important appellate court ruling … US v. Warshak, which says that email should only be accessed with a warrant,” and “not just email, but also texts and private social networking posts.” But that’s just one appellate court decision, so CDT is calling for an update to the relevant federal law, Electronic Communications Privacy Act.

Student privacy vs. school safety in Illinois

But lawmakers in Illinois apparently believe students don’t have that privacy right on school grounds. They passed a law that allows an elementary or secondary school to “request or require a student to provide a password or other related account information in order to gain access to the student’s account or profile on a social networking website if the elementary or secondary school has reasonable case to believe that the student’s account on a social networking website contains evidence that the student has violated a school disciplinary rule or policy” – as long as the school has notified students and parents that this kind of request could be made. The law, which went into effect a year ago this month, doesn’t mention cellphones but it’s safe to say the passwords to “social networking websites” would include passwords for accessing students’ social media accounts on any device used at school.

“It is true that students do have different privacy expectations while at school,” writes criminology professor Justin Patchin in his blog at the Cyberbullying Research Center. “Courts have allowed school officials to search for weapons or drugs in school-owned lockers, for example.”

Advice for parents & students

But if he were a parent whose child was told to give an administrator his or her password, he writes, “I would refuse to do so without a police officer and a warrant.” And author Nancy Willard of Embrace Civility in a Digital Age advises students that, “if they are under suspicion for some wrongdoing and an administrator demands they provide access, they should say that they need to have a private conversation with a parent before doing so.”

Other advice for parents from Patchin: 1) “Of course, if there was legitimate cause for concern about the safety of my child or another, I would immediately review the profile myself, with my child, to evaluate the potential threat”; 2) turn any relevant information over to the authorities; 3) “remind my children to … make sure that all of their social media profiles are restricted so that only those they accept as friends or followers can view the information”; and 4) “ensure their cell phone is locked with a passcode.”

Related links

  • CNET and other news outlets confused the year-old law with one about cyberbullying that just went into effect this month.
  • Ed Yohnka at the ACLU Illinois posted a comment in CapitolFax.com that “the headline, here, is that, despite some reporting, no law in Illinois permits the broad collection of students’ private passwords.”
  • My post last week on the “‘State of the Union’ & the student part of student privacy protection”
  • Our tips for strong, secure passwords