Surveillance in Schools

This essay, "Grooming students for a lifetime of surveillance," talks about the general trends in student surveillance.

Related: essay on the need for student privacy in online learning.

Posted on October 14, 2014 at 5:59 AM • 37 Comments

Comments

LucasOctober 14, 2014 6:29 AM

The agencies and hackers use idle time computer to make copies of your data, so you won't notice network led or other signs. In order to do this silent backdoor software check mouse movements, keys pressed, camera static image for changes, microphone for noises.

2pWHBlE400C6mkt5October 14, 2014 6:40 AM

Interesting article, but too bad about the big sensationalist over-generalizing accusing subtitle:

"The same technologists who protest against the NSA’s metadata collection programs are the ones profiting the most from the widespread surveillance of students."

Hmm, I'm pretty sure that most of the people, including "technologists", against the NSA's programs are NOT in fact profiting from the widespread surveillance of students.

Andrew_KOctober 14, 2014 6:55 AM

I agree with 2pWHBlE400C6mkt5 on the subtitle being a bit too ambitious.

The by far worst thing is that I doubt they will ever question it, if the experienced benefit is just large enough. None of these techniques promotes doubt in technology.

In a few years, paying attention in Chemistry years ago makes you the perfect suspect. Moreover, blended learning creates psychological profiles on interests and abilities. Recruiters will love that.

Interestingly both broad NSA surveillance and school surveillance seem to originate from a narrative of aggression (and no, I don't think Columbine was a three-letter-agency plot).

We see the world turn into a police state. The article made me realize that to our children, it already is one, but they cannot realize or express it due to a lack of comparison. We make them bricks in the wall. Worst thing of all, we make them successful bricks. Assisted learning probably is superior to "traditional" learning. They become bricks that majorly won't realize being bricks. And those that do, won't stand a chance.

Andrew_KOctober 14, 2014 7:01 AM

Edit to add:

I have not differentiated clear enough. Excuse my laziness.

There are techniques allegedly installed to ensure physical and psychological in a schnool. These create obvious surveillance.

And then there are technologies used in assisted education and learning which create "logs", which by themselves resemble mind surveillance.

Anyhow, both piles of data probably will be merged.

ThothOctober 14, 2014 8:08 AM

People these days are so different from people 30 ~ 40 years back. If time travel were enabled, there would be vast confusions. We live in an era of perpetual surveillance whether we like it or not.

If you reach into your pockets, it's digital computers that can make phone calls, play you some music, track your health like your heart rate while you exercise, allow you to post your very personal feelings online .... and with all that PII, you don't even know you are under surveillance or maybe you do, but you have "no choice" as some make this excuse.

Let's look at what the kids learn in programming lessons for their diplomas or degrees. I am not sure if these applies to everywhere else, but the main thing they learn (or we learn) is to program something profitable foe that iTunes market or to load that app onto Android Play. Techniques on mobile sensors, Artificial Intelligence, data mining, Big Data and that sort are the main subjects in class. They teach crypto ... oh AES-256 is really good and how good. But they don't tell you much why it's crypto functions actually makes it work. It does not tell you why key scheduling done correctly would have probably made Rijndael much stronger (not just AES alone).

The lessons in schools are equipping kids with relevant skills so they can work in Google, Microsoft, Yahoo, Facebook, Twitter and the likes ... not the relevant skills to protect us from intrusion of privacy from the likes of Google, Microsoft, Yahoo, Facebook, Twitter and so forth who recent tried to lash out at NSA and the USIC for breaching privacy when in the first place, these hypocrites introduced the exact opportunity the NSA and USIC could leverage on their Big Data to make their work simpler and to breach more privacy with greater ease (thus emboldening the NSA and USIC in their efforts to destroy privacy and security of individuals).

Are the future programmers, computer scientists, ITSEC guys and all are equipped with the knowledge to truely preserve privacy ? Not at all. Look at the products market.

Surveillance have entered into the main stream culture and embed itself deep inside. The few of us here whom huddle around Bruce's cozy blog discussing security stuff are probably just some exceptions from the main stream culture ?

Andrew_KOctober 14, 2014 8:39 AM

It is not just teaching the wrong technological answers. Its answering the wrong questions. If my question is "how can I communicate maintaining my privacy", "use encryption" is only half the answer. The complete answer would include learning what surveillance is, where it starts, how algorithms detect outliers and how to evade ringing bells. These techniques are not tough broadly, since they may be in the publics' but not in the public interest.
Well, except where they train spies. I bet, they know how to travel the county without leaving suspicious traces (-- not without leaving any trace, since that would be suspicious, too).

Five years ago, I heard someone say "In a couple of years, you won't get a job if you have no Facebook account". I had no idea how right he was.

