Schneier on Security
A blog covering security and security technology.
« NSA Historical Documents |
| Small Planes and Lone Terrorist Nutcases »
February 24, 2010
Remotely Spying on Kids with School Laptops
It's a really creepy story. A school issues laptops to students, and then remotely and surreptitiously turns on the camera. (Here's the lawsuit.)
This is an excellent technical investigation of what actually happened.
This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the toolchain used to accomplish spying. Taking a look at the LMSD Staff List, Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large online web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon.
Posted on February 24, 2010 at 1:56 PM
• 111 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
That's why cameras on computers should have a LED controlled by the hardware to indicate that they are recording.
this story just gets better and better, I finally posted about it on my blog yesterday because of the wealth of news this is generating.
one of his posts details a script he wrote that makes the camera to appear shut down to user applications such as Photo Booth but still function via remote administration: "what this does is prevent internal use of the iSight, but some utilities might still work (for instance an external application using it for Theft tracking"
And if the LED is disconnected or disabled?
check out the post here: http://strydehax.blogspot.com/2010/02/...
it sounds like the script he wrote, that I just commented about above, makes it appear that the cam is off (I suspect it just represses the light from turning on...)
source code anyone? ;)
Are we sure the name isn't Mike Perbert?
Wat: They do. They were given macbooks which have a green light. Apparently the students were told it was a glitch.
"..detention hall today will be in Classroom 101. Please bring an alphabetical list of your worst fears..."
Personally, if I ever got a laptop for my kids from the school, the first thing I would do is reach into my vast arsenal of duct tape and gaffer tape for a highly effective lens cap.
There's a whole plethora of issues -- such as:
1) if there is inappropriate photos on the servers from recording?
2) If there is video/photos of the members of the family in inappropriate situations?
3) If the storage of the data is secured properly? (imagine if that storage -- and yes, I believe there is -- is hacked and copied offsite)
And the list goes on.
According to an article about this linked on slashdot the other day, the lights did go on and when students asked about it they were essentially told "nothing to see here, move along". Supposedly some students were suspicious and covered the lenses with tape. I'll find the link to that article when I get a chance.
Couldn't you make the same argument about "not blocking the camera's point of view" with duct-tape? You wouldn't be preventing the camera from operating, just only letting it see tape...
Anyways, I think getting in trouble for blocking the camera would be a good thing. It'd give you notice that they were indeed viewing the cameras remotely.
This has been covered a lot on Slashdot since the story broke. The FBI is now investigating, and a judge has ordered the school district not to destroy evidence. They will probably get hit with wiretapping and child porn laws (e.g. if even one student was captured as they undressed in their room with the laptop open on the floor, then whoever authorized this is potentially guilty of conspiracy to produce child porn).
I hope they throw the book at them, because this kind of behavior by school officials is utterly unacceptable in a civilized society. Whoever did this decided to remotely spy on teenage kids in their own homes without their consent. Those who knew about it, authorized it or carried it out deserve to be fired and thrown in jail for a few years. They apparently accused a kid of doing (or dealing) drugs *in his own home*, and as "proof" they showed him a photo taken by his laptop without his knowledge or consent. (The kid claims he was eating Mike and Ike's, a kind of colorful candy with a shape similar to a gel-cap pill.)
At least (according to the blog) the guy is keeping the kids off of chatroulette... :P
Really, this scenario could extend to any corporate laptop running a remote administration backdoor whether or not it directly supports camera functions... Still, off property = way out of bounds.
I'm not really sure what he is trying to accomplish there. He seems to be hashing a "password" and comparing the result with a stored result. I guess for the purpose of making sure that the passwords didn't change? Not terribly revolutionary at all but I really don't see a purpose. What system is he working with that stores passwords in plaintext that needs to be protected, and needs to have an administrator check that the password did not mysteriously change? Baffling.
Despite my longstanding distaste for the mob-like zeal with which middle America prosecutes them, I'm glad this happened amidst the Child Porn Witch Trials of the New Millennium.
At least now, alongside all of the high-school kids caught 'sexting' each other consensually, the list of registered sex offenders in the area will now include an entire district's worth of school administrators.
That ought to balance things out! Hell, might as well throw everyone residing in the district on it too, just to be safe.
A very good reason not to have a laptop with a built in camera.
I can see gaffer tape becoming very popular amongst students...
I'm thinking of marketing web-cam-sized dots of duct tape printed with "Expel This!"
I don't understand why everyone is so quick to jump on this sys admin?
The guy is tasked with tracking and maintaining 2,300 district owned Macbook computers. To accomplish this he uses a commercial product called LanREV which is like an Apple Remote Desktop on steroids. I'm going to guess he was told to do this by his supervisors.
As of right now there is no evidence that this guy acted alone or overstepped his bounds as the person responsible for the upkeep, maintenance and administration of these machines and the school network.
Now if it turns out the whole snapping pictures randomly after school hours WAS his idea then he's got some explaining to do.
But monitoring and safeguarding these school owned machines against forbidden use 24/7 isn't some crime. There's nothing forcing the students to use the computers at home. They can do whatever they want on a computer their parents buy them other than bring it to school.
Wow, yall haven't been to school in a long time have you? This camera thing is not surprising at all...
Schools already search bags, lockers, laptops, phones, instant messages, notes inside books, personal notes, facebook notes, myspace notes, cars, trucks, use metal detectors, conduct blood test, urine test, report inflammatory essays, make list of troublemakers, etc...
But it is okay because it's all for the childrens own good.
So it's okay as long as he was just following orders?
In all seriousness though, Michael Perbix should burn for this, guilty of a crime on the books or not.
This was (seemingly) his brain child, and due largely to how he has publicly discussed the technology and his involvement in it, I have no doubt in my mind that remotely viewing high school kids in their homes without their knowledge or consent is *exactly* what he intended to use this program for.
I mean really. A thief stealing a laptop with an iSight does not need to be fooled into believing the camera is disabled. A student concerned about privacy with regards to his/her school-issued computer equipment seems to be the only reasonable target for such a subversive feature.
