data brokers, data scam, data sham, high schoolers, Information Security, Privacy, targeted ads, targeted marketing, Top News

High-schoolers’ data put up for sale after being scraped from surveys

High schoolers, do you know what tends to impress college admissions people? Flipping burgers. Or any summertime job, for that matter.

You know what’s less likely to impress them? Your parents shelling out the $985 it takes to send you to the impressive-sounding “Congress of Future Science and Technology Leaders.”

As the Seattle Times reported on Sunday, 3,000 high schoolers from across the country recently traveled to a sports arena in Lowell, Massachusetts to attend an event with that weighty name, most of their parents having paid that hefty admission price.

They all had good grades, but they weren’t there because of their smarts or hard work. They were there because they’d been invited, courtesy of their contact information having been harvested from surveys they filled out in the hopes of learning about colleges and scholarships.

The conference organizers slathered on the flattery in the invitations sent to these target-marketed kids: as the Seattle Times describes it, the attendees had received letters signed by a Nobel Prize-winning physicist who congratulated them on being nominated for “a highly selective national program honoring academically superior high school students.”

“Highly selective,” it turns out, must be another way to say “you’re headed for college and likely to shell out for a fancy-sounding event if you think it will give you an edge to get in.”

Many of the students in that audience had filled out a college-planning questionnaire, called MyCollegeOptions, while others took surveys that came with the SAT or the PSAT tests administered by the College Board. The personal details they entered wound up being sold and shared with the Congress of Future Science and Technology Leaders event organizers.

As the Seattle Times notes, the recruiting methods for some of these student-recognition programs offer a glimpse into “the widespread and opaque world of data mining” for millions of minors, where students’ profiles may be used to target them for both educational and noneducational offers. MyCollegeOptions, for one, says it may give access to student data to student-loan services, test prep and other companies.

The Seattle Times talked to Marianne Stephens, the college counselor at Shorewood High School, in Shoreline, Washington, who said that she finds all of this “troubling.”

After Shoreline High students started getting mailings from these leadership events, Stephens posted a “Sham Alert” on the school’s website.

These are some of the official-sounding organizations that have been sending emails or “thick envelopes with official-looking seals” to her students:

  • Advanced Emergency Medicine
  • Congressional Youth Leadership Council
  • Congress of Future Scientists
  • National Academy of Future Physicians and Medical Scientists
  • National Academy of Future Scientists and Technologists
  • National Society of High School Scholars
  • National Student Leadership Conference
  • National Youth Leadership Forum
  • Several programs owned by Envision

The letters may mention the “honor” of being selected, but Stephens says make no mistake: the legitimate-seeming communiqués are “essentially well-packaged marketing schemes.”

The award is not an award. It is an advertisement for a conference or a guide that will cost you money.

Beware of the claims. Most of these programs are not selective and do not have minimum criteria; they are open to anyone willing to pay.

These aren’t scams. There’s nothing particularly illegal about what the events are doing. As the Seattle Times notes, there’s no federal law regulating consumer data brokers.

It brings to mind Facebook, which has gotten into a world of trouble lately with revelations about the growing list of data analytics firms siphoning off its user data. The social platform’s data-sucking parasites have been on a spectrum when it comes to being more or less upfront or deceptive about what they’re up to, from Cambridge Analytica’s shadowy practices on up to Crimson Hexagon working in relative transparency.

Regardless of how above-board such data-analytics outfits are, people have only within the past few months begun to realize just how much of Facebook user data has been flowing from the very permeable platform, and they’re none too happy about it.

Lacking a federal law to regulate these data brokers as we now are, it’s worth noting that in June, Vermont became the first state to enact a data-broker law. Given the revelations about how much user data Facebook has let slip into the hands of data brokers, it wouldn’t be surprising if more states followed suit.

According to the Info Law Group, the new Vermont law will require data brokers to provide information about their data collection activities, opt-out policies, purchaser credentialing practices, and security breaches, as well as to protect consumers against security breaches by requiring data brokers to implement a comprehensive information security program.

Data brokers aren’t mandated to offer opt-out, but they’ll be required to provide Vermont with their policies and procedures, including how consumers can opt-out, which activities and sales the opt-out applies to, whether data brokers permit a third-party to opt-out on the consumer’s behalf, and a list of data collection, databases, or sales activities from which a consumer may not opt out.

At any rate, these student-focused events aren’t new. The New York Times reported about the issue of pricey “leadership” type events at least as far back as 2009.

But given the Cambridge Analytica revelations, the way that such events obtain information on who to market themselves to is getting fresh scrutiny. In May, the US Department of Education’s (USED) Privacy Technical Assistance Center (PTAC) put out a notice to the effect that filling out the surveys that data brokers use to collect and sell student information isn’t mandatory. Rather, parents can opt out.

But that’s not always clear, according to the PTAC:

We have heard from teachers and students… that the voluntary nature of these pre-test surveys is not well understood, and that each of the questions requires a response, and the student must affirmatively indicate in response to multiple questions that the student does not wish to provide the information.

In fact, the surveys that precede the SAT and ACT tests are dealing with data that’s protected under the Protection of Pupil Rights Amendment (PPRA), which requires that schools and contractors “obtain written parental consent before minor students are required to participate in any ED-funded survey, analysis, or evaluation that reveals” certain sensitive information, including religion and parental income. Both of those categories of information are included in the SAT and ACT pre-surveys.

Mind you, not all the events that feed off of the survey data to market themselves to potential attendees are shams, Stephens said in her Sham Alert. Some are legitimate events with high-quality programming. Like anything, it pays to do some digging to find out if they’re worth the cost of admission:

On occasion, mailings are legitimate. Ironically, some of the legitimate recognitions may not be as fancy as the sham ones. Do internet searches for reviews of events and organizations, and see if anything comes up when you search for the name of the organization and the word ‘scam.’

Would Stephens send her own kid to something like this? Nope. She knows that colleges have “loads of respect for students who work in the summer” and know which fancy-sounding events are really wearing the Emperor’s clothes:

Don’t be so scared of college admissions that you think you need something like this to get in. College admissions representatives know that these are marketing ploys, and realize that not everyone has access to enrichment… You do not need to do something flashy to get colleges attention.

But you do need to do something to keep your kids information from being used to do a hard sell on this kind of thing.

Namely, you have to start keeping their information much closer to the vest, whether it’s personal details entered into Instagram, other social media accounts, or an endless array of online places, or be it opting out of filling in questionnaires that ask for information they have no real need for… outside of selling it later on, that is.


Source : Naked Security

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend