Back to school season can be a busy or even stressful time for both parents and children. As the days grow shorter, the “to-do” list grows longer. Number one on the list – because of its importance and time sensitivity – should be to opt out your child from directory information sharing at school.

What is directory information?

According to the U.S. Department of Education, directory information is a limited set of personal “information that is generally not considered harmful or an invasion of privacy if released” and often includes a student’s name, address, telephone number, email address, photograph, date and place of birth, etc.  It does NOT include even more intimate and sensitive personal information like test scores, grades, disability or disciplinary records that schools can legally share with companies, contractors and other third parties without parental knowledge or consent for operational, evaluation, and research purposes. The federal government has allowed these growing number of exceptions through regulatory amendments over the last decade or more, described in detail here and here.

The federal law known as the Family Educational Rights and Privacy Act (FERPA) enables schools or school districts to share directory information with any person or organization outside the school/district without parental consent — but only when the school/district provides public notice to parents first. Notice must include:

• The types of student information that the school/district has designated as directory information;
• Details about a parent’s right to refuse to allow the school/district to designate any or all of those types of information as directory information; and
• The amount of time the parent has to notify the school/district in writing that he or she does not want any or all of this information shared with others outside the school.

FERPA allows schools/districts to adopt their own directory information policies, but if they choose to provide students’ directory information to a limited number of third parties, their public notice to parents must specify the individuals, groups or companies who may receive directory information and/or for what purposes. Unfortunately, this public notice may not always be provided, and when it is, it is often difficult to find because it may be buried in hundreds of pages of information during registration, in a student handbook, a parent newsletter, school announcement, local newspaper, or website.

Most schools/districts give parents only ten to thirty days from the start of the school year to exercise their right with regard to directory information, and most offer parents a limited choice between two options:

1) Allow schools and districts to share students’ directory information with anyone including marketing companies and the media — often referred to as “opting in” to sharing directory information; or

2) Refuse to allow schools and districts from sharing directory information with anyone, including parent organizations for purposes of creating school phone directories, graduation brochures, or companies who publish yearbooks — often referred to “opting out” of sharing directory information.

This type of “all-or-nothing” approach presents a huge challenge for many parents. On the one hand, parents don’t want their children’s private information shared with anyone who requests it. On the other hand, most parents would like their children to be included in school-related publications like yearbooks, directories, brochures, and newsletters.

While FERPA doesn’t require schools to allow parents the option to select which types of directory information can be shared with whom, some privacy-minded school districts in Maryland, Montana, and North Carolina, for example, have abandoned the “all-or-nothing” approach for a “menu selection” which gives parents more control over their student’s directory information.

The Parent Coalition for Student Privacy and the Campaign for a Commercial-Free Childhood have prepared a model Directory Information Opt Out form for parents to submit to their schools at the start of the school year, as part of a larger privacy toolkit that we will release soon, via a grant from the Rose Foundation.  Our Directory Information Opt Out form is designed to respect the ability of parents to choose what information they would like shared for what purposes, while also protecting their children’s privacy.

Why should parents opt out?

FERPA became law in 1974 at a time when students’ directory information was used primarily in school-sponsored publications like yearbooks, and to identify student athletes for local newspaper articles. Over the last forty years, individuals, groups and companies have recognized the value of this student information – especially with the creation and growth of the Internet – for commercial and non-educational purposes. Companies who access students’ directory information can sell it to others or use it to market products directly to students, political offices can use it to build their voter tracking systems, thieves can use it to steal identities, and perpetrators can use it to stalk students or commit other crimes.

How can parents opt out?

1. Ask the school or school district for its “directory information” policy.
2. If the school/district has a policy, read it carefully to find out which personal details are considered directory information and with whom it can or will be shared.
3. If the policy forces parents to choose between opting in or opting out of all sharing of directory information, parents should opt out to protect their children’s privacy. However, doing so could mean that their children’s names and pictures will not be listed in the yearbook or other school-related publications.
4. Share the model Directory Information Opt Out form we have prepared with the school’s principal or other school officials and encourage them to adopt a new policy giving parents more control over their children’s information.
5. If the school/district does not have a directory information policy, ask if they will be sharing student’s directory information with third parties outside of the school. If the answer is yes, explain that FERPA requires that parents must be given public notice as described above, then complete the model Directory Information Opt Out form and submit it to the school/district. Follow-up in writing to ensure that the request will be honored.

