Report blames IT staff for school Webcam 'spying' mess
Pa. school district's former IT head dismissed privacy worries of student intern in '08
Computerworld - The IT department of the Pennsylvania school district accused of spying on students using their school-issued laptops took the brunt of the blame in an independent report released Monday.
According to the report, which was commissioned by the Lower Merion School District and conducted by a local law firm, the IT staff not only failed to inform school officials and administrators of the tracking capabilities of the LANrev software, but argued that telling students about the software's ability to remotely trigger notebook Webcams would "defeat its purpose" as a way to recover lost or stolen computers.
The report also shed light on the incident that led a student and his family to sue the district, and revealed that privacy concerns had been raised by another student as early as 2008.
Lower Merion, of Philadelphia suburb Ardmore, Pa., was first sued by Michael and Holly Robbins, and their teenage son Blake, a high school student at Harriton High School, in mid-February after an assistant principal accused Blake of selling drugs and taking pills, and used a snapshot taken by the computer as evidence. Robbins claimed the pictures showed him eating candy.
The Robbins' lawsuit is ongoing.
Saying that the district's information services department had withheld information about LANrev's spying capabilities from the school board, administrators and students, the report noted that among themselves, the IT staff "expressed zeal for what TheftTrack could do." According to the report, people involved with LANrev's TheftTrack feature repeatedly told of tracking a stolen teacher's computer to a local residence, then to Pakistan, then back to Pennsylvania.
Since the Robbins' lawsuit, Absolute Software, LANrev's seller, has issued a patch that disables the function.
Virginia DiMedio, until June 2009 the district's director of technology, came under fire for not telling school officials of TheftTrack and its capabilities, although she allegedly had several opportunities to do so. DiMedio declined to be interviewed for the report unless she was compensated for the time her personal lawyer would be billed; the district refused to reimburse her.
In August 2008, a Harriton High student intern in the IT department raising concerns about the tracking feature with DiMedio. "I would not find this a problem if students were informed that this was possible, for privacy's sake. However, what was appalling was that not only did the District not inform parents and students of this fact...," the student wrote in an e-mail to DiMedio.
In the same e-mail, the student proved prescient. "I feel it would be best that students and parents are informed of this before they receive their computers. And while this only slightly sways my opinion on 1:1 [the district's program to provide a MacBook to every high school student], i could see not informing parents and students of this fact causing a huge uproar."
Both DiMedio and another IT staffer, Mike Perbix, dismissed the student's concerns in reply e-mails.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- 2014 Healthcare Data Management Survey Summary This report provides insights into how much information Healthcare IT organizations are managing, the rate of data growth they are experiencing and which...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!