Slashdot Mirror

Nice anti government rant. Too bad the facts don't fit. Here's the report from the independent investigation. http://www.lmsd.org/documents/news/100503_ballard_spahr_report.pdf The FBI investigated the case and found there was not enough evidence to convict anyone of criminal charges. Are you claiming the FBI is in cahoots with the Lower Marion School District? Are you honestly saying the FBI will not prosecute low level government employees because the FBI feels it is the right of any government employee to spy on citizens? Put down the Kool-Aid and take off the tinfoil hat.

Uhm, considering the charges in the civil suit, which is progressing, yes, there was criminal intent, even if the feds turned a blind eye to it. Perhaps no malevalent intent in the policy itself, but criminal intent in the policy, in the implementation and in the execution.

The policy changes (you'll have to read the friendly article and click some friendly links) correct the criminal element in the policy. (At absolute minimum, criminally negligent policy, but the way I read the descriptions of the original policy, implementation, and execution, there was evidence of intent to observe without permission, as well.)

Some of the links:

current policy and school district official statements, etc.

initial responses, general and to parents, on the school district's website. Form your own opinions.

school district website, on which there is now a link to the updated and the districts official response to the charges being dopped/not pressed.

The news items that led there are linked on the original friendly article.

The only way they can correct the implementation is to make the installation of remote desktop (I assume it's just Apple Remote Desktop) optional, and give the students the password to the admin account and instructions on how to activate it themselves, along with clear instruction that failure to activate won't affect their grades, etc.

No, I'm not sure even that is enough. There would need to be a pilot LED and a local log, and independent auditing of the software that activates and monitors the camera. Although, if the students are informed, they don't need pink duct tape, a towel (erm, thick towel, double folded) over the closed, powered down laptop should do the trick.

To fix the execution issues, at least a few teachers and at least one principal must be required to attend classes on protecting students' privacy and losing a year or two of tenure, at bare minimum.

Etc.

Uhm, considering the charges in the civil suit, which is progressing, yes, there was criminal intent, even if the feds turned a blind eye to it. Perhaps no malevalent intent in the policy itself, but criminal intent in the policy, in the implementation and in the execution.

The policy changes (you'll have to read the friendly article and click some friendly links) correct the criminal element in the policy. (At absolute minimum, criminally negligent policy, but the way I read the descriptions of the original policy, implementation, and execution, there was evidence of intent to observe without permission, as well.)

Some of the links:

current policy and school district official statements, etc.

initial responses, general and to parents, on the school district's website. Form your own opinions.

school district website, on which there is now a link to the updated and the districts official response to the charges being dopped/not pressed.

The news items that led there are linked on the original friendly article.

The only way they can correct the implementation is to make the installation of remote desktop (I assume it's just Apple Remote Desktop) optional, and give the students the password to the admin account and instructions on how to activate it themselves, along with clear instruction that failure to activate won't affect their grades, etc.

No, I'm not sure even that is enough. There would need to be a pilot LED and a local log, and independent auditing of the software that activates and monitors the camera. Although, if the students are informed, they don't need pink duct tape, a towel (erm, thick towel, double folded) over the closed, powered down laptop should do the trick.

To fix the execution issues, at least a few teachers and at least one principal must be required to attend classes on protecting students' privacy and losing a year or two of tenure, at bare minimum.

Etc.

Uhm, considering the charges in the civil suit, which is progressing, yes, there was criminal intent, even if the feds turned a blind eye to it. Perhaps no malevalent intent in the policy itself, but criminal intent in the policy, in the implementation and in the execution.

The policy changes (you'll have to read the friendly article and click some friendly links) correct the criminal element in the policy. (At absolute minimum, criminally negligent policy, but the way I read the descriptions of the original policy, implementation, and execution, there was evidence of intent to observe without permission, as well.)

Some of the links:

current policy and school district official statements, etc.

initial responses, general and to parents, on the school district's website. Form your own opinions.

school district website, on which there is now a link to the updated and the districts official response to the charges being dopped/not pressed.

The news items that led there are linked on the original friendly article.

