Forum .LRN Q&A: Community building vs. privacy in online learning

Carl Bleusius made these interesting points in another thread:

"If I am in a class with you I want to be able to list all contributions you have made to the class so I can get a feel for who I am talking with (in other words, being able to list class contributions of an individual should not be limited to the professor).

"We must not forget that students need to be protected. Should contributions be limited to the audience it would reach in a traditional learning situation (I might not want my professor in Medical Ethics hearing what I said in my Philosophy course last year)? Should the student decide (I might need to remove the evidence... after posting something really stupid)? The best solution might be to link the "about me" view permissions with the context of the contribution (if bboard is only viewable by users in course X... all users registered in course X should be able to see a listing of my contributions in that course on my "about me" page). I get the feeling it is just boils down to where we put the switches (the infrastructure seems to be in place)."

IMHO, there are two critical insights here that are somewhat in tension with each other. On the one hand, it's important to enable students to easily get to know each other, particularly in a pure distance learning context where they may never see each other face-to-face. I always have believed that the directory feature dating back to the original ACS, where you can see every contribution that a community member has ever made, is absolutely one of the most valuable features of ACS of any version or flavor.

OTOH, student privacy is also critical, not only for the traditional reasons associated with the Internet but also because privacy is an essential part making a class conversation safe enough for students to take risks and really speak their minds.

So any online educational community needs three elements: (1) controls that let the institution enforce privacy policies, (2) controls that let students make individual privacy choices (bounded by the institutional choices above), and (3) a written policy that helps guide individuals on how to use the privacy controls. (I might add that there are times when an individual instructor needs to set privacy policies, too. Sometimes s/he may want to deliberately create a safe haven, while other times s/he may want to require students to speak out and share.) Note that the settings that the system allows necessarily shapes the possible privacy policies.

So this is a critical conversation that the dotLRN community must have. What is the possible range of privacy policies? What choices do we want to make possible at the institutional, the class, and the individual levels? It seems to me that some global philosophical decisions should be made here and then incorporated into dotLRN in a consistent and principled way.

There are also legal considerations.  The semantics of the "guest" role in SloanSpace V1 as well as dotLRN are not driven by common sense or needs specific to Sloan, they're driven by Federal Law passed to protect student privacy.

Which opens a globalization issue far trickier than language issues - legal issues!  Are there laws regarding student privacy in Germany, for instance?

The Open Force guys can speak to how difficult it will be to adopt dotLRN's permissions architecture to deal with such differences.

Michael, I also strongly feel that the feature allowing others to see all contributions an individual has made as one of the most valuable features of ACS of any version or flavor. We are making a mistake if this is not included in dotLRN. I think it is of utmost importance that we define the scope of this feature carefully for dotLRN.

Michael, I argue that these philosophical questions have been answered in the past and must not be discussed... but emphasized and documented. To support my argument I call forward the Cs: aCs, openaCs, aCes, and dotCrn ;)

Community is based on a group of individuals where members are known to other members of the group. To promote community there must be a way for members to get to know one another. A community suffers, when it is hard to get to know others in the group quickly and efficiently.

As far as legal issues and privacy go, the best bet is to support previously existing closed groups (classes) with virtual collaboration and communication spaces, a virtual commons for each group if you will. The publication scope of contributions in each commons should be made clear by the group leaders (e.g. group admin) or the context in which contributions are made. This is how it works with our present platform... if external parties are going to be given access to contributions made in a class this must be made clear from the start. One thing that occurs often here in Heidelberg is that high quality group presentations might be posted outside of the course after completion (the professors do notify the students beforehand).

Students must be prepared for the transparency which comes with interconnectivity... for a world where it is becoming very difficult to act anonymously and avoid accountability for actions. "Think before you speak", is what common sense tells us... and sometimes lack of common sense can be compensated by experience (I like to think of universities and other learning spaces as sheltered havens to gain not only knowledge, but experience). Where possible the privacy issue should be delegated to the group leaders or the individuals themselves.

Don is correct: there are many legal issues to consider here. A simple solution
was implemented in OpenACS: the read_private_data privilege. Only if a user
has read_private_data privilege on another user, then they can see another
user's personal information (email address, etc...). This is by no means a
complete solution, but it's actually a more solid start than it initially appears to

I agree with Carl conceptually: we don't want the privacy laws to prevent fully
open communities from existing. But we also want to enable privacy control
where required for usage.

There are a couple of other complications here. First, we must recognize that a single person may very well be a part of not just one community but many distinct communities within a single dotLRN installation. To make matters even more complicated, each community may have distinctly different rules and norms.

As an example, let me describe a situation I ran into while I was the instructional designer on one online class where a prominent professor taught his investment analysis ideas to some employees at a large financial services firm. The class involved group project work that necessarily included data about customers and possibly new and proprietary business ideas that came out of groups. To make matters more complicated, the professor was occasionally hired by the firm's competitors as a consultant and wanted to be sure (to his credit) that he didn't inadvertently walk away with an idea that emerged from the class which could be fairly considered property of the firm.

As a result, we decided to create subgroup workspaces where even the professor did not have access. The students themselves decided what could be shared with the class (and the professor) and published sanitized versions of their ideas and examples to the class. In turn, there was another set of rules for what could go from the class to the outside world.

Communities are fundamentally ideosynchratic based on the needs of their members. Therefore, the balance between sharing and privacy is also fundamentally ideosyncratic. We need to come up with a range of use cases and make sure our architecture makes it easy to accomodate those use cases.

Michael's use cases are very good examples of the issues at play here - both personal and legal.  But we also need to consider -- and by "we" I mean most immediately the folks at Sloan -- another constituency group, alumni.  Alumni communities will be well served if they are as open as possible communication-wise for those alums, but they also want and need access to the learning community of Sloan and we want to give them that access without violating any laws.  .LRN/SloanSpace V2 cannot do that right now because it cannot accommodate the need for a user to have a different level of access to different sets of groups, i.e., a set of alumni communities versus classes.

It is not just a matter of giving users what they want, but of being very clear and getting the proper consent from all parties, which Carl eluded to in his post:

"The publication scope of contributions in each commons should be made clear by the group leaders (e.g. group admin) or the context in which contributions are made."

Carl also stated:
"Where possible the privacy issue should be delegated to the group leaders or the individuals themselves."

I have had a few conversations with the Sloan privacy expert, however and he has asserted that it is not sufficient to leave these decisions up to the group administrators, at least not here in the United States.  There are some decisions that must be made for them by designing a system that clearly defines roles and levels of access and the like.  This is sticky, difficult issues, at least for Sloan and we are headed in the right direction, but we are not there yet.

As another example, when we were developing the spec for our Photobook  module, we encountered privacy issues in determining who could see what bio info about a student and we decided that professors and students could only see information about students with whom they share group memberships, not group membership info for unshared groups.  This thinking would extend, I think, to all user contributions if we are going to adhere to the letter AND the spirit of the U.S. privacy laws.