@moo: Child pornography laws vary by state, and simply getting undressed in front of the camera won't constitute it in all states. On the other hand, I'd be awfully surprised if a good collection of such shots didn't have underage identifiable teens doing sexual things, and that is CP pretty much anywhere you go.
What I'd really like to know is what chain of reasoning and discussion took place to set up this 1984 visiscreen project, and whether anybody actually suggested it might cause problems. Sometimes I find gross stupidity on the part of institutions fascinating.
Everyone is jumping on him because, unlike other people that may have been involved, we _know_ he was. He is also a tech guy and tech guys (us) expect other tech guys (him) to know "grossly unethical, and no doubt illegal" when they see it. Particularly when it comes to topics like privacy and rights online. "Just following orders" has not been a legitimate excuse in the public eye since the late 40's.
This man, as well as all others that are eventually found to be involved, deserve the worst the legal system can throw at them. Hopefully we can get some really excellent legal precident in the defense of underage students at the same time, it's been lacking for far too long.
"I hope they throw the book at them, because this kind of behavior by school officials..."
Well, if it goes anything like it did in a local school here (where they found evidence of school officials ordering a tech support type to alter test grades in the database), the "officials" involved will be reassigned/allowed to "retire", while the tech support type will be prosecuted for some sort of felony.
"I don't understand why everyone is so quick to jump on this sys admin?"
Um, same reason I'd personally punch the living #@$% out of the guy who pulled the gas release valve at Auschwitz every hour or so, cause he was just 'following orders'.
They should have known better.
oh great... Godwin's law... (runs away)
If the administrators at this school are anything like the ones who ran my high school, they don't know a computer from a hole in the ground, and the IT guy would have to walk them through everything. There's no way the IT guy set this up for theft monitoring and then the administrators went and used it to spy on students in their homes behind his back. They explicitly asked him about this, and he complied. It may not be good enough for the courts (although it sounds like there will be plenty of evidence for all to see by the time this is done) but it's good enough for me.
It would be one thing if the camera were only used after a laptop was reported missing, to try to recover it. But the school got a picture of a kid eating candy, mistook the candy for drugs and tried to discipline him for drug use, even though he was at home and not on campus at the time.
So those of you defending the school by claiming that it was about laptop theft, you're wrong. Theft might have been the justification for having the feature in the first place, but once they had the tool, they used the tool in inappropriate ways.
I agree with Adam Turetzky for the most part. LanRev looks like and overglorified version of Apple Remote Desktop Server, which can be scripted to allow for more or less surreptitious snooping of any mac console that it is administering. Teachers will actually request that feature. The only shady things I see is still the original camera snoop thing and the spying at home thing. Which the Stryde Hax post only discusses in the context of his biased ignorance about in loco parentis applied to educational institutions serving underage children.
There is definitely a trail littered across forums that shows this guy moved this along in the school. He talks a lot about VNC too.
I worked as a tech in a large urban school district a ways back. They were very informal about what they do in contrast to corporate environments. And he's very likely one of the more knowledgeable and ambitious on staff. In other words, there are a lot of duds working those tech jobs.
I would wager that this story will reveal that much of what he has been up to was unknown to his supervisors. He's a magician to them. Many will be skeptical of such claims and call him a sacrificial lamb. Not me.
The lid is off everything this guy has been up to by now. Think about that. The FBI probably confiscated all of that equipment he posted pictures about on his blog. He was an amateur video producer. If he dabbled in porn in any way, they'll hang the guy.
So I do expect this to be a witch hunt and he will indeed be a sacrificial lamb not for the crimes of his supervisors but for the crimes of overzealous public schools. ...And I've just talked myself into feeling a bit guilty about getting my kicks in.
He doesn't seem like a rotten guy. He seems to be someone who hasn't thought through the ethics of his actions (nor his security coding ideas). But as others described here, there is a fascist tendency that has overtaken our schools. Maybe when the ethics bar is so low, and when every encroachment is justified with an emergency (derangement) mentality it's harder to see that this is wrong.
Take the tendency to see students as troublesome entities who need to be controlled, and add in fear of lawsuits. The district is probably terrified about being found liable if any of the students manage to do something even mildly naughty using their district-supplied computers.
I don't know, it's obviously a common occurrance, feature/function/mission creep, but if you really delve into what the sys admin has already stated publicly, prior to the lawsuit, it really looks as though that was the intended purpose from the start. Whether his personal choice or an order from the administration, both parties should be held accountable, and to the highest possible degree.
Not to mention that, simply leaving out the remote iSight/Desktop viewing functionality can hardly be seen as detrimental to locating a stolen laptop, since the network information / IP / location alone seems to be all that is truly necessary here, and all that was needed to track down previous laptops.
But what am I saying, the defense that it was used/intended to recover stolen laptops is already so full of holes that there isn't much solid area left to poke new ones in.
"He doesn't seem like a rotten guy"
Gacy didn't 'seem like a rotten guy' either.
Nor did the perpetrators of countless other terrible crimes against humanity.
To me, a person who, knowingly, not only implemented, but administrated, a system this pervasive in a high school setting, on computers assigned to individual students for use on or off school property, is a 'rotten guy'.
"The district is probably terrified about being found liable if any of the students manage to do something even mildly naughty using their district-supplied computers"
If that were the case, it's highly unlikely they would opt to receive copies of even 'mildly naughty' imagery from the machines, since a fear of lawsuits could only increase exponentially when one is actually in possession of sexually explicit imagery involving minors. Doubly so (at least in my mind) if that imagery was obtained without the knowledge or consent of the person photographed/recorded.
Based on reading his posts. Gacy huh? At least you didn't mention Hitler.
Perhaps it's the same urge for you to presume guilt that inspires these school officials to themselves go to extremes.
Take a breath.
I'll wager that this started in labs to watch if kids were doing their assignments rather than messing around online. Obviously when it wound up being used against a kid eating candy in his home it went too far.
Once that happened Perbez could have proven what an exceptional guy he was by blowing the whistle. But most people aren't exceptional right? So I don't think this guy should be lynched by an angry mob just for not being an exceptional guy.
But I suppose you're right. I'm sure the conversation was something like this:
B: Hello Mike.
