Another response to my assertion that FERPA has some scared tells me deserves a bit of clarification.
The trouble (and in some respects, benefit) of laws like copyright and privacy, which only become certain after long and expensive litigation, is that they are not completely explicit. Borderline cases leave small providers wondering whether they might be liable if they were sued–and this uncertainty leads some to steer clear of anything that pushes the boundaries.
My own theory is that FERPA was written in a protectionist paradigm, rather than a control paradigm. This means that certain categories of data are completely locked down, rather than giving the student or instructor the options to contol the data how they see fit. With fine-grained facebook-like privacy controls, it should be technically possible to let students control what is publicly released (indeed many do it anyway by doing things like posting a course video project to YouTube). The nervousness creates a situation where law (rightly or even by misinterpretation) limits what people might do with technology.