Two UBC students talk about how they use Connect and then watch a video that explains how Connect collects student data and generates reports that instructors can view. They express concerns about how this data is collected and about the affect that it may have on their grades. Overall, they believe that a more transparent framework needs to be established because of the potential impact of this data collection.
What do you think?
How do you feel about your data being used in a way that may impact your grades and that you may not have been aware of? Let us know in the comments.
The Blog Series
The Connect Exposed blog series documents my inquest into data collection on Blackboard Connect, the difficult process of obtaining my data from UBC, and privacy concerns around the collection of student information.
How many times a day do applications on your phone ask to be allowed to access your location. Do you leave your location GPS on all the time? Do you know how to turn it off?
If you’re not concerned with how companies like Google having access to your location, consider that with that information they can track your every move and know where you, or at least your phone is, at any given moment.
Why does it matter?
Having a GPS system embedded into phones is something that we’ve grown accustomed to and even rely on. In an unfamiliar location there is peace of mind knowing that we can always look up directions if we get lost somewhere along the way.
Leaving location services on all the time however can make you more open to risks. Just think, geolocation data can reveal intimate details about people’s lives; everywhere that you visit with your phone becomes accessible and companies can sell this data revealing information about consumers’ religious affiliations, medical conditions, and more. Geotagging photos and selfies may seem like an easy way to let friends know where you are, but for victims of online harassment or stalking, you are also putting yourself and anyone else in a photo with you at risk.
What can I do?
As a first step, it’s recommended that you disable location services on your phone. Here are step-by-step guides on how to do this for iOS or Android phones. When specific apps ask for location access think critically about why they app need to know your location? If you’re lost and pulling up a map on your phone or trying to figure out if it’s going to rain that day, letting your phone access your location for GPS accuracy makes sense. If you can’t find a good reason for why an application would need access to your location then maybe think twice before allowing it to do so.
In August of this year, WhatsApp made a change to its privacy policy. The instant messaging service with over a billion users announced that it’s sharing data with its parent company, Facebook. This means that WhatsApp users’ phone numbers, contacts, and even the content of their messages, can now be linked to Facebook accounts.
Why did it happen?
Facebook claims that the data will be used for targeted advertisements, like messages sent directly to WhatsApp users from businesses. The initial change in the privacy policy allowed users a thirty-day window to opt-out of the targeted advertisements. But data would still be shared between WhatsApp and Facebook, regardless.
What can be done?
Recently, the UK’s Information Commissioner asked Facebook to pause all data transfers between itself and WhatsApp. She is concerned with how Facebook intends to use the data, that WhatsApp never established valid consent to share the data, and that an expired thirty-day window to opt-out doesn’t give users ongoing control over their data. In September, Germany ordered Facebook to stop collecting user data from WhatsApp and to delete any data that it had already received.
There hasn’t been any formal resistance to the change in WhatsApp’s privacy policy from Canadian privacy commissioners.
What are your thoughts on the Digital Tattoo project? Do you have any ideas about topics that we should be discussing? How about the changes to WhatsApp’s privacy policy?
The Digital Tattoo project is designed to encourage thoughtful engagement with the issues and concerns surrounding the internet, privacy, and online identity. It does this by providing resources—including videos, quizzes, and links—that explore various aspects of digital citizenship. The overall goal is to make you more aware of your options when navigating the internet and the implications of your choices.
Try taking this quiz in the Protect section to find out what areas might be of interest to you. Then, check out the other areas!
The project is a partnership between the University of British Columbia and the University of Toronto and the content is created by students at each institution.
The Posters
Maybe you’re here because of one of our posters on campus. The purpose of this campaign is to raise awareness about the permissions that applications on phones ask for and to raise questions about the amount of information that we’re sharing through these applications.
Follow the link below each poster to find out more about their unique content, discover more resources about the issue, and to participate in the conversations happening in their comment section.
This image is licensed under CC 2.0 by Flickr user DonkeyHotey
In light of my recent exploration of data collection, surveillance, and analysis with UBC’s Learning Management System, Blackboard Connect, I’ve felt empowered to take further control of the data that exists about me online. Below, I’ve identified two of the larger data mining companies, Google and Facebook, and what you can do retrieve, edit, and delete the data that they’ve collected about you. If you’re not concerned with Google or Facebook having your data, consider that they’re both liable to sell or transfer your data to third-parties, like advertisers, banks, and security agencies.
What can I do?
