As some of its competitors have been battered over their policies for protecting student data, Microsoft Corp. has sought to make sure that the issue—and what it regards as its strong record on privacy—remain firmly in the public eye.
But as the company moves aggressively to position itself as a protector of student-data privacy, some say it also runs the risk of a backlash if it doesn’t back up its talk with the kind of vigilance the technology giant promises to deliver.
During the past year, Microsoft has supported academic research on privacy and guides for school officials on the subject. Its executives have also kept a steady presence at public forums urging school districts and policymakers, as well as parents and families, to pay attention to the issue.
“Students are not products,” Cameron Evans, Microsoft’s chief technology officer for U.S. education, said during a panel discussion in February, sounding a theme echoed by the company’s officials. Mr. Evans was speaking at an event in February hosted by Common Sense Media, a San Francisco-based group that advocates for student-data privacy. “We have a long way to go across the industry,” Mr. Evans added, “in getting everyone on board with protecting students, and to a great degree, teachers, too.”
Microsoft has long had critics who have derided the behemoth company’s products and business strategy. But Microsoft’s out-front advocacy would appear to offer an opportunity for the company to take a swipe at some of its rivals, most notably Google, the massive, Silicon Valley-based online-services provider.
Market Positioning
Google has faced heavy criticism after admitting that it had scanned—for a variety of reasons, including potential advertising—the contents of millions of student users’ emails through the company’s Apps for Education tool suite. In April, Google officials said they would halt scanning student Gmail accounts for advertising purposes, but some observers say it remains unclear whether the company is data-mining student emails to build user profiles.
A spokeswoman for Google declined to comment for this story, saying the company did not comment on its competitors, and referred questions about its data-privacy policies to the April statement announcing the company’s policy change. That statement noted that the company had taken several steps to ensure that students logging into the Apps suite do not see advertisements.
Microsoft offers a competing suite, Office 365 for Education, and touts its privacy protections. “Your data belongs to you,” the product’s website says.
The Redmond, Wash.-based company has taken aim at Google’s record on privacy and other issues in less-subtle ways, such as through its “Scroogled” public-relations campaign—complete with the sale of T-shirts and coffee mugs bearing that logo—that has been panned in some circles.
There are obvious benefits for Microsoft in presenting itself as a defender of student privacy through as many channels as possible, observers of the school-tech market say. The company, which offers cloud-computing services in schools and is a major provider of operating systems in K-12 education, is focusing on an issue that has surged in the consciousness of parents and school leaders, and could become increasingly complex and problematic in the years ahead.
“Microsoft clearly sees this is a good way of distinguishing themselves. That is clear,” said Jeff Gould, the president of Safegov.org, a Washington-based nonprofit that promotes secure use of cloud computing in the public sector, including schools. “They must have figured out that parents want this.”
Safegov.org receives money from Microsoft and numerous other technology companies, but the organization’s funders have no say over its policy recommendations, Mr. Gould said.
The ability of technology companies, particularly those operating in the K-12 market, to convince the public that they can safeguard data privacy will become an increasingly marketable commodity, Mr. Gould and others predict.
“Privacy is in the wind,” he said. “Consumers are becoming more aware of privacy, and they want it.”
Supporting Privacy Research
Over the past year, Microsoft has helped keep student data-privacy issues in the spotlight in several ways.
The company financially supported a widely circulated study released late last year by the Center on Law and Information Policy at Fordham University’s law school that pointed to “substantial deficiencies” in district policies for protecting student data through cloud-based computing systems. In the acknowledgments for the report, the authors thanked Steve Mutkoski, the worldwide policy director on public-sector services for Microsoft.
Microsoft also sponsored a guide to help school district leaders make decisions about privacy and ask precise questions about companies’ practices, published this year by the Consortium for School Networking, or COSN, a Washington-based group representing district technology officials.
In addition, Microsoft officials offered input on a pair of K-12 resources, which included information such as legal analysis and suggested data-privacy language in contracts with vendors, released by the Council of School Attorneys, an arm of the National School Boards Association.
