Awhile ago, I mentioned in an epic rant post that a certain ridiculously well-funded education technology company *coughEdmodocough* should spend more money on its security and less money on, say, things that don’t serve to actually make its product better for its users.
The original article that has inspired hours of passionate ranting can be found here, but its main takeaway from it is this: the biggest K12 LMS out there doesn’t secure its user data. Edmodo (and Schoology’s*) user data can be intercepted and viewed by someone other than its intended audience (students, parents, teachers). While the chances of an actual hacker being out there just waiting to prey on some kid’s homework data are slim, this lack of encryption is deplorable—absolutely unacceptable.
Edmodo’s spokeswoman attempted to quash the issue by saying SSL encryption has been available to schools for some time— and that all they have to do to get it is to “opt-in.”
Instead of doing what is right for all of their users and securing their data with industry-standard encryption, Edmodo is making their users opt into something that should just be standard in their platform.
Let that sink in for a moment, and then, think about it again.
Instead of protecting their user data, instead of taking the time to build out faster and more efficient ways to do right by their userbase, they’re only offering it on an opt-in basis. In essence, your Facebook, Twitter and Pinterest accounts are more secure than a network you use professionally meant to house assignments and sensitive communications among teachers, students and parents.
Are you mad yet?
Education technology news rarely ever makes the New York Times— this was kind of a big deal, a majorly, majorly big deal— and I’m sad to see that so many people in edtech dropped the ball on pitching an absolute fit. In the case of education and student data, using SSL or any other method of encryption (pick one, there are many!) is the right thing to do… and that anyone would make it an opt-in feature, not a standard feature that protects all of the users on their platform is absolutely unacceptable
Education technology gets a day in the New York Times, and the usual edtech players fail to point out the obvious. How many four-line stubs of this article did you come across during Edmodo/Schoology/edtechencryptiongate?