Report blames IT staff for school Webcam 'spying' mess
Pa. school district's former IT head dismissed privacy worries of student intern in '08
Computerworld - The IT department of the Pennsylvania school district accused of spying on students using their school-issued laptops took the brunt of the blame in an independent report released Monday.
According to the report, which was commissioned by the Lower Merion School District and conducted by a local law firm, the IT staff not only failed to inform school officials and administrators of the tracking capabilities of the LANrev software, but argued that telling students about the software's ability to remotely trigger notebook Webcams would "defeat its purpose" as a way to recover lost or stolen computers.
The report also shed light on the incident that led a student and his family to sue the district, and revealed that privacy concerns had been raised by another student as early as 2008.
Lower Merion, of Philadelphia suburb Ardmore, Pa., was first sued by Michael and Holly Robbins, and their teenage son Blake, a high school student at Harriton High School, in mid-February after an assistant principal accused Blake of selling drugs and taking pills, and used a snapshot taken by the computer as evidence. Robbins claimed the pictures showed him eating candy.
The Robbins' lawsuit is ongoing.
Saying that the district's information services department had withheld information about LANrev's spying capabilities from the school board, administrators and students, the report noted that among themselves, the IT staff "expressed zeal for what TheftTrack could do." According to the report, people involved with LANrev's TheftTrack feature repeatedly told of tracking a stolen teacher's computer to a local residence, then to Pakistan, then back to Pennsylvania.
Since the Robbins' lawsuit, Absolute Software, LANrev's seller, has issued a patch that disables the function.
Virginia DiMedio, until June 2009 the district's director of technology, came under fire for not telling school officials of TheftTrack and its capabilities, although she allegedly had several opportunities to do so. DiMedio declined to be interviewed for the report unless she was compensated for the time her personal lawyer would be billed; the district refused to reimburse her.
In August 2008, a Harriton High student intern in the IT department raising concerns about the tracking feature with DiMedio. "I would not find this a problem if students were informed that this was possible, for privacy's sake. However, what was appalling was that not only did the District not inform parents and students of this fact...," the student wrote in an e-mail to DiMedio.
In the same e-mail, the student proved prescient. "I feel it would be best that students and parents are informed of this before they receive their computers. And while this only slightly sways my opinion on 1:1 [the district's program to provide a MacBook to every high school student], i could see not informing parents and students of this fact causing a huge uproar."
Both DiMedio and another IT staffer, Mike Perbix, dismissed the student's concerns in reply e-mails.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!