This essay is written by a Baltimore County parent and computer engineer.
Security and Privacy Challenges Relating to School Provided Electronic Devices
Today’s digitalization of the school environment seems to be evolving at a rapid pace. As is the case with sweeping change in any environment, rapid adoption of digital learning has not taken into consideration many of consequences related to its implementation. In addition to the lack of consideration relating to the effects of digital learning, there also appears to be a lack of genuine communication to those potentially exposed to the risks introduced in a digital learning environment. The information presented here is intended to reveal some of the very important risks associated with a continued migration towards a purely digital learning environment. The information presented will largely focus on how the introduction of technology can create substantial security and privacy risks for the public at large.
School System Provided Technology
School provided digital technology intended to be used at home, seemingly harmless on the surface, introduces a host of security and privacy issues once introduced in the home. Consider for a moment why organizations implement security policies that disallow ALL outside devices from connecting to a network. A similar approach must be considered on the home family network. The challenge, however, is that a typical family does not possess the technology skills of a sophisticated IT staff which is tasked to protect organizational networks and intellectual property. This is not intended to imply that schools are deliberately causing harm. Digital devices in and of themselves are not the primary concern as it relates to security and privacy. The primary exposure to students and families comes from the software loaded on these devices and the websites accessed by devices which cannot be properly vetted to ensure total and absolute protection of students and families. Additionally, the people and organizations responsible for making decisions on the types of applications and application content gathering characteristics of devices must be contemplated.
It is important to stress that it is not possible to fully vet any device provided by a school. Even if it were possible, that possibility is a fleeting moment in time that is lost the moment an application is updated or those in charge decide to modify the behavior of a device.
Potential Points of Exposure
One must carefully consider what is at risk once an untrusted device is connected to a home network and students access school system mandated online resources. The following partial list of items aims to make the public aware of the type of information and network access that is readily available to a device connected to a home network.
- Device names of all connected devices on a home network
- Manufacturers of all connected devices on a home network
- Local network addressing scheme of home network
- Access to home photos and videos stored on a shared device
- Access to music and movies stored on a shared device
- Eavesdropping – listening through microphone, watching though device camera
- Network share access can be used to plant malicious software
- Names of various networks in your home
- Time when certain devices are used within your home (example, a user turns on a computer, a user arrives home and mobile phone connects to a network)
- Geolocate (approximate the geographical location) the device at any time.
Additionally, students may be forced to use certain web based learning applications which adds an additional layer of privacy concern for the student. Some of the privacy issues relating to third party content providers are:
- Student identity is transmitted to third parties
- Data relating to student performance is gathered and stored by third parties
- Third parties track patterns of student online behavior while in the home
Based on this partial list of security and privacy risks, a rogue school district, software developer, supplier or administrator can extrapolate the following: (these are just a few examples, the risks are considerably higher than what is presented here).
- Track a user’s geographical location each time the device connects to the internet
- Track when people (parents, friends, siblings, etc) leave the home and return home
- Listen to and watch activity within the home (for those who find this hard to conceive there are well documented cases of school districts watching students through the camera of school provided devices while in their home)
- Monitor and track student activity within school provided applications. This type of data, when collected, can be used by school districts and third party content providers to build and store profiles of usage patterns and performance metrics down to the student level. This is to say, students’ identities are directly tied to a trove of information gathered over the course of their digital education. School systems can (and have) used this type of information to harm individuals it sees as problematic.
School systems are generally aware of the legal implications stemming from the sharing of personally identifiable information. Often times, a school district may mandate that its contracted third party application providers sign legal agreements which outline certain standards that must be met when handling student personally identifiable information. These agreements may be presented to stakeholders as evidence of the efforts put forth to protect students. While this is a step in the right direction, it does little to actually protect student information from getting into the wrong hands. One just needs to look at the countless data breaches that have occurred already (most of which were protected by similar legal agreements).
If school administrators believed that sensitive data could be protected, they would not be compelled to purchases insurance to protect against data breaches. This seems to indicate that they do believe that breaches are inevitable.
Recommendations and Possible Solutions
From a purely technical point of view, school provided digital devices must at all times be treated as an untrusted device given the impossibility of that device ever being fully vetted and trusted. Educational applications stored on the device are compiled computer programs (not human readable) which make it virtually impossible to know what the application is actually collecting and doing. Furthermore, web based learning applications continue to store vast amounts of information relating to students. When coupled, locally resident computer programs can work with web based applications to transmit information to third parties. This presents a very real and serious danger that goes far beyond what most would find acceptable.
A significant reduction in student and family privacy risk can be achieved by approaching the digital learning concept from a point of view that puts the protection of students and families first while achieving the same results digital learning aims for.
- School systems should avoid deploying digital devices intended to be used at home since the school system itself cannot guarantee the protection of student and family privacy once a device has entered the home. The legal implications alone can devastate a school system and waste considerable time and resources defending privacy concerns.
- School systems should not, ever, share the identities of any student with third party application and content providers. Unfortunately this is rarely the case. School systems should be solely responsible for storing student data. Schools should not be in the business of endorsing third party applications which collect and store student data.
- School systems should be tasked (mandated) to architect systems that buffer students from third party content providers. This prevents third parties from gathering information such as student identity, performance and individual patterns.
- School districts shall not impose on students and families nor pressure them into connecting school provided devices to a home network. School districts that insist on such a device should also provide connectivity options other than relying on the family home network. The only currently viable option is to provide devices with cellular data connections through a mobile network operator. This would add a monthly cost of roughly $20 per device to the school system which is not a good use of funds intended for education.
In closing, it is imperative that students and their families are made aware of the technical implications of bringing school provided devices home and the use of educational applications. There are already well documented cases of overreaching school districts and administrators breaching the privacy of citizens. The concepts presented here are intended to prevent such violations while continuing to give school districts access to digital technology. The added benefit is that the concepts presented in this document can save school systems across the country billions of dollars in hardware and maintenance expenses by simply moving applications outside of the home and allowing students to access applications from devices they already own and trust. These applications, however, should be protected such that students are not directly accessing third party resources as part of a curriculum, especially when application developers have a vested interest in collecting and storing student data. School systems have a moral and civic obligation to protect the privacy of its students. Unfortunately, given the seeming rush to implement digital environments by school systems across the country, important issues such as the privacy are largely overlooked.
Parents and stakeholders should take it upon themselves to ensure that schools are adequately addressing privacy and security issues. Parents should get familiar with the legal implications of adopting digital learning. Specifically, parents should get familiar with:
- Any agreements relating to the use of technology in learning and the rights students and parents may be sacrificing without their direct knowledge
- Software license agreements students and parents are directly accepting or indirectly accepting through a blanket agreement with a school
Lastly, the framework and concepts presented in this document are not intended to imply any wrongdoing by a school district but rather to be used as a framework that achieves the mutually beneficial goals of protecting students (and their families) while allowing school districts to make use of technology in a responsible way.