The views expressed herein represent the views of a majority of the members of the Caravel’s Editorial Board and are not reflective of the position of any individual member, the newsroom staff, or Georgetown University.

Students have never been entirely anonymous on university campuses. After all, we pay tuition to the registrar’s office, where someone monitors our courses and bills. But, students have always been able to trust that their thoughts, inquiries, and locations could be kept private. This is no longer the case.

In the 1965 case, Griswold v Connecticut, the Supreme Court ruled that the Constitution protects "zones of privacy," which can be interpreted from several Amendments, notably the Fourth, Ninth, and Fourteenth. In the words of Supreme Court Justice Louis Brandeis, we have "the right to be left alone." Yet, American universities are doing anything but leaving their students alone, and surreptitious data collection poses an ever-greater challenge to our understanding of privacy rights.

The Halls Have Ears

The Washington Post reported in December that dozens of educational institutions use short-range phone sensors and campus-wide Wi-Fi networks to track students’ whereabouts and predict academic performance, conduct, mental health, and other information. Universities like Virginia Commonwealth University in Richmond, the University of North Carolina system, Auburn University, University of Central Florida, Columbia University, Indiana University, and the University of Missouri system use similar technology. Many employ the same companies. SpotterEDU dominates the market for short-range phone sensors, and Degree Analytics dominates Wi-Fi network surveillance technology. The latter tracks roughly 200,000 students across 19 institutions of higher education. Welcome to 1984, just 40 years later.

Syracuse University, for example, uses Bluetooth beacons to track class attendance. Absences are logged and can negatively impact grades, while also telling professors when students miss class. The app by SpotterEDU even records a precise timeline of students’ locations so professors and advisers can see if they leave early or take bathroom and water breaks.

Syracuse professor Jeff Rubin told the Washington Post, “They know I’m watching [attendance] and acting on it. So, behaviorally, they change.”

Rubin’s comment and its horrifying casualness toward invasion of privacy illustrates a common view among administrators and private companies on the matter of student surveillance, which increasingly monitors all aspects of students’ lives. NPR notes that data collection systems can gather as many as 6,000 location data points per student per day.

Bluetooth beacons broadcast a unique identifier to nearby portable electronic devices. (Wikimedia Commons)

The Washington Post reports that these systems use algorithms to predict behavioral states, mental disorders, physical ailments, or difficulties students may face. Some universities use the information to create risk scores—evocative of China’s infamous social credit scores—for students based on such factors as attendance, location points, and whether they go to the library often.

The Broward County Public Schools system, which includes Marjory Stoneman Douglas High School in Parkland, Florida, went a step further and announced the installation of a camera-software system to monitor students and track them by appearance through artificial-intelligence to catch potential threats. A Washington Post report described how the system allows administrators and guards to see everywhere a camera recorded individual students on campus and alert administrators of suspected risks. There is no evidence to suggest that it works, and the system has undergone no independent bias testing.

In a similar attempt to catch threats and risks before they occur, universities employ these invasive systems to divide students into groups, such as “students of color,” or “out-of-state students,” for greater attention and further review, the Washington Post reports. Administrators compare these groups in analysis to “normal” behavior as defined by their peers, mandating that minority groups abide by behavioral and educational norms set by predominantly white students and labelling non-white students a risk.

These systems not only build a mentality that accepts constant and ubiquitous monitoring as normal, but they also undermine independence, hinder the pursuit of interests beyond the classroom or of which students feel administrators may disapprove, and further stigmatize minority groups and communities that are already underrepresented and consistently feel unwelcome at institutions of higher education.

In a further abuse of students’ privacy, NPR discovered that many universities do not properly notify students of the extent or nature of the data collection, which includes highly detailed and intimate information on their whereabouts on campus at all times within sensor or Wi-Fi range. Students are sometimes required to download SpotterEDU or other apps by administrators during orientation, which they then consider opt-in and permission to collect students’ data. Signing on to the university Wi-Fi is often considered permission as well, even though most students do not realize the extent of the data collection or that it is occurring at all.

Institutions are increasingly collecting and monitoring more data, beyond mere geolocation to include what students publish online or in university forums, how long they review material online, and whether they attended specific events or not. A lot of this data, collected and analyzed by third parties, does not fall under the Family Education Rights and Privacy Act (FERPA), which restricts the kind of information universities can share with third parties, the Atlantic reports.

This data can be easily transferred and sold: advertising companies and data brokers can exploit the data on students’ interests and behaviors. This data could also be stolen, allowing nefarious actors to impersonate students or faculty and gain access to troves of protected research and other files. Gathering student data will allow corporations to better implicitly and insidiously shape our preferences and decisions.

Mitch Daniels, the president of Purdue University and former-governor of Indiana, wrote in a Washington Post op-ed, “Isn’t technology wonderful?… We know where each student is anytime—which is virtually all the time—their mobile devices are connected to our Wi-Fi network.… Forget that old ominous line, ‘We know where you live.’ These days, it’s, ‘We know where you are.’”

Purdue University has implemented technology to track students’ whereabouts using Wi-Fi connections. (PickPik)

Privacy is one of the most fundamental human rights and often one of the first violated by totalitarian institutions and governments. If an academic leader and former-governor proudly bragging about how he “knows where you are” at all times is not terrifying, then nothing is.

Information, Regulation, and the State of Our Nation

But, data privacy doesn’t have to be an unachievable dream. Europe’s General Data Protection Regulation (GDPR), which came into effect in 2018, and California’s Consumer Privacy Act (CCPA), which became effective in January, show that it is possible for governments to regulate intrusive and invasive technologies from social media sites to university-sponsored spyware.

The General Data Protection Regulation was passed by the European Parliament in 2016 and came into force in 2018. (Piqsels)

We have to rethink how we consider privacy in the United States. The foundation of any data privacy regulation should be an acknowledgement that the data we produce is our property. Just as an author has copyright over the ideas that come out of his or her mind, we must have ownership of the data that comes out of the way we live our lives. Any data privacy framework that does not not acknowledge this is doomed to paper over privacy concerns without fixing the fundamentals.

Consent is a key feature of GDPR and CCPA. Data collecting entities need to obtain informed consent from users before doing anything with their data. In the context of universities, it is untenable and should be illegal to require participation in a tracking program as a condition of enrollment. Lawmakers and regulators should look to Europe and California for ideas on how to better regulate privacy. But, in the end, they need to ensure that egregious breaches of personal privacy are relegated to the fictional world of Orwell’s 1984.

Collecting Problems

The data collection itself is the problem. Despite the nominally good intentions behind administrators’ decisions to study our lives, the consequences of such data collection are too dire to ignore. These practices disregard students’ individual privacy and autonomy. Schools’ quests to know everything about their students’ lives would only be halted by eliminating the collection of invasive data entirely. Anything short of a complete cessation of invasive data collection policies perpetuates a dangerous regulatory grey area that can be exploited to students’ detriment. Universities have never needed the data that such spying provides, and they can continue to survive without the trove of location and internet data tagged to each student’s ID number.

Unless students and privacy advocates can work together to expand both FERPA and general privacy protections in the United States, students may be stuck petitioning for change at the university level, where their voices are not always granted a say by unaccountable administrators.

Almost every piece of technology connected to the internet today tracks its user’s data, even a cell phone with its location services turned off. The institutions where we commit ourselves to learning and free inquiry should be the places where we can be sure that our lives are not under invasive, exploitative scrutiny. Our autonomy, privacy, and personal freedoms are worth fighting for, and we deserve to know what is being done with our private data.

Have a different opinion? Write a letter to the editor and submit it via this form to be considered for publication on our website!