AllHere: Why Did the LA School District’s AI Subcontractor Collapse?

Nobody seems to understand completely why AllHere—a high-profile artificial intelligence startup with $12 million in venture capital and a $6 million contract from one of the nation’s largest school districts—suddenly went out of business in June 2024. Then, in an ominous turn of events during the following September, prosecutors with the U.S. Department of Justice served a grand jury subpoena on the trustee managing AllHere’s Chapter 7 bankruptcy liquidation.

A federal grand jury’s subpoena compelling the production of documents means that the Justice Department had launched a federal criminal investigation against AllHere or someone connected with the firm. And as the New York Times points out, the startup’s sudden financial collapse demonstrates the risks in investing taxpayer funding for education in a new technology with vast potential but not much of any track record: artificial intelligence.

The Los Angeles Unified School District (LAUSD) had hired tech startup AllHere to develop an all-new AI chatbot named “Ed” as a kind of an “educational friend” for 500,000 of the district’s K-12 students and parents. The District’s idea was originally to provide an AI resource to help students recover from the pandemic’s difficult academic and emotional challenges.

Branded as a friendly animated sun, Ed would direct students toward academic resources and sources of mental health support. Meanwhile, Ed could tell parents about their child’s latest test scores and attendance records.

The Times points out that Ed also was emotionally responsive, and even able to respond to happiness, sadness, and hostility. If that report is correct, these “emotional processing” AI capabilities seem remarkable. That’s because they would amount to a cutting-edge advance that wasn’t widely available before OpenAI had demonstrated a preview of its multimodal GPT-4o artificial intelligence platform update in May.

AllHere’s contract required LAUSD to pay the startup up to $6 million to develop the chatbot, a fraction of the district’s $18 billion budget. The district’s superintendent Alberto Carvalho announced the chatbot before a San Diego audience at the ASU-GSV educational technology conference last April.

But only about eight weeks later in June, the company’s 33-year-old Harvard-educated founder and CEO Joanna Smith-Griffin was no longer with the company, and according to the firm’s website, most of its workers had suddenly been laid off. AllHere then refused to respond to interview requests and questions from the Times. The firm also failed to respond to comment requests from The 74, whose investigative education reporter Mark Keierieber originally broke the story.

AllHere had won the LAUSD’s competitive bidding process against other potential vendors. Nevertheless, according to the Times’ Dana Goldstein, what appears to have happened was that the project represented a “vast and unwieldy challenge” for AllHere, a company “in over its head” which previously had only been known as a provider of school-to-family automated text messaging.

The market for those text broadcasting services had exploded during the pandemic as one way of fighting the national crisis in chronic school absenteeism. Later in 2020, AllHere offered expanded texting capabilities beyond attendance monitoring to include “nudges” about other academic issues, like missing assignments and grades.

Yet it appears that AllHere had won LAUSD’s bid, although the startup had developed no track record in artificial intelligence, even after the ChatGPT craze had captured the public’s imagination early in 2023. University of Southern California education professor Stephen Aguilar told the Times that it was a “fairly common problem” for ambitious educational technology initiatives like LAUSD’s collaboration with AllHere to fail. He said that “districts have a lot of complex needs and a lot of safety concerns. But they often lack the technical expertise to really vet what they are buying.”

Several of Ed’s issues remain as challenges for LAUSD. One of them is that the most recent minimally functioning version of Ed didn’t even offer interactive chatbot capabilities. All the software could do during its latest update was function as an aggregator—a web portal that collects data from the district’s many other apps and edtech platforms operated by the district and third-party vendors that track assignments, grades, and student support. And even that limited configuration was only available to families served by the district’s 100 worst-performing “priority” schools.

The chatbot functionality was never implemented because it failed testing with a sample of high school students aged 14 and over. LAUSD told the Times it had hoped that a new company would buy AllHere’s assets and continue providing technical support and training to school staff starting in September. The district also claimed that talks were ongoing with several industry players. But so far, no news reports of talks to acquire AllHere appear to have been published, and no deals have been announced.

The second critical issue for LAUSD is that much of the infrastructure required to operate Ed allegedly relies on storing the aggregated student records in databases hosted within data centers overseas.

According to a whistleblower who spoke with The 74’s Keierieber, AllHere had breached its contract with LAUSD if that allegation is true. That’s because offshore data storage would amount to a clear violation of the district’s data privacy policies and would place sensitive student information at increased risk for hacking. That whistleblower is someone who should know because he’s Chris Whiteley—AllHere’s laid-off former senior director of software engineering.

Grand juries function in secret, and the federal investigation’s targets and possible criminal wrongdoing allegations against AllHere or individuals connected with the firm remain unclear. However, the Justice Department might have asked the bankruptcy trustee for documents in an attempt to spot data security and privacy issues at AllHere. In particular, some of those issues might relate to noncompliance with federal laws and regulations that protect the privacy and security of children’s data.