M: What is thy bidding my master?
B: We have not done enough evil to kids. I need you to ratchet up our perverse obsession with controlling them. Only this will complete our evil plan to destroy all of the district's children.
M: [smiling] I think I've got an idea.....
Of course I do expect that there could be some seriously inappropriate abuse of such a setup. We don't know that yet and I see nothing in his words to suggest that this was happening. I do see the notion that he was protecting kids.
And no, I don't at all condone the method no more than I do the intrusions that the US government has made into the lives of citizens in the name of protecting us.
This makes me think about Cliff Stoll's 1999 argument against school laptops. The school is expecting them to be stolen. Completely aside from the student's privacy, how physically safe is a kid when she's walking around with a thousand dollar MacBook in her backpack?
I have one recomendation for my friends with kids when they ask. NO WEB CAMERA in the bedroom.
One girl's mother in interviews of this drek said "But mom I do everything in front of the computer, undress EVERYTHING."
(granted something we all do these days whether with our person or not.)
The potential for abuse alone should have raised humongous red flags for the schools lawyers (if they were even asked).
If the students knew the camera LED was blinking and that someone might be watching, why not simply put a little sticker on it?
This is likely the solution to most of these problems. Leave the sticker on there unless you need to use the camera.
So how many other districts are doing this?
The tech part of this isn't that difficult, and if you are in charge of setting up the laptops and you clone them all from a master, it wouldn't be that difficult to get it onto a few thousand of them.
Not completely unlike the part of the storyline in Cory Doctorow's novel Little Brother...
It's funny how respect for civil liberties and privacy suddenly returns when we are talking about little kids; but it's somehow still ok for the DHS/FBI/CIA/NSA/Joe Fed Stalker Du Jour to sniff our network traffic, tap our phones, do sneak and peeks, and perform other forms of what should be illegal domestic surveillance.
I would wager there are a lot of districts doing this and they are likely having emergency meetings on the subject. A LOT.
I'm making calls to my old contacts to get a feel locally just for curiosity.
If any student were caught nekkid, it would be child porn. Stupidly, if the camera caught a picture of a drawing of two children having sex, it would be child porn.
Anyone using the laptop at that point (because the pic is stored on the HD), the admin in question, and anyone the admin showed or emailed the picture to could then be brought up on charges and labeled a pedophile for life.
"If the students knew the camera LED was blinking and that someone might be watching, why not simply put a little sticker on it?"
Most only knew the LED was blinking and didn't make the second assumption. Since they've probably already learned that computers are mysterious things that crash for no reason sometimes, "it's just a glitch" would have sounded totally believable.
"If that [fear of lawsuits] were the case, it's highly unlikely they would opt to receive copies of even 'mildly naughty' imagery from the machines"
Sure they would! Because it wouldn't have occurred to them that they could be seen as just another group of filthy criminals, when they were too busy thinking about protecting the district, the laptops, and the students themselves from the students.
Well, we'll just have to agree to disagree. I think it's a matter of liklihood that a "make-up" mirror could be resting on a desk and turned the wrong way (it doesn't have to go directly toward the camera, just thought that would be funny :) ).
This whole situatoin just is insane anyway.
@Joe Buck: This school had questionable practices all around, even apart from the spying issue. Theft tracking is justifiable on the surface, but their implementation of the policy leaves a lot to be desired. In one case school officials tracked a stolen laptop to a house and did not find the thief they expected, because the actual thief was in a neighboring house piggybacking on wifi. Question is, why did school officials go to the house to recover stolen property? This should have been delegated to local law enforcement.
@derf: Pictures taken by the camera were only kept long enough to send them to the central server, then immediately removed from the local disk.
@Tim!: "Pictures taken by the camera were only kept long enough to send them to the central server, then immediately removed from the local disk."
And you know this, exactly how?
I've been following this pretty closely since it broke about a week ago and yours is the first opinion I've seen anywhere that it worked that way. Sources, please?
This is almost unbelievable. I'm actually feeling nauseous.
@GL, you should read some of the policy points for this laptop program, it would give you the willies. For one, using any but an issued laptop would result in seizure of the offending laptop and suspension of the student. Disabling or inhibiting functionality would result in suspension. I read this on the district web site a few days ago. Really scary stuff.
Supposedly the remote camera activation was only to be done to laptops that had been reported lost or stolen, but the parents, student and their lawyer(s) have categorically denied the laptop at the center of the controversy was lost, stolen or reported lost or stolen.
Clarification: "...using any but an issued laptop AT SCHOOL would result in seizure of the offending laptop and suspension of the student."
Those with money, will just use an alternative computer at home, save the work and then transfer it to the spy box, in the home/bedroom/kitchen and then take it down to spy school.
From what I read, it seemed some of the students knew about it and even covered the camera at times to prevent being photographed. I can't see anything worse that people surrendering their privacy (and knowing about it to a certain degree) to use a computer.
All built-in web cameras should be required to include an non-detachable lens cover that has to manually be opened in order to use the camera, and on laptops it should automatically engage in the closed position when the laptop is closed/opened.
Anyway, this is not a panacea, but the IEEE Code of Ethics is a good place for IT people to start when considering any such technology "upgrade" for their employers: http://www.ieee.org/portal/pages/iportals/...
Don't forgot microphones! Even my ancient laptop has one.
The stupid in these comments is strong.
(1) The child does not need to be naked for a picture to constitute child porn. See, for example, US. vs Knox (1994). The governing standard is whether the picture is lascivious (not whether it is obscene). The absence or presence of clothing or the amount of clothing is irrelevant.
(2) Second, under US. vs Bowers (2010) child pornography is by definition a federal crime because the market for child pornography is "national in scope". Thus federal and not state law applies, which is one of the reasons the FBI is involved.
"Don't forgot microphones! Even my ancient laptop has one."
btw, of all the thousands of readers here, was I the *only* one who thought this worthy of sending to Bruce? ... Not looking for a back-pat or anything, just thought that this particular crowd would have jumped on this Internet story like flies on the s*it that it is.