And this is the bitter end: If I would say "Boy, time to change things!" and fund something like a "Little Spy Club" where I teach neighborhoods kids on sneakyness and generally raise their awareness and interest on technology -- how many weeks do you give them until they get me for drugs, child molesing, or something alike? The time measured from the first public post on FB or local news mentioning that activity. Alternative ending: They send someone from a three-letter-agency to "support" me with this important task. Who will constantly mention how important escrow keys are. Since they can safe American lifes.
Oh, and the club house needs a flag.

ThothOctober 14, 2014 9:08 AM

@Andrew_K
Nice extensions to my post comments :) .

We need to look at whose sponsoring all these children educations to know where these education goals are heading towards.

@vas pup
Do you dare to wear one of those on the streets. If the police comes up and ask about that funny dress, any good answers to keep them off one's back about that weird cloak ?

BoppingAroundOctober 14, 2014 9:20 AM

Andrew_K,

> In a few years, paying attention in Chemistry years ago makes you the perfect suspect.

Funny you should mention this. Reminded me another passage from Deus Ex:

Terrorism has become an unfortunate fact of life, not only in New York, but the country at large, a direct assault on our communities and our way of life that leaves citizens struggling to find answers to difficult questions, not the least of which is "What can I do to prevent such atrocities? How can I help?"

Quite simply, terrorism is successful because terrorists are able to pass unnoticed and unremarked upon — but they fail to count on the best intelligence network ever devised: the American people. How can you tell who might be a terrorist? Look for the following characteristics:

A stranger or foreigner.
Argumentative, especially about politics or philosophy.
Probing questions about your work, particularly high-tech.
Spends a greater than average amount of time on the Net.
Interests in chemistry, electronics, or computers.
Large numbers of mail-order deliveries.
Taking photographs of major landmarks.

And those are just a few. If you're suspicious, then turn them in to your local law enforcement for a thorough background check. Better safe than sorry. You and your neighbors will sleep more securely knowing that you're watching each other's backs.

----

At the very least, you are (somewhat) informed. I do not know what's going on in my country with regard to privacy matters. Nobody covers that area.

Probably about time to try and start lurking by myself.

BoppingAroundOctober 14, 2014 9:38 AM

Somewhat off-topic. Another two quotes have popped in my mind. A lousy translation of the first:

> We must prepare the child to the real life, not the imaginary or ideal one. In upbringing theory we frequently forget that we must teach the child not only to value truth but to be able to detect lies, not only to love but to hate as well, to despise as well as to respect, to disagree and to agree, not only to obey but to rebel too.

— J. Korczak

And

> ...When faced with the subversion of an organized ruling body, external action - - even when executed in concert, as a group -- is often ineffectual. True revolution can only come from working within, and in this the ultimate change that can be brought about by an individual is magnified by the very machinery that such organizations utilize to maintain their own authority. Historically, ruling bodies are always outnumbered by those they rule -- but still they manage to maintain a disproportionate amount of power through a combination of tradition, confusion, and punishment. An operative who learns to simulate the veneer of a loyalist and guard their own secret heart can utilize those very same tools to overthrow such organizations, or shift them to a more ideologically pleasing axis...

vas pupOctober 14, 2014 10:36 AM

@Thoth • October 14, 2014 9:08 AM
Good point! As Dale Carson stated in his book 'Arrest Proof Yourself': "If they can't see you, they can't take you." This fabric could be utilized to make bag out of it (kind of flexible Faraday Cage). It'll bring less attention, and less questions asked I guess.

Clive RobinsonOctober 14, 2014 10:39 AM

@ Vas Pup,

With regards your question I'll take it over to the Friday squid page.

SmokingHotOctober 14, 2014 10:42 AM

@BoppingAround

A stranger or foreigner. Argumentative, especially about politics or philosophy. Probing questions about your work, particularly high-tech. Spends a greater than average amount of time on the Net. Interests in chemistry, electronics, or computers. Large numbers of mail-order deliveries. Taking photographs of major landmarks.
And those are just a few. If you're suspicious, then turn them in to your local law enforcement for a thorough background check. Better safe than sorry. You and your neighbors will sleep more securely knowing that you're watching each other's backs.

'If you see something, say something', lol. Disturbing stuff.

There are common denominators among actual real terrorists, but people have not been trained in such things, nor is it taught anywhere. Better to keep the definition very abstract.

One denominator is if they frequent and associate with people *actually advocating terrorism*.

Be they far left, Muslim, or other far right.


In many cases they did drop those connections before actually acting out. However, all of them, in American history anyway, and as much European and other history as I can recall right now, did associate with some group that was advocating.

They may have singly associated, and not ever fit in, but they had ties.


