Welcome to your definitive answer to the question: "What research informed the privacy and security design of Boom Learning?"


We Started by Talking with School Administrators About Their Privacy and Security Needs

Over the past twenty years, schools have undergone a technological transformation. We knew from conversations with Technology Directors and Superintendents that whatever we developed needed to work on a wide range of devices, as well as in managed device and “bring your own device” settings. We looked at the research and had conversations with rural school administrators about their needs also.[1] We felt compelled to ensure that our product could be used on the most ubiquitous device available (the smartphone) so that learners with limited access to technology and learners in rural areas with limited access to WIFI could still used the product.


Building an Optimized and Secure Foundation for the Future

In building our product, we looked not only to education research but also to the computer science, privacy, and security fields to ensure a forward-looking app. Schools were beginning the transformation to computer-aided, data-driven instruction when we built our first prototypes. We deployed our industry experience and knowledge to build a performance- and scale-focused platform that could grow with schools and teachers. 


We anticipated that there would be growth in school use of technology over time. Performance optimization and scalability have been built into the Boom Learning platform from the outset. Our development team selected the Meteor platform because of its ability to be responsive, rapidly deployed, and flexibly scaled.[2] Our robust uptime performance during the pandemic serves to validate our design choices.


Teachers Outshine Artificial Intelligence

It is now well known that artificial intelligence has specific limitations. Training artificial intelligence on human-selected data sets can build in and reinforce bias. Improperly “trained” AI can work to the detriment of those to whom the machine learning is applied.[3] Examples range from Microsoft’s infamous chatbot to Amazon’s now discontinued recruiting tool. 

 

When we were developing Boom Learning, there was a robust debate in the industry as to whether artificial intelligence could replace professionals, such as teachers.[4][5] Observing the state of the research and the debate on both sides, while applying one of our co-founder’s professional experience working with machine learning teams, we determined that the Boom Learning design would support teachers in doing what they do best – teaching through the application of skills, experience, and judgment. Our platform would automate data-elements that could support the exercise of teachers’ skills, experiences, and judgements. We had no intention of trying to replace teachers. Only a teacher has the full context of a student and the ability to judge the next right intervention among many possible ones.


A People-Centric Approach to Data Privacy Regulations

At the time we were developing our specifications and requirements, few schools understood their privacy and security obligations with respect to outsourcing management of student data.[6]  We knew schools were increasingly turning to data-driven learning, but they tended to be naïve users of technology and even more so “naïve” developers of information technology systems. 

 

As we designed our product, we took into consideration the vulnerabilities of our customer base. We ensured we were not only FERPA compliant but also looked ahead to evolving trends and anticipating legislative developments regarding student data. We actively monitor legislative and policy developments in the field, anticipating school and parent concerns. We implemented privacy, and associated security protocols, by design, which at the time was a nascent concept in the field.[7]

 

Following the evolving trends, we selected the National Institute of Standards and Technology (NIST) framework. We adopted Framework 1.0 internally when it was published in 2014, before we completed the first Boom Learning prototype, having already implemented many of its recommendations on previous products.[8] Framework 1.0, and now Framework 1.1[9], are the backbone of our privacy and security decisions and processes. We have maintained a continuous improvement policy, adopting encryption in transit and at rest with the passage of New York State Education Law Section 2-3.[10] Encryption scrambles readable text so only the person with the "key" can read it. In lay terms, it prevents malicious parties from accessing your information. 



[1] Arnold, P. L. (2015). Rural high school faculty perspectives on bring your own device implementation: A phenomenological study (Publication No. 3712040). [Doctoral Dissertation, Liberty University]. ProQuest Dissertations Publishing.


[4] Thiel, P., & Masters, B. (2014). Zero to one: Notes on startups, or how to build the future. Crown Business.