Lance Vick is suggesting that students hack their schools’ surveillance systems.
“This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine,” he said.
Of course, there are a lot more laws in place against this sort of thing than there were in—say—the 1980s, but it’s still worth thinking about.
EDITED TO ADD (1/2): Another essay on the topic.
Rhys • December 30, 2019 5:12 PM
Surveillance cameras and systems have to have privacy and security built-in, not bolted on.
Running un-encrypted from the camera is not best practice. Misfeasance at best- nonfeasance and malfeasance should be prosecuted without equivocation.
Many surveillance systems now have obscuration control in the camera before transmission. Regardless if encrypted or not. Attractive nuisance is a body of law CAOs are trained. Nor security, privacy, the 5 assurances…
Anon Y. Mouse • December 30, 2019 6:14 PM
Private institutions will simply require submitting to any surveillance system
as a condition of enrollment. Public schools, colleges, and universities will
eventually need legislation enacted to create that mandate.
Sheilagh Wong • December 30, 2019 7:16 PM
It’s likely the school cams aren’t even encrypted and can be found on Russian web sites.
Jeff Hall • December 31, 2019 7:19 AM
Not a good idea as these systems are still covered legally either by state or federal law so the kids are breaking those laws if they do hack these systems.
So let us teach kids how to properly conduct information security testing rather than telling them to break the law.
TexasDex • December 31, 2019 10:04 AM
This isn’t camera surveillance (which usually has awful security, but can at least be cordoned off on a private network).
The article talks about pervasive wireless tracking and monitoring, which is deeply creepy and wrong for an institute of higher ed to do, and subverts their claimed mission of raising independent students capable of critical thinking.
Hacking this system isn’t the solution. Student revolts/boycotts are.
Whot • December 31, 2019 2:16 PM
Recall that “hacking” has many meanings and specifically goes beyond computer break-ins. I can hack a gait-tracking system by placing a lump of something in my shoe to throw off my gait. I can use anything from makeup to hats and scarves to confuse facial recognition systems. And so on. Naturally, “the Man” will detect and ban each of these, but creativity is a deep well so the arms race can continue for a long time.
youngatheart • December 31, 2019 4:15 PM
Oh good lord! Think like a teenager…
Go to the store. Get a really cheap phone. Bottom end. They’re like $50 or $100 at Walmart. A fraction of the price of a single textbook. Put the app on your second phone. Forward calls to your first phone. One kid goes to class with a backpack full of phones. Kids take turns carting the backpack to class. Whoever’s got a job at the library brings the sack to the library for hours in the evening while everyone else parties.
Forget the school WIFI. A decent phone plan will have plenty of data.
Use a VPN!
The school is nice enough to tell you how they’re tracking you. They’re not tracking people but items you posses. So you don’t have to go to class, only your disposable phone does.
Face recognition is a harder problem. But where’s the camera? Down low where it can get scuffed? Or up high looking down? It’s amazing what a hat can do for you. Or a beard. I knew one guy back in college who shaved his eyebrows off. How well can these systems work with eyeglasses? Is it now illegal to wear sunglasses? What about groucho marx glasses? Fake mustaches? Fake noses? Stuff your cheeks full of gummy bears? The skys the limit here…
The bigger problem is why are folks being tracked in the first place?
Tracking only works when the folks being tracked are cooperating…
Wesley Parish • January 1, 2020 12:28 AM
I’ll chuck in my .02c’s worth and say that in my humble opinion, if a tertiary institute is spending the money they got out of you to attend their campus and acquire knowledge, on tracking you 24/7, they are in breach of their rights, and may be taken down with impunity. That money is your investment in your future, and obliges them to make good on it by educating you, not tracking you.
So consequently, they have broken faith, and are eligible for any mindfsck you can pull off on their surveillance systems.
Frankly it reads like Yet Another Example of how 1% entitlement is screwing up the Western democracies. (Entitlement? Oh yes, the Gypper was wrong there too – it’s not the poor who exemplify Entitlement, it’s the 1%.)
