Abstract:

This paper reviews information assurance issues raised by a computer-supported collaboration tool used in an education plus research environment.

COMPS (COmputer-Mediated Problem Solving) is a web-based chat application designed for small-group problem-solving exercises. In our classes at North Carolina A&T State University students have regularly scheduled COMPS labs. Having students talk together in small groups in a classroom does not present many information security issues. There are a few requirements to meet the Family Educational Rights and Privacy Act (FERPA), a U.S. law governing privacy of student records. Using a web-based chat application presents more issues, partly because the chat could be intercepted, and student discussion data files are logged. Engaging in research raises more issues, as the files leave control of the original application and are distributed to researchers. Research publication and data management requirements of institutions and funding agencies expand the potential problems even further, since chat is now exposed to the world and preserved long-term.

The three primary information assurance goals of an application are effectively and reliably gathering data, being free of crashes while in use, and preventing the leaking of data through accidental or intentional actions. This paper focuses on privacy and security. The main danger is leaking. The main culprit is policies and practices that do not address leakage points.

A primary information leakage issue with chat is the identities of the participants. In the real educational environment participants must be identified and linked to other class records. Because of its use in the research environment, chat records must be linked to associated assessments and survey instruments, the identities of other students in the same conversations, class records, and records of subsequent chats by the same participant. Identities are therefore captured by the computer and part of the structured log data. These can be anonymized by normal means. However, within the discussion itself, students also refer to each other by names, nicknames, and misspelled names, and potentially say things to each other which should not be revealed. Furthermore their conversations are arguably educational records covered by FERPA, and thus cannot be revealed in an identifiable way. Similarly, the fact that a student participated is an educational record which should not be leaked, as it could be equivalent to publishing class rosters. Further, since chat text is used for training the COMPS text mining applications that are used for automated assessment of conversations, student identifying information from inside the conversation could accidentally end up as part of a text mining model.

COMPS and its chat data assurance issues are not analyzed completely in isolation. The authors looked at the policies and practices of commercial collaborative learning applications that collect typed-chat student conversations, such as collaborative chat sites and MOOCs. Privacy policies and security measures taken on these sites inform the proposed COMPS privacy policy and security measures.

The result of this study is an analysis of the information security issues and a proposed collection of practices to address them. The information security problems of the COMPS project should be of general interest to online educational research that is embedded in real educational settings.

Keywords:

FERPA, Information Assurance, Computer-Mediated Chat, Collaborative Learning Environments.