Disclaimer: This commentary does not constitute legal advice. Consult a private lawyer or call your local ACLU should you have specific questions.

Download the Directory Information Opt Out from here (.docx) or here (.pdf).

Adapted from the EFF website.

The Parent Coalition for Student Privacy joined the Electronic Frontier Foundation,  ACLU, and a coalition of nearly two-dozen civil liberties and advocacy organizations  to urge the Uniform Law Commission (ULC) to vote down dangerous model employee and student privacy legislation.

The bill, the Employee and Student Online Privacy Protection Act (ESOPPA), is ostensibly aimed at protecting employee and student privacy. But its broad and vaguely worded exceptions and limitations overshadow any protections the bill attempts to provide. As the letter below explains, ESOPPA will result in only further invasions of student and employee privacy.

The ULC is a nonpartisan organization dedicated to researching, drafting, and promoting the enactment of uniform state laws, which it drafts and circulates as “models.” The ULC will vote on ESOPPA on July 11 at its annual meeting, and if it passes, the ULC will circulate the bill to legislators across the country in the hope of uniform adoption in all fifty states. But ESOPPA falls far short of its goal and does not live up to the prevailing standard for protecting social media privacy currently being enacted by the states and as required by the U.S. Constitution.

Social media accounts include vast quantities of sensitive personal information. As the U.S. Supreme Court made clear in Riley v. California, searches of digital devices are grave invasions of personal privacy in ways that physical searches could never be. Yet ESOPPA does next to nothing to prevent school administrators and employers—including public school employees and state officials—from coercing or requiring students and employees to turn over private, non-publicly available information from such accounts. The bill not only fails to comport with protections afforded to such sensitive personal communication under the Constitution, but the few protections it purports to provide are ripe for abuse and without measures to ensure accountability.

Furthermore, ESOPPA applies only to students at the college level and beyond, leaving the privacy of K12 students completely exposed.

That’s why we’re asking the ULC to either address ESOPPA’s deficiencies or reject the bill outright at its upcoming meeting. Other organizations, including the Foundation for Individual Rights in Education (FIRE), have also sent their own letter to the ULC opposing the current draft of ESOPPA.

You can read the full text of the letter below.

July 6, 2016

Members of the Uniform Law Commission
111 N. Wabash Avenue, Suite 1010
Chicago, Illinois 60602

Oppose Unless Amended: Employment and Student Online Privacy Protection Act

Dear Commissioner:

As civil liberties groups, advocacy organizations, student and parent rights coalitions, and a union representative, we write to you today to express deep concern over the Employee and Student Online Privacy Protection Act (“ESOPPA”). We appreciate the ULC’s interest in protecting the privacy of employees and students alike, but the version of the bill submitted to the full ULC committee for approval at the upcoming annual meeting fails to accomplish that goal in light of its significant deficiencies. While it purports to protect both employees and students, its broad and vaguely worded exceptions and limitations overshadow any protections the bill attempts to provide—doing next to nothing to prevent school administrators and employers from coercing or requiring students and employees to turn over highly sensitive social media account information. These provisions do not comport with the Fourth or Fifth Amendment, and will result in only further invasions of student and employee privacy.

We ask that you not adopt this bill until these issues have been adequately addressed. If these issues are not addressed, we urge you to reject the proposed bill in its entirety. Three of the bill’s provisions are most problematic:

First, the bill authorizes state employers and public educational institutions to require an employee or student to turn over information related to their social media account, including login information and social media content, based merely on “specific information about the student’s protected personal online account,” in order to (i) ensure compliance with, or investigate non-compliance with, federal or state law or an educational institution policy; or (ii) “to protect against . . . a threat to health or safety[.]”

The U.S. Supreme Court made clear in Riley v. California, 134 S. Ct. 2473 (2014), that searches involving technology and electronic devices are grave invasions of personal privacy in ways that physical searches could never be. That case involved cell phones, which the court recognized as especially important due to the many kinds of information they contain: “Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse. . . . The term ‘cell phone’ is itself misleading shorthand; many of these devices are in fact minicomputers that also happen to have the capacity to be used as a telephone.” Id. at 2488–89. Social media accounts contain similarly vast amounts of personal information and implicate the very same concerns. Permitting government agents access to students’ and employees’ social media accounts under the vague terms of the current draft of ESOPPA does not comport with the level of protection afforded to such personal information under the Constitution.

