I Don't Want to Sound Rude, but It's None of Their Business: Exploring Security and Privacy Concerns around Assistive Technology Use in Educational Settings
Alisha Marsh, Lauren R. Milne · 2024 · ACM Transactions on Accessible Computing · doi:10.1145/3670690
Summary
This qualitative study investigates the security and privacy concerns of students with disabilities who use assistive technology (AT) in higher education settings. The researchers conducted semi-structured interviews with 8 students who use various forms of AT (including screen readers, dictation software, captioning tools, eye trackers, and telepresence robots) and 5 disability/AT professionals who work with students in educational environments. The study is framed around the concept of "disability disclosure"—the idea that using AT can inadvertently reveal a person's disability status to observers, both in physical spaces and digital environments. While prior research has examined accessibility and privacy as separate concerns, this work uniquely positions them as interconnected, exploring how the very tools that enable access can simultaneously compromise privacy. The research took place during the COVID-19 pandemic when higher education rapidly shifted to remote learning, creating new contexts for AT use and disclosure. Participants described navigating complex decisions about when, how, and whether to reveal their disabilities through their technology choices. The study also analyzed the privacy policies of 14 AT products used by participants, examining how transparent these tools are about data collection and potential disclosure risks. The authors employ a mixed-methods approach combining interview data with privacy policy analysis, grounded in prior work on accessible authentication, AT privacy, and disability disclosure in educational settings.
Key findings
The study revealed a significant gap in awareness: while students were conscious of in-person disclosure risks (such as someone seeing their screen reader or hearing their dictation software), most had not considered how their AT use could disclose disability status in digital environments. Browser fingerprinting, unusual input patterns, and platform analytics could all potentially identify AT users without their knowledge. Analysis of the 14 AT products' privacy policies found substantial variability in transparency. Only 5 products clearly explained what data they collected, while others used vague language or provided no meaningful disclosure. Several products collected data that could reveal disability status to third parties, yet users were largely unaware of these practices. Students described making difficult tradeoffs between accessibility and privacy. Some avoided using AT in certain situations to prevent disclosure, accepting reduced accessibility. Others disclosed their disability more than they preferred because their AT made concealment impossible. The pandemic intensified these tensions—students using AT at home faced new audiences (roommates, family) who could observe their technology use. Three design recommendations emerged: (1) AT developers should consider disclosure as a privacy risk and design to minimize involuntary revelation, (2) AT should support flexible visibility so users can control when and how their technology use is apparent, and (3) privacy policies should transparently communicate what data is collected and how it might reveal disability status.
Relevance
This research has direct implications for accessibility practitioners, AT developers, and educational institutions. It challenges the common assumption that accessibility and privacy are separate concerns, demonstrating how they intersect in ways that affect real users' daily lives. For developers building accessible products, the findings underscore the importance of privacy-by-design principles specifically tailored to AT. Features that help platforms detect AT (for accessibility improvements) may simultaneously create disclosure risks. The tension between "detect to help" and "detect to expose" requires careful navigation. For accessibility professionals in education, the study highlights that supporting students with disabilities involves more than providing accommodations—it requires understanding the privacy implications of those accommodations. Disability Services Offices (DSOs) should consider discussing disclosure risks when recommending AT. The privacy policy analysis provides a practical framework for evaluating AT products. Organizations selecting AT should examine not just functionality but also data practices, particularly how collected data might reveal users' disability status. The study's finding that most students were unaware of digital disclosure risks suggests a need for better education and transparency across the AT ecosystem.
Tags: assistive technology · privacy · security · disability disclosure · higher education · qualitative research
Standards referenced: ADA · Section 504 · FERPA