[ndriscoll]

It's not a misunderstanding of everything, especially for schools that are government funded. They have a mission, they receive resources from everyone else to do that mission. If they are then worried about penalties for some frivolous side distraction, and choose to not accomplish their mission for fear of that, then why are we funding them to start with?

Frankly it's a perspective that I've only developed as I got older and realized that such excuses are poor, and that the real world has quite a few people in it who don't really care about the outcomes of what they're doing, or even understand why they're there. To me it feels adjacent to the adolescent view I often see on this site/reddit around "why is the company laying people off when they're making lots of money?" It's because those people aren't needed for anything, and those jobs aren't a form of charity. They exist for a purpose. If they no longer have a purpose, why would you keep paying that person?

If people are going to exist as obstructions to the purpose of the institution we're trying to serve, then they are useless. It's like a computer security worker saying the best way to be secure is to unplug everything, and push for policies that no one shall use computers for anything. Completely missing the point.

Finding ways to follow the law in the most risk-free way to the detriment of everyone is exactly missing their purpose in the world, and everyone should rightly call such a person incompetent and useless. It's casual acceptance of this kind of incompetence culture that slowly leads to societal decline. It's the same kind of thing as when Berkeley took down their lectures because of the ADA. How about the same state that ignores federal immigration and drug law say that actually they're going to keep giving away their free educational materials because they want universal education, and giving those lectures away is strictly better than not doing that, and if the feds want it made accessible, they can fund a project to do so?

[crazygringo]

I really don't know what to tell you. You're literally calling for universities to either break the law or not worry so much about following it, and calling people who do want to be careful about following the law "incompentent and useless".

If you don't see how extreme that is, and how much society would break down if everyone started thinking laws were optional and ought to be ignored when they prevent you from accomplishing your "mission", I just don't know what to tell you.

[ndriscoll]

Quite the contrary: society very obviously runs because people ignore policies and laws constantly. That's why following all laws exactly is considered a protest or subversion strategy: malicious compliance.

Like the entire AI industry could only work by completely ignoring copyright law. Basically no software could be written if developers were concientious enough to check for and avoid patents first. Tradesmen ignore safety policies. Doctors ignore limits on hours. People do work on their homes with no permits.

Part of being an adult is exactly knowing which rules are important and which you ignore.

[crazygringo]

Individuals can choose which laws to ignore, like when they jaywalk.

Corporations, universities, etc. are very different. They create policies which are documented and which their employees are required to follow. They engage in risk analysis.

"Part of being an adult" has nothing whatsoever to do with the laws and regulations that apply to organizations. You're making a severe category error.

[ndriscoll]

Organizations are made of individuals who I assure you regularly ignore or don't even read the policies they are "required" to follow.

[crazygringo]

I don't know what world you live in. Everywhere I've ever worked, that gets you fired. Real quick.

[ndriscoll]

I've worked at a couple F100s and a startup.

At IBM, vim was specifically banned by legal because of reputational risk because the license asks you to consider donating to children in Africa, and IBM didn't want to be called out for not doing so. Guess which editor pretty much everyone in my org used? We also weren't allowed to move furniture because of some union agreement, but guess how many people cared when furniture mysteriously moved from an empty office room into ours? None.

At the startup, people in our satellite office in Arizona openly mocked the California HR harassment training over lunch. It was also an open secret that one of the managers started dating a report. As far as I know many years later they've both moved on to other jobs and they're still together. Nothing bad happened.

Breaking some policies will absolutely get you fired, but that's mostly around doing things you shouldn't be doing, and even then usually only matters if someone else that has some power might themselves get in trouble/have more work/lose something because of what you did. Others no one will care about. Again, part of growing up is figuring out which policies have a purpose and which came from some busybody.

I also already gave the entire AI industry as an example. We know for a fact that Meta trained on pirated material, and it's pretty obvious that everyone else does too. It's blatant industry wide flouting the law. The realpolitik answer here is everyone knows that enforcing the law here would be the final nail in the coffin for China superceding the West, so it's not going to happen.

[trollbridge]

Just to be clear:

E-mailing a student their grade is not "breaking the law".

Not e-mailing a student their grade is not "being careful about following the law". It is just sheer laziness.

A university may develop a policy of "we don't e-mail grades" for another reason, but FERPA is not a valid reason.

[crazygringo]

"Just to be clear":

It's not "sheer laziness". I can almost guarantee you that Instructure would prefer to e-mail the grade itself, and probably had the code working somewhere before feedback from universities told them to remove it.

There are absolutely cases where sending an e-mail to the wrong person is a violation of FERPA. Can you guarantee that your software will never be configured to accidentally e-mail someone besides the student? That no administrator will ever accidentally set up the wrong e-mail address? Because you're not sure if you can make that guarantee, it's legally safer to restrict it to the actual LMS login.

[trollbridge]

Yes, I have written software that would email a student information that was in scope for FERPA.

It’s rather simple to restrict sending email to @student.uni.edu and then further force their email to match the username and email address that is synced from the SIS.

How much FERPA compliant software have you written?

[crazygringo]

That's great for you. I've been in meetings with lawyers around FERPA compliance.

You are right that if you are creating a custom tool you can create that restriction easily.

But if you are creating a learning management system where administrators can configure it a million different ways and the university lawyers want to make sure that administrators don't set it up the wrong way, it makes sense to have that safeguard.

You are looking at the wrong level here. This isn't a software coding issue around technology. This is a policy compliance issue around people. When you create tools you have to consider the possibility of those tools being misused by an employee and mitigate those risks when possible.