Bob the builder • January 1, 2020 6:48 AM
Love all the inventive proposals for disruption, but why has no-one suggested swapping the sensors around until the IT team refuses to waste any more time repairing the beacon configuration? Far cheaper, the system remains powered up, and no physical damage done.
why oh why • January 1, 2020 3:04 PM
Seriously? Why is any of this pointful? Who cares whether a student shows up for class? You either pass the test and can do the work, or you don’t and can’t. Nobody in the real world pays you to warm a seat. They pay you for the work you get done or the value you add. Some people add far more value in far fewer hours on-site than others; that’s life.
Given that you can have perfect attendance and still be a failure, or you can show up only for tests and still be an ace, the whole notion of enforcing attendance is broken. Ergo, we should be asking why this particular metric is useful and to whom. It certainly isn’t to ensure students’ success.
jbmartin6 • January 2, 2020 7:31 AM
Frankly these kids need to learn to turn off location services on their phone unless they really need it. The school’s use of beacons is just the tip of the iceberg and this is a good chance for the kids to learn something while at school.
mrc • January 2, 2020 7:37 AM
Having been a bored Teenager many decades ago, I would thoroughly expect all these systems to be hacked within weeks of the students arrivals.
Back in the 90’s it took all of 3 weeks for our fancy computer network with 2MB of personal storage and paid for internet access to become unlimited for everyone who wanted it.
There were at least 4 unrelated attacks from different groups
Shoulder surfing the PW
Brute force cracking the PW
Plugging own laptops into the network to access storage directly
Someone created a new Superadmin user
etc, etc.
Only got found out when the network stopped working repeatedly
I’ve got friends who run school networks now, and the kids are still just as inventive at getting into them, including the security cams and beacons to track each other and play back silly things that happened. On the Physical side sensors are always being smashed and cameras will have their lenses spray painted (Or the classic photo printout on a stick for the less destructive people)
Think • January 3, 2020 7:03 PM
The articles are opposing viewpoints bringing the issues of surveillance and hacking into an intersecting microcosm that mirrors some of the world’s issues as a whole.
Are we converging with China’s way of doing things – from an outside point of view this type of college monitoring system appears to be close to a subset of what a social credit system would monitor? China may do it to protect their oligarchy at the top – their ideological elite – for overall nearly absolute control.
In the United States, capitalist motivations ensure investment in human capital provides its promised return with minimization of investment lost or wasted.
The question becomes will conformity to external group standards destroy the creativity that outlier individuals bring to the table – those types of individuals that have the potential to change the status quo in yet undreamed of ways?
What past individual contributors to the advancement of the human species would have been stopped in their tracks because the nascent development of their future world changing ideas were in opposition to the established ideas were deemed wrong and deviant? Group control and groupthink through these programs may be selecting out the best minds and limiting creativity while silencing dissenting opinions and points of view.
Where would the lack of application of the lost creativity to ‘hack’ or to challenge accepted ideas lead a society – to stagnation and from stagnation to becoming a victim of another nation or group in the world that allowed their best and brightest some latitude and an environment to make mistakes, behave in a creative but sometimes unacceptable way and then may the next technologically disruptive discovery that not only enriches and benefits himself but his community and nation and eventually the people of the world.
This type of monitoring will provoke the feeling of ‘Electronic parents’ and will spark the native urge to rebel against unknown forms of control. Think 2 year olds and young teenagers. Rebellious 2 year olds are cute and discovering the world around them – rebellious youngsters are discovering new ideas and starting to define their place in the world – to learn what they will become.
Individuals with an inquisitive nature often evoke questions for the leadership around them based on limited knowledge and experience (later – done better with education and training, contemplation and experimentation) combined with personal dissatisfaction with the state of their environment; harboring a desire to make things better for yourself and later to do so for not just for yourself but for others.
In the extreme, any rebellious adults end up marginalized, jobless or without a future or worse – in prison or live their lives as criminals. Labeled as mutinous or treasonous for their actions. Upbringing and genetics constantly urge some to rebel against authority in an attempt to prove why they are correct in order to change the way things are done by altering processes or influencing the people that do. People that would have been pioneers or scientists, inventors or entrepreneurs.
