Does your VLE virtually undress its users?

Few educators are aware of how online learning tools can betray the privacy of individual users and stifle their learning experience, says Adam Joinson.

In August, three leading employees of the internet giant AOL were forced to leave their jobs after the release of anonymous search data that could threaten the privacy of their customers. Later this month, many thousands of students will begin their studies in the UK, log on to the virtual learning environment (VLE) provided by their university and have their privacy considerably more compromised than the consumers of AOL. And no one will complain. Very few will even know.

The seemingly inexorable rise of the VLE, designed to deliver e-learning, was fuelled by utopian visions of a non-threatening, non-hierarchical, constructive (and constructivist) place for students and tutors to interact and learn. A recent survey found that 95 per cent of UK universities have a VLE. But while the pedagogic functions of these tools are heralded, it is rare to hear about how they track and watch over students. Indeed, one usually needs to delve deep into the product specifications of most VLEs to begin to understand the degree to which students are measured, recorded, reported and tracked while they use a typical VLE.

As the AOL case shows, a privacy threat often comes not from a specific item of personal information but from the accrual of semi-personal information from a number of sources. For any individual student, it is usually possible to see what they read, when they read it, how many times they read it, how they did on a quiz (even a formative assessment), at what time they submitted an assignment, what questions they posted to a discussion forum, how many edits to a wiki (a collaborative authoring tool) they made or comments to a blog they posted. When combined in a single report, the potential threat to students' privacy is enormous.

Quite apart from the obligation on institutions to avoid the excessive and unnecessary collection of personal data, and to protect data that is collected, educators may also have sound pedagogic reasons for taking the privacy of students seriously. Of the many teaching theories in vogue at the moment, none suggests that increased surveillance and reduced privacy are central tenets for improving students' education. There is evidence that reducing students' privacy might lead to less successful educational outcomes.

Judith DeCew, a privacy researcher, has believes that privacy extends not just to information but also to expression and accessibility. She argues that privacy allows us the freedom to express unpopular views without fear of interference from authority. It also gives us a space to prepare and present arguments and ideas without being vulnerable to ridicule. But, in the case of a VLE, opportunities for expressive privacy are rare.

The main place to try out ideas and arguments would be a chat or discussion forum, but students rarely have the opportunity to use them while protected by a pseudonym. So a student's basic misunderstanding could be linked, in perpetuity, to his or her name for all to see, rather than hidden behind a pseudonym. By allowing pseudonyms, rather than relying on real names, a VLE designer can build expressive privacy into the environment. But even in activities geared towards experimentation and testing, it is rare for measures to be taken to enhance expressive privacy.

In fact, many VLE designers and educationists seem to be designing their tools and activities specifically to reduce free expression and experimentation. Under the auspices of greater social presence, photographs, video and voice communication are gradually being added to the communication facilities of VLEs, despite extensive research evidence that doing so will lead to deteriorations in the quality of group communication, trust and affiliation in the group.

If you fear "looking a wally", it is easier to post to a semi-anonymous discussion list or chatsite than to join a voice or video conference. In the latter, feedback is immediate, and nerves show more easily in the voice than in text. Similarly, many of the activities designed for use in VLEs (for example, "icebreaker" activities in which students describe themselves) ignore evidence that focusing attention on the individual rather than the group reduces expressive privacy and the effectiveness of later group work.

Some of the newer learning technologies being piloted violate privacy in myriad ways, including enforced contribution to discussions. The adaptation of "web 2.0" social software for educational purposes will pose further privacy threats because they often rely on (user-entered) personal information to function.

And yet the educational community has, with a few exceptions, tended to ignore the potential privacy threat of new technology. A search of the British Journal of Educational Technology shows 11 articles over the past decade that mention "privacy", but privacy is not the focus of a single one. This compares with 140 articles that mention "e-learning". Most discussion of privacy in the e-learning research area is in terms of meeting the data protection requirements of legislature rather than the pedagogic implications of privacy invasion. In a 2004 report for the UK Joint Information Systems Committee, e-learning professor Grainne Conole, noted that surveillance was an emerging issue in the development of e-learning. But since then researchers have made very little attempt to address the issue seriously. Looking at the privacy policies of many UK universities illustrates the degree of this creeping surveillance. There is hardly any mention of the tracking of students' data on a VLE, less still of what becomes of the data once stored.

But this selective blindness is not going to work. A quick visit to the support forums of many VLEs provides ample evidence that the privacy implications of tracking students are causing real concern. VLE enthusiasts write off many of these concerns as paranoia. But the issues are not likely to go away - other, more invasive, technologies (such as RFID tags to record attendance) are being implemented across campuses.

There are ways in which many of the positive aspects of a VLE can be kept, even enhanced, while protecting students' privacy. At a minimum, tracking and usage reports should be anonymised, and ideally tutors should have access only to summary reports of usage, not the actions of an individual. Identity management systems should be introduced, enabling students to control how much of their identity is made known when they post to a discussion forum. This would give students the expressive privacy needed to ask "stupid" questions or pose premature ideas without being vulnerable to ridicule.

Institutions and tutors should also have a clear privacy policy in which they make students aware of what tracking takes place, who has access to the data, to what use they are put and for how long they are stored. Taking student privacy into account in these ways will help educators realise the promise of e-learning.

Adam Joinson ( http:///www.joinson.net ) is a senior lecturer at the Institute of Educational Technology, The Open University. He leads the Economic and Social Research Council-funded Privacy and Self-Disclosure Online project ( http:///www.prisd.net ).