Begin auditing the data that exists about you online. We create an average of 70 data points on the internet everyday, all logged with unique identifying information and timestamps. That’s 70,000 data points in a year, and over a half million in a lifetime. This is a very conservative estimate. When I got my data back from UBC about Connect, I was creating upwards of 45 data points in a minute. Let’s explore some options.
Facebook
Have a look at your application settings on Facebook. This shows you what applications you’ve allowed Facebook to share your data with, and what kinds of data you’re sharing, along with access permissions. Through this panel, you’ll be able to restrict these applications from accessing your data and account.
While you’re at it, why not have a look at what Facebook thinks you like? The advertising preferences panel shows you how descriptive and predictive analysis have identified your areas of interest. These aren’t unique to Facebook; this data is being sold to advertisers across the internet. You can go ahead and customize these fields, or delete all of them. You’ll also be able to see which advertisers have you within their custom audience. If you want, delete those, too.
Want to see all your activity on Facebook all the way to the beginning of time? I couldn’t figure out a link for this one, but if you click on the little downward triangle in the top right corner of any Facebook page and select Activity Log then, yikes, every like, comment, and post will appear in chronological order. In this panel, you’re able to delete any unfriendly reminders of times gone.
Facebook also purchases data from third-parties to enhance its knowledge about you and provide richer detail to its advertisers. You can view a list of the current data providers that Facebook is working with, but be prepared to be checking this list fairly regularly as Facebook often switches providers. On that page, you can also attempt to opt out from the data providers and have your information removed. However, according to one article, this is almost impossible. Opting out requires you sending them sensitive information like your social security number and/or a scan of your driver’s license.
Now the big one. You can download all of your Facebook data at once. Click on that little downward triangle again and select Settings. At the bottom you’ll see an option to download a copy of your Facebook data. It won’t happen instantly. I’ve been waiting a couple of days.
But if you really want to see all of the data that Google has about you, you’ll have to download a copy of your data. This is all of the information that Google has collected about you. You won’t be able to make any changes to it in this document, but by referring to the links mentioned before, you’ll be able to customize your data.
Why does it matter?
When it comes to data mining, there are two major forms of examination that can take place: descriptive and predictive analysis. Descriptive analysis involves the superficial content of your data; your explicit likes, interests, activities. There isn’t too much harm in this data, especially when it remains in the location where you’ve shared it. Predictive analysis takes this content and makes inferences upon it, predicting future patterns of behaviour based on your previous activities.
Likewise, there isn’t too much harm in this, as long it remains within the location where you’ve shared it. If the ads on your Facebook are more relatable to your interests, both actually and predictively, it’s not a big deal. However, when this data is transferred from the original site where you’ve shared it, which we can refer to as a public location, and is then used to make inferences about your behaviour at a new location, which we can refer to as a private location, you could make the argument that a privacy violation has occurred.
It’s the contextual differences between public and private locations, and the transgression of these metaphorical boundaries, that animates the violation. For example, if the dataset that is created through your interactions on Facebook were sold to an advertiser, who then sold it to a bank, who then rejected you for a car loan, you’d be pretty upset. The information that you divulged in one context, Facebook, has been transferred into a different context at the bank and transformed to make predictions about your risk. There are other examples, which have to do with national surveillance agencies, but they’re too dark and broad to cover here. But you have some options to take control of your data.
What do you think?
I know it’s a little early for spring cleaning, but taking inventory of the data that exists about you online is a great way to take control of your digital identity. Were you surprised by any of the things that you found?
Image used under CC 2.0 courtesy of Flickr user LearningLark
A 16-year-old boy from Newfoundland received a sentence of 18-month probation for sharing naked photos of his 15-year-old girlfriend. He pleaded guilty to possession of child pornography and avoided the more serious charge of distribution. In Canada, he could have faced the same charge even if he had not shared the images. It is illegal to possess naked images of a person under the age of 18 even if they have consented to having the images taken. There are some special circumstances, like if both parties are under the age of 18, within two years of the same age, were present and consenting when the images were taken, and never shared the images. This is the second sentence of 18-months probation for sharing naked photos in Canada.
U.K. passes intrusive surveillance bill
The bill was passed because proponents claim it gives the government the power it needs to combat terrorism’s increasingly digital threat. It requires that communications companies retain records of every website, application, and messaging service that a user accesses for a period of one year. This includes those accessed through smartphones. Civil rights and technology companies are calling the bill overly intrusive and oppressive. The information that the government can access is supposedly related only to your metadata: who you contact, when, how often, and the pages you visit; and not to the content of your online interactions. However, metadata can reveal a lot of personal information and often leads to escalated measures of surveillance.
