Spying on student laptops: Teachers just can’t win

Friday, Feb 26, 2010 11:50 am
William Barnes

So there is this school in Philadelphia that has a laptop program. Unfortunately, it turned out that the laptops had monitoring software on them and, even worse, the school was using the software to check in on kids at home. This led to Blake Robbins getting disciplined for eating Mike & Ikes candy in his bedroom (granted, it does look like some sort of crazy futuristic hallucinogenic pill). This post has nothing to do with that school.

Instead, I want to talk about New York City Intermediate School 339 (they ran out of war heroes and presidents, I guess). This school also has a laptop program. Instituted by the new principal Jason Levy in 2005, the laptop program seems to have saved the school. In 2005, 9% of students performed at grade level in math. Through 2009, the school saw year-over-year improvements to a current 62% of students performing at grade level. Kids are learning how to use word processors and spreadsheets; they’re blogging; they’re engaging in environmental and political activism.

It all sounds great, I think, but Cory Doctorow disagrees with me. Well, not with me… Technically, I disagree with him… Quiet you, this is my blog. He disagrees with me.

In light of the Philadelphia scandal, Cory posted a link to the PBS story with a comment about how it must suck being a kid today and one teacher’s comments he (well, the source) finds particular horrible. To quote from the quote that Cory quoted:

A few weeks ago, Frontline premiered a documentary called “Digital Nation”. In one segment, the vice-principle of Intermediate School 339, Bronx, NY, Dan Ackerman, demonstrates how he “remotely monitors” the students’ laptops for “inappropriate use”. (his demonstration begins at 4:36)

He says “They don’t even realize we are watching,” “I always like to mess with them and take a picture,” and “9 times out of 10, THEY DUCK OUT OF THE WAY.

He says the students “use it like it’s a mirror” and he watches. He says 6th and 7th graders have their cameras activated. It looks like the same software used by the Pennsylvania school that is being investigated for covertly spying on students through their webcams.

It does sound pretty bad when you put it that way. But it is taken entirely out of context. First, it’s important to note that the laptops are for in-class use only (the kids aren’t taking them home and from the looks of it they might not even use the same one each day). Second, in the segment in question, he demonstrates how they can connect to a computer and view the desktop. They happen to connect to a computer where the student is running Photo Booth to fix her hair instead of working. He explains what Photo Booth is and that the kids use it like a mirror. Then he clicks the “Take Picture” button in Photo Booth. Important to note: he doesn’t take a picture on his computer, he causes Photo Booth to take one. If you’ve ever used Photo Booth, you’ll know this means the screen darkens, a count down appears (3…2…1…), and the screen flashes bright white for half a second. He has a little chuckle, the kid shuts down Photo Booth and goes back to work.

This seems like exactly the attitude I want a teacher to have. It shows he has a sense of humour. But people try to make him sound like a creep. Why is it that every time a teacher demonstrates a sense of humour or creativity, somebody has to give them bad press? Just last week, there were the two teachers who did a reverse (girl sitting, guy dancing) lap dance during a pep rally in Winnipeg. The teachers have been suspended for their innappropriate behaviour. Here, we have a teacher who plays a harmless joke on a student to get her to go back to work and people are twisting him into some sort of pervert or criminal. I read Boing Boing every day. It’s great, but it really can be as reactionary and shallow as Fox News. Getting attacked from the right and the left, no wonder teachers are so cranky all of the time.

Plenty of people aren’t just against the “taking pictures” but rather the very fact that monitoring is happening in the first place. I think it’s completely appropriate for elementary school officials to monitor laptop use in class (particularly on school-owned laptops being used for assigned computer-based work). It’s the equivalent of a teacher walking up and down the aisles and checking that students are working. Who hasn’t had a teacher walk up behind them when they’re passing notes and clear their throat or confiscate their paper fortune teller? Granted, it’d be a bit nicer if students got a little popup when the teacher connected, but I don’t think that is entirely necessary.

Context matters when you’re talking about privacy. When you’re in class, your expectations are different than when you’re at home. The laptops are given (ie: free) for a specific purpose in a specific place. The school can set what conditions it wants on their use.