Second, although the bill attempts to limit employers or educational institutions access by requiring that any such entity “reasonably attempts to limit its access to content relevant to the purpose justifying that access[,]” such a limit will prove hollow, as it is not technically or practically possible to segregate “relevant” from irrelevant content until all content is accessed. This provision, coupled with the overbroad grant of authority for employers and schools to compel or coerce employees and students to turn over social media account information, renders ESOPPA ripe for abuse by employers and education institutions alike. And the bill includes no measures to ensure accountability.

Third, the limited privacy protections that ESOPPA claims to provide for students have a glaring deficiency—the bill does not apply to most students. ESOPPA provides purported protections only to students at the college level and beyond, leaving the privacy of students at the high school level and below completely exposed. This is not a trivial concern. Students in secondary school and below use social media to learn about and discuss highly sensitive subjects, such as reproductive choices, sexual orientation, gender identity, and political perspectives. In many communities across this country, exposing a student’s perspective on such topics could not only be embarrassing, but it could also place the student’s safety—or even life—at risk. The only option ESOPPA leaves for non-college students who want privacy protection is to not use social media at all. This “option” would do tremendous damages to one of the most vibrant free speech platforms utilized by young people today. This is not acceptable.

We believe it is possible to create a bill that addresses the concerns raised in this letter, protects student and employee privacy, and grants educational institutions and employers the ability to procure social media account information when required or permitted under law, such as when investigating specific allegations of unlawful harassment in the workplace or specific allegations of unlawful bullying by a student or prospective student of another student. Indeed, the American Civil Liberties Union has worked closely with other advocacy organizations and Internet companies alike on its own model legislation, a version of which was enacted in four states this past legislative session alone. Those laws represent the prevailing standard for protecting social media privacy in 2016. ESOPPA, which is coming out of a three-year planning and drafting process, is already showing its age—and it has not even been voted on by the ULC yet. Unless it is the ULC’s objective to roll back the standard for protecting social media privacy currently being enacted by the states, ESOPPA must be significantly revised before it is adopted. The signatories of this letter fully intend to continue our successful efforts to have true social media privacy bills enacted in the states, and if that requires us to oppose ESOPPA, we certainly will.

In order to ensure that ESOPPA does not impermissibly infringe on employees’ and students’ rights, and to enable us to work with rather than against each other on this important issue, we urge the full ULC Committee to either address these concerns or to reject the bill outright.

Thank you for your time and attention to this matter.

Sincerely,

American Civil Liberties Union

American Library Association

Bill of Rights Defense Committee

Center for Democracy & Technology

Center for Digital Democracy

Common Sense Kids Action

Constitutional Alliance

Consumer Watchdog

Defending Dissent Foundation

Demand Progress

Electronic Frontier Foundation

Fight for the Future

Free Speech Coalition

Government Accountability Project

Michelle Castro, SEIU California,  Director of Government Relations

National Coalition Against Censorship

Network for Public Education

Network for Public Education Action

NYS Allies for Public Education

Parent Coalition for Student Privacy

Parents Across America

Privacy Rights Clearinghouse

Restore the Fourth

Safety Net Project of the National Network
to End Domestic Violence

Woodhull Freedom Foundation

World Privacy Forum

Picture this: a stranger able to access your children’s bus pick-up and drop-off time and location, able to see their photos, names, phone numbers, home addresses, health records, even lunch account and activity fees. This information was amazingly vulnerable to hacking in the Lewis Palmer School district in Colorado.  Incredibly, the school district posted hints to passwords (the student’s birthday) on the district website. The student login ID and password were the SAME for both Infinite Campus (that stores student grades, demographics and other personally identifiable information) and their Google Apps for Education documents, including their Gmail accounts.  According to a district parent, who prefers to remain anonymous,

“Once you logged in with your student account, you could see all names and student IDs of every student in the district, listed alphabetically down the left side of the website, with corresponding student ID.  And since it was advertised that their birthday was the password, any hacker could go onto Facebook, find out a student’s birthday and login to see all their emails and records in Google (GAFE) and in Infinite Campus.”