Kids, just power down the laptop when not in use! (close the lid, put it in the box) ... and showering, dressing/un, having sex, etc. are "not in use" for the computer.
@Tim!: Pictures taken by the camera were only kept long enough to send them to the central server, then immediately removed from the local disk.
Maybe yes, maybe no. But if FBI computer forensics folk are involved they may recover deleted images well enough to give Mike P. lifetime 'registered sex offender' status. One can hope if school administrator(s) cooked up this idea Mike will rat them out.
It is difficult to look through the hype and hysteria to see,
1, What was supposed to happen.
2, What actually happened.
3, What may have happened.
4, What could have happened.
With regards (1) The official position appears to be that it was "part of" an anti-theft program.
However that is contradicted by the fact that the school accused a child of taking illegal substances infront of the computer.
So the school cannot maintain "officialy" that it is "only" an anti theft device.
So it appears that at the very least (2) involved an intermitant active feed that was permanatly enabled.
This appears to be confirmed by other children reporting itermitant activation of the camera operating LED. Thus the school would find it hard to argue that it was an "unknown fault". Likewise the technicians involved would have been aware of the server hard disk filling up and the loss of inbound bandwidth (unless of course they wish to argue they where not doing a basic and expected task).
Further it could be shown that the server and the firewall etc would have to have been specifficaly set up to do this activity and should as it uses publicly funded resources have been subject to appropriate oversight and adminastrative procedures.
The schools legal team could argue (and probably will) that this might be the only oportunity to catch the "theft in progress". And that for it to have a chance to do this then this could not be reveled to the children or the parents etc etc.
However I would assum that for a complaint to be raised against the child for aleged substance abuse the evidence (ie the picture etc) must have been seen at the more senior levels of school managment. Thus they cannot argue they where in ignorance of how the system was set up to operate.
Thus nor can the senior managment at the school say that the anti theft function had malfunctioned or acted against their specific instructions, because somebody would have had to have been activly looking at the pictures to see the child was consuming something within sight of the camera.
Likewise nor can the schools senior managers say they where not aware of the fact that children where under view in their homes, with a high degree of probability in their bedrooms whilst potentialy in a state of undress.
This is because just about every report on "personal computer" use by children has the computer in the childs bedroom where they can supposadly have the peace and quiet away from the rest of the family to do their home work, further most "environmental behaviour reports" show PC's are left on.
So with regards (3) what we can guess something like the majority of the schools pupils issued with laptops have been subject to survalence where there is a reasonable probability that they where photographed in a state of being semi dressed and that these photographs where sent across a publicaly accessable network, into the schools network.
Further there was a conspiracy amongst the schools senior managmet to enforce this activity onto the children (as shown by the usage policy). Further it can be shown that the usage policy actually endangered the pupils by requiring them to regularly carry expensive equipment that would make them a target for naredowells (otherwise why have an anti theft system in the first place).
However I think it can also be said it does not preclude the being connected either (otherwise why bother with this anti theft system).
So the question arises of reasonable expectation of connection to the Internet. If a look at the school curiculum and method of posting asignments by teachers and the way students are expected to get at course work and hand in work effectivly mandates the pupil to connect the computer outside of the school premises and time to partake of or compleate the course then a whole host of other issues arise.
One of which is theft by the school. If they effectivly mandate connection of the school issued computer to the Internet and then take control of it or set it up so it automaticaly sends data etc then unless specificaly mentioned in the TOU then it can be argued that the school is deriving benifit without due recognition or recompense (effectivly theft of resources electricity/bandwidth/etc).
Now as the school managment might argue that it is an anti theft device which arguably can only work by remaining secret and thus it could not go in the TOU then they should include something in the TOU to cover it indirectly (look at your cell phone contract to see "network managment" clauses etc).
However if you can show that senior managment where complicit in this system (and I think it likley that you can) and that a the use of it was likly to commit a crime (theft of resources) then you have conspiracy.
But worse for the senior managment with only a little more effort you might be able to go for "malfeasence in public office". This is a very old piece of English law (over 1000years old) and thus does not have mandatory limits on sentancing.
Thus as the US effectively imported whole sale English law the same may apply.
Thus the senior school managment and board of governers and all others who can be shown to have attended meetings at where this anti-theft system was discussed could be looking at life behind bars.
Further if the parents of all the children who had had a school laptop got together then they could potentialy start a class action.
Now the school has a significant problem here to minimise the damages they would have to show that there was minimal potential for the children their friends or their families to suffer future harm from the schools activities.
Unfortunatly for the school they probably cannot, the chances are the pictures where only encoded not encrypted, and even if encrypted it would most likley have been under a comman key, which in all likleyhood would have been stored as plaintext on the laptops...
Now the issue then arises of what constitutes future harm. Potentialy any of those pictures of students may contain images of a personal or private nature. Thus have the potential to be used for the purposes of coercion either of the individual or others relating to the individual (think blackmail or smear campaigns).
Now the question then arises how could such pictures become available to individuals wishing to do so.
Well there are three easy ways for this.
1, A member of the school staff retains copies of all the pictures.
2, A hard disk or backup tape containing some or all the images gets "lost"
3, Somebody who has copies of some or all of the pictures for their own personal gratification sells them on to others.
Why have I shown 1&3 seperatly, well there is a very reasonable probability that due to the number of machines involved that others may well have become aware of what was going on. Not all of whom would be inside the school. There is a reasonable chance that when known a person will do one of four things ignore it, talk about it, complain about it or take advantage of it for their own personal benifit.
I think it takes little imagination to see the value of images of children of this age range in their bedrooms at times they are compleatly ungaurded.
The magnitude of the potential of this is very large. Unfortunatly from what I here of goings on in the US I think it is likley it will be squashed down from a very senior political level as "not in the public interest" and by simple down and dirty blackmail of failing students of parents who take action, then coercing them into line by holding out the potential to make representation to the board of governors etc for "exceptional circumstances".
Wow, as someone else said here, a lot of you must not have attended a high school recently.
Lets talk about a scenario that is considered standard in todays public high schools that aren't starving for money.
