Ghost in the Classroom Machine
There's been a flood of news coverage regarding this lawsuit against Harriton High School in Lower Merion, PA. The charge, in short, is that school-issued laptops have been employed by school administrators to surreptitiously webcam-monitor children in their own homes via the use of remote control software, violating nearly every wiretapping statute on the books as well as potentially generating child pornography. While the school has already issued a formal apology regarding the use of remote monitoring technology, this blog post is an attempt to ascertain what technical methods were used to remotely monitor students in their home.
Think Spyware
The first step to identifying the particular spyware in use is to identify the platform. This school document identifies the hardware and software in use as Macbooks running OSX. What's the go-to spy product of choice for school administrators on the OSX platform? Apple Remote Desktop 3:
What proof exists that this product can be used for remote monitoring of students? Remote observation and control of target computers is plainly listed in the Apple Remote Desktop 3 Feature List. But the best evidence is this PBS documentary (about a different school), in which a high school assistant principal is shown listing, monitoring, and remotely taking pictures of high school students using Apple Remote Desktop 3:
Five minutes, twelve seconds into the video:
"They don't even realize that we are watching. I always like to mess with them and take their picture."
-Assistant Principal Dan Ackerman
This story is only a day old, and if the published numbers are correct, nearly 1800 children and their families may have been exposed. I don't have information yet on what forensic traces this spying may have left on the computers, however, I can recommend best practices for any parent who believes their school system may be using issued hardware to spy on their children (in Lower Merion or elsewhere):
- Understand that most laptops have a microphone and a video camera embedded, and that remote activation of microphones can be utterly silent.
- If the issue becomes public, as is the case above, connecting the laptop to a school administered network or VPN may allow administrators to remove forensic traces of spying. Do not network the computer until evidence collection is complete.
- Seek out a computer security professional or your helpful neighborhood hacker to perform a full forensic hard drive capture of the potential spy platform.
- Consult a lawyer before confronting school officials. Capturing live network forensic evidence of remote spying can be far more powerful than word-of-mouth allegations.
Big Brother: Remain EXACTLY where you are! Make NO move until you are ordered!
[painting falls from wall, revealing a telescreen]
Julia: Now they can see us...
Big Brother: NOW WE CAN SEE YOU!
11 comments:
With comments like Five minutes, twelve seconds into the video:
"They don't even realize that we are watching. I always like to mess with them and take their picture."
-Assistant Principal Dan Ackerman Teachers have long felt like students have no rights and the comments emphasize that the administrators had no concept that what they were doing was wrong. I expect we'll hear from a lot more students in the near future -- if the schools haven't already turned to students into Orwellian sheep.
The video you reference is: http://www.pbs.org/wgbh/pages/frontline/digitalnation/learning/schools/how-google-saved-a-school.html
I would like to say ARD's use is for IT to easily manage hundreds of computers.
But I guess like a gun it has its good and bad uses.
The big difference in the Front-line story is that the students are very aware that the admin is taking their picture.
Still not good, but not hidden and sneaky like the PA school.Also, these look like they are only used on school grounds, I saw laptop racks and chargers in the classrooms, unlike the PA case where the students took the units home.
PC use is good in school and the NY school district has obviously seen benefits, re Math scores etc...
Every technology has good and bad uses, seems like the time has come to define what is appropriate
"Seek out a computer security professional or your helpful neighborhood hacker to perform a full forensic hard drive capture of the potential spy platform."
I am not a lawyer, but I believe that this is (at least in the order written) bad advice. If you suspect this of happening to your child, and you want to do something about it: by all means, don't connnect the laptop to ANY network, don't even power it up. SEE a lawyer FIRST, and get legal advice on how to proceed.
If you give the laptop to your 'neighborhood hacker', it may well become useless as evidence.
I am a systems administrator at an art college and we have many tools at our disposal. We use Apple remote desktop, ntop, intermapper and nmap. But it our policy to not use these tools for evil. Kinda like Google do no evil policy.
The way we generally use it is this: Intermapper graphs/thresholds indicate over utilization of internet bandwidth. ntop lets us drill down to who is using the bandwidth and where to/from. ARD then lets us see who the user is and what they are doing. 9 times out of 10 it is some one downloading images from google images in highres or video from archive.org. No harm no foul. Go tweak the firewall throttle. Then there is the occasional bittorrent of copyrighted works. We go tap the user on the shoulder and tell them to knock it off. We don't want to rat them out to the content cartel we just want our bandwidth used for school work.
Its all about how you use the tools you have. As a result of this incident and the stories about them I have posted to our faculty, staff, and student about our "Do no evil" policy. But I could see if you were not one of the good guys like me and my coworkers these tools could be wielded for "EEEVVVIIILLL"
Oh on the evil side if you have the computer and network to support it you can watch many computer screens all at the same time with ARD just select all the machines and hit "Observe" Scary.
One article I read stated that the parents had to sign a waiver before the children could take a laptop home. I would really like to see that document. I work as a contractor for a DoD agency and have a laptop issued to me. When booted up the first thing you get after the drive encryption software is a splash screen telling you that they have the right to monitor anything that happens on it. For this reason alone I will only power it up in a agency office. never when I am at home even though I could use it.
Five minutes, twelve seconds into the video:
"They don't even realize that we are watching. I always like to mess with them and take their picture."
-Assistant Principal Dan Ackerman
As a sys admin for a school district and the sole Mac tech for as far as the eye can see around here, I'd just like to point some things out about this video and the comments here.