According to its website, the Lewis Palmer School District has publicly posted login information and clues to student passwords for three years.  At least one parent complained last fall and the school did nothing to address the vulnerability. Apparently, school officials told parents this was just the way it had to be and it was not possible to change it.

Only after a parent spoke at a school board meeting on May 19, did the district-wide become public news, thanks in part to a local reporter who wrote about it in Complete Colorado:

“At a school board meeting on May 19th, a concerned parent asked the school board to fix the security breach immediately. The woman said district officials have known about the issue since the beginning of the school year. Melinda Zark told the board that in the fall she spoke to the district’s top two information technology staff members and her children’s principal about the issue with Google Apps for Education (GAFE), which is needed to connect to Infinite Campus.”

However, even after the vulnerability was revealed to the school board,  in the story posted in Complete Colorado, discussed on a breach notification site, Databreaches.net,  and  on the blog of privacy advocate Bill Fitzgerald who wrote about it here, the Lewis Palmer School District still did not immediately notify all parents of the breach (as recommended by federal guidance and current Colorado law) nor did the district admit fault.

FERPA requires that the agency or institution record an unauthorized disclosure so that a parent or student will become aware of the disclosure during an inspection of the student’s education record. The district also appears to ignore the Colorado’s Department of Education’s guidance to districts that states,

“The personally identifiable information from students’ education records that a district maintains should not be available to all district employees…”Districts should establish clear methods for addressing any breaches in security.  Individuals should be designated for addressing concerns about security breaches and identifying appropriate consequences, which may need to include termination of employment or a contract.”

Nearly a week after the school board meeting, the District finally disabled the access portal to Infinite Campus accounts. As reported in Lewis Palmer’s disingenuous and incoherent account on its website:

“05.25.16 protecting your student and family personal data is of utmost importance to lpsd. yesterday, we discovered a possible security breach through normal monitoring of ip addresses accessing our systems. it appears one individual with legitimate access to our system, using the student portal, may have accessed a few middle and high student ic accounts. the ip address for this individual was immediately blocked. the individual was unable to modify data or transfer data electronically. we will be contacting the parents of the students impacted. if you do not receive a call by the end of the day, you can assume your child’s account was not impacted. we shut down student portal access to ic this morning. we apologize for the inconvenience this will cause. we had hoped to keep ic access for students up through june 1 so that they could view final grades. unfortunately, due to this possible breach, grades must be accessed through the parent portal. additionally, google accounts, where student user names could potentially be viewed, were shut down earlier this week. accounts will be upgraded and security will be enhanced over the summer. if you need assistance with your parent portal access please contact technology services at (719) 488­4700 . ­­­­­­­­­­­­­­­­­­­­­ at lewis­palmer school district 38, we value protecting student and staff data. we are committed to supporting the use of beneficial online teaching and learning resources, while keeping unnecessary data collection to a minimum. the following graphic shows a quick birds­eye view of some of the concrete steps we take to keep our staff informed and our data safe. staff, please access the spreadsheet below to find the websites / tools that have already been vetted by our team. if you have a tool you’d like to get vetted, please contact your principal to ask how to do this. ask us if you’re ever concerned or confused about wh http://www.lewispalmer.org/Page/1578”

Many questions remain about this district’s handling of student data. What personal data was accessed and is there a record of who accessed it? Also, the newly adopted technology and privacy policies seem suspect. According to the Complete Colorado news story,

“During the meeting on Thursday, board member Sarah Sampayo was the only board member to recognize the concern. She brought it up as the district was discussing two new policies that deal with privacy and cyber rules. One policy asks parents and students to sign a waiver stating they understand there is no expectation of privacy when they use district technology, and the other protects the district against unauthorized use of its technology that may cause harm to a student.

Sampayo questioned the district’s technology director, Liz Walhof, about whether the district planned to make changes to the Gmail accounts. “How easily accessible is that uniquely identifying [student identification] number to the vast community,” Sampayo asked. “And is our kids’ information then protected because you can then log in … with just the kid’s ID number.”

Walhof said they continue to look into better formats, but added that right now it is not possible to issue an email without using the student’s ID number.”

What are these two new technology policies?  The first, policy JS, states that “Students shall have no expectation of privacy when using district technology resources…Students should not expect that files stored on district resources will be kept private.”