The students enter the building in the morning and are not allowed to bring any personal electronic devices in with them other than school issued laptops (if they're so lucky) or school issued and serialized USB thumb drives. Failure to comply results in disciplinary action.
Upon entering the doorway to the school their school issued ID with RFID tag registers their entrance with the school attendance system. Wearing of this ID card is mandatory at all times on campus and the school provided bus system.
The students are run though a metal detector and/or patted down by a uniformed security officer.
Classroom doorways are outfitted with RFID readers that register the students attendance to each room and class. Parents can log in to the school website and monitor what classroom their child is in, when their child got there and when and what time their child leaves the building or enters the building. The parent can grant or revoke off campus access from this website. This data is available to all school staff and administrators. Homework assignments and other classroom activities are posted to the website for the parents to know what is expected of the student when they come home.
People wonder why the current younger generation have no qualms about their loss of privacy. Why they freely use Facebook, Foursquare, Twitter, etc. It's because they're conditioned this way in the name of their own safety. Their every move has been monitored and cataloged their entire adolescent life.
Like I said above, if it turns out this sys admin was using the theft recovery photo feature at times when the situation didn't really show anything unsavory going on with the whereabouts and integrity of these computers then he deserves the full weight of our legal system.
But if there's nothing more here than some high school kids trying to hack their school issued laptops to get around his security measures and in doing so they set off the security feature and got their picture taken I don't see what the problem is (other than the school administrators thinking a Mike & Ike is a Quaalude).
Let's remember folks we're talking about 17 year olds here with Macbook's that are locked to only load an e-mail program, a web browser which can visit 3 or 4 sites if that many and a word processor. I'm surprised the alarm system only went off 42 times as claimed by the school. You'd think hundreds of these kids would take a stab at getting around the system management utility on a nightly basis.
I actually did attend highschool pretty recently, in Pennsylvania no less, for relatively reasonable definitions of recently. I think you are overestimating the ammount of surveillance and technology in the average schooldistrict though. You are probably setting the bar for "starved for money" too high.
Anyways, I'm not sure what todays students being desensitized has to do with this conversation, but my understanding is that students attempting to do things like browse to unauthorized webpages would not trip any anti-theft systems in place. Or where the system management and antitheft system actually one and the same system? I don't see anything anywhere that seems to indicate that is in fact the case.
If so, that is a pretty braindead system, why should a webbrowser trying to access youtube (a commonly blocked website in schools) indicate that the laptop was stolen?
@jgreco you should probably go look at the features of this enterprise management system:
Perhaps, and this is just speculation on my part, it was configured such that if someone tried to boot the machine into open firmware and change the startup drive during the next normal reboot the tamper alert system snapped a picture and uploaded the image and description of the breach attempt?
"@Tim!: "Pictures taken by the camera were only kept long enough to send them to the central server, then immediately removed from the local disk."
And you know this, exactly how?
I've been following this pretty closely since it broke about a week ago and yours is the first opinion I've seen anywhere that it worked that way. Sources, please?"
Try the Stryde Hax link at the top of this page. To wit:
"It uses a fixed dump point, /tmp/Image, as its save file before uploading to the server, sadly this is wiped. Only a full forensics scan which picks up deleted files will have a chance of picking up the history of the spying on a particular computer. On laptops with a webcam, a second fixed save point, /tmp/Image1, is used to save the webcam pic."
Now, he doesn't explicitly say that /tmp/Image1 is wiped afterwards, but I think it's reasonable to infer.
This has been an educational story, and I'm glad I don't live in the USA.
Hopefully the investigation will be able to determine what happened under the hype.
Hopefully a summary could be posted here as I don't want to trawl through the USA media sites.
It is a good reminder that webcams should have covers, and that schemes with initial good intentions can abused.
well, if we consider the goal of a high school to be to prepare students to navigate the world they will live in as adults, I would say we should praise this particular school for being at the cutting edge! We can only imagine that the techniques for remote spying will only get better and the legal recourse for stopping it will only get worse. Welcome to the future!
I'm reading this, but despite it seemingly being all marketing speak, I'm not very impressed at all. If the marketers can't even upplay the software then I don't have much faith in it's actual abilities.
If I was a highschool student at this school, the first thing I'd do (at least while using it at home) would be to fire up a linux live installation and use the computer for whatever I wanted. The only practical way this software could prevent me from doing this is to set a password on the BIOS (I don't know what Macs call their equivalent, I know it's technically different) but I've never seen a school actually bother to do this. Assuming I was able to do so, I _really_ highly doubt that this thing could do anything about it, or even ever know. This seems like pretty low-tech junk to me.
Also, in light of EH's comments, then it appears the system is unable to snap a picture if the filesystem is offline, which would almost certainly be the case if the computer did not get past the bootloader.
I can see this triggering an anti-theft system (if it was absurdly over-reactive), but I can't see even only 42 students in an entire highschool doing this. When I was in highschool (in a school similar sized to this one) there were probably 5 or 6 people with the technical capabilities to do this.
Now, if I was a regular student, and I got upset because the school decided to block 'myfacetube', the first thing I would do is go find a proxy website. Schools always try their best to block these, but trust me, students are always one step ahead. Some schools may even have someone with enough technical background to set one up for himself and friends, any filter the school uses wouldn't have a low profile personal website blocked. The only way you could prevent students from doing this is to use a whitelist, something that I've never even heard of being done.
_If_ the system detects a student attempting to subvert the controls by doing something like this (and that is a very big if) then I still would not see any reason at all for the anti-theft system to be triggered. The event could be otherwise logged but there should be no reason to involve the webcam. I can guarantee you that more than 42 students would have been caught by know. I'd bet something closer to at least 50% of the student body knows how to do this. It's not technically hard and the knowledge (just a url) is easy to spread.
Anyways, all of this nonsense about practical uses of the system is irrelevant. There is no reason students shouldn't have been informed the system was in place, and there was no reason the system should have been abused like this. Even if we assume the picture of the student eating candy was taken automatically because he triggered the anti-theft system by being a bad boy, there was still incredibly wrong for the school district to attempt to disipline him for something that was off school grounds and had nothing to do with them.
