He wanted privacy. His college gave him none.
Susanica Tam for The Markup
He wanted privacy. His college gave him none.
Eric Natividad is a student at Mt. San Antonio College in Walnut, Calif., east of Los Angeles. He is concerned about how his data is tracked and shared.
On a recent Monday, Eric Natividad (pictured) woke up around 8 a.m., showered, ate breakfast, and braced himself for a day of being tracked.
Natividad, 32, is a student at Mt. San Antonio College, which is one of California’s largest community colleges, serving more than 26,000 students east of Los Angeles, about half of whom attend part-time. Like virtually all college students in 2023, his life is constantly being converted into a steady stream of data. This information undergirds algorithms and informs decisions by his professors, college administrators, campus police officers, and a far-reaching universe of technology companies—including some he has never heard of.
By the time Natividad went to bed that night, Google and Facebook had data about which Mt. SAC webpages he’d visited, and a company called Instructure had gathered information for his professors about how much time he’d spent looking at readings for his classes and whether he had read messages about his courses. Campus police and a company called T2 Systems potentially had information about what kind of car he was driving and where he parked. And as he drifted off to sleep, Natividad had to contend with the worry that, later this semester, his professors could subject him to the facial detection software incorporated into the remote proctoring tools used at Mt. SAC.
“There isn’t a part of the day where it leaves your mind,” Natividad said about the pervasive tracking.
To understand how Mt. SAC collects data on its students, The Markup used public records requests to obtain contracts between the college and companies that provide its learning management system, online proctoring services, and automated parking enforcement technology, three of the most invasive data collection mechanisms on campus. The Markup also obtained five college policies that govern these technologies, as well as information security and computer use, at Mt. SAC.
Gabriel Hongsdusit for The Markup
Few institutions collect as much data about the people inside of them as colleges and universities do
An infographic of a day of data collection for a college student
Residential campuses, in particular, mean students not only interact with their schools for academics, but for housing, home internet, dining, health care, fitness, and socialization. Still, whether living on campus or off, taking classes in person or remotely, students simply cannot opt out of most data collection and still pursue a degree.
For many students, that’s not a problem. They generally trust their institutions and see the online elements of higher education as convenient. Putting up with data collection seems like a necessary cost.
But even though Natividad’s preoccupation with data privacy makes him a bit of an anomaly among his classmates, he’s part of a growing group of college students arguing it shouldn’t be this way. Long written off as not caring about privacy because of their extensive sharing on social media, college students have become more organized and insistent about what they see as a right. At the University of Michigan, a student’s quest for greater transparency led to ViziBLUE, a website launched in 2020 that lets students see what personal information is collected and how it is used. When the COVID pandemic forced a huge portion of higher education to move online, students across the country protested the use of online exam-proctoring software that gathered information about their faces and homes. On many campuses, protesters have pressured university administrators to commit to banning the use of facial recognition technology before ever trying it.
And as more colleges disclose data breaches, many students are becoming uneasy about how much personal information their schools gather. They are forming new on-campus student groups to advocate for privacy and tapping into global networks designed to facilitate a more collective fight. Some colleges are taking note of the unrest as well as the liability inherent in holding so much data. The University of California, San Diego, for example, is among the universities that have created stand-alone positions for chief privacy officers in recent years.
Juan Cruz is the director of policy at Encode Justice Florida, a state chapter of a global youth-led advocacy organization fighting for human-centered artificial intelligence. A student at Florida International University, Cruz sees collegegoers as among the most vulnerable to data privacy violations.
“You don’t really get any options,” he said. “You’re just kind of expected, if you want to pass this class or pass this test, you have to willingly give up a lot of your information and then hope that nothing happens.”
Susanica Tam for The Markup
They watch you learn
A laptop on a desk
When Natividad was in high school he didn’t pay much attention to the data he was generating for ed tech companies, or to news reports detailing data breaches. Coming of age during the Occupy Wall Street protests and spending several years in China, however, opened his eyes.
While living in Shanghai, Natividad saw security cameras everywhere and the introduction of facial recognition cameras on the subways, but he said it wasn’t until he saw articles about the same technology in the United States that he started doing more research about it. He started to believe surveillance technology runs counter to a free democracy and began monitoring purchases made by the Los Angeles Police Department. He also started paying closer attention to all the companies that get access to his data and became convinced this was something he should learn more about and protect himself against.