Asper Panel: Bills C-46 & C-47, Overdue Update or Big Brother?

Thursday, Feb 25, 2010 7:30 pm
William Barnes

The David Asper Centre for Constitutional Rights held a panel today on bills C-46 and C-47, which were introduced into the House of Commons in the last session and would have made it easier for police to get access to ISP subscriber data. The panelists were Prof. David Murakami Wood (Queens), Prof. Lisa Austin (UofT), and Robert Hubbard (Crown Law Office – Criminal). The panel was moderated by Graeme Norton (CCLA).

Graeme Norton began with a quick overview of the relevant changes in the two bills. Bill C-46 would grant three powers to the police: an order requiring an ISP to preserve data (including usage and location where applicable) on a subscriber; an order requiring the ISP to turn over the data; access to real time usage data. It is important that the first two orders would be available on reasonable suspicion rather than the higher standard of reasonable and probable grounds. Bill C-47 would allow the police to obtain subscriber information (including name, phone number, address, IP address, mobile phone identifiers) from a telecommunications provider without a warrant.

David Wood views the bills as part of a larger movement to expand the definition of lawful access and determine who has control over data about individuals. We should think about the effect of our policy choices on other jurisdictions (where one country goes, others follow). He then considered regimes being put in place in other countries, placing particular emphasis where these measures were forced through despite significant opposition.

In the EU, the European Parliament is considering mandating that telecommunications companies retain traffic data (source, destination, date, duration, type) for all subscribers. The measure is being defended as necessary for security, but was raised as a commercial regulation issue. In the EU, security bills must be passed unanimously while commercial regulation bills need only a simple majority. The bill is opposed by Germany and Sweden. In Sweden itself, the police have warrantless access to international phone calls, faxes, and emails. Contrary to Swedish practice (bills are worked until there is consensus) this bill was pushed through on a slight majority (141-138, I beleive). In the UK, the government already has access to a large amount of data on its citizens. It is currently promoting a bill that will grant police access to social networking and online gaming data (at significant costs). 40% of UK citizens consulted were totally opposed (more were moderately or slightly opposed). Brazil has placed monitoring provisions inside omnibus bills intending to combat child pornography, cyber warfare, and cyber crime.

In Canada, the government points to all these developments as support for its policies. It says the measures are needed to comply with international obligations and to compete globally. Norton concluded by stating that this will lead to a chilling effect (citizens will be nervous about legal activities online) and there is a fine line between that and overt censorship. Lawful access silences debate and turns the Internet into just another broadcast channel like television.

Robert Hubbard disagreed with Norton. The legislation is no different from any other criminal legislation that touches on the privacy interest. With only one exception, the legislation requires a warrant. This is the approach taken by all other similar laws. Further, the trends globally are relevant because s. 1 of the Charter requires us to have regard to other free and democratic societies. Canada is actually far behind the curve in tackling this issue. The US and Australia, for example, have had lawful access legislation for over a decade. The United States has spent 15 years requiring telecommunications companies to create the infrastructure to provide access. Canadian companies usually follow the same procedures and use the same technology as American companies and now have all the infrastructure necessary. Canada is just recognizing that fact. Canada is out of step with international expectations, modern technology, and modern society. This legislation fixes that and all it says is go to a judge and get an order for the information.

Lisa Austin took a middle ground between the above positions. Austin said the issue is justification. The Privacy Commissioner has stated that nobody has even attempted to demonstrate that the current system does not meet the needs of law enforcement. There is no need for the increased powers, but this type of legislation keeps getting introduced, why? It used to be about terrorism, then about child pornography, but it is far too broad to really be about addressing these extraordinary crimes. What bothers Austin is the increasing collaboration between public and private actors to track citizens. So much of our daily activities are mediated by these communications companies, they have the ability to track our every move. The legislation is justified in part by the fact that courts already allow the police access to much of this information. However, the reasoning is problematic. The current trend is to justify it based on user agreements which contain provisions allowing the service providers to turn over the information. This is not right: nobody reads those agreements and the terms are non-negotiable. The options to stay offline and not have a telephone are not real options. Should our constitutional rights really be trumped by provisions inserted into contracts by commercial entities looking to avoid liability?

