Exploring SSI to Improve Student Mobility
A guest series focused on privacy by the U.S. Department of Education’s Privacy Technical Assistance Center (PTAC)
The U.S. Department of Education’s Summits on Education Blockchain bring together educators, administrators, data experts, and industry experts to discuss the potentials for blockchains in education. These events foster a conversation among those who are interested in making contributions to the future of education data and innovations that improve student mobility and access.
Toward these collaborative technology goals, the Department convened the second Summit on Education Blockchains in early 2020, with a specific focus on identity and privacy. The Summit explored the principles of self-sovereign identity (SSI) and education blockchains, in the interest of increasing student mobility. The topic of student privacy added a particularly dynamic element to the discussion as placing greater control of education data into the hands of students and reconfiguring the way data moves between stakeholders creates implications for data privacy and security. The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) participated and contributed our perspective and expertise on FERPA and privacy ethics.
We were joined by SSI innovators, members of the open source community, solution providers, legal experts, and technologists experienced working with education data. Together, we conducted discussions regarding several aspects of SSI in education, covering topics on the ethics of data sharing, the technical building blocks of SSI, contextual implementation, and how proponents of SSI are progressing on developing the frameworks for real world adoption.
Ultimately, the topics covered at this Summit and PTAC’s commentary on SSI and FERPA compliance will shape an upcoming whitepaper to be published through the Department of Education’s Office of Educational Technology.
A Deeper Dive into SSI in Education
Institutions using SSI can place students in control of their identifying information and allow them to choose with whom, when, and how to share this data. For example, students would possess digital wallets that contain verifiable education credentials, such as a diploma or transcript and accompanying artifacts. Issuing institutions would give each credential a special identifier that can be assessed by a future verifier to assert the authenticity of the credential. In this case, if a student would like to show their credential to a prospective employer, the student would share a unique private key that gives them access to that single credential. This could occur instantaneously, securely, and in a trusted manner.
In theory, this would greatly simplify how education data is leveraged by students, especially later in life. Using SSI, schools and institutions have the potential to make education data more mobile and controllable, resulting in greater mobility for students and security of the data. It could help reimagine how education data is used through a whole lifetime, addressing students not just as participants in the education system but as lifelong learners who will accrue education and credentials continuously through life and will need those credentials to be portable through life events.
Like any reshaping of how education data is handled and stored, any system that encompasses principles of SSI would have to include detailed considerations of student data privacy and the Family Educational Rights and Privacy Act (FERPA). The SSI framework for education use cases would need to align with the FERPA requirement for consent for release of student data to outside parties (including other schools), amongst other privacy regulations. It is important to fully consider and understand the context into which technologies like this are implemented — ethics, use cases, and legal frameworks must shape how information flows. We were glad to find a great deal of support for this context-first approach among our colleagues at the Summit.
For the use of SSI in education, a specific governance framework should first be established that thoroughly accounts for all use cases, applicable policies, and ethical implications. For example, a governance framework at the post-secondary level would allow for eligible students and parents (who have been verified as claiming their children as dependents) to have access to education records but would not allow those parents to consent to the release of those records (since the student, and not the parent would be the rights holder). Collaboration among a variety of experts such as those represented at the Summit will be very important to building an effective governance framework.
As a result, our session on FERPA at the event sparked a lively discussion and deep consideration of how SSI operates within education data laws expressed through school policies and legal requirements. The answer that we often give for whether or not a new technology can work within FERPA is “It depends.” This is because the specific context of each use case will determine how FERPA applies.
Explore Real-World Use Cases and How FERPA Applies with PTAC
We are excited to announce that we will be kicking off a four-part webinar series beginning April 30, 2020, that will explore real-world blockchain applications and how they can work in alignment with FERPA and other privacy regulations.
Watch our webinar series premiere on Thursday, April 30, 2020:
https://aemcorp.adobeconnect.com/ekflpg9hbepx/event/registration.html
In the first installment of our webinar, we will discuss an important credit interoperability use case — reverse transfer, where postsecondary institutions facilitate data transactions between and with other academic institutions to award credentials to students when they physically transfer. During this session, we will explore where in the implementation of this system occur implications for data privacy and security, how FERPA applies in these cases, and what questions were addressed by the institutions involved to ensure FERPA compliance. This will allow viewers to observe precedents for how FERPA’s consent requirements have been worked into a variety of different implementations.
Another important data transaction involves education data flow from K-12 institutions to postsecondary institutions and into the workforce. This case is often considered a critical factor in promoting student mobility. We are excited to review the intersections of this data exchange with FERPA and other privacy regulations in our second webinar installment.
If you would like to suggest additional topics for future webinars, or would like to submit any questions that we can address in the first two installments, please reach out to use at tech@ed.gov.
The Privacy Technical Assistance Center (PTAC) is a U.S. Department of Education technical assistance resource, helps state and local entities and a variety of education stakeholders understand best practices in data privacy, confidentiality, security, and managing student-level data. PTAC subject matter experts serve as partners with education agencies and help to address potential weak points in their privacy and data security efforts.As a result of this work, more than 300,000 staff, administrators, faculty, students, and parents are trained on how to protect student and educator records. PTAC has touched nearly every state and territory in the U.S. with either an onsite engagement or an interaction with their help desk. Learn more about PTAC and their offerings here.
