Thursday, April 23, 2009

Student Authentication Update - April 2009

In the previous post I wrote about the second round of discussions by the rulemaking committee that took place this week at the Department of Education in Washington D.C. This is the group that will decide how the distance learning student authentication issue in the Higher Education Opportunities Act will play out.

Thanks to Chris M, the Executive Director of the ITC, I can provide you with a sense of how those conversations have gone so far. The third and final meeting for this group will occur on May 18-20, at which time we expect to have clear language about how accrediting bodies should apply the law as handed down for the HEOA.

Based on the conversations late yesterday afternoon, this is how we expect (best guess?) the language will be handled: (expected changes to the proposed language in red)

602.17 Application of standards in reaching an accreditation decision.

(g) Requires institutions that offer distance education or correspondence education to have processes in place through which the institution establishes that the student who registers in a distance education or correspondence education course or program is the same student who participates in and completes the course or program and receives the academic credit. The agency meets this requirement if it --

(1) Requires institutions to verify the identity of a student who participates in class or coursework by using such methods as, but not limited to --

(i) A secure login and pass code, randomly generated personal questions, or proctored examinations; and

[NOTE: there was widespread agreement to drop this phrase in section i since the participants agreed that we shouldn't be locked into the use of any particular technology or method - apparently, no one (who spoke) felt it should be left in.]

(ii) New identification technologies as they become widely accepted; and

[NOTE: it seems that number ii will be dropped entirely, but that is not yet certain.]

(2) Makes clear in writing that institutions should not use or rely on technologies that interfere with student privacy.

--- end of proposed rulemaking language ---

If that is what happens, then I think we will be able to breathe a big sigh of relief. Getting rid of language that specifically promotes one new technology (random questions) and an emphasis on maintaining student privacy goes a very long way toward making this a workable requirement, without closing the door on future possibilities that might develop in this space.

The next time for an update will be in May when the third and final discussion period happens for the negotiated rulemaking. Several people have worked very hard to put some common sense and reasonableness into this language. Let's hope that those thoughts prevail at the end of the day. Either way, they deserve our thanks.


Google Mashups said...

Breathed a large sigh of relief here. I hope this mimics the final draft. Thanks a lot Barry for the update! You have been a great help to our development team!

Mike Jortberg said...

"The investigation yielded confessions from six school and student employees, who admitted they misused the system to access and profit from private information, the police report states. One student extended the time limit on a test he took; another student said a teaching assistant had given his personal username and password to a class of students to use during the semester to cheat."

"Employees also made a habit of sharing such passwords with those who were not explicitly given access by a supervisor. "