The only way they can correct the implementation is to make the installation of remote desktop (I assume it's just Apple Remote Desktop) optional, and give the students the password to the admin account and instructions on how to activate it themselves, along with clear instruction that failure to activate won't affect their grades, etc.

No, I'm not sure even that is enough. There would need to be a pilot LED and a local log, and independent auditing of the software that activates and monitors the camera. Although, if the students are informed, they don't need pink duct tape, a towel (erm, thick towel, double folded) over the closed, powered down laptop should do the trick.

To fix the execution issues, at least a few teachers and at least one principal must be required to attend classes on protecting students' privacy and losing a year or two of tenure, at bare minimum.

Etc.

Uhm, considering the charges in the civil suit, which is progressing, yes, there was criminal intent, even if the feds turned a blind eye to it. Perhaps no malevalent intent in the policy itself, but criminal intent in the policy, in the implementation and in the execution.

The policy changes (you'll have to read the friendly article and click some friendly links) correct the criminal element in the policy. (At absolute minimum, criminally negligent policy, but the way I read the descriptions of the original policy, implementation, and execution, there was evidence of intent to observe without permission, as well.)

Some of the links:

current policy and school district official statements, etc.

initial responses, general and to parents, on the school district's website. Form your own opinions.

school district website, on which there is now a link to the updated and the districts official response to the charges being dopped/not pressed.

The news items that led there are linked on the original friendly article.

The only way they can correct the implementation is to make the installation of remote desktop (I assume it's just Apple Remote Desktop) optional, and give the students the password to the admin account and instructions on how to activate it themselves, along with clear instruction that failure to activate won't affect their grades, etc.

No, I'm not sure even that is enough. There would need to be a pilot LED and a local log, and independent auditing of the software that activates and monitors the camera. Although, if the students are informed, they don't need pink duct tape, a towel (erm, thick towel, double folded) over the closed, powered down laptop should do the trick.

To fix the execution issues, at least a few teachers and at least one principal must be required to attend classes on protecting students' privacy and losing a year or two of tenure, at bare minimum.

Etc.

Uhm, considering the charges in the civil suit, which is progressing, yes, there was criminal intent, even if the feds turned a blind eye to it. Perhaps no malevalent intent in the policy itself, but criminal intent in the policy, in the implementation and in the execution.

The policy changes (you'll have to read the friendly article and click some friendly links) correct the criminal element in the policy. (At absolute minimum, criminally negligent policy, but the way I read the descriptions of the original policy, implementation, and execution, there was evidence of intent to observe without permission, as well.)

Some of the links:

current policy and school district official statements, etc.

initial responses, general and to parents, on the school district's website. Form your own opinions.

school district website, on which there is now a link to the updated and the districts official response to the charges being dopped/not pressed.

The news items that led there are linked on the original friendly article.

The only way they can correct the implementation is to make the installation of remote desktop (I assume it's just Apple Remote Desktop) optional, and give the students the password to the admin account and instructions on how to activate it themselves, along with clear instruction that failure to activate won't affect their grades, etc.

No, I'm not sure even that is enough. There would need to be a pilot LED and a local log, and independent auditing of the software that activates and monitors the camera. Although, if the students are informed, they don't need pink duct tape, a towel (erm, thick towel, double folded) over the closed, powered down laptop should do the trick.

To fix the execution issues, at least a few teachers and at least one principal must be required to attend classes on protecting students' privacy and losing a year or two of tenure, at bare minimum.

Etc.

http://www.lmsd.org/staff/techmentor/podcast/LMSDPodologue.htm buncha pod...ophiles

Link to the report here http://www.lmsd.org/documents/news/100503_ballard_spahr_report.pdf

I really wonder how much this so very carefully woven report cost. It's quite a piece of work.

But most of the IT folks in the district are men, including Mike Perbix, who was heavily involved with the laptop spying program, as seen in this video he created

One of the network technicians for Lower Marion School District, Mike Perbix, described a method to remotely Enable and Disable the built in iSight. He concludes this description of how to remotely use webcams with the single word, "ENJOY!".

What, exactly, was he "ENJOY!"ing about the ability to remotely operate webcams?

