Welcome to your definitive answer to the question: "What research informed the privacy and security design of Boom Learning?"
We Started by Talking with School Administrators About Their Privacy and Security Needs
Over the past twenty years, schools have undergone a technological transformation. We knew from conversations with Technology Directors and Superintendents that whatever we developed needed to work on a wide range of devices, as well as in managed device and “bring your own device” settings. We looked at the research and had conversations with rural school administrators about their needs also.[1] We felt compelled to ensure that our product could be used on the most ubiquitous device available (the smartphone) so that learners with limited access to technology and learners in rural areas with limited access to WIFI could still use the product.
Building an Optimized and Secure Foundation for the Future
In building our product, we looked not only to education research but also to the computer science, privacy, and security fields to ensure a forward-looking app. Schools were beginning the transformation to computer-aided, data-driven instruction when we built our first prototypes. We deployed our industry experience and knowledge to build a performance- and scale-focused platform that could grow with schools and teachers.
We anticipated that there would be growth in school use of technology over time. Performance optimization and scalability have been built into the Boom Learning platform from the outset. Our development team selected the Meteor platform because of its ability to be responsive, rapidly deployed, and flexibly scaled.[2] Our robust uptime performance during the pandemic serves to validate our design choices.
Teachers Outshine Artificial Intelligence
It is now well known that artificial intelligence has specific limitations. Training artificial intelligence on human-selected data sets can build in and reinforce bias. Improperly “trained” AI can work to the detriment of those to whom the machine learning is applied.[3] Examples range from Microsoft’s infamous chatbot to Amazon’s now discontinued recruiting tool.
When we were developing Boom Learning, there was a robust debate in the industry as to whether artificial intelligence could replace professionals such as teachers.[4][5] Observing the state of the research and the debate on both sides while applying one of our co-founder’s professional experience working with machine learning teams, we determined that the Boom Learning design would support teachers in doing what they do best – teaching through the application of skills, experience, and judgment. Our platform would automate data-elements that could support the exercise of teachers’ skills, experiences, and judgments. We had no intention of trying to replace teachers. Only a teacher has the full context of a student and the ability to judge the next correct intervention among many possible ones.
A People-Centric Approach to Data Privacy Regulations
At the time we were developing our specifications and requirements, few schools understood their privacy and security obligations with respect to outsourcing management of student data.[6] We knew schools were increasingly turning to data-driven learning, but they tended to be naïve users of technology and even more so, “naïve” developers of information technology systems.
As we designed our product, we took into consideration the vulnerabilities of our customer base. We not only ensured we were FERPA compliant but also looked ahead to evolving trends and anticipated legislative developments regarding student data. We actively monitor legislative and policy developments in the field, anticipating school and parent concerns. We implemented by design privacy and associated security protocols, which at the time was a nascent concept in the field.[7]
Following the evolving trends, we selected the National Institute of Standards and Technology (NIST) framework. We adopted Framework 1.0 internally when it was published in 2014, before we completed the first Boom Learning prototype, having already implemented many of its recommendations on previous products.[8] Framework 1.0, and now Framework 1.1[9], are the backbone of our privacy and security decisions and processes. We have maintained a continuous improvement policy, adopting encryption in transit and at rest with the passage of New York State Education Law Section 2-d[10]. Encryption scrambles readable text so only the person with the "key" can read it. In lay terms, it prevents malicious parties from accessing your information.
Age-Appropriate Design
Privacy by design for a platform used by children necessitates age-appropriate design decisions. Because our age range is from Pre-K to teens and because our users range from advanced to profoundly developmentally disabled, our defaults are set to high privacy.
We have chosen not to permit in-app messaging to reduce the risk of being exposed to harmful contacts.
Children can only see materials pre-selected for them by their teachers, therapists, or parents; they don't have access to our Store. The materials chosen by authorized adults may collect sensitive data about students in furtherance of an educational or therapeutic purpose. If you have concerns about materials assigned to your student, please start with your school or clinician; they have full power to delete all student logs, erasing any data collected. You can also contact us directly, but as a service provider, we may be under a legal or contractual obligation to refer you to a school official for resolution. Nonetheless, if we learn any entity is using our platform in a manner harmful to children, we will take action against them, including criminal referrals.
We do not advertise to children and we do not track children's information for any purpose other than providing learning performance data to the associated teachers, therapists, parents, and schools or clinics.
We have an in-app reward system described here that gives students feedback on progress towards mastery (gems) effort extended (coins), and that encourages overlearning behaviors (pulses). This reward system was specifically designed to encourage sustained research-supported learning behaviors. Please read all about the research underlying our design here.
The required and optional data elements we collect are and will continue to be a matter of public record.
[1] Arnold, P. L. (2015). Rural high school faculty perspectives on bring your own device implementation: A phenomenological study (Publication No. 3712040). [Doctoral Dissertation, Liberty University]. ProQuest Dissertations Publishing.
[2] Chaniotis, I. K., Kyriakou, K.-I. D., & Tselikas, N. D. (2014). Is node.js a viable option for building modern web applications? A performance evaluation study. Computing, 97(10), 1023–1044.
[3] Jiang, H. & Nachum, O. (2020). Identifying and Correcting Label Bias in Machine Learning. Proceedings of the Twenty Third International Conference on Artificial Intelligence and Statistics, inProceedings of Machine Learning Research, 108, 702-712.
[4] Thiel, P., & Masters, B. (2014). Zero to one: Notes on startups, or how to build the future. Crown Business.
[5] Robinson, R. (2015, April 12). 3 human qualities digital technology can’t replace in the future economy: experience, values and judgement. The Urban Technologist. Retrieved March 15, 2022, from
[6] Reidenberg, J., et al. (2013). Privacy and Cloud Computing in Public Schools. Center on Law and Information Policy, 2.
[7] E. Ramirez. (2012, June 13). Privacy by Design and the New Privacy Framework of the U.S. Federal Trade Commission. Privacy by Design Conference. Retrieved March 15, 2022.
[8] National Institute of Standards and Technology. (2014). Framework for Improving Critical Infrastructure Cybersecurity, 1.0. Retrieved March 15, 2022.