Newfoundland and Labrador finance minister breaks the silence about online harassment
Image used under CC 4.0 courtesy of Wikipedia Common’s user MirandaRights89
In order to show the public that online harassment is not acceptable, Cathy Bennet shared some of the abusive emails and social media communications that she has received since being in office. By going public, she is combating her own online harassment and empowering other women to do the same: “This is how it starts, because we excuse it, we don’t call it out, we push it under the rug. I want all women to stand together, to be braver, and not be bystanders as others are abused … I want to put an end to cyber attacks that demoralize, humiliate and escalate.” Her decision also coincides with the final day of the U.N.’s 16 days of activism against gender-based violence campaign.
New smart home devices, which are internet connected devices that are part of the growing Internet of Things, like a WiFi connected teapot, present quite a few privacy concerns. Such devices were used in late October to temporarily bring down the internet in a coordinated attack. They’re relatively unsecure and, as they are embedded within homes and equipped with microphones, could be used to invade someone’s privacy. Amazon has addressed this concern by configuring their smart home device, Echo, with a mute button that is analog and not digital. This means that a hacker won’t be able to listen into the microphone unless they physically reattached the connection to the microphone that is separated when muted. This simple but highly effective mechanism might be the future of privacy.
Update: Data sharing between WhatsApp and Facebook in the UK
After Facebook announced it was changing WhatsApp’s privacy policy to allow for data sharing between the two companies, the UK’s Information Commissioner announced an investigation into the implications of this action. Eight weeks later, and that investigation has uncovered that Facebook isn’t being transparent enough about what it will be doing with WhatsApp users’ data, hasn’t produced valid consent to share the information, and has therefore blocked data sharing between the two companies. Germany had already rejected the data sharing between the two companies. While Europe does tend have more progressive policies towards data protection and privacy, it’s surprising that nothing has been done within North America to protect WhatsApp users’ privacy.
Trump policy change or website malfunction?
President-elect, Donald Trump, had a couple of inconsistencies on his official website recently. On Thursday, Nov. 10, some of his most controversial proposals were temporarily removed from the website, including his ban on all Muslim immigration and a list of his Supreme Court justice picks. This wasn’t the first time the website has cited technical difficulties; in September, Reuters noticed a new healthcare policy on the website and, after they enquired about it, the old healthcare policy returned to the website.
After a long period of waiting, and a short period of complaining, I’ve received my personal data from UBC’s Learning Management System (LMS), Blackboard Connect. I’m impressed with, and unsettled by, the amount of data that I’ve been given. It’s from every course at UBC that I’ve ever been enrolled in, including those that I dropped before classes began, and those that never even used Connect.
The documents include a 212-page PDF of Course Reports. These are the records that instructors can generate from within the Connect environment and evaluate student performance. They are a component of the Blackboard Learn tools that offer this lofty promise: “As you monitor student performance in your course, you can ensure all have an opportunity for success.”
Below are screen shots from that document. They show what an instructor sees when assessing student performance and assigning grades like participation through Connect. It demonstrates how students can be unfairly evaluated and is evidence of how Connect is failing to deliver upon its ambitious promise.
Course Activity Overview
The most important statistic in this image is the average time per user displayed on the bottom. This gives the instructor an idea of how an individual student’s performance relates to the rest of the class. In the case of my course, students were using Connect for an average of 19.48 hours each week. However, this statistic might be very misleading for instructors.
The practices for each student using Connect is heavily varied. Some may leave their browser windows open for extended periods of time, working on assignments and writing discussion board posts from within Connect, which will amount to a greater average time. Whereas others might complete their work outside of Connect and enter only briefly to submit their completed work.
How might these varied practices impact the participation grades of different students? Perhaps, a student with limited access to the internet would be discriminated against based on this performance tool as they would perform poorly compared to a student with a constant internet connection, who can login into Connect as frequently as they like. As well, a student who simply engages differently with Connect may receive a poorer grade in reflection of their practices and not their participation.
The above image shows my performance as compared to the class average. The blue bar represents the amount of time that I spent within Connect and the orange line is the average threshold, which I marginally surpassed. I would expect that instructors would take a cursory glance at this graphic to get a sense of where students are situated within their class.