“You just don’t know how you’re going to be targeted sometimes,” Natividad said, “by state or police or bad actors or somebody trying to steal money. … This is something that I need to care about, too.”
When he registered at Mt. SAC in 2022, interested in pursuing a degree in computer science, he asked questions about the technology he’d have to use and whether he could opt out of data collection. He was told opting out wasn’t an option but figured he’d enroll and see how it went.
He found more cause for concern than he had expected.
On that recent Monday morning, after his shower and breakfast, Natividad turned on his computer. He needed to log into Canvas, his college’s learning management system for online coursework, reading, class discussion, quizzes, and faculty gradebooks, which is used by more than a third of higher education institutions in North America. Natividad’s goal was to be in Canvas for as little time as possible, avoiding one of the primary dragnets of data collection for college students.
Soon, he had downloaded everything he was supposed to read for the week, copied assignment instructions for each of his classes into plain text documents, sometimes with screenshots, and logged back out. Over the course of the week, he read the documents offline and drafted his assignments in a text editor. He only logged back into Canvas to check for any updates from his professors and, ultimately, to copy and paste his work when it was ready to submit.
Canvas tracks what pages students view, their time spent on each page, and when they submit discussion comments or assignments. It houses students’ grades, tracks when they complete quizzes and how long they take to finish them, and it gives professors visualizations of student progress and participation in the course.
Some professors use this information to refine their teaching and serve students better, and at many institutions, this data informs course planning, program design, and academic advising. But it’s not only educators who have access to it.
Mt. SAC’s contract for Canvas, which The Markup obtained through a public records request, says that the parent company, Instructure, owns the usage data. The contract lists examples of how the company can use that data, including statistical analyses, trend analyses, and the creation of “data models.” The contract says usage data can only be used if it is aggregated or anonymized and should never be used for profit or sale—but in 2019, Instructure’s former CEO Dan Goldsmith pointed investors to the company’s corpus of education data as key to its multibillion-dollar value, saying it could be used to train algorithms and predictive models.
Since that comment, Instructure has stopped working on predictive models, according to Daisy Bennett, who said she was hired as the company’s privacy officer in part to repair the damage from Goldsmith’s claims.
“We are not monetizing our schools’ data,” Bennett said. “Absolutely not.”
Natividad, however, still doesn’t think the company should be able to have or keep any data he generates while using its platform. And Canvas isn’t his only problem.
This semester, one of Natividad’s professors assigned a digital textbook through Cengage, a publishing company turned ed tech behemoth. In the past, professors have allowed Natividad to stick with paper textbooks, but he now must submit to the additional data tracking of e-books for a required course. Professors sometimes mandate digital textbooks because they want students to complete interactive assignments contained in them.
According to Cengage’s online privacy policy, the company collects information about a student’s internet network and the device they use to access online textbooks as well as webpages viewed, links clicked, keystrokes typed, and movement of their mouse on the screen, among other things. The company then shares some of that data with third parties for targeted advertising. For students who sign into Cengage websites with their social media accounts, the company collects additional information about them and their entire social networks.
Noah Apthorpe, an assistant professor of computer science at Colgate University, studies privacy and the implications of data collection in academia. He said students seem to be suffering the consequences of widespread data collection across the web.
“Once we become accustomed to an ecosystem where everything is collected, it both becomes harder to change and we become numb to it happening in the first place,” Apthorpe said. Learning management systems like Canvas collect more data about student behavior than educators have ever had access to, creating detailed profiles of individual students and new ways to label them. While Canvas is one of the most popular systems on the market, virtually all colleges use one and a variety of options have emerged to serve them, including Moodle, Blackboard, and Brightspace.
Apthorpe said that because learning management systems track, down to the minute, when students submit assignments, professors may come to think of students as deadline pushers, for example, or those who get their work done early.
“You can imagine that having repercussions for students,” Apthorpe said.
Students know their professors can see this data. Some who work or take care of children on top of going to school worry they will be seen as lazy or uncommitted for spending less time on their assignments than their peers.