I will echo John's comments in that I am glad that neither I, nor my children live in the USA. (Although I dont kid myself that schools here would quickly try to do the same)
I sort of agree with a couple of previous commenters in that the principle of "innocent until proven guilty" should dictate that we do not *assume* the SysAdmin had a malicious intent from the outset. He may have, I have no idea, but I refuse to allow myself to assume that. It is a suspicious situation that needs to be investigated, but this should be done with the presumption that he has acted without "mens rea."
Now this doesnt for one second excuse the system. Everything about it is wrong and (as a previous poster mentioned) seems to be conditioning our children that privacy doesnt exist(*). What has happened here should not be tolerated.
Who is to blame?
Are we to give the school administrators who allowed this to happen a pass because they dont "get" computers?
In my ever so humble opinion they are at least as much to blame (if not more) than the SysAdmin because their role is to ensure that ethical decisions about the children are made on a daily basis. Technology misuse issues aside they thought it was acceptable to even consider this. (I am finding it hard to express my outrage in words here)
If the people who authorise this sort of activity are not able to see potential pitfalls then they are unfit for their duties. If the SysAdmin bypassed any authorisation hang him.
To echo another previous commenter - its sadly ironic how outraged we get when this happens to our children while we allow it to ourselves. To make matters worse we sort of encourage this by demanding more and more surveillance of our kids because we are too lazy to parent.
This news item has disproportionately annoyed me to day. Its a good job I dont have easy access to firearms...
(*) As an aside, I dont know about the US but in the UK "expectation of privacy" is an important legal distinction. Will the definition of this have changed significantly in a few years?
The thing that the school should really be worried about is if they somehow recorded something that would be classified as 'kiddie-porn', if so they are in a whole new world of shit.
I think this is one of those cases where the spy software should have been locked using a shared secret. That way (baring back-doors) you could be assured that at the minimum X people knew about every attempt to use the camera remotely, this would help protect kids from lone perverts, and the school from lawsuits.
That said, duct tape is the solution the kids should have used.
"Perhaps it's the same urge for you to presume guilt that inspires these school officials to themselves go to extremes."
Good lord, what rhetoric.
For the record, I, Shane, see a 'rotten guy' who knowingly implemented, and administrated (not only willingly, but zealously, as I'm sure you've gathered from 'reading his posts') a pervasive spy tool onto the laptops students are required to use.
Guilt is beside the point. Guilty of what? I'm not an angry mob, and I'm not an idiot. I'm also not a lawyer, so I have no idea what, if any, laws this man has broken. Fortunately, I don't have to, because my opinion is based on what he has written, and what he has admittedly done.
Whether or not he sat in a room an jacked off to little girls and boys taking their clothes off is completely beside the point.
My opinion of his character is based on the fact that he knowingly put tools into place that would allow people to do just that, and he knew it.
I was a sysadmin once too, for many years, and I'll tell you straight away, if this project came across my desk, the next project I would complete would be my resignation, followed by a letter to the editor, CC'd to my state rep, senator, and PTA.
Following orders does not justify any of this behavior.
As for Trichnosis, I agree 100%.
Baby steps though. If the sheeple get pissed enough about their precious teenagers' privacy (ironically a generation that is less concerned about it than mine), than so be it. All we old folks can hope is that somehow any new cases set some precedents that will serve to protect us all.
Which I wouldn't advocate holding our breathes for.
Just listen to all the defensive commentary about this pig and his pig pen. America is still trying sooooooo very hard to justify loss of privacy for increased security, and the media has obviously gotten to the majority of them already.
In my ideal America, every man women and child would be disgusted by what has happened here. Absolutely disgusted, and for far more reason than the 'child porn' angle. There are numerous deeper issues at work here, all of which have been begging for legislation for years.
So far, the most heinous thing I've seen in this whole LMSD scandal is the massive, willful ignorance of the technology and issues at hand by the majority of bloggers and commenters.
I've been following the facts and ignoring the commentary. So far the only clear abuse seems to have been busting the student for "drugs" based on a photo which should have only been used for theft-tracking purposes. The police can't operate outside the scope of a warrant. The school SHOULD follow similar rules. Note the caps. There is nothing saying they can't, because there are no laws being broken here, but they shouldn't and the fact that they did is certainly grounds for a civil suit.
Most of all, the school should have disclosed the tracking and surveillance capabilities from the start. No exceptions.
But seriously. Assuming this guy is a pervert, assuming the surveillance capability (although misguided..) was used in a pervasive and widespread way based on a few students' stories? We all know teenagers never exaggerate things or hop on the gossip bandwagon...
Oh, but there is nothing better than mental wanking, is there? As soon a discussion invokes Godwin's law (and as far as I'm concerned, an Orwell reference is a Godwin) it loses all credence.
"because there are no laws being broken here"
That remains to be seen, but the FBI seems to suspect otherwise and I am inclined to agree with them. Wiretapping laws and the like don't _only_ apply to the police.
I'd go one further than that.
Wiretapping is one thing, transmitting video survellience of someone while doing your very best technilogically to fool them into believing that it's not even possible to do so, is something altogether more devious than simply tapping a phone wire or sniffing packets.
Remember, when you make a phone call, or visit a website, you are doing so voluntarily, and whether we like it or not, we live in the present knowing that our data is potentially being monitored somewhere by someone.
Having yourself photographed without your knowledge, in the privacy of your bedroom, by a tool that has been modified to appear to be disabled, is a different level of sick and twisted altogether.
"Guilt is beside the point. Guilty of what? I'm not an angry mob, and I'm not an idiot. I'm also not a lawyer, so I have no idea what, if any, laws this man has broken. Fortunately, I don't have to, because my opinion is based on what he has written, and what he has admittedly done."
I couldn't agree with that any more. I would also like to add that since I am not a part of the justice system, I feel no moral or legal obligation to withhold my criticism until after the trial. If I were on a jury deciding this case then I would either maintain a presumption of innocence, or ask that I be relieved from my duties. This is not the case however so I'm free assume his guilt as much as I please ...and boy do I please.