It would seem this blanket waiver may violate existing federal laws including COPPA and FERPA  as well as current Colorado privacy law and the impending new state law which has stronger protections for student data transparency and privacy and security.

Students cannot waive all their rights to privacy in such a radical manner, even if the school district wants them to do so. School district officials can have access to personal student data but only those with a specific interest and responsibility to that child.  Also, although FERPA allows school officials to disclose personal student information to third parties, these exceptions are limited in law and regulation and restricted to those with legitimate educational interests, for the purposes of research, evaluation or audit, or in cases of health and safety emergencies.  Requiring students to waive all their privacy rights as this policy implies would thus seem to violate federal law.

In addition, by posting online the log-in information for all students, including their ID numbers, and publicly advertising that the passwords to gain access are their birth dates – which are readily accessible to district employees and many others – this appears to be an open invitation to breach the system.

The second new district policy JS-E further requires parents to waive any costs or claims from damages incurred by their children’s use of the school’s technology.

If districts and schools are mandating that students use these devices, they must be responsible for keeping their personal information safe. We urge parents in this Lewis Palmer School District to contact the U.S.  Department of Education’s Privacy Technical Assistance Center (PTAC) and file a FERPA complaint, pointing out how the required blanket waiver appears to violate the privacy protections required under FERPA…  The complaint form is here: http://familypolicy.ed.gov/sites/fpco.ed.gov/files/E_Complaint_Form-ED.EMVC_.001.1_SRXV2.v071015.pdf

The form can also be downloaded, filled out and emailed to [email protected]    If a parent needs help or advice with this, you contact us at [email protected] 

Lewis Palmer parents should also ask their district and school board to immediately commission an independent security audit, to address the weaknesses in the system and determine which individuals or companies may have improperly accessed student personal information. What specific data was breached? Was personal information in Infinite Campus accessed by Google, through their Apps for Education? Why were the same user ID and password used for both systems and advertised on the school website? Why was this practice not halted immediately once the vulnerability was brought to the school board’s attention last fall? Why were parents’ concerns dismissed?

In addition, parents should urge that their district immediately adopt other security protections such as encryption for student data and training for all school district employees.  See our five principles to protect student privacy for more on what policies and practices should be adopted by all school districts and states.

At the very least, we believe that this mishandling of student data reveals troubling negligence on the part of the school district. How Lewis Palmer resolves this breach should be a litmus test for other districts and should serve as a wak­e-up call for all parents and schools.

• Cheri Kiesecker, Leonie Haimson and Rachael Stickland on behalf of Parent Coalition for Student Privacy

Data walls are a widespread practice in many schools, in which students’ test scores and other personal data are posted publicly in a school, along with their names, photos or other information that makes them identifiable.  These practices not only shame students but also violate their privacy rights, as specified in the federal law called FERPA, in which only school officials or their designees engaged in research, evaluation or contractual services are able to access student personal information.

Here is an article about the damaging impact of data walls by a Virginia teacher; here is a post reprinted from Exceptional Delaware, in which the blogger Kevin Ohlandt explains how he is writing every Superintendent in the state to demand these walls come down.  Here is his follow up post with the letter.

If any parent is interested in filing a FERPA complaint against the use of these data walls, let us know at [email protected] and we will help him or her do so.

Sheila Resseger, a retired teacher, education activist, and  a member of the PCSP, wrote the post below.  Her new blog is at https://resseger.wordpress.com/

On  April 5,  the Parent Coalition for Student Privacy, FairTest, Network for Public Education and other parent and teacher activists sent a letter to the State Education Commissioners from the PARCC and SBAC states.  I signed the letter as well.  We demanded these Commissioners inform us as to whether they plan to use computer scoring for the writing sections of these exams.

As research has shown, computers are unable to distinguish nonsense from coherent prose, and instead grade mostly on an essay’s length and how much arcane vocabulary is used.  Employing computers to score the Common Core exams is completely contrary to the supposed goal of these standards: to encourage critical thinking and writing skills; an article about this issue is here.

Later that day, Rhode Island Commissioner Ken Wagner met with our Council on Elementary and Secondary Education.  He was enthusiastic about the prospect of computer scoring of the PARCC constructed responses, and made many astonishing claims, including that research showed that computers scored writing as well or better than expert trained teachers.

(You can see the video, watch from about 11 minutes.)