Natividad said one of his professors told him he can see in Canvas whether students seem to log on together and complete work from the same location. Natividad became worried it would look like he was cheating if he simply studied and completed assignments with his peers. Now he and his friends go out of their way to avoid the appearance of impropriety, not wanting to be falsely accused. For them, that means staggering their log-ons to Canvas and accessing the internet through virtual private networks that obscure their location.
While Instructure insists its platform should not be used to detect cheating, its logs have led to such allegations. Seventeen medical students at Dartmouth made national news in 2021 when their professors accused them of accessing course materials in Canvas during an online exam. The logs, students argued, were wrong, and the university ultimately dropped the charges.
For Natividad, stress about what could happen has taken its toll. Last year, he watched his grades in a computer science course slip after he stopped completing assignments because he didn’t want to use Canvas.
“It’s just really stressful,” he said.
Eric Natividad for The Markup
They watch you park
A photo of a police car – Automated license plate readers are mounted on Mt. SAC campus police vehicles to scan traffic on campus.
Most concerning to Natividad is the parking enforcement at Mt. SAC, which last winter installed automated license plate readers. Instead of asking students to hang parking passes on their rearview mirrors, the college now relies on cameras mounted on three parking enforcement vehicles and 11 fixed cameras installed in the campus’s two garages. The cameras read license plates and alert officers if they spot a plate that doesn’t have a valid permit associated with it.
Mt. SAC’s policy for its automated license plate reader says none of the information in the system can be sold and that it can only be shared or transferred after a request is made in writing and college officials approve it in writing.
But the college’s contract with T2 Systems, also obtained through a public records request, says the parking management company can store, back up, and archive content and use it to generate anonymized data, though the nature of that data is not made clear.
Automated license plate readers have been the subject of controversy around the country. Fight for the Future, an activist organization that plans online protests to secure a future “where technology is a force for liberation, not oppression,” calls them “illegal dragnet surveillance” that violates individuals’ right to privacy.
In Florida, where it is against the law to transport undocumented immigrants, students mention that their peers with undocumented family members are at risk if they have relatives in the car with them on campus. The automated license plate reader cameras can capture not only the license plate itself but the entire car and who is in it.
Natividad requested information about T2 and couldn’t find out much. For months, he said, he was passed from one campus employee to another but got few concrete details about where the parking footage and data would be stored and who would have access to it.
Mt. SAC’s police and campus safety department declined interview requests for this article. The college’s contract indicates license plate information and video footage are only stored if a campus police officer issues a ticket.
Natividad said some college employees suggested he take classes online if he didn’t like the new parking cameras. Since that would mean losing out on valuable in-person experiences and spending even more time on Canvas, he has found another, more expensive solution: quarters.
The college has retained a number of metered parking spaces. They cost more than a parking pass and require a tedious amount of coordination to always have enough change on hand and run back and forth to add more time, but they don’t require Natividad to turn over personal information to yet another tech company to get a parking pass. Still, even these steps do not ensure his privacy while parking: His car remains in view of cameras mounted on Mt. SAC public safety vehicles. Should a camera read error ever mean Natividad’s car is mistaken for a stolen vehicle, as happened to a San Francisco woman in 2009, that routine scanning could make him a target.
Students at Mt. SAC have rallied in recent weeks in support of Palestine and Natividad worries that records of who, exactly, was on campus during the hours the protest lasted might create problems for his peers. Students on other campuses have had job offers rescinded and their names and faces published online in connection to their support for Palestine.
At Mt. SAC, there haven’t been such dramatic consequences for students, and few have joined Natividad’s fight for greater privacy on campus. In fact, as he has been asking questions and quietly advocating over the last year and a half, the two most common reactions he gets are surprise and apathy. Most people don’t think there are alternatives to the current state of data tracking and surveillance, or they don’t care to explore them. Natividad routinely hears that he shouldn’t worry. But he does. And not just for himself—for the entire student body.
“It just feels like our rights are being violated all the time,” he said.
Susanica Tam for The Markup
They watch where you go
A sign posted outside a student tutoring center reminding students to check themselves out before leaving
On a recent Thursday, Natividad parked at the meter and met a friend in Mt. SAC’s student center. It’s one of the buildings on campus he doesn’t need to swipe his student ID to enter—and while it’s not as good a location for studying as other parts of campus, he likes that he can avoid creating a new data point in the college’s logs. When he goes to any tutoring centers on campus, including just to study, he can’t avoid it.
