Officials tracked student movements on campus without their knowledge, says Wrighton – The GW Hatchet
The university was tracking the movements of students, faculty and staff on campus during the fall semester based on WiFi hotspot location data without notifying them, the president of the university said Friday. the acting university, Mark Wrighton, to the GW community.
Wrighton said in a E-mail to students, faculty, and staff that officials have collected location data along with “anonymized” descriptors, such as gender, to notify the Division of Student Affairs and the Division of Security and Facilities as to how community members use campus spaces. Wrighton said he heard about the project, which ended in December, after Acting Provost Chris Bracey told him about it in early January, shortly after Bracey himself learned about the project.
“Unfortunately, however, the University neglected to notify members of our community before beginning this analytics project,” he said.
GW Privacy Policy States that any party acting on behalf of GW processing GW Community Data must make available a privacy notice explaining how the information will be used.
Wrighton’s email says officials may have had the ability to collect individualized data, but officials did not for the project. Wrighton said officials would destroy any remaining data they collected last semester for the project.
“Faculty members also learned about this pilot project, and there were discussions about what would be done in the future,” Wrighton said in an interview.
Officials launched a new office to oversee data privacy and ethics in January 2019.
University spokesperson Crystal Nosal declined to say which officials oversaw and approved the data collection effort, why officials have not released an announcement about the project so far, and whether the Office of Ethics, Compliance and Privacy was aware of the data collection.
Wrighton said officials would not pursue efforts to conduct a similar project in the future without establishing a committee of students, faculty and staff to develop a set of policies and an “academic position” on the use. data from the GW community.
“The University deeply regrets that this project took place without proper review or safeguards, and we will work to ensure that such an incident does not happen again,” he said in the email.
The Faculty Senate will discuss an update titled “Student Tracking and Privacy” from Arthur Wilson, the chairman of the Senate executive committee, at its meeting this Friday according to the Senate. agenda. Wilson did not return a request for comment.
Brian Ensor, associate vice president for cybersecurity, infrastructure and research services, explained how officials conducted the pilot in an article posted on the company’s review platform, Upshot, in December. The article has since been deletedbut behavioral analysis business Analysis Diploma tweeted a link to the January 7 article.
Nosal also declined to confirm that Ensor was the author of the original article he published, describing GW’s partnership with Degree Analytics. Degree Analytics works with educational institutions to track and analyze student activities on campus, such as class attendance based on Zoom participation and physical attendance in classrooms, according to its website.
The Washington Post reported in December 2019, Degree Analytics uses WiFi data to track where students go to improve their experience. Aaron Benz, the company’s founder, said Degree Analytics could identify that a student who doesn’t spend a lot of time in campus dining halls or cafeterias might be facing food insecurity or an eating disorder. diet, the Post reported.
The post office reported that students can opt out of Degree Analytics’ data collection efforts if they click “no” in a window that asks if they want to help “support student success, operations, and safety,” but Benz told the Post that few actually do.
A spokesperson for Degree Analytics did not return a request for comment. Nosal also declined to say when GW partnered with Degree Analytics on the project.
Wrighton said in an email that Ensor’s article contained several inaccuracies, such as the implication that the project was analyzing individualized data, although the anonymized data officials collected to track space usage by students included individual descriptors such as gender.
“The privacy of our GW community members was of the utmost importance for this pilot,” Wrighton said. “Data included in heatmaps for space usage and dashboards for student usage for certain spaces has been aggregated and anonymized.”
Wrighton said in his email that the article also incorrectly implied officials conducted a similar project at GW Law in 2019. He said officials discussed a potential law school project but did not had not implemented it.
“Our original plan was to start a pilot project at GW Law School, and we had even mapped 6,000 access points in law school buildings,” the deleted post said. “Then the pandemic hit and everything changed.”
Ensor’s now-deleted article says officials could collect data on the number of students using campus spaces based on swipes recorded on GWorld card readers in buildings like the Gelman Library. , but they could not determine how long the students stayed in these buildings.
He said in the article that officials could use data on the time students spend in a building to assess which students were most “at risk” to help the University adjust its services accordingly.
Ensor said officials were working with Cisco System’s National Digital Acceleration Program – a group which helps leaders in government and academia in “digital transformation” – and Degree Analytics to collect data and interpret it to improve student services.
A Cisco spokesperson did not return a request for comment.
“We would integrate Degree Analytics’ software into our learning management platform,” the article said. “Then, by extracting anonymized data based on network usage, we could generate actionable insights using Degree Analytics dashboards and reports aligned to the types of questions we want to answer.”
Ensor said in the article that the onset of the pandemic caused officials to reconsider how they could use this location data to generate maps of the GW campus showing which buildings and floors were used the most to develop a schedule of cleaning to minimize the spread of COVID-19. .
“Knowing where they congregated could help us communicate effectively with students about these changes,” the article says. “It meant we could build some social responsibility into the conversation, instead of making students feel like they were being watched.”
Ensor said that during officials’ efforts to complete the data collection project, they were “aware” of privacy issues and sought to collect only the student data they needed to make “more informed decisions.” and provide better services”.
GW Privacy Policy States that any University office or contractor that collects personal information for GW only collects the “minimum” amount of information necessary. The website states that anyone collecting personal information must inform individuals of the data being collected and establish a “lawful basis” for collecting that information by taking steps such as obtaining consent.
“Failing to collect more information than necessary minimizes the information the university must secure and keep private,” the policy States.
Experts said universities can often access student demographics based on their student ID, but should practice “policy-aware” data collection when conducting research efforts like this. this.
Bhavani Thuraisingham, professor of computer science at the University of Texas at Dallas, said institutions should generally collect data like this with informed consent from users, much like doctors would when counseling patients about the how to move forward with medical decisions.
“We need policies for all of these functions or operations, because if you don’t have proper policies, everybody can go wild, you see, and start collecting data,” she said.
Tara Suter and Erika Filter contributed reporting.