There aren’t many federal laws like these, but the penalties for violating the few statutes that provide basic levels of privacy for children can be severe. For example, we reported on one of these cases in our July 2023 feature article “What the FTC’s Crackdowns on Chegg & Edmodo Mean for Online Education Privacy.”

The Federal Trade Commission said that in that case, an online education startup named Edmodo had collected data from children age 13 and under without their parents’ consent, and required students to provide that data in order to complete projects and assessments on the platform their teachers had assigned. However, Edmodo then used the kids’ data for non-educational purposes such as personalized marketing and advertising.

Those practices were clear violations of COPPA, the Children’s Online Privacy Protection Act at 15 U.S.C. §§ 6501–6506. COPPA requires that data collected from children without parental consent can only be used for strictly educational purposes.

Edmodo unexpectedly went out of business in September 2022 while the FTC was conducting an investigation of the firm’s data security and privacy practices. But that didn’t stop the FTC from making a widely-publicized example out of the case by asking a federal court to impose a whopping $6 million fine on Edmodo.

What’s curious about AllHere is that their main customer, the Los Angeles school district, happened to face a series of data breaches during June 2024 that also involved unauthorized disclosures of childrens’ data. Although these incidents thus far appear to be unrelated to AllHere or the Ed chatbot project, they raise questions about Los Angeles Unified’s data security and privacy policies and practices. Specifically, the breaches attract scrutiny to how closely LAUSD might have been reviewing AllHere’s work to ensure compliance with applicable privacy laws and regulations and the district’s policies.

For example, in one of these incidents, hackers claimed that they were selling 24 million student records from the district for $1,000 on the dark web. Next, a second alleged breach was accomplished through the cloud data warehouse Snowflake, which had reportedly compromised the records of four million LAUSD students completing assignments on the Edgenuity online education platform. Hackers, in this case, demanded a $2 million ransom to prevent them from leaking onto the public internet the personal, academic, medical, and disciplinary records of those students.

Then in a third incident, an LAUSD spokesperson said that “one or more” of its vendors that stored records in Snowflake’s cloud data warehouse had also been targeted by a hacker who intended to sell student and employee data.

In July, Doug Levin—the co-founder and national director of K12 SIX, the K12 Security Information eXchange—told EdSurge’s Jeffrey Young that he was waiting for LAUSD to release more information about what had happened in these breaches. “LAUSD maintains an enormous amount of sensitive data. A breach of an integrated data system of LAUSD could affect a staggering number of individuals,” Levin said.

Levin continued: “I am mostly interested in understanding whether any of LAUSD’s edtech vendors were breached and—if so—if other customers of those vendors are at risk. This would make it a national issue.”

That’s just the sort of national issue that could potentially be covered by a federal data privacy law or regulation that the Justice Department’s prosecutors might be seeking to enforce. But other enforcement possibilities might exist that those prosecutors could be contemplating as well.

Many aspects of the AllHere bankruptcy proceedings seem curious. The text of a September 30 order from U.S. Bankruptcy Court Judge Laurie Selber Silverstein states that the court-appointed bankruptcy trustee, George Miller, only agreed to provide documents to federal prosecutors on the condition that certain sensitive information would remain confidential “in the best interests of” the firm’s value. The order also stipulates that the prosecutors can use the documents “as needed or as required by law in connection with its investigation and/or any resulting criminal proceeding.”

Previously on September 11, three weeks before Judge Silverstein signed that order and on the same day as an AllHere bankruptcy court hearing, Miller had changed the case from one with no monetary value to a case that could pay creditors, saying that he’d “discovered assets” owned by AllHere. That change contradicts testimony at the hearing by former chief technology officer Toby Jackson that the firm had so few assets that it was essentially insolvent. Court filings show that the firm had itemized more than $1.75 million in liabilities.

At that hearing, Jackson reportedly had trouble answering questions from Miller about why 36 percent of the outstanding liabilities, or about $630,000, was owed to a single individual. That individual is Debra Kerr, an edtech salesperson who’s maintained a longtime association with Superintendent Carvalho and who claimed during the hearing that she wasn’t paid the commission she had earned from closing the deal with AllHere. Jackson also had difficulty explaining why AllHere had paid CEO Smith-Griffin $243,000 worth of expenses during only a ten-month period between September 2023 and June 2024.

A partner at the New York law firm Locke Lord and the author of a treatise on bankruptcy fraud, Stephanie Wickouski, explained to The 74’s Keierieber that “there are a fair amount of investigations that involve bankruptcy cases, and a lot of them are for conduct that occurred prior to the bankruptcy.”

Wickouski also said that the “most likely scenario” is that the targets of the Justice Department’s investigation are “the company and its principals.”