In Wayzata, Minnesota, a school spies on its students

Do you have any advice on filtering programs that are of any use?

It’s amazing how quickly parents and school officials forget that their students are people. People that still have a lot to learn, but people.

Also, on school vs. workplace: if the schools are doing their jobs, then graduate will have choices about who to work for. Not so for public schools, typically.

Little Caesars massively over-expanded into the Twin Cities late in the 80’s. We tried it once, determined that they split the amount of toppings that would go on one pizza onto two pizzas and never bothered again. I’m pretty sure our local one was gone before I completed university. I would not at all be surprised if there, indeed, was a Little Caesars within walking distance of Wayzata high school in the mid-90’s, but not currently.

So, to fill the slack, the school principals themselves became little Caesars?

Ba dum tish!

Recent-ish grad here of a certain high school in said 'burbs. I was responsible for the Terminal app (and the rest of the osx utilities) being blocked school wide after being “caught” receiving free psychotherapy from the DOCTOR easter egg in Emacs. The memory of having to explain the situation always cracks me up. I might as well have been hacking my grades for all that poor woodshop teacher knew.

I think part of the issue is that it’s kind of a waste of time and energy to be overly paranoid that it’s not.

Ultimately, you can’t effectively police this stuff. You need to make the students self-policing, relying on intrinsic motivation, not extrinsic limitations. Like putting in a firewall at a workplace (or on a nation…), it’s not going to stop people from doing whatever they want to do, it’s just going to waste time and money on a quixotic compulsion to control.

Demand to see if there are any nudies on their phone, then throw the same line back at them: if you don’t, why are you afraid to show them to me?

Though if you really want to troll them, get an used iPad and dress it up as if it’s being affected by the firewall, while it’s secretly linked to your tether. Then all of a sudden pretend to teach others how to bypass it. (It won’t work, of course) then when you get into trouble, hold the big reveal that it’s your own iPad and you’re not even on their network.

Hey, you know that if you share this article on Twitter, a Wayzata Public Schools “technology and public sector leader” auto tweets you saying, essentially, that the article is misleading. “The title of the blog is not true. The District does not, nor do we have the ability to spy on students as part of our MDM.” Kinda strange, dontcha think?

@Medievalist :We have software that allows school faculty to login and monitor–even control–student computers remotely. To be honest, it’s very laggy and most of them don’t use it much. But your question was about spying on students, and it’s a huge concern for us. Coincidentally, we were rolling out our laptop program right at the time that the Pennsylvania school spying case went public, so we spent a lot of time discussing whether we would even use such software.
What we ended up doing was having the monitoring software communicate via private network addresses at the school. If a student goes off school grounds/network, the IP addresses become invalid and we lose all contact. Frankly, the prospect of even being accused of having the ability to spy on students at home is terrifying from a legal and PR angle, and we want it to be technically impossible.
At school, only teachers who have specific students in class can monitor their computers. (Though they can do that at any time.) Faculty access to the monitoring system is logged, which is something that I would call a completely acceptable instance of “spying on” people, since there is a larger issue of student privacy at stake.
I don’t want to sound like we have a perfect system. There’s still a lot we could do better. I wish I could spend less time with broken screens and Java updates, and more with the bigger issues.

I completely agree. I don’t have time or brain space to be overly paranoid–at least how I define paranoid.
Example: I know for a fact that there are a small handful of students that are getting around our filtering system. I’d rather they didn’t, but I can’t completely prevent it. I’ll skip the technical reasons why.
If I had a specific name and specific proof, I could go to our administration and get someone disciplined. But unless it blows up into a bigger problem–like teaching others how to bypass the system, or completely inappropriate computer use in the school cafeteria–I’m most likely going to let it slide. I’ve got too many other issues that are affecting too many other students.
So, that’s a confession, I guess: I’m either too busy or too inept to be too paranoid.

While the title could potentially be misconstrued, the contents of the article are factual. Since the publication of this article, I’ve had a much less one-sided and much more potentially constructive discussion with school personnel about these issues.

Would just like to point out though, “…as part of our MDM.” is pretty significant. They can still read our school email, and I know for a fact that they’ve monitored the desktop computers in the past - during the briefly mentioned DOS Batch learning incident, the evidence against me was a screenshot pulled from the computer while I was coding.

Well there are good educational reasons that you want facility to record what a student is doing. When teaching IT I would occasionally display one students screen on the projector so other students could see the work they were doing. I guess there are also good educational reasons for using the camera as well.