If you read between the lines in their statement, it looks like the school is trying to say that the kid took home a loaner laptop - which he was not supposed to do. I think they're going to try to say that since the laptop wasn't the one issued to the kid, they had the right to try to locate it and they "accidentally" caught the kid engaged in "inappropriate behavior," which if this claim turns out to be true was taking something that looked sorta like drugs.

One more thing, from the summary, "the officials involved have done a particularly bad job of actually managing the events." How the hell do you do a good job of managing the event that a school vice-principle got access to pictures taken covertly in a minors bedroom? There's no managing that, that's a grade A screw up from the start.

It wasn't a secret that there was security software on the laptops. Parents and students knew about it, they just weren't required to sign an acknowledgement

From LMSD Superintendent's post @ 2/19/10

3. Were students and families explicitly told about the laptop security system?
No. There was no formal notice given to students or their families. The functionality and intended use of the security feature should have been communicated clearly to students and families.

If you would have read the fucking article you would have seen that kids were meant to take them home to do their homework.

Articles are written by third parties. This was written by the Superintendent of Schools, Lower Merion School District
http://www.lmsd.org/sections/schools/default.php?t=lmhs&p=lmhs_today_anno&menu=lmhs_today&id=1143
"As I noted yesterday, this feature was limited to taking a still image of the computer user and an image of the desktop in order to help locate the reported missing, lost, or stolen computer (this includes tracking down a loaner computer that, against regulations, might be taken off campus)."

In the school's laptop insurance policy, the second bullet point under the second heading (Insurance Information) says that students who don't pay for insurance aren't allowed to bring the laptops off campus.

This could explain why they used this tactic so frequently and the reason for taking the picture in this particular case.

Nevertheless, the school should have recognized the obvious privacy concerns and used some other system to track uninsured laptops taken off campus.

Based on this Laptop Capabilities at Home info from the LMSD website, they do expect the kids to take the laptops home.

For answers from the school districts side: Update from Dr. McGinley regarding high school student laptop security - 2/19/10 - better than the link in the submission or even the article for that matter.

As I noted yesterday, this feature was limited to taking a still image of the computer user and an image of the desktop in order to help locate the reported missing, lost, or stolen computer (this includes tracking down a loaner computer that, against regulations, might be taken off campus). While we understand the concerns, in every one of the fewer than 50 instances in which the tracking software was used this school year, its sole purpose was to try to track down and locate a student's computer.

(source http://www.lmsd.org/sections/schools/default.php?t=lmhs&p=lmhs_today_anno&menu=lmhs_today&id=1143 from OP )

B.S. This whole story came to light because of a student being disciplined for 'inappropriate behaviour in the home' accompanied by an image taken of them in the home from one of the laptop webcams.

If the laptop was stolen it would have been a whole different charge, their whole story is so full of holes it's ridiculous.

I don't see the need for all this. There's insurance against theft and using proper full disk encryption, there's no risk of data loss for companies.

They do require insurance for most students Laptop Insurance

Insurance Information

• As stated in previous communications, insurance will be $55 per student with a $100 deductible for theft or damage. Families who participate in the Free and Reduced lunch program will have the option to forgo the insurance cost yet still have their student(s) laptop covered under this insurance agreement. However, families in the Free and Reduced lunch program will be required to pay the deductible charge of $100 for each theft, loss, or damage claim.
• Parents/guardians are encouraged to pay the $55 insurance premium prior to the start of the school year through Paypal. This account can be accessed at http://www.lmsd.org/insurance. No uninsured laptops are permitted off campus. If a student without laptop insurance takes the laptop off site and it is stolen or damaged, full replacement or repair cost is the parent/guardians responsibility.

I don't see the need for all this. There's insurance against theft and using proper full disk encryption, there's no risk of data loss for companies.

