Stalking Students

On the BLKBRD-L email list is a discussion about proving students are cheating. Any time the topic comes up, someone says a human in a room is the only way to be sure. Naturally, someone else responds with the latest and greatest technology to detect cheating.

In this case, Acxiom offers identity verification:

By matching a student’s directory information (name, address, phone) to our database, we match the student to our database. The student then must answer questions to verify their identity, which may include name, address and date of birth.


The institution never releases directory information so there are no Family Educational Rights and Privacy Act (FERPA) violations.

However, to complete the course work the student is forced to hand over the information to Acxiom, an unknown and potentially untrusted party. Why should students trust Acxiom when institutions cannot be trusted?

Due to the decentralized nature of IT departments, higher education leads all industries in numbers data breach events. Acxiom’s verification capabilities were designed so that student and instructor privacy is a critical feature of our solution. Institutions never receive the data Acxiom uses in this process. They are simply made aware of the pass/fail rates.

In other words, high education institutions cannot be trusted to handle this information. No reason was provided as to why Acxiom can be better trusted. Guess the people reading this would never check to see whether Acxiom has also had data breaches.

This Electronic Freedom Foundation response to Acxiom’s claims their method is more secure was interesting:

True facts about your life are, by definition, pre-compromised. If the bio question is about something already in the consumer file, arguably the best kind of question is about something that is highly unlikely to be in one’s consumer file and even useless commercially–like my pet’s name.

Answering these kinds of questions feels like more of violation of than a preservation of privacy.

Confidentiality

A student wants Blackboard Vista to not reveal his or her last name. The student has already gone to the Registrar and gotten a confidentiality flag placed on the record. As I understand it, this flag in Banner is a FERPA protection to prevent the record from being provided to parties external to the university. It does not provide anonymity within the university. That electronic systems are being scrubbed of the student’s last name means something more than just confidentiality.

We only create new and not update from our student information system (SIS). So in general, the last name should not revert.

The instructor must know who the student is in order to correctly assign grades. If grades were automatically sent back to the SIS, then it would match the IMS id to the what is in the SIS. The user name or any other name is immaterial and not a confounder to the process. Unfortunately, our faculty has to manually transfer the grades. Some rely on the WebCT id / username. Others rely on the first and last name. I guess without names, this latter group is going to have to deal with relying on the WebCT id.

Only username, first and last name, and role are populated into the grade book. So moving the last name to another name field (like other, prefix, or suffix) would not help.

The last name appears to be part of their scheme for creating usernames, so they will likely need to change the username if the point is to not let anyone know what it is. The school in question does not appear to populate their Vista user records with a school email address. So I don’t know if the same would need to be done with it as well.

Blackboard Vista 3.0.7 does have issues with renaming the last name. While many things are immediately updated (good), some things are not. This is not a comprehensive list.

  1. The last name in the grade book was not updated. Removing the user from the section and restoring it to the section changed the name to the correct one.
  2. The last name in discussions was not updated.

So while renaming the account is easy to do, not everything takes place as quicklly as we would like.

Zemanta Pixie

Everything to Everyone

This is intended to be a more thoughtful response to Laura regarding Course Management Systems and the need for innovation.

Currently, Course Management Systems are bloatware. They got this way by trying to provide everything to everyone. One instructor wants a feature, the university presses for this feature, the CMS programmers put in the feature. Okay, maybe not even 1/2 the time, but given that we have about 15,000 instructors, even a tenth getting a tenth of what they want adds up very quickly. Where they overlap is where companies feel the pressure to add these features.

In my experience, people have found CE and Vista clunky and difficult to use since 2001ish. Basically, that was when the shiny newness wore off at Valdosta State. If anything, then its gotten worse over time. Personally, I think this is the case because its not easy to use. Part of this lack of ease is because of the sheer number of possible actions required to accomplish frequent tasks. Another part is the overwhelming possible branches one might take [1] in the decision tree. Part of what makes us intelligent is visualizing the goal and taking the steps necessary to get is there. When software is not easy to use, the users feel stupid because they cannot figure out how to get to the goal.

Think about the complaints we have been seeing about CE6 from people using CE4. They are griping about features they are used to using disappearing. No one wants to lose the features or options they frequently use. They also wish the features or options they never use would disappear.

From what I’ve seen, instructors will make use of what the university
provides. When universities don’t provide what instructors want, then
these instructors will find what they want elsewhere and make use of
it. Large companies take a long time to integrate new features. By the
time they figure out the user base wants something, incorporate it,
release it, and customers implement it, the users have become used to
using it elsewhere are not attracted to a feature they’ve been using
for years elsewhere. So then we invoke FERPA and whatever to move them
to the CMS which is more clunky than what they were using already.

So enough with my griping… What is the solution? Well, maybe we should think about what a Course Management System should do?

  1. Course management: This means it provides the university administration means by which they can control access to classes. Its not for the faculty so much as provosts, vice presidents, and registrars to be comfortable the university is not allowing students to take something without paying the institution.
  2. Learning: Specifically, these are communication of concepts and evaluation of concept comprehension.

In a nutshell, #1 is the course list and administration screens while #2 is the course internals. If our focus is recreating the university in an online environment, then the CMS is the right approach. By importing the data from the student information system, we build a hierarchy just like the course catalog and put students into virtual representations of these classes. This mindset is where instructors want to build classes that consist of their lectures, the assignments, and the assessments. Its the face-to-face class online. Thankfully, online classes are moving to using tools to better utilize the advantages of the WWW. However, the focus is more towards improving peer discussion.

Maybe this approach isn’t the best one for learning? Last month I read a few articles off a web site advocating a different model: students gathering and creating information themselves (Personal Learning Environment). The instructor in this model becomes more of a mentor like independent study or how universities functioned at the time of our Founding Fathers. I’ve been hearing this is the direction education ought to take for over a decade now. However, I think its unlikely as its easier on the instructor to use the bird shot approach. 🙂

My Approach: The CMS is only an integration framework to provide access to tools. It doesn’t try to provide these tools at all. There are hundreds of wiki products who are better at some things depending on how its used. Why should the CMS think it can do it better than all of them? Same thing applies to blogs, social bookmarking, file sharing, etc. This means universities will provide a number of these tools and support dozens of different applications and integrate them all. We will have to better understand data flow, security, how all these pedagogically work well together. It’ll be a nightmare.

[1] One of things I unfortunately still do is recreate the user’s actions by figuring out what they clicked on in the recorded session. Much of the problems we see are user error, probably through not understanding the ramifications of the action.