This is all fine as long as the computers are restricted to school property. Thing get tricker if you give the students the right to take the computers home as well. Here we might be limited by the software, how do you ensure it is disabled when out of hours or off school property. The software might not have such facility which gets quite tricky to program, should it block the camera when on a school trip? Who controls when the camera is enabled? The simplest solution might be to issue all students with a roll of electrical tape so they can cover the camera.

Make it accessible only when the computer is connected to the school network?

Thought. If it initiates connection from the tablet out, make it connect to a local network address (and authorize, e.g. via a SSL cert). Let’s say the address is 10.25.25.1; it is not routable, so from any local network it won’t go past the router/NAT. The authorization step is there to avoid active attack by somebody setting up their own LAN with the 10.25.25.* segment and run their own rogue accesspoint and rogue surveillance/supervision software.

By using the nonroutable IPs, the connection won’t happen when over The Internet itself, so it is automatically limited to the on-premises local network.

Many more variants but this one looks as the most straightforward to me.

I think this is crucial. Kind of like having cameras on police vests. When I worked in banking, any activity required two different departments: whatever you did, someone on a different floor would check the print-outs, logs, signatures, etc. Actually going into a vault, etc. would require at least two people with different job responsibilities. With power SHOULD come constant checks on that power.

I had teachers like this in high school (back when we rode dinosaurs to school, etc. etc.). If you can tell someone is using their brains and being well-disciplined about it, not getting anyone else involved who would be more likely to cause trouble, then keep it in your peripheral vision but otherwise stay focused on the kids who actually need supervision.

I wouldn’t call that too busy, too inept, or too paranoid…I would call that wise.

There might be different working definitions. I see the presence of a filtering system in the first place to be pretty pointlessly paranoid. I appreciate now that there’s requirements that fall onto folks in your position from above, but that just changes the target of the attention. Ultimately, those kids who are getting around the filtering system are the ones mastering the actual skills they’ll need to survive in, say, a post-Net Neutrality world. They don’t need to be punished, they need to be lauded, encouraged, and given a platform to spread their skills to others. They aren’t the enemy, the ones making the policies are the enemy, and the ones protecting the policies are the enemy’s ennablers. A lot of adults are stuck – they can’t challenge the system because they depend on the system for food and housing and gas money. But kids aren’t reliant on the system yet. We need to encourage them when they’re willing to fight the problems in it. They often see those problems more clearly than we can.

No. I hate that kind of stuff and it was years ago that I was setting that up for my stepson. Oh god that software was terrible. I think nowadays you can set up parental controls on the browser settings that are pretty good. I’d try that first.

My daughter is of the age to get into trouble but I just keep virus protection on her computer. She knows that she has a lot of privileges because she is a great kid who doesn’t abuse my trust and I tell her that as a way for her to understand that her keeping those privileges depends on her continuing to deserve my trust. So far it works for her but I know that wouldn’t work for every kid; I kind of raised her up to respond to this approach.

I think that is still the case, I was just looking for smart people opinions that I could use for ammunition for the future discussion when the kids turn 10.

[quote=“CapnCrunch, post:130, topic:47399”]
Frankly, the prospect of even being accused of having the ability to spy on students at home is terrifying from a legal and PR angle, and we want it to be technically impossible.[/quote]

Well, speaking once again as a parent, that is a great relief to me! It means not only are you aware of the illegality, you understand the impropriety, and you’ve prioritized your technical efforts appropriately.

A lot of people are claiming “your employers will spy on you so this is just training kids for employment”. And that’s actually true - but in the industry (here speaking as a subject matter expert) systems for logging and monitoring employee communications are increasingly subject to second-level monitoring. For example, my current employers use a very popular enterprise communications archival package. The HR department cannot directly access other employees’ email, but they can formally request that an authorized technical staffer do so. If one of those people decrypts a message archive, I personally am notified as part of the decryption process. I don’t have the ability to read others’ email archives - but I have the ability to blow the whistle on anyone who is doing so inappropriately; and in fact I can yank anyone’s access to all systems at any time, if that seems necessary. Essentially we have a three-level authorization, logging and oversight system before anyone’s business communications can be extensively examined, and that’s looking like it’ll be the norm for employers in the future.

Client-side Java is the worst thing to happen to PC users since the 80286 memory architecture. You rarely see such a horrifying difference between theory and practice. My sympathies!