In terms of my practices within Connect, I would do very little actual reading or writing within the system. I found that writing in the small window for discussion board posts and journal entries to be constraining and difficult. I also didn’t like going through the burden of logging in each time I needed to access a reading. So I’d often log in, download the readings, check what had been posted, and then write my posts and do my readings from outside of Connect. But during this time of relative inactivity, to my great benefit, I’d leave Connect open. If I hadn’t, my average time in course would be significantly lower.
In this course, I was slightly above the average in terms of time spent in course each week. Above and below me, there would be students who performed better and worse (to protect their privacy, their information has been redacted by UBC’s Office of Counsel). I would hope that instructors wouldn’t pay too much attention to the arbitrary statistic of average time spent in course. As limited means of access, and different practices from individual students, would heavily influence this field and make this a very biased means of evaluation.
The Performance Dashboard
The Performance Dashboard is another Connect Learn tool that instructors can use to evaluate students. Importantly, this is where a student’s total number of discussion posts are listed. It also informs instructors when a student is not logging into a Connect course often enough. This information is provided in the Days Since Last Login column. Note that the timestamp contains the precise second of the login.
As this course ended a couple of years ago, the table indicates that it has been 651 days since my last login. These statistics would be in comparison with other students, whose data would be above and below my own (again, redacted by UBC’s Office of Counsel for privacy). The kind of comparative analysis based on arbitrary statistics presented by the Performance Dashboard is highly suspect and goes against the standards of academic rigour.
Below, you can see how recent my last activity was on the discussion board and in my journal, my total post submissions and journal entries, and total submissions. Carefully monitored and heavily scrutinized, this data could be useful in providing a very basic comparison between students in the class. However, taken into consideration only at this level, it would be quite biased. For example, if my discussion board posts were all very short and not very useful, I might be graded better than someone who had less posts, but whose posts were much longer and of much greater value.
This kind of analysis is dangerous because it’s very superficial and does not consider the quality of the content of a student’s work. If an instructor were to rely on this tool, then the grade that was derived from this information would not be representative of the actual effort that a student had put into the course, and would be very unfair reflection on the student.
Student Activity Overview
This is a breakdown of my weekly Connect usage for this course. It could give an instructor an idea about when and how often a student is accessing the materials. For example, it looks like I’m heavily favouring Thursdays and, as I recall, assignments and discussion forum posts were due on Fridays in this course. This might give an instructor the impression that I’m leaving my course work until the last minute. Whereas, it could be the case that I’m preparing my assignments offline and taking the time to edit and improve them up until the deadline before I submit them.
Likewise, a student with limited access to the internet might have all their interactions with Connect during very brief periods, only a couple of times per week. Looking at a statistical analysis like this, the instructor could get the impression that the student is not sufficiently engaged with the materials, despite all of the time offline that the student is putting in.
These images show the total number of times and initial access time that I accessed course documents within Connect. For an online course like this one, it allows the instructor to see if a student is moving through the course modules at an appropriate pace, and provides them with an easy explanation if a student is not performing adequately.
But, as mentioned before, some students may not access Connect frequently, despite their engagement with the materials. For example, a student might download all the course modules at once and then access the materials offline. In the Performance Dashboard, that student wouldn’t appear to be performing very well.
If I were to take an online course in the future, I wouldn’t necessarily want this level of surveillance and scrutiny: this information is likely only to be used as evidence for why a student struggled in a course. There could be many reasons why a student might perform poorly, and the time at which a student initially accessed a learning module is not necessarily indicative of that student’s performance. In the future, I would go through and open all of these modules on the first day I accessed the course within Connect so that this data couldn’t inform my participation grade.
Value of the Data
It is my belief that the data being collected and provided to instructors through Connect’s learning analytics are a threat to the unbiased evaluation of students at UBC. The comparative presentation of these statistics are not indicative of the actual efforts of students and creates undue risk for them to be assessed on factors that are completely unrelated to their engagement with course materials.
And because this harm far out weighs any tangible benefits, I believe that UBC should stop collecting student data through learning analytics on Connect. Or, in order to better address these concerns, students should have complete, un-redacted access to these documents so they can understand how they’re being assessed in comparison to their peers. This would give them the opportunity to either change their working practices, or to at least argue and have evidence that they’re being unfairly evaluated.
But the most obvious means of addressing these concerns would be removing instructor access to these reports, which provide such cursory information that it can only mislead their grading practices, and offers far more potential for harm than any possible positive effects.
