Suit: Pa. school spied on students via laptops (MERGED THREAD)

EMM1 · February 19, 2010, 5:39pm

The real and threatened litigation if generally more about discipline than grades–just as this case appears likely to be.

JHS · February 19, 2010, 5:45pm

I think in Lower Merion, there are lots of parents who either (a) own the law firm, or (b) already have the law firm on retainer, or (c) are partners with someone on the school board.

But litigation isn’t always the problem. A lot of the parents are very good at getting their own way. Right now, Harriton’s most prominent alum is probably Lawrence Summers. Imagine his parents. Imagine how smart they are (smarter than you). Imagine how well they tolerate fools (not well). Imagine their restraint and delicacy (you will have to imagine that, because you aren’t going to encounter it IRL). Which group of Harriton parents do you want to have a cage-match with? The old money or the new millionaires? The Penn CAS faculty, or Wharton faculty, or Law School faculty, or maybe the entire Medical School? The corporate lawyers or the hedge fund managers? The only thing that really saves the poor teachers and administrators is that all of the foregoing are constitutionally incapable of agreeing with one another, so most of their combativeness is directed at each other and not at the help.

cellardweller · February 19, 2010, 6:18pm

WebcamGate is now taking an entirely new dimension with criminal investigations being launched by the FBI and the Montgomery County DA.

This is going to blow up big time! The local communities are furious. It appears increasingly likely this was not an isolated incident. Many students are now reporting their webcams being remotely activated while at home.

[FBI</a> Launches Criminal Investigation into Webcam Spying: Source | NBC Philadelphia](<a href=“FBI Launches Criminal Investigation into Webcam Spying – NBC10 Philadelphia”>FBI Launches Criminal Investigation into Webcam Spying – NBC10 Philadelphia)

JHS · February 19, 2010, 6:36pm

The thing that would scare the bejeezus out of me if I were the superintendent is the possibility that the system had been hacked. I wonder how many 13-25 year-olds there are in Montgomery County capable of doing that? Dozens?

BCEagle91 · February 19, 2010, 7:12pm

Hacking by teenagers is usually accomplished with tools written by others.

These systems are Macs running Mac OS X so there are far fewer tools for hacking the system. The EFI on these systems is apparently locked down so you can’t do a boot of your own drive. You can’t install a new OS either. So this will prevent a lot of casual hackers.

Of course someone handy with a screwdriver could simply remove the computer’s hard drive and mount it on another system for examination. If the hard drive is encrypted, then it is likely unhackable but if it isn’t, then one could modify drivers and programs to defeat the remote security features. Someone could also just install their own hard drive and OS too - they cost around $60.

The interesting question is whether or not the admins could be hacked. One could attempt a social engineering hack. Say by creating an executable called smoking_weed. The admin might download it and run it on his own machine potentially allowing remote control or monitoring of the admin’s computer by a student.

Another potential weakness might be the passwords that they use to gain remote control access to a computer. They have 2,300 computers out there - do you think that they have a different password for every machine for the admin to get access? That’s a lot of post-it notes. If not, then find the password gives you access to all of them.

You can do quite a bit when you have physical access to the machine.

BCEagle91 · February 19, 2010, 7:15pm

It would be rather interesting to learn the name of the company that provides the security software. I imagine that they’re getting a few calls from corporate, government and school customers.

cellardweller · February 19, 2010, 7:22pm

It seems very unlikely there was any hacking involved. The software used is very robust and sold throughout the US. People looking into the computers have found no way to disable the remote monitoring software. There had been numerous reports by students to IT personnel of webcam “malfunctions” which were dismissed as ‘glitches’. If there were any hacking concerns they would certainly have looked into it. What I would worry about are overzealous IT personnel wiping out the logs of all the remote accesses. The FBI investigation may have been triggered to prevent any tampering with evidence on school servers.

Greta · February 19, 2010, 7:26pm

My apologies if someone has already posted this, but I don’t think you have and it does seem to be a key point made by a district spokesman:

No attorneys in this house, but that has got to be pretty damning for the school district.

BCEagle91 · February 19, 2010, 7:29pm

They didn’t try very hard.

1) Open computer
2) Remove hard disk and put it in a USB enclosure
3) Clone another Mac disk onto the disk
4) Put the cloned disk back in the Mac

If you want to disable the webcam and mike, open it up and snip the wires on the devices.

Psystar was able to hack the Apple EFI and I found a program on the web to reset EFI passwords.

cluelessdad · February 19, 2010, 8:52pm

BCEagle, very impressed by your computer savvy. But should the average family (upper class or not) be expected to have these skills, or be expected to anticipate the need to apply them?

As to the omnipotence of “Lower Merion” parents as litigation bullies, the answer is move your kid to private school pronto – the last thing they are going to do is name Johnny in a public lawsuit. And yeah, I’ll take a cage fight with any of them. Ask Harvard’s endowment how “brilliant” Larry Summers is. If the Lower Merion admin kowtows to bullies, what a silly school district that is, regardless of reputation.

BCEagle91 · February 19, 2010, 9:04pm

You can find video instructions on cloning and replacing a hard drive on YouTube. If you need more help or handholding, you can go to one of the many Mac forums.

