Pointer to blogpost:
This is in regards to the SFGate.com story on a small school district in California, which in January began requiring all students to wear RFID-enabled badges that monitor their whereabouts on campus. The district’s stated reason was to “ease attendance taking and increase campus security."
According to Jamie Lewis, “The school district did this without involving the parents, many of whom are now raising a ruckus. How many ways does this system violate Kim's laws of identity?”
The fundamental issue here is that two types of domains claim control over children’s identities: school districts (during schooldays) and parents (each parent/couple its own household domain, claiming legitimacy in tracking their kids’ whereabouts/doings all the time, including when the kids are in school). And each of them has quite legitimate reasons for wanting to control those identities—or at least track various attributes associated with those identities (such as real-time locations).
Generally, the identity domain of the school administration and the identity domain of the kids’ parents/household are federated to each other, and have the same interests at heart. We have a trust relationship, and a division of responsibilities that consistent with that relationship. As the parent of two highschoolers, I’d like to know that my offspring are in their school during normal school hours (and normal afterschool hours). As regards their precise locations in their school at any point in time, that’s a secondary concern that I’ll let the school administrators worry about. For me it’s not a privacy-of-my-kids issue. In school, students have no expectation of privacy, except for their lockers, and even there, issues of discipline and public safety make that a meager expectation at best.
As a parent, I wouldn’t choose to de-federate from the public school system (i.e., go the home-schooling route) over an issue such as RFID tracking of students’ whereabouts in school. That’s an administrator’s prerogative. In this case, the law of identity federation applies: domains must be able to establish trust relationships under which they can choose to accept each other’s identity assertions and honor each other’s identity decisions--or reject them--subject to local policies.
In the case of this school district, I would choose to honor the administration’s identity decisions—track kids via RFID--and accept their assertions—kid is here, in the place where he or she is supposed to be. Yeah, the school district should have honored parents by notifying them and consulting with them before they did it.
But, if my kid were in that school district, I wouldn’t raise a bogus privacy concern. And I wouldn't stop them from doing it.
I'm constantly worrying about my kids. In other words, I'm a normal parent.