This is one reason why dropping the ball on the Boston bomber was *just so bad*. Because he did exactly this, and they did not catch him ahead of time. He went **overseas** to associate with such a group, and he was supposedly not on any radar.


Though the "terrorist" fears are being stoked for monetary and business purposes. The US, and other nations, have far more relevant concerns that are far more likely. One of these is that they could so foul up the Middle East the prices of oil may skyrocket, destabilizing the global economy. Another is attacks against the dollar as a standard.

That does not mean there is not a threat, but it is not as they puff it up to be and focus trillions of dollars on. In fact, much of US actions actually can help cause and create terrorism.

They are making enemies, when they should be trying to turn their enemies into friends. (As another poster said, and is also my own refrain in various ways.)


DanielOctober 14, 2014 11:40 AM

Well, school grooms students for all sorts of things, it would be something of a wonder if it didn't groom them for the surveillance state too.

John QOctober 14, 2014 12:11 PM

If you haven't already read An Underground History of American Education by John Gatto, you should. (And you should buy it on Amazon! It's worth spending money on!)

I don't entirely agree with John. I find schooling and memorizing large numbers of meaningless facts trains our minds on how to learn. But John explains an awful lot about why our schools do the crazy things they do. It's not by accident. It's by design. Indeed things like Columbine are a natural byproduct of the choices that have been made. Teachers use shame and humiliation in place of the lash or paddling. Kids learn by example to sadistically abuse other kids to achieve status in society. The ones of the bottom, some of them snap.

There's a lot more too it. One of the more interesting points is how our schools train kids to be good workers in our society. It's somewhat tragic that the jobs they are being prepared for in many cases no longer exist, and the kids are unable to even conceive of how they could start their own business. In a world of plenty, they starve. The conditioning runs too deep.

LessThanObviousOctober 14, 2014 3:34 PM

The eroding of student privacy in a misguided approach to security and for profit is just awful. In most cases we give minors more protections, the education system absolutely should NOT be the exception. Parents and educators should realize by now that if data is collected, it can be stolen or misused and if people are placed under pervasive surveillance, then that surveillance will likely be abused in addition to choking free speech and liberty. Any intrusion by schools into students private lives outside of school is just plain wrong and I would hope that enough parents realize that.

IncredulousOctober 14, 2014 8:00 PM

Coursera has hard core computer science courses. It is worth the risk. Some really excellent stuff.

4f20uf808u2f08u29October 14, 2014 8:41 PM

Yeah "technologists" don't "profit" from security tools based on models that don't work, like extremely specific malware signatures, and firewalls that can be disable by pretty much any process..

My favorite are the "technologists" who are openly loyal to rogue-imperialist super powers who's intelligence agencies they were analysts for before they launched a security software provider. Guess which government's operations they NEVER comment on even till this day?

Nick POctober 14, 2014 8:51 PM

@ Model

Cookies are a standard method for persistent information on the web. The three social networks are from the Facebook, Google+, and Twitter buttons on the web site which have become standard web fare that tens to hundreds of millions of people expect and might put to use. The result of that will also promote their site and help them achieve their objectives. That's a win-win situation for them and their users. And Analytics trackers are quite common for advertising or site optimization. And I figured this out without doing anything other than look at the page itself.

Nothing worrying at all. It's just Web as usual. If anything, they have *less* stuff running than many sites. This would be a great site if I used Firefox+NoScript as I could filter out quite a bit while allowing 0-1 scripts to run. On some sites, figuring out the minimum scripts to get the site working is harder than some jigsaw puzzles.

My advise to you is to (a) not worry about it or (b) get off the Web and use the Internet. The reason is that the Web defeats efficiency, privacy, and security at every turn. It's also increasingly annoying. Unfortunately, much of the best content and online experience is on the Web. The online alternative, The Internet, will take you back to the 1990's in the experience and has much less there. It's a more pleasant experience for some, though, with greater opportunities to protect yourself due to its reliance on purpose-built, simpler protocols and apps. It's why I always built client-server apps for clients rather than web apps.

"But, for web apps, all we need is a web browser and a URL?"

"All you need is millions of bytes of risky code and typing a few dozen letters?My client server app needs 10-20x less code, the code is safer, and you click an icon or type one command. What was the advantage of the web again?"

The Web Sucks. (TM)

ModelOctober 14, 2014 11:04 PM

Ha! I'm not remotely worried about it. I just think it is amusing, in the same way that talking heads like Cory Doctorow and Mike Masnick bang on about government surveillance and yet their websites are loaded with corporate surveillance (I don't see any meaningful difference between corporate/government surveillance, other than that the latter could quite likely get away with extra-legally murdering you if they wanted).