Who are some of the stakeholders in this type of monitoring systems’ deployments?
The products installers will claim the educational systems – the school and students, the standard benefits to safety and security of the student body and staff and perhaps even the local public and business owners.
I would say the stakeholders better served would be the school’s endowment funds, the athletic and pro sports complexes, the banks (loaning money to students – expecting to be paid back) and even though most will not like the implications – all the entities that loan student’s money – both public and private – those that if the student fails – and doesn’t pay back the loan may become a public burden in costly social programs – when students never pay back the school loan – our country fails – society fails – we can no longer compete as we have to redirect our resources to supporting failure. There needs to be enough money to take care of the elderly (Social Security) and protect the public from itself (police) and foreign threats (Military).
College is currently so overpriced and costly due to easy access to credit and the many external institutions that want a piece of the action. Freddie Mac failed, Fannie Mac failed – we are still paying for that. Sallie Mae will fail as well. Perhaps monitoring programs like this will help catch those that would otherwise fail and keep them in the system long enough to become productive? There are currently millions of students that want the productive members of society to pay for their student loans but can’t, some have good reasons – many made bad choices, were led astray or were subject to excessive costs – but didn’t consider the consequences of preparing for a 40k a year job with little future combined with a six figure debt load. Others were swindled by ‘Art’ or ‘Technical’ schools with in house loan programs bordering on usury.
College Athletics and Pro Sports have lots of Money and marketing power – they are financing convenient ways to place many students in the surveillance catchment area via a kind of subsidy.
Why not add the teachers and administrators to the monitoring group to see if they are doing their job? Factor in attendance and testing metrics with future success at the college? This may not happen today, but graduates of these schools that will become future leaders will implement this type of program in the future – because it is what they know and what they think worked due to their experience. Some may even feel the need to control those that once controlled them.
I certainly would not want my grade affected because I opted out or didn’t have a cell phone or decided not to bring it.
It could happen –
Sensitive Data with its confidentiality, integrity and availability –
Who will ultimately end up with access to that and what use will they (future data owners) put it to?
Will this type of surveillance put your primary group of friends or contacts unnecessarily under a microscope?
Some smart students, US based and World based hackers will be able to penetrate these types of systems along with potential predators and formalized external based espionage programs.
It is certain that data about you will be combined by those institutions that want to know, “who you are.” Maybe not today, but when the company is no longer a viable entity, its data will have value and will be sold to another company or government.
Credit grantors and reputational analyzers will top the list of those interested in you and your data. Your ‘type’ may be so well understood at a young age that your future is already marked for you with no way to change or lead a productive life because of the label placed on your profile container.
** Poof ** you now have a social profile to go with your credit score and clandestine psych profile. UBEA systems will now be able to use all this collected data both for the good of society but also potentially against the creative individual – China is ahead of us and the way their public reacts will tell us over time what many of the consequences will be as they lead us in overt application of this type program.
Hacking systems like this – illegal and dangerous – will allow a few to cut their teeth on becoming skilled and creative in the security and potentially military OPS or private firms, other will consider them evasive and dangerous – targeted by protectors of the worlds status quo.
What would the new privacy law in California do to the legality of the type of monitoring and tracking?
https://hbr.org/2018/07/what-you-need-to-know-about-californias-new-data-privacy-law
However like some forms of life attack other life to live (considered disease agents from our point of view) – allowing itself continued existence and the ability to procreate, spread and mutate in order to assure its continued survival or the bodies’ defenses (or the medical field) eradicating the threat in order to assure life’s extension and better – the struggle will continue making both sides better, stronger and more resilient.
Note that billions of years of evolution have not yet solved this type of competition problem – so perhaps this give and take is the best type of metastable equilibrium that can be reached considering our current environment and resources – a symbiotic interconnected system were the eradication of one type of ‘threat’ may disrupt the system in such a way to make it vulnerable to collapse or attack by its loss.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Petre Peter • December 30, 2019 12:46 PM
At least the school has a privacy policy. Most of them don’t even bother with student privacy; they simply act like HR for the megacorps.