I upgraded the memory on my Mac a while ago and just followed the directions on a YouTube video.

EMM1 · February 19, 2010, 9:48pm

“If the Lower Merion admin kowtows to bullies, what a silly school district that is, regardless of reputation.”

Agree 100%. That’s why I think that if this lawsuit is an attempt at intimidation, they should go nuclear on the plaintiffs.

cluelessdad · February 19, 2010, 10:18pm

EMM, we agree, depending on the IF

But IF the school district overstepped, it should face the consequences as well.

EMM1 · February 19, 2010, 11:01pm

It appears we have more common ground than it seemed at first.

roshke · February 19, 2010, 11:46pm

I agree that this is the crux of the thing. Local news just had the kid and father on TV. They are claiming that the laptop was not reported stolen, that the webcam was activated regardless, and that the kid was subsequently accused of taking drugs ( which he claims was really Mike and Ike’s candy which he loves). This would appear to be in direct contradiction to what the school district is saying (that the webcam tracking feature was ONLY activated in the case of a lost or stolen laptop).

BunsenBurner · February 20, 2010, 12:14am

“It seems very unlikely there was any hacking involved. The software used is very robust and sold throughout the US. People looking into the computers have found no way to disable the remote monitoring software.”

Can’t disable the software? Disable the device. Not exactly an elegant solution compared to the ones that BC describes, but a piece of non-transparent tape over the cam and a wad of gum over the mike will do the trick! :)

Naturally · February 20, 2010, 12:15am

Am I the only one dubious about how these webcams would help find a stolen laptop to begin with? Were they expecting miscreants to loudly comment, “It sure is great to be Mr. John Doe, laptop thief, living at 326 Oak Lane!” at random intervals? Put a GPS chip in it instead.

BunsenBurner · February 20, 2010, 12:24am

Naturally, that’s what I’m saying - a simple band-aid over the cam while the computer is being hacked into or scanned for passwords and credit card numbers will make such video capturing software useless.

Iglooo · February 20, 2010, 8:33am

Some kids were doing just that, covered the camera with a piece of paper while using the computer. There were wide spread rumors that they may spy on you.

Booklady · February 20, 2010, 9:42am

Here’s the latest from the school district:

Update from Dr. McGinley regarding high school student laptop security - 2/19/10

Updated 2/19/10

10:00 PM

Dear LMSD Parents/Guardians,   

Yesterday I reported to you on the early phases of the school district’s response to questions raised about the security-tracking software feature that was installed on student laptop computers. While we were able to address many of your initial questions and concerns, I regret we were not immediately in a position to answer all of your questions. Our goal is to be as open as possible, while preserving student privacy, and ensure that over time we have answered to your satisfaction every question about this situation and the broader issue of technology and privacy. 

We are a school district that embraces the use of leading-edge technology in our instructional program, encourages all forms of free expression, and must do everything possible to safeguard individual privacy. For these and other reasons, this matter is of the highest importance. In this regard, we have retained the services of Henry E. Hockeimer, Jr., Esq., a local attorney and former federal prosecutor, to assist in our comprehensive review of relevant policies and past practices, as well as assist us in implementing appropriate improvements. 

Despite some reports to the contrary, be assured that the security-tracking software has been completely disabled. As I noted yesterday, this feature was limited to taking a still image of the computer user and an image of the desktop in order to help locate the reported missing, lost, or stolen computer (this includes tracking down a loaner computer that, against regulations, might be taken off campus). While we understand the concerns, in every one of the fewer than 50 instances in which the tracking software was used this school year, its sole purpose was to try to track down and locate a student’s computer. Before answering additional questions below, it is important to clear up the matter of notice to students and parents of the existence of the security software. While certain rules for laptop use were spelled out - such as prohibitive uses on and off school property - there was no explicit notification that the laptop contained the security software. This notice should have been given and we regret that was not done. 

Once again, we regret this situation has been a source of concern and disruption, and trust that we will soon have stronger privacy policies in place as a result of the lessons learned and our comprehensive review that is now underway. If you have any questions or concerns, please email us at <a href="mailto:info@lmsd.org">info@lmsd.org</a>. Additional information has been posted on our website, [LMSD</a> | Welcome to the Lower Merion School District](<a href=“http://www.lmsd.org%5DLMSD”>http://www.lmsd.org). 

Thank you for your time and attention. 

Sincerely, 

Dr. Christopher W. McGinley  

Superintendent of Schools  

Lower Merion School District 

<hr>

Questions & Answers 

Updated February 19, 2010 

<ol>
<li>Did an assistant principal at Harriton ever have the ability to remotely monitor a student at home? Did she utilize a photo taken by a school-issued laptop to discipline a student?</li>
</ol>

<pre><code>* No. At no time did any high school administrator have the ability or actually access the security- tracking software. We believe that the administrator at Harriton has been unfairly portrayed and unjustly attacked in connection with her attempts to be supportive of a student and his family. The district never did and never would use such tactics as a basis for disciplinary action.
</code></pre>

<ol>
<li>How were the decisions made to develop the original security plan? Were there/are there safeguards in place to ensure student privacy with regard to use of the security application?</li>
</ol>

<pre><code>* Concerned about the security of district-owned and issued laptops, the security plan was developed by the technology department to give the District the ability to recover lost, stolen or missing student laptops. This included tracking loaner laptops that may, against regulations, have been taken off campus.

