Protecting the data of students needs to be a top priority. That is why Common Sense Education, in collaboration with over 100 schools and districts nationwide, launched the Privacy Evaluation Initiative to support educators, students, and parents in their effort to make informed decisions about the software being used on campuses throughout the country.\nAs we have discussed in the past, using encryption to protect data in transit is one of the most basic steps web sites can take to protect data. There are other steps that need to happen as well, but using encryption to safeguard information is a low bar. Technically, it\u2019s equivalent to walking and chewing gum at the same time.\nWhen we evaluate sites for the Privacy Evaluation Initiative we begin with a quick triage that includes testing for the use of encryption. A superficial test for encryption is straightforward: look for an \u201cs\u201d in the web address, or URL. If the URL begins with \u201chttps://\u201d the site supports some level of encryption. If the URL begins with \u201chttp://\u201d then encryption is not supported. While more detailed tests are required to fully understand if or how encryption is supported, this simple test can often indicate sites that don\u2019t support encryption. This short (45 second) video shows how to run this basic test. We cover more comprehensive methods of testing for encryption in our Information Security Primer.\n\n\nIn the last two weeks of October, we ran automated tests on 1,221 logins used by 1,128 vendors that have products in schools around the country. We surveyed these login locations (login URLs) to assess the level of basic support for encryption. While our list of sites is not exhaustive, it is representative of websites from small developers, well-established companies, start-ups, privately held companies, and enterprise-level applications.\nOur findings indicate that a significant number of vendors do not provide even basic support for encryption. While 52 percent of the 1,221 login URLs we surveyed require encryption, 25 percent do not support encryption at all, and an additional 20 percent do not require an encrypted connection.\nThe following are some of the observations in our data set from products that are used in thousands of school districts:\n\nA well-known vendor appears to have enabled encryption for districts in states that have laws requiring reasonable security, and not enabled encryption in some districts in other states. More research is needed on the extent of this issue.\nA product targeted to students of all ages within K\u201312 schools does not support encryption at all in a subset of their product offerings.\nMultiple vendors take a request for an encrypted connection and explicitly redirect it to an unencrypted connection \u2013 this appears to show an intentional decision to ignore best practice in favor of insecure practice.\n\nThe report accompanying this blog post goes into detail about what this survey covers, what it leaves out, and next steps. At this time, we are not making our complete list of vendors and their support or non-support for encryption public at this time. It is our goal that by sharing our survey data in the aggregate here, that vendors will work to improve how they support encryption over the next several months before our follow up report is released. Every vendor can and should test their sites to assess how they support encryption, and other basic security issues. We already indicate in our evaluations when an app doesn\u2019t support encryption, and we are continuing to explore new ways of highlighting issues like these on our overview pages. In addition, we will be adding applications to our survey list and rerunning this evaluation approximately every 30 days.\nApproximately 90 days from now \u2014 in late February or early March of 2017 \u2014 we will publish a follow-up post that highlights if, or how, things have changed from our initial survey results. Again, it is our goal that this paper is a catalyst for vendors to improve their practices when it comes to encryption. As we attempt to highlight in our paper, this survey is most useful as a snapshot of current data-security practices within the education technology industry. As we rerun this survey over the next few months, we will begin to get a sense of the trends within the industry. Hopefully, we will see an increase in the use of encryption. The need for strong and reliable security as the foundation for good software isn\u2019t going away. The sooner we embrace it, the better.\nRead the full report here.