I largely agree with Professor Austin (and not just because she will be grading my essays). I do think that some legislation is necessary. There is a slight inconsistency in arguing that the legislation is not necessary under current law and also that the current law is wrong (though the two points may not actually be connected in Austin’s argument). I have serious misgivings about the contractual argument that is being used to justify handing over this information. Like every Canadian who has ever signed a cell phone contract, I know the terrible frustration and powerlessness one feels when presented with these contracts. The Charter should not be overcome merely by a corporation inserting a provision allowing the government to violate it. But at the same time, the police do need access in these cases. There merely needs to be limits, oversight, and accountability.

People have fought against national ID cards and mandatory fingerprinting for years. This is no different. Absolutely everything you do online has your IP address or email attached to it, but you can be anonymous because it is generally difficult to connect an individual to those piece of information. Any one of the pieces of subscriber information (name, phone, email, IP, etc) is not very revealing, but the fact that they all represent a single person is extremely revealing. It’s not too much to ask that in the majority of cases where time is not an issue the police should have to go to court to get this information (and then leave a loophole for emergencies).

Loss of jurisdiction is the remedy for delay in privacy cases?

Friday, Feb 5, 2010 12:16 pm
William Barnes

Alberta Teachers’ Association v. Alberta (Information and Privacy Commissioner) continues to bug me. It is a recent decision of the Alberta Court of Appeal that held that if an investigation was not completed within 90 days, the Privacy Commissioner would lose jurisdiction over the case. I can’t help but think that the remedy is inappropriate and that in a different case, the court would have made a completely different decision on the law.

The complainants had alleged the ATA breached their privacy. After a lengthy investigation with numerous delays, the Privacy Commissioner found that the complainants’ privacy had been violated. The ATA applied for judicial review. The Privacy Commissioner’s decision was quashed because he did not comply with s. 50(5) of the Personal Information Protection Act:

50(5) An inquiry into a matter that is the subject of a written request referred to in section 47 must be completed within 90 days from the day that the written request was received by the Commissioner unless the Commissioner
(a) notifies the person who made the written request, the organization concerned and any other person given a copy of the written request that the Commissioner is extending that period, and
(b) provides an anticipated date for the completion of the review [emphasis added]

The Court of Appeal agreed. They held that this provision was intended to “promote inquiry efficiency and the expeditious resolution of privacy claims”. But I don’t think that loss of jurisdiction flows naturally from the provision.

In fact, I think that a completely different legal decision might have been reached under different facts. Let’s imagine a slightly different situation: 18 months have passed and the Commissioner has not conducted an investigation. If the complainant asked for an order compelling the Commissioner to conduct an investigation, would the court have come to the same conclusion regarding jurisdiction? I don’t think so. They probably would have said that the provision protects the complainant’s right to a speedy determination of the case and ordered the Commissioner to investigate in a timely manner.

Section 50(5) can be read as protecting either party—both have an interest in speedy resolution of the matter—but there is nothing in the majority judgment about balancing the interests of the complainants and investigatee in this situation. It was treated as an adjudication of the interests of the Commissioner versus the ATA. In the dissent, Berger J. writes: “Judicial review should not have proceeded without proper notice to the complainants who were denied an opportunity to tender evidence and advance argument.” There were three sides to the matter; only two were heard; and the result is a lack of balance.

Unabashed sharing

Wednesday, Jan 21, 2009 11:45 pm
William Barnes

When this post on social networking was published by Rex Shoyama at IP Osgoode I tried a few times to write a comment on it, but each comment turned into a thoroughly rambling essay (to borrow a phrase). Social networking is, after all, a subject I have strong feelings about. But then I remembered: I’ve got a blog, I can post whatever I want there and it doesn’t matter if I ramble.

The article discusses a website (Power.com) that has found itself in a touch of legal trouble for offering an alternative front-end to Facebook (and other social networks, but Facebook is the one suing). What follows are just trains of thought that sprang from the article.