They do require insurance for most students Laptop Insurance

Insurance Information

• As stated in previous communications, insurance will be $55 per student with a $100 deductible for theft or damage. Families who participate in the Free and Reduced lunch program will have the option to forgo the insurance cost yet still have their student(s) laptop covered under this insurance agreement. However, families in the Free and Reduced lunch program will be required to pay the deductible charge of $100 for each theft, loss, or damage claim.
• Parents/guardians are encouraged to pay the $55 insurance premium prior to the start of the school year through Paypal. This account can be accessed at http://www.lmsd.org/insurance. No uninsured laptops are permitted off campus. If a student without laptop insurance takes the laptop off site and it is stolen or damaged, full replacement or repair cost is the parent/guardians responsibility.

Okay, I just read a bit more and it looks like apparently they aren't even *allowed* to take the laptops home, they're just lent out for a couple of lessons. So the laptop WAS stolen, and the camera correctly identified the thief.

Based on this Laptop Capabilities at Home info from the LMSD website, they do expect the kids to take the laptops home.

http://www.lmsd.org/sections/schools/default.php?t=lmhs&p=lmhs_today_anno&menu=lmhs_today&id=1143

Cute, but more misleading than informative.

The update attempts to mislead by making it unclear whether students are allowed to use the laptops at home. This is done by Dr. McGinley referencing "a loaner computer that, against regulations, might be taken off campus," while leaving it unclear whether the laptops issued to students fit into the category of "a loaner computer," and by pointing out that "rules for laptop use were spelled out - such as prohibitive uses on and off school property," but does not mention what these rules are.

A "Getting Started Guide for Student Laptops" pdf from lmsd.org clearly states the student laptops may be taken home, and gives instructions for connecting to the internet from some place outside school, such as from home or an Internet cafe.

http://docs.google.com/viewer?url=http://www.lmsd.org/documents/tech/121_student_guide.pdf

sourceIt seems my suspicions were correct.

http://www.lmsd.org/sections/schools/default.php?t=lmhs&p=lmhs_today_anno&menu=lmhs_today&id=1143

http://www.lmsd.org/sections/news/default.php?m=0&t=today&p=lmsd_anno&id=1137

Look harder? ;-)

From what I understand, there was no capability to remotely record a video. It was an anti-theft measure that could be used to snap photos (same as some of those iphone apps, or http://www.orbicule.com/undercover/ for macs, or one of the million programs that can be used to take a picture with a webcam on your stolen laptop) and that was supposed to only be activated after a theft was reported.

So obviously someone made use of that capability when they shouldn't have. The question is, was that person following policy or acting on their own? The software and capability isn't unjustified, it seems like a good thing to have on a school-given laptop. My guess is that there was one or a few people who were taking these snapshots when they weren't supposed to, saw a kid doing something bad, decided it was their job to do something about, and are now going to get the school district in a whole shitload of trouble.

See the school district's response here: http://www.lmsd.org/sections/schools/default.php?m=&t=hhs&p=hhs_today_anno&id=1138

http://www.lmsd.org/sections/news/default.php?m=0&t=today&p=lmsd_anno&id=1137

They claim that the capability was designed to find lost or stolen laptops ONLY so if it was used in this manner is was apparently done so improperly. The Superintendent seems to claim that only the IT group can activate this or see the images so it remains to be seen as to what happened here but I have some thoughts....

From watching a video from another school district that I found in the comments on BoinBoing some schools sometimes see the students because the students run apps on their desktop that display video from their own WEB cam. Photobooth was the app mentioned in that story and the desktop appeared to be OSX so not likely the same software here but possible a similar program.

Lastly, if they have the capability to remotely control, as this other school did, then they could also be launching apps or installing apps that are allowing this kind of peeping - not cool IMO.

LMSD Response
Dear LMSD Community,

Last year, our district became one of the first school systems in the United States to provide laptop computers to all high school students. This initiative has been well received and has provided educational benefits to our students.

The District is dedicated to protecting and promoting student privacy. The laptops do contain a security feature intended to track lost, stolen and missing laptops. This feature has been deactivated effective today.

The following questions and answers help explain the background behind the initial decision to install the tracking-security feature, its limited use, and next steps.

  Why are webcams installed on student laptops?

The Apple computers that the District provides to students come equipped with webcams and students are free to utilize this feature for educational purposes.

  Why was the remote tracking-security feature installed?