Logging student movement through card swipes is ubiquitous in higher education today. At Mt. SAC, Natividad was told the tutoring center uses this information to track how many students it supports so the college can apply for state grant money. College administrators did not respond to requests for comment about what else these logs are used for or how long they are stored.
At the University of Maryland, administrators considered using this data in the early days of COVID to know when wellness checks were in order. Joseph Gridley, the university’s chief data privacy officer, recounted the scenario during an October conference for IT professionals working in higher education. He said it seemed mildly creepy to send people to student dorm rooms to check on them after noting they hadn’t been to the dining halls in a certain number of days. But after surveying students, it became clear they didn’t mind and, in fact, only thought the university should wait five days before dispatching someone.
The data collection, Gridley said, is happening. The question is whether universities should use it.
It’s also not clear if they can keep sensitive information secure. The University of Michigan revealed at the end of October that a hack compromised personal information, including Social Security numbers and driver’s licenses, of 230,000 people. When a well-resourced institution known for its commitment to privacy is home to such a leak, Natividad wonders how long his data will be safe at his relatively under-resourced community college.
Natividad has spoken before Mt. SAC’s student government and tried to raise awareness about all the data that’s being collected. Mariah Moreno, a student senate chair at Mt. SAC, said while Natividad’s concerns have piqued the interest of some members of the campus community, more students would have to share them for the student government to consider taking action.
That might only be a matter of time. Natividad also spoke with Max McCarthy Neal, a leader in the college’s Black Student Union, who told him to connect with other activism-oriented campus groups.
“It’s something that is affecting all of us and will continue to do so,” said McCarthy Neal.
Natividad has spent more than a year discussing his concerns with student leaders and college employees at all levels of the institution. He has braved sweaty palms and anxiety to speak at the college’s board of trustees meeting and the president’s open office hours. He has requested his data from tech companies, exercising his rights under the California Consumer Privacy Act.
All of it has been a distraction from his studies. He is taking fewer classes to give himself time for this awareness-building. But he would prefer not to do any of it.
“I like just being a geeky computer guy,” Natividad said. “I want to be the stereotypical guy on his computer in his room that nobody really talks about that much.”
The problem, he said, is that many of his peers have no idea about the extent to which their data is being collected and shared. And many of them have weighty commitments outside of their coursework as parents and providers in their families. Natividad feels responsible for stepping up, agitating both because he can and knows he should.
McCarthy Neal decided to help after coming to the same conclusion.
“Due to the fact that we are a community college, most people are heads-down, in the books, do the work and move on to the next step,” McCarthy Neal said, whether that’s a transfer to a four-year school or a better job. “[They] don’t really care what’s going on here now.”
McCarthy Neal hopes speaking out with Natividad and winning more students over to the cause will lead to greater power to opt out of data collection at Mt. SAC and more attention to student privacy generally.
Back in Mt. SAC’s student center, Natividad sits down with his friends to study; he accesses the school website and Canvas using a virtual private network. In addition to obscuring his location, the VPN encrypts his data, giving him a sense of protection from tracking.
That tracking, he knows, can be extensive. A Markup analysis of Natividad’s network logs showed multiple analytics platforms tracking pageviews and clicks in Canvas and on the college website, including on a health center webpage about coping with anxiety and a counseling request form for DACA students (who are protected from deportation because they immigrated to this country with their parents as young children). The platforms send analytics to Instructure, Google, and Facebook.
Natividad points to a wave of privacy class-action lawsuits against companies sharing personally identifiable information with Facebook through a snippet of code known as a pixel.
“These companies are being sued for privacy violations, but we’re still using [the pixel] all over,” he said.
Susanica Tam for The Markup
They watch your face
Eric Natividad talks to a classmate inside the student center at Mt. San Antonio College.