Ownership of profile data

Some people who are critical of Facebook’s position also feel that the users “own” the data in their profiles and therefore should not be stopped from using a service like Power.com.

“Some people” are going a bit far. Even if we own the information about ourselves in some manner, it doesn’t lead to a right to access it in any way we choose. Analogy time: I own a fancy watch that I store in a bank vault; do I have the right to access it with a bulldozer? Even though the watch is my property, my access is subject to conditions.

The desirability of “unabashed sharing”

We may want to query whether or not the ability to easily copy content from a friend’s profile in Facebook into other different social networks is necessarily a good thing (that particular friend may have made assumptions about how his Facebook content would be used and might not want his Facebook photos shared outside of Facebook).

I’m not sure the issue with Power.com is copying content from a friend’s profile to another social network. Rex may be addressing a concern raised elsewhere while he was researching; it doesn’t seem to tie in quite right with the rest of his article. But, that aside, it’s a fun question.

Power.com appears to simply query Facebook with your login credentials and reformat the data, giving you some extra functionality. In other words, it seems to be just a proxy. There is, of course, the potential for a service that would cache the information it gets using your login data. Such a service would be granted access to any information you have access to. Two issues spring to mind: (1) your friend hasn’t authorized the third-party service to see their data, (2) the data will lose its privacy meta-data and, if shared by the third-party, be exposed to people it was not meant for.

Regarding the first issue: unencrypted web traffic travels through so many third parties it’s hard to consider this imposition of just one more a serious violation. The second is more compelling. A user, Alan, might post a private photo on Facebook relying on Facebook’s privacy controls. Bob accesses Alan’s profile through a third party service, 3P. Charlie then uses 3P to access Alan’s profile which, handily, is already cached. 3P saves time by showing the same version Bob saw. Problem: 3P didn’t know that only Bob was allowed to see Alan’s photo. Oops.

I can see why you might want to limit where your profile data shows up, but I am of the opinion that trying to maintain such control is unrealistic. Social networks are designed to spread information fast and far. Privacy is an afterthought. The solution to users maintain control over their personal information is not to erect barriers that give only a false sense of security. People need to learn to keep their profiles clean: if a picture is embarrassing, don’t post it; if a wall-post is scandalous, delete it. Employers, girlfriends, parents, they’ll find a way to see it if they really want to. If you absolutely must share something with a few people that you could not stand to get out in the open, then use a service built for that purpose.

This is not to say “get rid of privacy controls.” But privacy controls on social networks can only provide a little bit of resistance, they won’t keep information secret.

Let the flowers breathe?

Ultimately, it seems prudent to encourage the taking of measured steps towards finding better ways to achieve desirable interoperability between social networks, rather than jumping right over the “walled gardens”.

I’m not much for prudence. I think that fewer walls are better for privacy. The fewer barriers there are and the easier it is to get most information, the less incentive there will be to take the rest.

If Facebook allowed other networks simple access to lists of content available through your account, then why would those networks need to actually access the content? MySpace might know that one of my friends posted a photo on their Facebook account, but there is no reason that photo can’t remain hosted at Facebook and subject to their privacy controls. It wouldn’t prevent people from developing an application like Power.com, but nothing will. The only solution is to stop people from needing such a service.

Take down the walls from the inside and fast, then people won’t tear them down from outside.

Owning your network

Thursday, Dec 11, 2008 12:47 pm
William Barnes

I know I’m not the first to lament the imprisonment of our social graphs. It was quite a trendy topic last year and last year I came up with a solution (only semi-original). Listening to the last episode of Net@Nite, I heard Amber and Leo hit quite close to my idea (then veer off) so I decided to write it down. I don’t claim that it is totally original–Google, Facebook, Google, and Google have come up with similar-ish ideas–but I think the scope is somewhat broader than they have in mind. All of these solutions still leave your data walled up on their servers.