Or put a different way:
Having your teenage daughter photographed without her knowledge, in the privacy of her bedroom, by a tool that has been modified to appear to be disabled, implemented by a male systems administrator at her high school...
"For the record, I, Shane, see a 'rotten guy' who knowingly implemented, and administrated (not only willingly, but zealously, as I'm sure you've gathered from 'reading his posts') a pervasive spy tool onto the laptops students are required to use."
I quite agree and I feel the need to modify my previous statements for clarity.
I strongly feel that (even outside the legal system) we should practice the presumtion of innocence wherever possible.
In this instance, I think the presumption *should* be that this person was not some kind of pervert who had a complicated plan to watch school kids strip.
However, I think there is good evidence (balance of probabilities time) that he is "rotten" enough to have thought it was acceptable to spy on pupils to this level. In this, though, he shares his blame with every one in the management chain who also think it is acceptable or are too lazy to bother to learn what was going on.
@CuriousGuru: "In this instance, I think the presumption *should* be that this person was not some kind of pervert who had a complicated plan to watch school kids strip."
You beat me to it. The kiddie-porn witch hunt is already much too broad, and (barring new evidence to the contrary) I'm willing to believe that spying on nekkid kids was not in fact the intent. I don't want child-porn laws to be abused any more than they already have been. Even if he's been spying on kids for other reasons (looking for evidence of illegal drugs, perhaps) I don't want the child-porn laws invoked unless they're actually applicable. Ordinary invasion-of-privacy laws should be enough. And if they're not, we as a society need to improve those laws rather than trying to use child porn laws because he "might have" seen something naughty.
On the other hand, if they do find evidence of actual intent to spy on naked kids, I want to see him crucified. Preferably literally.
@@CuriousGuru: "In this instance, I think the presumption *should* be that this person was not some kind of pervert who had a complicated plan to watch school kids strip."
I totally agree. If that was the intent, this wouldn't have been a very good means to that end. How often would an average student happen to be nekkid in front of the web cam? I'm guessing not often, if ever.
This entire scenario was wrong and a serious matter, but, as you and Chello said, invoking child porn laws is not only wrong, it further cheapens them.
As Bruce said its creepy. A lot of creepy things are being done in the name of security to a lot of innocent people. Whatever the intentions were, we all know these things can and will be misused.
"This entire scenario was wrong and a serious matter, but, as you and Chello said, invoking child porn laws is not only wrong, it further cheapens them."
If it further cheapens them, then I have a hard time saying I'm not all for it. Currently child porn laws are being used in Pennsylvania to arrest and prosecute teenagers that take pictures of themselves. Worst part is, the majority of the time it is school districts that turn the kids in to the police, who are then forced to act. Such an incident happened only last year in my old highschool.
I should clarify for people who are not aware of the situation already. Teenagers will take pictures of themselves with their cellphones and text the picture to their girl/boyfriend. Eventually one of the cellphones involved is confiscated by the school for being used in class or in the hallways. School administrators then go through the cellphone, find the pictures, and call the police.
@jgreco at February 25, 2010 1:46 PM
I understand your point, and I'd like to clarify too.
What I mean by cheapen is we water down a crime through broadly and needlessly prosecuting too many people under the umbrella.
In other words, child rape and child porn should be serious crimes. But when we include things like this, or boyfriends and girlsfriends 2 years and 1 day apart in age under this, it cheapens the term. So when you hear someone is guilty of such a crime, rather than recoiling in disgust, one now must ask "what happened?"
I think we are pretty much on the same page then. The crime is about a heinous as they come but bad politicians have abused it to create similarly bad laws (laws that hurt children). That is what I'm really opposed to.
@jgreco: "I think we are pretty much on the same page then. The crime is about a heinous as they come but bad politicians have abused it to create similarly bad laws (laws that hurt children). That is what I'm really opposed to."
I agree. When a heinous crime is called by name, we should recoil in horror, having to stop and ask "what happened?" is a smack in the face of true victims.
In reality, the only ones that benefit are the perpetrators. The true victims are slapped in the face because what happened to them no longer gets the sympathy and outrage it deserves. Accused are tarred with a black mark they dont' deserve. Yet, the true perpetrators get let off a bit easier because what they truly did no longer sounds as bad.
My daughters school tried something like this several years ago with a palm-pioot, or e-book, kindle etc. I forget what the actual machine was. After reading the users agreement, I said no. I did offer to buy one for my daughter and link it to the schools devices for downloading homework etc. They didn't like that idea, the wanted the kids to only use school property. There was enough push back from the parents that the school abandoned the idea and just set up a normal web site to access homework etc. Non-intrusive, lower-tech, inexpensive.
Many years ago I lived in that school district.
Even then they were excessively obsessed with the private lives of students.
They three times sent inspectors and truant officeras to my home to see
which side of my bedroom I was sleeping on, since the school district borderline ran down the center of my bedroom.
The last time they were a bit flummoxed, since I waas quarantined with chicken pox, and my parents moved a king size bed in so I could have more comfort during my medical imprisonment.
So, it came down to them asking me, while making my parents leave the room and shut the door, what side of the bed I slept on when I went to sleep. (I hoped they got chicken pox.)
Once a culture gets established with certain abuses as traditional, for whatever inane reasoning, it simply seems to continue through the decades.
They likely hire persons who match their own pathology. Wonder what other pathologies are allowed there? Does it make you wonder about Most Evil's LAPD?
We seem to be missing Bruce’s “Security Mindset”.
Over two thousand of these machines were distributed. Several must be in the hands of students who understand the technology. The “Geeks” have access and can figure out how the machine works. Physical possession is full access. A clever student should be able to learn the capabilities of the monitoring software and the access keys that it uses.
Next step is to learn which machines were issued to the hot girl in class that doesn’t talk to the geek. Then fake a server and access her computer…
The bad guys can also use the tools that the (so-called) good guys put in place and don’t secure.
This is seriously disturbing. There is a line between remote admin, and outright spying. Admins need to get office machines to fix them, but not remotely unless its a road warrior, and even that should be per-use consent. But to have them phoning home as part of their standard operating procedure, thats just insane. I could understand if they polled a server to see if they should be immediately tracked (in the case of theft), but not always polling.