At some point this semester, Natividad may have to give up another type of personal information. Two of his courses are completely online, and the university has contracts with two companies that facilitate secure remote testing. If his professors require students to use these so-called e-proctoring tools, Natividad might have to give either Honorlock or Proctorio access to his laptop camera. While both companies say they do not use or store biometric data or match test-takers’ faces with an image database, they do run software to detect students’ eye movements and the presence of their faces. In its contract with Honorlock, which The Markup obtained through a public records request, Mt. SAC agreed to let the company use, publish, and sell aggregate data collected over the platform, facilitating the company’s ability to profit from students’ data.
E-proctoring tools faced a stiff backlash when schools closed during COVID and sent test-taking online. Fight for the Future called the tech “glorified spyware” in an online campaign seeking to ban its use by colleges. Students with disabilities faced more frequent flags for potential cheating because of hand, eye, and body movements the software algorithms said were abnormal. Dark-skinned students reported not being able to take exams because the software wouldn’t register their faces as being present.
The programs’ failings fueled outrage and stress among students needing to take exams to progress toward their degrees or chosen careers.
At Mt. SAC, McCarthy Neal dropped an online course last spring rather than use Proctorio. The professor told students they had to run the monitoring program every time they completed an assignment in the online workbook, something that felt overly invasive.
Students on other campuses have fought back against the use of ExamSoft and ProctorU, two other tools that collect biometric data as part of their e-proctoring, using facial recognition software to match the face in front of the camera with records of the student who is supposed to be there.
While Mt. SAC officials said the college doesn’t use it, some universities have begun experimenting with facial recognition technology for attendance logs and campus security, and researchers are testing it as a method for measuring student engagement.
When facial recognition systems capture data, they tend to store it in the cloud where, Nashashibi points out, it is vulnerable to being hacked, stolen, or abused. When people get their credit cards stolen, they can get new cards and new numbers; when their biometric information is stolen, they can’t change their faces. Nashashibi sees the use of facial recognition for things like attendance or campus security as a slippery slope.
“As it spreads in these seemingly convenient and innocuous use cases, it’s desensitizing people to the technology, which is actually invasive and dangerous,” she said.
A different way
Natividad has had a hard time convincing his fellow students at Mt. SAC that it’s worth their time to speak out against data collection in higher education, or even to demand more transparency. But on other campuses, privacy concerns have contributed to new tools and staff positions.
At the University of Michigan, the ViziBLUE website explains how the university collects, uses, and shares 18 different types of data, including that related to academics, admissions, housing, and use of campus Wi-Fi. Virtually no other university has anything like it. At UC San Diego, where Pegah Parsi became the inaugural chief privacy officer in 2018, a team is working on something similar but running into challenges of even identifying the scope of data collection. Parsi’s department has started by focusing on data collected and used by offices of advancement, admissions, and financial aid—the “heavy hitters,” as she calls them—and then plans to work through smaller, more grassroots sources of data collection on campus.
“We haven’t had regulator scrutiny, to a great extent, on our privacy practices or our data practices, so our data really do live all over the place, and no one quite knows who has what,” Parsi said.
Mariah Moreno, the student government senate chair, hadn’t spent any time thinking about Canvas’s data collection and use policies before Natividad brought it up.
“With this day and age, it had kind of been normalized, so I hadn’t felt that concern related to myself as a student,” she said.
Having now acknowledged the privacy concerns, she still doesn’t think it makes sense to stop using Canvas or even to use it any differently. On her path to a political science degree and eventually law school, Moreno sees herself as having two options: do the assignments as the professors assign them—in Canvas—or not do the assignments. And she chooses the former.
But privacy advocates say there should be a third choice that gives students more control over their own data.
Kyle Jones, an associate professor at Indiana University—Indianapolis who studies information ethics and data mining in higher education, is among those arguing that higher education institutions should be considered data fiduciaries, charged with acting in the best interests of students when collecting and using their data. Fiduciary duties are most commonly connected to managing someone else’s money, and they bring legal responsibilities to make decisions solely for the other person’s benefit.
Parsi, too, encourages her colleagues to think of their role as data fiduciaries. Much more common, she said, is for higher education institutions to think of themselves as stewards of student data, which connotes a lower standard of responsibility to students. For Parsi, it’s past time for change.
“Our use of someone’s personal data, at the end of the day, should benefit them,” she said, “not just somebody else or some other thing.”
This story was produced by The Markup and reviewed and distributed by Stacker Media.