Only two members of the technology department could access the security feature.
</code></pre>

<ol>
<li>Were students and families explicitly told about the laptop security system?</li>
</ol>

<pre><code>* No. There was no formal notice given to students or their families. The functionality and intended use of the security feature should have been communicated clearly to students and families.
</code></pre>

<ol>
<li>How many thefts have there been? How many times was the system used? What have been the results in terms of recovery of computers?</li>
</ol>

<pre><code>* During the 2009-10 school year, 42 laptops were reported lost, stolen or missing and the tracking software was activated by the technology department in each instance. A total of 18 laptops were found or recovered. This number (18) is an updated number given the information we have compiled today.
</code></pre>

<ol>
<li>What was the total cost of implementation of the laptop program?</li>
</ol>

<pre><code>* The approximate cost of each laptop is $1,000 and during the two years of the program, there were 2,620 laptops purchased.
</code></pre>

<ol>
<li>How was funding obtained for the laptop program?</li>
</ol>

<pre><code>* Laptops were purchased using a combination of district funds and and Classrooms for the Future grants.
</code></pre>

<ol>
<li>When was the district notified of the allegations contained in the lawsuit?</li>
</ol>

<pre><code>* The district learned of the allegations Thursday, February 18th. No complaints were received prior to this date. The district’s initial response was posted on the district webpage and communicated to students and parents the same day. The district will not be commenting on the specifics of the plaintiff’s complaint, however, outside the legal process.
</code></pre>

<ol>
<li>In the future, will students be required to use district issued laptops?</li>
</ol>

<pre><code>* The district believes students received significant benefit from the one-to-one laptop program and has no intention of discontinuing the program.
</code></pre>

<ol>
<li>Is remote access activity by the district logged?</li>
</ol>

<pre><code>* Yes. There is a log entry for every instance of the security feature activation. The logs will be reviewed as part of the special review conducted under the direction of special outside counsel.
</code></pre>

<ol>
<li>Can parents return currently issued laptops to the district at this time?</li>
</ol>

<pre><code>* They can, but we note that the laptops are an integral component of the educational program in the district. The security feature has been deactivated and there is no reason to be concerned about the use of the laptop on campus or at home.
</code></pre>

<ol>
<li>Did the district remotely access any laptops which were not lost, missing or stolen?</li>
</ol>

<pre><code>* No.
</code></pre>

<ol>
<li>Are students allowed to cover the camera on their school issued laptops with tape?</li>
</ol>

<pre><code>* Yes. There is no requirement that a student use the camera’s standard webcam feature.
</code></pre>

FAQs Posted February 18

<ol>
<li>Why are webcams installed on student laptops?</li>
</ol>

<pre><code>* The Apple computers that the District provides to students come equipped with webcams and students are free to utilize this feature for educational purposes.
</code></pre>

<ol>
<li>Why was the remote tracking-security feature installed?</li>
</ol>

<pre><code>* Laptops are a frequent target for theft in schools and off school property. The security feature was installed to help locate a laptop in the event it was reported lost, missing or stolen so that the laptop could be returned to the student.
</code></pre>

<ol>
<li>How did the security feature work?</li>
</ol>

<pre><code>* Upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the District’s security and technology departments. The tracking-security feature was limited to taking a still image of the operator and the operator’s screen. This feature has only been used for the limited purpose of locating a lost, stolen or missing laptop. The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever.
</code></pre>

<ol>
<li>Do you anticipate reactivating the tracking-security feature?</li>
</ol>

<pre><code>* Not without express written notification to all students and families.

</code></pre>

[LMSD</a> | LMHS | Announcements](<a href=“http://lmsd.org/sections/schools/default.php?m=&t=lmhs&p=lmhs_today_anno&id=1143]LMSD”>http://lmsd.org/sections/schools/default.php?m=&t=lmhs&p=lmhs_today_anno&id=1143)

Thread		Replies	Views
Lower Merion (PA) School District SpyCam Case Update Parents Forum	6	54	April 14, 2021
Lower Merion High School Spycam Parents Forum	6	113	April 14, 2021
Feds: No charges in Pa. school laptop-spying case Parents Forum	9	39	April 14, 2021
School issued laptops used to spy on students. High School Life	14	50	April 16, 2021
School District webcam spying: over 56000 pictures captured Parents Forum	3	50	April 14, 2021

Suit: Pa. school spied on students via laptops (MERGED THREAD)

POPULAR STATES

SEARCH SAT SCORES

SEARCH ACT SCORES

SEARCH GPA’S

Suit: Pa. school spied on students via laptops (MERGED THREAD)

Related topics

POPULAR STATES

SEARCH SAT SCORES

SEARCH ACT SCORES

SEARCH GPA’S

CONNECT WITH US