Q. What do you call an IT admin for 20-plus young children? A. A teacher
It doesn't help that we try to give kids grown-up protections, like memorizing long passphrases
Usenix Engima Protecting students' privacy – from securing their personal information to safeguarding their schoolwork – is a challenge for schools and software developers, apparently.
Alex Smolen, engineering manager for infrastructure and security at school management software maker Clever, told the 2019 Usenix Enigma conference in San Francisco on Monday that his company has unearthed a host of problems facing students, their parents, and their teachers, when it comes to handling and protecting pupil information.
Students and schools are, after all, a lucrative goldmine for data harvesters and brokers. Smolen noted that even with data protection laws in place specifically for children, everyone from university admission departments to recruiters and marketing companies are eager to get stats on things such as student ethnicity and family income data for school districts.
This all adds up to a minefield for schools and educational software developers who try to protect student data and children's privacy with online services.
Part of the problem, said Smolen, is down to the differences between children and adults. Children are still developing parts of the brain that handle risk and consequences. This makes things like warning dialogues and opt in or opt out choices far less effective, even when the dialogues are aimed at parents.
"We give them our adult defenses," Smolen said. "Even software designed for children inherits the security and privacy problems of the one size fits all internet."
Critical infrastructure needs more 21qs6Q#S$, less P@ssw0rd, UK.gov security committee toldREAD MORE
Even something as simple as passwords can be a problem. Young students, for example, cannot be expected to remember and enter a password. This has forced Smolen to look at other methods. For example, Clever uses QR codes that kids can carry on student badges, and then scan to log in to a machine.
That doesn't solve every issue, however. Smolen said that overworked teachers and underfunded schools can also pose a problem. A teacher, for example, will essentially have to serve as an administrator for 20 or more students in a class, collecting tablets, making sure students are logged off, and so on. Simply forgetting to log out of a tablet could lead to students' classwork or data being shared with others.
Parental consent can also be tricky, as schools are hardly equipped to create the proper mechanisms to get consent.
"Making sure that works seamlessly can be tricky," Smolen said, "because schools are often troubled with basic IT tasks, let alone complicated portals for parents to opt in opt out."
Ultimately, Smolen says, developers and schools will need to take a different approach to handling student data. Ideally, going forward developers will make security and privacy systems that are both easy for kids to understand and simple for teachers and parents to set up and manage.
In the meantime, however, trying to protect student data is going to be a tall order. ®
Sponsored: Becoming a Pragmatic Security Leader