Wednesday, January 08, 2014

The Problem Isn't That inBloom Might Lose Data, But That They Might Be Too Good at Collecting and Keeping It

Shortly after inBloom was launched at SXSW, I chatted with some guys who worked at a ed data startup and attended the inaugural presentations. They were a bit non-plussed, because they felt like inBloom was way more interested in "ingesting" data than... the opposite, so it wasn't of obvious value to them. To make their jobs easier, they'd want to get data out. Whether or not that is true or accurate today, let's go with that premise a bit.

Most inBloom critics seem to be concerned that inBloom is going to allow too much access to children's data, either accidentally, through a security breach, or intentionally, but just making it too easy for vendors to see too much.

Regarding security, there's not much inBloom can say other than "We'll be at least as secure as the people who already have this data!" (i.e., your school or their current vendor).

Regarding exactly what data will be offered to vendors and under what terms, inBloom have been oddly unable to respond convincingly. It absolutely seems like they're hiding something; I just don't get what they're up to.

When you have this kind of disjuncture -- where even the PR is just off key -- it is likely that the two sides are modelling the issue in fundamentally different ways.

To use a banking metaphor, in the current debate, the potential bank customers are saying "How do we know you won't get robbed or just give all the money away to your friends?" What inBloom may be thinking is "Don't these people understand that the whole point of being a bank is that you gain a lot of profit and influence just by keeping people's money safe?" That is, if inBloom loses or gives away too easily its only asset -- a giant pool of student information -- it will collapse like a data-driven Ponzi scheme, or at best limp along as a perpetual embarrassment to its benefactors and managers. This is probably perfectly clear to people at inBloom, but not obvious to outsiders.

Put another way, a big data breach would cost inBloom's staff way more than it would any individual parent and child.

The real problem with inBloom is that if they are circumspect and strategic in their use of this data, they will become an incredibly powerful, influential, and largely unaccountable and unregulated organization. Information = power, and they propose to collect a massive amount of information, at taxpayer expense. There's no compelling reason to create what could easily become a monster over time, and no way -- no way at all -- that the current management of inBloom can assure us that their successors 10 years down the road won't being doing things with a decade's worth of data about our children that we can't even imagine today, even if it is kept "secure."


Garrett Suhm said...

Hi Tom,

My name is Garrett Suhm, and I am the CTO of inBloom. We are absolutely not trying to hide anything. If you have any questions, please just ask. To summarize a few points about us (and hopefully clear misconceptions about what inBloom is about):

inBloom is an independent, non-profit organization whose mission is to provide a valuable resource to teachers, students and families, to improve education. We solve a common technology issue facing school districts today: the inability of electronic instructional tools used in classrooms to work in coordination with (or “talk to”) one another.

- We provide a secure data service to state and district customers.

- Our software is open and implements open standards (Ed-Fi).

- States and districts determine what student information is stored, how this information is used, and who gets access to the records.

- inBloom will never sell student information, nor will we share it with others unless directed to do so by a state or local customer.

- All data is encrypted, and PII is encrypted twice.

- Our servers are in FEDRAMP-approved data centers that are SOC 3 compliant.



Tom Hoffman said...


Why don't you encourage clients to run their own servers, if you don't need access to all this data for some reason?

Garrett Suhm said...

We support others running our platform also.

Tom Hoffman said...

That's certainly not the way you pitch it.

Garrett Suhm said...

Yes, it's definitely the plan, as well as having the platform open source. Our goal is interoperability - giving schools a wider choice of compatible software to meet their needs (instead of proprietary solutions from a handful of large vendors that can afford to play the pseudo-Enterprise software sales cycle today).

Tom Hoffman said...

I should, by the way, complimenting you on actually getting the open source part right. That's pretty rare in ed tech.

It seems to me that there's a big disconnect between the geeks and the suits at inBloom though. The whole thing seems to be going down in flames out of a desire to get the data onto YOUR servers.

Unknown said...

The other piece of this is that just about every state and district is already doing a version of what they can do with inBloom.

Between eScholar, SchoolNet, Infinite Campus, and/or Ed-Fi based solutions, district-wide and state-wide datastores have existed since shortly after NCLB passed. Developing the capacity of these datastores was supported via federal grants starting in approx 2005.

The disconnect b/w the geeks and the suits feels spot on. The explanations coming out on inBloom have been baffling at times, and, from what I can see, unnecessarily so.