The Video
Two UBC students talk about how they use Connect and then watch a video that explains how Connect collects student data and generates reports that instructors can view. They express concerns about how this data is collected and about the affect that it may have on their grades. Overall, they believe that a more transparent framework needs to be established because of the potential impact of this data collection.
What do you think?
How might you change your practices on Connect now that you know more about how you’re being assessed? Do you think that any of your habits have influenced your grades in unfair ways? Would you like to see the data collection on Connect through learning analytics be disabled?
The Blog Series
The Connect Exposed blog series documents my inquest into data collection on Blackboard Connect, the difficult process of obtaining my data from UBC, and privacy concerns around the collection of student information.
It’s been over 60 working days since I first made my request to UBC for access to my personal data that was collected and stored through their Learning Management System (LMS), Blackboard Connect. Under the Freedom of Information and Protection of Privacy Act (FIPPA), public institutions are advised to comply with these requests within 30 business days, but may take an extra 30 business days if the request is large or difficult.
Originally, the Freedom of Information (FOI) assistant at UBC informed me that my request was extended into the additional 30 business days category because they were dealing with “a significant backlog.” One day later, the nature of the delay was due to the “large volume of responsive records” that they had received. They were therefore, “unable to provide [me] with a timeframe” in which I could reasonably expect to receive my personal data.
The Solution
When the 60 working days had expired, I got back in touch with the FOI assistant and enquired about the progress of my request. I was denied a timeframe once again, and directed towards the Office of the Information and Privacy Commissioner (OIPC) should I wish to make a complaint, which I did. I phoned the OIPC and they agreed that I should place a complaint, which I also did. But I didn’t quite stop there.
As is evident if you’re reading this, I’ve been writing and publishing each step of my FOI journey. Up until last week, I hadn’t mentioned this to UBC’s FOI assistant. The fact that I intended to make my data publicly known, or that I was documenting the process, didn’t strike me as any of their concern. But I changed my mind after an experienced journalist—who has filed hundreds, if not thousands, of FOIs—suggested that informing the FOI assistant that I’m writing about the process may help to expedite my request. So I did that, which also seems to have encouraged them to hurry up.
My email correspondence quickly escalated from the desk of the FOI assistant to the desk of the FOI specialist, and I went from being “Bryan” to “Mr. Short” (a sure sign that you’re being heard). Anyways, I received a response that was much longer and more detailed about how the Office of Counsel deals with FOI requests and instructed me to “wait [my] turn like everybody else.” (From this I can only infer that everybody has to pester the Office of Counsel, complain to the OIPC, and yet still won’t receive their data within the legally mandated timeframe.) But ultimately, it has been suggested that I will receive my data this week.
The Problem
The FOI specialist raised an interesting point while explaining why the request is taking so long; they said “that [my] request is not simple,” which I find very troubling. Electronic records of students’ personal information should be archived and searchable to provide students with access to their personal information, if they’re being stored in a manner that complies with FIPPA. Because these records have a profound impact on the lives of students—through grading and other forms of assessment and surveillance—they should be open and accessible to the inspection of students, should they feel a need to view them.
Hopefully, UBC’s Office of Counsel is able to use this exercise as an opportunity to either recommend improvements upon the existing record keeping system, or to suggest altogether stopping the collection and storage of personal information through the LMS. If UBC is not able to provide students with their personal information within a reasonable timeframe (of particular importance being that information that the LMS makes available for instructors when they’re assessing grades like participation) then the system is broken and, perhaps, operating outside of the law. And any grades that were assessed using the tools available to instructors in the LMS under these conditions, are highly suspect and should go under review.
The Future
When I receive my response, I’ll make it public and expose all of the data that UBC has collected and stored about me through their LMS, Blackboard Connect. I’m also going to scrutinize and compare what’s collected and stored against our privacy laws to ensure that UBC is operating legally. If there are any problems or discrepancies, which my previous blogs suggest there are, then I’ll be escalating the matter to the Chief Information Officer at UBC and getting back in touch with the OIPC to see how the privacy of UBC students can be better protected. This is my ultimate concern. And I wish it were for others, too.
The Blog Series
The Connect Exposed blog series documents my inquest into data collection on Blackboard Connect, the difficult process of obtaining my data from UBC, and privacy concerns around the collection of student information.
The Digital Tattoo Project Podcast raises questions, shares stories, speaks with experts and encourages us to consider our digital lives.
Listen to us on iTunes or Soundcloud
Introduction
The Digital Tattoo Project Podcast raises questions, shares stories, speaks with experts and encourages us to consider our digital lives.
Listen to us on 
People said…