ModelOctober 14, 2014 11:10 PM

Edit to add:

And I (hope I) do have a rudimentary grasp on the purpose and prevalence of these web "features". They are all good, aside from the fact that they are fairly common vectors for abusing privacy and serving drive-by malware.

Mike the goatOctober 15, 2014 12:29 AM

I am not at all surprised at all this. Even when I was in college and the internet was in its infancy this kind of culture was well and truly in place (even our shell history for the shell accounts on our timeshare system was recorded, at least according to the threatening motd that was displayed at login).

BTW: I have been away from everything recently, and am intending on getting back into things again after a family crisis (actually three crises in less than two months) - but, a reader of my blog (which I will post on soon, I have been pretty neglectful) shot me an email about two weeks ago telling me that there is a new heartbleed severity vuln in openssl which is due to break any day now. Anyone heard anything?

Clive RobinsonOctober 15, 2014 5:13 AM

@ Mike the Goat,

I'll "cock my leg" at the poodle over on the squid page ;-)

Andrew_KOctober 15, 2014 5:42 AM

(Off-topic, but on-thread)
@ Lucas
Is that just a fear or shown in an experiment?

If not shown yet, my experiment would look like this: Take an ordinary PC running MS Windows, with average applications installed. Yes, Skype and yes, Dropbox. Maybe chrome. Now we need to observe it, without anyone on that machine being able to figure out. Measure power consumption, meter CPU temperature (yes, by attaching a sensor to it). Monitor network traffic on layer 1 -- e.g. using an old hub which will echo every packet to every other port). Don't power the windows box while building the setup. Don't put suspicious equipment in camera viewport. Start the Windows Box, create some activity (share something with dropbox). Copy a bunch of new files from an external medium (rip a DVD). Then leave it alone. Days, if you can, weeks.

Either there will be some mysterious activity. Or not. If yes, a) let someone else independendly repeat the experiment (publish your setup and your results here in a Friday Squid; I think this is the right platform to find someone else), then b) if it can be validated, publish.

AutolykosOctober 15, 2014 6:47 AM

Argumentative, especially about politics or philosophy.
Probing questions about your work, particularly high-tech.
Spends a greater than average amount of time on the Net.
Interests in chemistry, electronics, or computers.
Large numbers of mail-order deliveries.

Yup, reads like the typical nerd. It's just the old "jocks bully nerds" thing we know from school. Only now the jocks made it into politics and administration and have more effective and dangerous tools at their disposal. And I bet their subconscious scares them shitless about the day the nerds take revenge, because that's what they would do in our place. It's all they know. They can't even imagine that we actually care less about them than about the ants in our garden (and that both are about equally alien to us).

Andrew_KOctober 15, 2014 7:43 AM

I think, this is notable in this context: A feminist speech at Utah Univeristy is cancelled due to a threat.

Obviously, security measures still aren't sufficient at Universities. Who'd have tought!

safe-at-homeOctober 19, 2014 9:38 PM

Huntsville Alabama school officials claim the NSA telephoned and told them to start monitoring their students.

"Huntsville schools Superintendent Casey Wardynski says the system began monitoring social media sites 18 months ago, after the National Security Agency tipped the school district to a student making violent threats on Facebook."

Huntsville schools say call from NSA led to monitoring students online

Now the Southern Poverty Law Center is seeking students to come forward and tell them if they suffered any consequences from online postings.

Southern Poverty Law Center entering fray over Huntsville school district's social media monitoring

Physically, schools in the U.S. have been structured to resemble prisons (bars, high fences, security cameras, ID badges, armed guards) and now the populations is being monitored off-campus. Humans don't fare well when immersed in a highly paranoid environment.

Sancho_POctober 20, 2014 3:54 PM

@ Nick P (Re: @ Model + tracking standards):

Tens to hundreds of millions of people (or “the majority”) expect / accept / agree / …
is not a sound reasoning but often (mis)used to make the simple minded stop thinking.
I.e. @Sceptical often “argues” like “the majority agrees on our war in the M.E.” or “on the need of surveillance”.

On the contrary, not to blindly follow the lemmings is often (not always!) a sign of quality.

What could be the reason that Bruce does not have the three “standard” buttons?

Nick POctober 20, 2014 6:15 PM

@ Sancho_P

What the majority might want is quite a valuable argument for a web blog trying to get a larger audience for personal reasons and sales of books. Also plenty of people in IT & ITSEC use those services. So demand is there in his audience as well. Bruce's audience is more security savvy so he wisely offers it in a way that is opt-in.

Sancho_POctober 22, 2014 4:47 AM

@ Nick P

Sorry I do not understand newspeak, that might be the reason I can’t get your point.
Anyway, I know Bruce is right, regardless of reason or audience.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.