Laptops are a frequent target for theft in schools and off school property. The security feature was installed to help locate a laptop in the event it was reported lost, missing or stolen so that the laptop could be returned to the student.

  How did the security feature work?

Upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the District's security and technology departments. The tracking-security feature was limited to taking a still image of the operator and the operator's screen. This feature has only been used for the limited purpose of locating a lost, stolen or missing laptop. The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever.

  Do you anticipate reactivating the tracking-security feature?

Not without express written notification to all students and families.

We regret if this situation has caused any concern or inconvenience among our students and families. We are reviewing the matter and will provide an additional update as soon as information becomes available.

Sincerely,

Dr. Christopher McGinley
Superintendent

Decided to check LMSD website, and found that they posted a response to the lawsuit. It's fairly slick, and the major point they make is that when a laptop is reported missing or stolen, the 'remote tracking-security feature' (probably the webcam? They make it sound like they could activate a GPS tracker in the laptop) was used to take a still picture of the user and what the user was looking at. If the laptops were only leased to the students, and remain "school property", then I could see the implementation of such a safeguard as just preserving school property. However, if the laptops were given away to students, then it seems a bit weird that they had an anti-theft measure that they never mentioned and it's also unconceivable that they just so happened to turn on the system to find the one person who was written up for improper behavior. -- http://www.lmsd.org/sections/news/default.php?m=0&t=today&p=lmsd_anno&id=1137

The district superintendant's response is available here.

School Response. They acknowledge that the feature existed and was only to be used in case of theft.

According to them, the system only took 1 single picture to recover a stolen laptop. Now, the thief's parents are suing the school.

The school district has responded to the allegations in this press release.

LMSD response to 'invasion of privacy' allegation
Updated 2/18/10 5:26 PM

Dear LMSD Community,
Last year, our district became one of the first school systems in the United States to provide laptop computers to all high school students. This initiative has been well received and has provided educational benefits to our students.
The District is dedicated to protecting and promoting student privacy. The laptops do contain a security feature intended to track lost, stolen and missing laptops. This feature has been deactivated effective today.
The following questions and answers help explain the background behind the initial decision to install the tracking-security feature, its limited use, and next steps.
  Why are webcams installed on student laptops?
The Apple computers that the District provides to students come equipped with webcams and students are free to utilize this feature for educational purposes.
  Why was the remote tracking-security feature installed?
Laptops are a frequent target for theft in schools and off school property. The security feature was installed to help locate a laptop in the event it was reported lost, missing or stolen so that the laptop could be returned to the student.
  How did the security feature work?
Upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the District's security and technology departments. The tracking-security feature was limited to taking a still image of the operator and the operator's screen. This feature has only been used for the limited purpose of locating a lost, stolen or missing laptop. The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever.

  Do you anticipate reactivating the tracking-security feature?
Not without express written notification to all students and families.
We regret if this situation has caused any concern or inconvenience among our students and families. We are reviewing the matter and will provide an additional update as soon as information becomes available.
Sincerely,
Dr. Christopher McGinley
Superintendent

The superintendent has posted a "LMSD response to 'invasion of privacy' allegation"

http://www.lmsd.org/sections/news/default.php?m=0&t=today&p=lmsd_anno&id=1137

pretty typical politico. totally avoids or ignores what caused it all in the first place.

The story is probably fictitious. All reference repeat heavely from this web site:

http://americasright.com/?p=3159&cpage=1#comment-30138

All reliable news sources such as AP and USA Today specificaly say they have not been able to get in touch with the parents, student, lawyer or school district.

No source of the PDF file containing the "supposed" lawsuit comes from a reliable location - for example a governemnt's web site.

The school district released this information at the school district web site:
http://www.lmsd.org/sections/news/default.php?m=0&t=today&p=lmsd_anno&id=1137

According to their news website (considering upgrading to OS X 10.6) and the list of compatible programs, it is/was Macbooks running OS X 10.5...hey, at least it had a real security model so the only way to be rooted is, uh, by root...

According to their news website (considering upgrading to OS X 10.6) and the list of compatible programs, it is/was Macbooks running OS X 10.5...hey, at least it had a real security model so the only way to be rooted is, uh, by root...