Peter Built: There's only one sane answer for somebody asking you what side of the bed you sleep on: "Couldn't you find an honest job?"
Actually that's the right question for quite a lot of situations.
I can't help wondering how many of the students didn't even question the fact that everything they did on the computer was being monitored. There's been a lot of discussion about how the generation of kids who are growing up with social networking see sharing every detail about themselves with everyone as normal, and how privacy is losing its value.
On a related note, can anyone recommend resources for how to talk to your kids about privacy? My child is only just starting to understand the concept, and I'm at a loss to explain the importance of privacy in a way she can understand.
Just came across video (only a few weeks old) of a NY school administrator bragging to PBS about surreptitiously spying on kids with school-issued laptops:
Note that this isn't quite the same as the LMSD issue: these laptops never leave the school.
@yt: "On a related note, can anyone recommend resources for how to talk to your kids about privacy? My child is only just starting to understand the concept, and I'm at a loss to explain the importance of privacy in a way she can understand."
I haven't looked around too in-depth for kid-friendly information on privacy, but the Girl Scouts website has some good information:
@ Ed Nicks: thanks, that's exactly the kind of thing I was looking for.
There is quite a debate going on at collegeconfidential.com in the parents thread. The technical expertise shown on this site would be a welcome education there (the sites rules there do not allow linking to other sites.)
I am disheatened there by the number of posterrs who think "this is just normal IT stuff"; your perspectives as ethical IT folks woul dbe enormously helpful there and reach a large audience "mainstreaming" knowledge.
I do know we live in a police state, and hope this incident can be step 1 in swinging the pendulum back to liberty.
^ In particular, there is no general awareness there that (a) the remaote webcam architecture opens the door to broader use/abuse, regardless of "stolen only" policy and (b) how easily hackable ARD and LANrev architecture would be for perverts.
I am a tech moron, just concerned about comments I've picked up here and elsewhere searching in alarm at the PA spycamming news.
I think that schools are supposed to prepare the students to be the adults of tomorrow.
How can you expect to have reasonable adults who understand the risks of loosing privacy rights and free speech if they are taught having neither?
How can you expect to raise informed kids when schools "over protect" them?
Never assume a system won't be used by nefarious purposes, computer can beam back their IP but ALL security tokens needed for remote operations should be *only* in possession of the student, so in case of theft he can give them or not facing the consequences.
Of course this works as anti-theft system but not as "spying" so the schools would never want it like this.
I don't buy the security argument or stolen recovery rate being touted by the schools. This has no real security on the laptop against data loss or tracking ability. Snapping a picture isn't a good way to track your laptop. It is a great way to spy.
An internal gps device and whole disk encryption along with enforced security policies on the user interface is way more effective than being able to snap a picture.
This really seems to me as a professional unix admin nothing more than an attempt to enforce behvioral standards via spying by the school. Sadly, it was given the illusion of security and people just don't question that now. Give up privacy for security? Sure they'd love to. Isn't that what we've been told needs to happen since 9/11?
The three methods I describe aren't intrusive to the student (except possibly the gps, but hell, that's not snapping pictures in their bedroom) and totally outweigh the risk by the school of 1) having a compromised system and data in the wild without even an attempt to encrypt it and 2) the FBI showing up if even one picture is snapped of a kid in their underwear.
What really closes the door on this for me is the outright lie that the webcam light coming on was a bug, not the school taking pictures by the school administration. That's the telling lie to me.
I agree with your assessment that this is all about spying and the stated reasons were at least partly BS. I disagree with some of your points on laptop protection measures. For one, using a camera for laptop loss prev. isn't about tracking the laptop: it's about identifying who possesses it. If the pictures' hashes and GPS data is timestamped, it can be very useful in court for proving a particular person's guilt. It can also provide probable cause to cops in real-time to search a particular building. I devised a similar system for dealing with car thieves, which included a few cheap pinhole cameras. In realistic test scenarios, it produced successful results. If it was combined with typical COTS monitoring software, it would have allowed cops to be at the chop shop almost as quickly as the thieves. So, yes, cameras are useful in tracking applications for legal purposes. And in this case, yes, they were almost 100% about spying rather than tracking, but that doesn't make camera's useless in tracking apps.
@Liberty: I am disheatened there by the number of posterrs who think "this is just normal IT stuff"; your perspectives as ethical IT folks woul dbe enormously helpful there and reach a large audience "mainstreaming" knowledge.
The issue isn't a technical one. It's purely a political one -- do we have a right to privacy or not? Regardless of property right issues, putative waivers, and all the other rationalizations that the totalitarians want to invent.
It's simple. Does your school, boss, local police department, and so forth have a right to spy on you in any case?
And to those who call "Godwin" -- you're just fools. This is exactly the principle that Orwell was reaching for. Even in 1984, not everyone was under surveillance -- just those who had "volunteered" by being part of the system. Orwell was no fool -- he was talking about principles, not a specific impossibly and absurdly repressive scenario.
By now, calling Godwin is the new Godwin.
Here's the metaphor: a friend of yours lent you a little statuette.
He's a police officer, and has embedded a microphone in the statuette.
If he uses that to catch you in crime X, is it legal anywhere in the US? Even if he told you it had the microphone, would it be ethical for him to use it, ever? Even if he "thought" it was stolen, without a court order?
It's really so damn simple. I find it sad that there's anyone, anywhere making excuses for this sort of behavior.
So now it turns out the school had a weblink to the local police, so the police SANS WARRANT could watch a direct feed.
The school district has hired Level 3 Communications as forensic techs to try to determine the spycam access history.
Any knowledge here of Level 3 or ability to recover wiped data/access logs?
Another part of the scam is the mandated insurance policy of $50.00/ laptop and the
large deductible... 50*2300 yet only 18 laptops have been stolen.. This is a cash cow and uderly offensive.
I am astounded the the FBI has not locked down these laptops and servers for forensic review. Perhaps there has not been a strong enough allegation of a crime....
The schools do not trust their students with portable, expensive property; therefore they should not lend them expensive laptops. It really is that simple!
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.