|
Videos
March 7, 2012 By Tanya Roscorla
WASHINGTON, D.C. — Managing school-issued laptops via tracking software can be a tricky proposition rife with privacy concerns.
At the Consortium of School Networking conference on Wednesday, March 7, technology directors learned what not to do from a school district that gained international attention for all the wrong reasons.
Lower Merion School District outside Philadelphia made headlines after a high school student's family sued in February 2010. The lawsuit alleged that IT employees employed by the school district remotely controlled the built-in webcam on a loaner laptop and surreptitiously took screenshots of the student in his home. The plaintiffs claimed the same action had been taken against other students.
The district took immediate action as it sought to control the damage. It turned off the tracking module in a software client management program called LANRev. The district called an independent investigation of the incident. And it communicated to parents what was going on until a court order limited that communication.
In August 2010, the two parties settled, with the district paying more than $1.6 million in legal costs and payment to two students, Philly.com reported. An internal investigation showed that the district wasn't spying on students. But lack of procedures that mapped to policies as well as a lack of communication caused the district to stumble.
To comply with a court order, the school district made a number of changes in its policies and procedures. And at the conference, Director of Information Systems George Frazier told IT directors what they can do to keep from repeating his district's mistakes. Frazier was hired by Lower Merion in July 2009, after the district had purchased the laptops and tracking software.
Through the court proceedings, Frazier said he realized that the school district was part of the government. Educators typically may not think of themselves as government. But school boards are considered government bodies.
And just like state, county and local governments have to conduct risk assessments, so do school districts.
"I think in education we don't spend enough time doing risk assessment. We don't stop and ask the 'what if,'" Frazier said.
While Lower Merion had policies in place, none of the agreements that students and parents signed said anything about theft tracking software. In fact, before Frazier came to the district, the software was purchased, but few people knew about it, even administrators.
Had Lower Merion created procedures that mapped to the school board's policy, the network technicians would have known when to activate the theft tracking module and what steps to take.
"Much of this would have been resolved if there had been two things: One, communication. And two, solid written procedures on how that software tracking would be used," Frazier said.
If the district had communicated that it was using the software and had established procedures, Frazier said he doesn't think the school would have sparked an incident that made headlines around the world.
"They had a concern that laptops would be stolen; they started using theft tracking software, but they didn't communicate it to anyone," Frazier said of actions taken by the district's IT employees.
Frazier mentioned a number of things that school districts should do to avoid making the same mistakes:
A year after the initial lawsuit was filed, Lower Merion has revamped its policies and procedures, which are published on its website. By learning from Lower Merion's mistakes, school districts can emphasize communication, risk assessment and procedure development for both district-provided laptop and bring-your-own-technology initiatives.
"Take what I learned the hard way and take it back and give it some thought," Frazier said.
You may use or reference this story with attribution and a link to
http://www.govtech.com/policy-management/School-Laptop-Scandal-Teaches-Valuable-Lessons.html
This is a worthwhile article to study.
Procedures alone do not solve problems like this. Often procedures become long, complicated, and then ignored - particularly when you have 200 other procedures you need to follow on a daily basis. This event didn't pass the "smell" test. Did anyone involved not think that turning a camera on at a private home might show showing personal or that it would raise an issue even in their own home? Let's avoid throwing the blame at "not having procedures in place." Let's point the figure at anyone who understood what was happening and was too narrow minded to think that an issue could be raised for privacy. Until we start thinking like adults (and earn the money we are making), we have little rights to point the figure at procedures when plain, dumb actions are the issue.
It's ok not to have ethics or exercise personal responsibility. Don't you listen to our leadership in Washington? Lying, cheating and stealing are all ok, as long as you have a good reason. If any of these folks have given a thought to ethical responsibility, it would have been stopped short. On the other hand, maybe they were lawyers...
Sorry, this article is unclear. I'm trying to understand the issue here. We have similar software on all of our school board devices and our school staff monitors student screens regularly when on school board property. Activating the webcam crosses the line - I don't think any of our staff would go that far but what was the real issue with this case? Tracking school board property when off school board property or spying on students via webcams? If the webcam spying was the problem - what does that have to do with policies? I think you're dealing with rogue staff members who lack professionalism and ethical responsibility.
Great blog this thanks for shearing this
wow fine and valuable information
That is a nice and valuable information
I think the $ damages in this case were excessive. Doesn't this hurt the school dictricts finances? So some pictures were taken, a small fine would be appropriate.