Lawmaker: Schools Need Federal Advocate to Negotiate Cyber Contracts

Sen. Ron Wyden (D-OR) speaks at a press conference at the U.S. Capitol Building on March 01, 2023 in Washington, DC.

Sen. Ron Wyden (D-OR) speaks at a press conference at the U.S. Capitol Building on March 01, 2023 in Washington, DC. Anna Moneymaker/Getty Images

Sen. Ron Wyden penned a letter to Education Secretary Miguel Cardona, asking the agency to assist U.S. schools in drafting cybersecurity and data protection contracts with technology firms.

U.S. students need better data security and protection, according to Sen. Ron Wyden, D-Ore., who sent a letter to the Department of Education on Monday requesting better cybersecurity software for the nation’s schools. 

Wyden made the case for lowering the cost burden for U.S. schools via pre-negotiated software contracts between schools and educational software providers. He requested that Education facilitate these contracts between educational institutions and education technology—or edtech—firms.

“Educators shouldn’t need to choose between students’ learning and their privacy—model contracts could help level the playing field between big tech companies and the under-resourced school administrators who must negotiate with them,” Wyden’s letter reads

This request builds on the increasing needs for more tech-oriented, hybrid attendance educational systems in the U.S. During the height of the COVID-19 pandemic, schools across the country pivoted to remote learning, which exposed security gaps in school systems’ digital networks.  

The contracts Wyden references in his letter would offer school administrations help in developing tailored agreements with edtech security companies. The sample contracts could include focuses on student privacy and data security, including provisions against selling student data to third party brokers. 

“A nationwide, Department-endorsed approach would give schools greater leverage when

negotiating with the largest edtech players,” the letter reads. “These companies have little incentive to negotiate and instead exploit their market power by telling school districts to ‘take it or leave it’ when it comes to invasions of their students’ privacy.”

Federal agencies, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, warned educational institutions toward the end of 2020 about the growing ransomware threats to school networks. In 2023, CISA released a formal guide to help improve U.S. schools’ cybersecurity landscape as educational systems join other critical infrastructures as prime targets for cybercrime, pursuant to legislation signed by President Joe Biden in the fall of 2021.