When using Apple Remote Desktop you have three options to interact with a computer: Observe, Control, Curtain. When you observe, you can only see what the user is doing on the computer, you cannot see the user. Unless they already have Photo Booth open, like the students in the video. Later you hear him say that they (the students) have it open so they can check their hair, do their makeup, etc. Now when you use the Control option, you can then move the mouse and click the take picture button, which is what Mr. Ackerman did, and the girl ducked out of the frame. The assistant principal did not open Photo Booth on his own, it was already running. This is not nearly as insidious as several people here, including the author, are making it out to be.
In response to "brother": Oh on the evil side if you have the computer and network to support it you can watch many computer screens all at the same time with ARD just select all the machines and hit "Observe" Scary. That's not scary, that is responsible. You are dealing with college students, who are usually adults. In the case of high school students - who are generally minors and are under the care of the high school's staff - when they are left to their own devices without any sort of monitoring whatsoever, they wreak havoc. We have software called SynchronEyes provided by SMART Technologies (same people who make SMART boards) that shows a thumbnail of every computer's screen that is connected to it. I can tell you from experience that the knowledge someone could be monitoring what they do is often a big deterrent. You have to understand the mentality of a high schooler. They think they can get away with whatever they want because 1) Mommy and Daddy will stick up for them (My darling Johnny would NEVER do something like that, how dare you accuse him of such), 2) The administration is too cowed by litigious parents to actually punish them for their actions, and 3) Because they are minors they can't really get in much trouble for it anyways. If you don't monitor the students they can and will do whatever they can to bring harm to your workstations, servers and network.
Now I'm sure several of you will come back with comments along the lines of setting up better security on the client so that students CAN'T do those things, I thought the same thing. When I started this job I was all for locking the workstations down so tight that they couldn't even pretend to do something unauthorized. I learned rather quickly that doing so will make technology so difficult to use that no one will want to utilize it. There is a fine line between too secure and secure enough. I know I don't have the time, and most school districts are in the same boat with cuts to funding so rampant, to run in circles allowing and disallowing software resources for certain classes so they can do a project. At some point you just have to draw the line and say "That's as secure as we're going to make it and still have it useable." Then you just have to monitor what they do. Ethically. Meaning only during school hours and only on computers that are on school grounds. And that's part of what tools like SynchronEyes and ARD provide. Plus remember, these kids have nothing better to do. No matter how secure you make it, they will find ways around it. I quote "Make something idiot-proof and someone will make a better idiot." The same goes for security.
I made it through middle school, high school, and college without being monitored. I used computers at school at all stages. I didn't goof off because I had AP classes to ace. When I did goof off, I almost always learned something by it. Your assertion that kids must be monitored in order to keep them from instantly "going rogue" sounds insane in the context of my path through the education system.
Not everyone "goes rogue", and certainly not instantly. The problem is that most of the kids that do "go rogue", as you call it, are doing so because they are not being challenged enough. In our district we have some CCNA classes at one high school and some software development in another high school. That's about as far as it goes in Information Technology. So the kids that excel in those subjects get bored easily and start to cause mischief. Monitoring, or even the idea thereof, helps to ensure that they don't get out of hand. For example, in one of our IT programs the teacher didn't monitor those kids. As a result they were allowed to get access to an admin account and install some keyloggers and cause some mischief. The damage was mitigated because we caught them when they started compromising accounts, but it could have been much, much worse.
This is the same principle as installing video cameras in the break room because someone smashed open the vending machine to steal a candy bar. The value of the candy bar is less than a dollar. The value of the vending machine is much higher. By installing a video camera it deters the majority of vandals. Is it going to prevent the Chris Knight's of the world who use dry ice quarters to game the machine? (See the movie "Real Genius" for the reference) Probably not. But is it really going to hurt anything or invade anyone's privacy by putting those cameras in there?
Keep in mind, I'm not approving of the alleged actions of the LMSD staff, as they have been accused; but I am defending a school's use of monitoring software to protect their investment and the investment of the taxpayers like you and I.
Also keep in mind that Student Information Systems are all databases that are generally networked to a school's intranet. If kids can compromise accounts at will, they can cause all kinds of damage. And we're not just talking the petty things like what David in WarGames (changing grades) or Dade in Hackers (alter sprinkler system and change his schedule) did. We're talking about kids finding addresses of other students for stalking purposes, or sabotaging student records. No, not all kids are evil and are going to go rogue, but if you look around, we aren't living in the same society as we were even 10 years ago. Morals are a thing of the past. Amorality is king, and apathy is his best friend. Today's highschoolers are masters of both. Again, not all, but the dangerous ones are, and that's who I'm worried about on my end. The AP kids who are trying to learn generally aren't the ones who maliciously attack our networks.
Power corrupts.
And when you try to create an architecture that delegates power through lower and lower levels of managment responsibility you increase the ratio of potential abusers to expert 'do no evil' well intentioned but still _mindered_ psychology individuals in the monitoring community.
Far more than you do the (generally ignorant) student body empowered to evil by a PC.
i.e. It is the acceptance of the oversight itself which leads to it's proliferation and and ultimate misuse.
What's more, this is NOT a single tier capability. Because the fact that the command modes are imbedded in commercial software (no hope of encryption sufficient to prevent hacking of the codes) makes it open season for whatever HIGHER governmental or private agency wishes to exploit private activities (including creation of copyrighted materials) able to do so as well.
Thus, the very existence of the capability is itself a compromise to the common dignity with which we must all hold each other as 'equally noble until proven otherwise'. And furhter creates a precendence of accepting the system of oversight whose _illegality_ of unrestricted access to ALL forms of data mining is not questioned because it is not seen as being technologically and system of application open-ended, which it is.
If you do not innately distrust those who would minder you for your own good. You will not know what their definition of 'good' is until it is too late.
People are innately selfish when given free access to power. Only when something is, by definition, an unseemly act are they able to apply it universally as a restriction against others as themselves.
Post a Comment