He also falsely claimed that the SAT and Graduate Record Exam (GRE) used computer scoring. Yet on the GRE, every writing sample is scored by both a computer and a human being, and the College Board uses only human scorers on the SAT.

On May 17, 2016 the RI Board of Education met. Only two people commented during the Open Forum part of the meeting. A retired Providence high school English teacher spoke about her disapproval of the proposed revised regulations for high school graduation, with several diplomas offered of differing value, which would be discriminatory.  I spoke to critique Wagner’s enthusiastic endorsement of automated scoring of the PARCC constructed responses:

At the April 5, 2016 meeting of the RI Council on Elementary and Secondary Education, Commissioner Wagner was enthusiastic about the prospect of computer scoring of the PARCC constructed responses. However, he did not inform the Council of serious misgivings about computer scoring that many knowledgeable people have expressed.

The group Student Privacy Matters [Parent Coalition for Student Privacy] included the following information in an issue brief regarding automated scoring on April 5 under the title,

“Too Many Unanswered Questions about Machine Scoring of the Common Core Exams”

“… wasn’t the Common Core supposed to encourage creativity and critical thinking? And the Common Core aligned exams supposed to assess these skills? Is there any evidence that machines can do either? As far as one can determine, the answer is no.

“Last year, Les Perelman, who was in charge of MIT’s Writing program,wrote an opinion piece for the Boston Globe. Perelman tested out another automated scoring system, IntelliMetric, that could not distinguish essays with meaningful coherent prose from nonsense, and that [gave] high marks to gibberish, such as this:

“’According to professor of theory of knowledge Leon Trotsky, privacy is the most fundamental report of humankind. Radiation on advocates to an orator transmits gamma rays of parsimony to implode.’

“Unable to analyze meaning, narrative, or argument, automated scoring instead relies on length, grammar, and measures of abstruse vocabulary to do [sic] assess prose.”

On a related matter, Commissioner Wagner insisted that it’s necessary to get all schools to use the online version, rather than the paper and pencil version of the PARCC, as soon as possible. He claimed that this is important not only for the testing, but also for an underlying instructional purpose. He said,

“We can’t think about student engagement unless we have a serious strategy around digital learning.”  This does not match my understanding of the phrase student engagement. Thank you.

The format of the Board meetings does not allow for questioning or discussion of the comments from the public. However, later during the meeting, one of the board members asked:

“Can members follow up on public comments, and have a discussion about them? “The answer was that an agenda item can be added during a meeting if the Board votes to do so. No agenda item was added.

The Chair of the Board made a brief comment in answer to the member’s question, and then Wagner spoke up. He explained that there would be a discussion of the proposed graduation requirements later on the agenda. As for my comments about automated scoring, he stated that he stands by his previous comments, notwithstanding the information by the person who was quoted (i.e. Les Perelman).

Wagner continued to insist, as he did in the previous public meeting, that teachers have complained about the time taken out of their classrooms, robbing students of instruction, to SCORE the state assessments! This was one of his rationales for using computer scoring, along with efficiency (shorter wait time for the scores and less money)! Yet neither the PARCC nor the SBAC exam have ever pulled teachers out of the classroom to score; nor in my memory has this been an issue in Rhode Island, so his rationale is completely irrelevant.

Wagner did admit that he misspoke in his April 5 remarks when he claimed that the SAT and GRE have used automated scoring for some time. Apparently he didn’t bother to fact-check before making that comment.

So once again Commissioner Wagner stands firm on espousing the misguided tenets of the corporate education reform that is ruining public education for students, teachers, families, and public schools. Once again he dismisses authentic research by actual experts and refuses to acknowledge that there are legitimate counter-arguments to his positions. Unfortunately, most of the members of the RI Board of Education did not call him out on his careless and false claims.

At least one Board member at this meeting had the initiative to call for more discussion of comments made by members of the public. However, it is doubtful that this will be enough to derail the direction that the RI Strategic Plan for Public Education, the Commissioner, and the Rhode Island Department of Education are taking our state. It is up to those of us who recognize the depth of the damage that is happening under the radar of the general public to speak up and expose the insidious agenda of corporate technocrats like Commissioner Wagner, who argues that online learning is necessary to “engage” students and that machines can do a better job than expert teachers in assessing critical thought.