The Problem

The basic problem is that I have accounts on countless social networks. I have Facebook, MySpace, LiveJournal, Digg, Twitter, Pownce, Jaiku, Flickr, and tons more that are abandoned completely. I have at least two websites. On each network I have different groups of friends, different profile information, different statuses. I’m in high school on some, undergrad on others, and law school on a few. Each one likely has a different email address for me. This is my online identity. I’m the digital equivalent of a schizophrenic. And I’m sure it’s not just me. No doubt there are few people out there who have only a single social network, but there must be enough that have too many.

The further problem is that according to Facebook I have 200 or so friends. Most of these people are probably also on other networks, but I don’t know that. I have no way of moving my list of friends from one site to another. If I leave Facebook, then I lose this list. I have no control over something that is inherently mine (this was the trendy topic of last year: ownership of your own list of friends).

Solution?

A lot of the work towards a solution has already been done. OpenID, Google Friend Connect, and Facebook Connect allow you to login to other sites with a profile established someplace else. There exist open standards for transmitting friend information like XFN and FOAF. But it’s not enough.

Central Identity

First, you need a central identity site. With good standardization, this could be hosted by anybody. It could be your Facebook profile, MySpace, Google, or some other service that pops up. And if you’re the sort who likes lots of control over their identity or just likes to play, you could host it yourself with some open source platform that would surely pop up. I will refer to the URL for this site as your CI. So, for example, my CI would be something like ‘webarnes.ca’ or ‘facebook.com/profile.php?id=28116640’ (I’m sure Facebook could come up with a prettier URL).

Your CI has to have tools for managing your friend list and your profile information since it’s going to be the location where the authoritative version of your graph is stored. It should have a display of activity on your different networks (like FriendFeed). So when I log in to my CI, it should inform me about wall posts on Facebook and @replies on Twitter. Some of the networks will be complex enough that I have to go there to use them, but I want a central dashboard to let me know when I need to go.

Signing up

When you sign on to another social network, you should have the option of making it your CI or making it subservient (a more PC term might be more appropriate) to a CI hosted someplace else. So assuming I’m using ‘webarnes.ca’ to host my CI and I want to sign up for Facebook. I tell Facebook where my CI is and we do that little handshake that you should be familiar with if you’ve used OpenID or Facebook Apps. My CI gives Facebook permission to access my profile information (and I should be able to select exactly what I want to share) and lets it download an XML list of my friends (all identified by their own CIs). Facebook goes through its database to find out if any of my friends have accounts and automatically adds them. In theory, my friends should have me listed as friends at their CI, so it shouldn’t even require authorization.

Now I’ve signed up, filled out my profile and added my friends in half a dozen mouse clicks and a line of text. What next?

Finding friends

Let’s say I find a friend on Facebook that I haven’t met elsewhere. I add him, he accepts (his name is John Smith). Facebook then pings my CI with this new information. My CI adds this new guy to this list and then starts contacting all the other social networks I’m a part of (it knows this because I linked them at sign up). Soon John Smith is added to my friends list at Flickr and wherever else. The way this works could be customized by different CI hosts. Perhaps I want to log in to my CI and selectively add John to only MySpace and LiveJournal; I don’t want to add him on Twitter perhaps. There might be some networks–like Twitter–where you don’t necessarily want to add everyone you know. That should be possible.

Blogging and status-ing (for lack of a better term)

Streams of information on different sites could be published as RSS feeds. They could be pushed to your CI and disseminated to your other profiles. A status change on Facebook might also change my status on MSN or MySpace. A blog post on WordPress would show up as a note on Facebook. Ideally comments on all of these would be synced back to my CI (because it is so very annoying when people comment on my Facebook notes instead of on the original blog post). There would be some privacy issues to work out, I’m sure, but it could be done.

Summary

This probably won’t happen. It’s too complex for most people. But it could be done behind their backs. Why should I have to confine myself to Facebook because most of friends do? My Facebook profile could easily be a mirror of a profile someplace else. Facebook would compete by providing the best central identity site. I really wish it would happen.

I apologize if this was a bit rambling. I might post some more ideas in the future that are more in depth and clear. I just felt the need to write something about since I’ve been thinking on it for so long.

Image source: terinea