While it makes sense for Microsoft to market its privacy brand, “having a business reason for doing that doesn’t mean they don’t believe what they do,” said John M. Simpson, the privacy-project director for Consumer Watchdog, a Santa Monica, Calif.-based organization.
‘Walking the Walk’
The downside for the company comes if it’s revealed that it’s “talking the talk but not walking the walk,” in protecting student-data privacy, Mr. Simpson said.
The lead author of the Fordham University study, Joel Reidenberg, agreed. He said the company might also expose itself to blowback if its performance in the fast-changing ed-tech marketplace doesn’t keep up with its rhetoric.
“Privacy is a moving target,” he said. “The public keeps expecting more ... [I]f something [Microsoft’s] doing doesn’t match how they’re positioning themselves,” the result could be “a pretty big black eye.”
Mr. Reidenberg drew a distinction between companies funding white papers and then dictating their content, and Microsoft providing funding and then letting researchers do their jobs without interference. The standard, Mr. Reidenberg argued, should be whether the material is “honestly presented or is it skewed?” The Fordham center’s study passes the test, he said.
Microsoft’s financial backing for the Fordham University research was part of an unrestricted gift to the law school’s Center on Law and Information Policy, funding that in turn supported the study, said Mr. Reidenberg, a professor of law at the university. Microsoft had no say on the report’s content, he said, noting that the center also has received grants from Google and other companies.
Representatives from COSN and the Council of School Attorneys also said that despite Microsoft’s support, they, not the company, had editorial control over their guides.
Mark Schneiderman, the senior director of education policy for the Software & Information Industry Association, a Washington-based trade association, said in a statement that K-12 companies are competing on many fronts, and promising strong “data security and related tools” is just one of them.
The association’s members include about 200 education-service providers, including Google, which Mr. Schneiderman credited with being “very public” about its new policies on data privacy. While the SIIA supports strong student data-privacy policies, it has also previously warned about attempted protections that go too far and thwart schools’ power to use data to improve student learning.
"[T]here is a lack of understanding among parents, the media, and policymakers about what is, and is not happening in the sector,” Mr. Schneiderman told Education Week.
Microsoft officials have offered views on how the sector should address privacy in various forums.
In March, Mr. Evans spoke on a privacy panel at the South by Southwest education conference, a crowded ed-tech gathering in Austin, Texas. Microsoft’s outreach has also extended internationally. At a “global forum” organized by the company in Barcelona, also in March, the company’s vice president for worldwide education, Anthony Salcito, opened the event with a speech focused on protecting student information.
Rhetoric and Reality
Mr. Evans has said that Microsoft’s interest in data privacy is long-standing, pointing to what is known as the “trustworthy computing” memo written by then-company Chairman Bill Gates in 2002, in which he pledged that the company would improve privacy and security across its products.
At the time, Microsoft’s and other companies’ software had come under criticism for their vulnerability to hackers and malware. Mr. Gates’ memo presaged a wave of internal efforts by Microsoft to revamp security, according to an account of the period published by the company.
Still, Microsoft has not been insulated from embarrassing gaffes on privacy issues. In March, the company announced a revamping of its customer-service agreement after it was revealed that it had searched a blogger’s email account to try to unearth the identity of an employee it suspected of leaking privileged company information.
In making that admission, which drew sharp criticism, Microsoft officials alleged that the search had revealed correspondence between the blogger and a now-former company employee. The company said in the future, it would turn over investigations to law enforcement, rather than probing e-mails on its own.
Unlike some players in educational technology, Microsoft has a business model that has long compelled it to maintain strict data-privacy practices, several observers said. Much of Microsoft’s business is derived from selling to large, protection-conscious companies and organizations in the public and private sectors.
“We have a track record of working with highly sensitive information in highly regulated industries,” Mr. Mutkoski, the Microsoft public-sector-services official, said in an interview.
Major organizations, he added, typically expect data-privacy guarantees to be “baked into our contracts,” and, he argued, school districts should expect the same.