I love that you wrote this up, and I think it is hugely important that we get analysis in front of the public on trends like this when we see them. I have some strong opinions on this topic, having wrestled with how to balance control, security and convenience with my own kids, now 9 and 12. I’ve wrestled with it on the enterprise side as well. Hopefully password resets aren’t still the #1 ticket generator for the average IT helpdesk like they were in my day, and everyone’s gone self-service or something similar…
So that you have an idea of where I’m coming from:
- I think Clever Badges are the perfect design for the age range targeted.
- Before we make any recommendations on how secure a system/passcode should be, I think we need the answers to a few questions: What are we protecting? What is the value of what we’re protecting? What are the worst-case scenarios if the account/data is compromised?
- I’m concerned that, as an industry, we aren’t terribly pragmatic when it comes to security. I think that may be the counter-intuitive result of fears that we can’t afford to be seen giving an inch when the general state of security is already awful.
So the answer to the question “what are we protecting” should be nothing. From what I’ve seen, educational software at this level needs to collect performance data and associate it with a student — nothing more. If that’s all these kids’ accounts have access to, we can worry less about the strength of security and focus more on teaching the fundamentals kids at this age better absorb — ethics and respect. It’s no replacement for proper security, but at this age, more complex workflows will be disruptive, and they need that strong base to appreciate the need for security later on.
I agree with your assessment, which I’ll attempt to summarize (I often do this just to make sure I understand what someone else has written):
- There could be challenges ensuring kids use their own badges
- There needs to be more information on how the QR codes work
- Instructions on how to handle various scenarios (lost/stolen badge) should be clear and simple to deal with by teachers/administrators
- Security/Privacy benefits should not be misrepresented or overstated
However, I think any changes that might make this system any more difficult to manage or use would be a mistake — I personally think the design and execution of this system is as best a compromise as we could possibly make for K-2 classrooms at this point.
So here’s my take on each of the bullet points above:
- We could address misuse with technology, but at this age, I think it is actually a great opportunity to teach kids the value of integrity and respect for others’ accounts (lanyards/badges), and it would be a shame to lose this opportunity by “fixing it”. We don’t need any more coworkers that lean over and send an embarrassing email from your computer when you’re four feet away in a conversation. There are trusted and untrusted environments and scenarios. Go to the bathroom? Lock it. Talk to the guy in the cubicle next to you? You shouldn’t have to.
- I think this would be good to have, but I’m not sure it requires a whitepaper. I’m assuming the QR codes are the equivalent of an API key or persistent session key (I’m not sure of the right term here) — what we use to avoid having to log in every time we open an app in a web browser or phone. Put differently, if the goal here isn’t infallibility, I’m not sure there’s value in a deep technical dive. Transparency is important though, and I hope (though I know better) that schools are doing proper due diligence before buying and implementing technology like this. It definitely helps when the vendor is forthcoming, as Clever seems to be with their knowledgebase and forums. Also, when most companies assure you they care about security, the level of detail is often worthless. Clever doesn’t disappoint in that department.
- Again, I think Clever’s knowledgebase has a lot of good information on what to do in different situations, as long as teachers are aware of it.
- I’ve already practically made a blog post out of this comment, and this could be a whole separate blog post. As an industry analyst, I feel my most important job is to cut through all the marketing and hyperbole to ensure people know the truth of what a company/product/service provides. It is something that has always been important to me, but I didn’t realize how passionate I was about it before getting into this role, so yes — it is imperative people like you, Jessy, point this stuff out so that we can help keep companies honest. I feel like there IS a happy medium — you can market your product well without inflating claims or walking the line with half-truths.
Thanks again for getting this out there, Jessy, and making us think about what we want the future of technology for our kids to look like!