Surveillance in computers
Last year, six students were investigated by the security and IT office after their computers were found with Tor, an application used to secure and anonymize Internet access.
Herman Chui, one of 6 students, claims that “[The six students] were interrogated separately on many random details such as time of arrival to school and method of transportation. Our computers were then confiscated and we were told that they would be scanned.” His story raises a pertinent question: as we do homework, socialize and relax on an expensive machine that contains almost all of our personal information, how much of a protected right to privacy do we have?
In a survey conducted by The Break, 25 out of 27 high school students agreed that students are entitled to a certain degree of privacy. Herman was no exception; he said that he “expect[s] full privacy of the files on my computer. [The school] should only be allowed to investigate/intrude into computers when a computer on the school network [is used] in malicious activity”. He felt that “harmless emails that perhaps were not even sent from the school network do not at all warrant such intrusion of privacy.”
In the case of last year’s investigation, Chui states, the students were told that the school would only be looking at school emails. However, according to multiple students, their computers had been thoroughly scanned [and] inspected, including through inspection of all files, applications, etc. “The fact that we were investigated proves that accessing files on student computers is something the Tech Office can do,” comments Chui, “as that is the only way they would know of the installation of TOR on our computers.”
It has been a year since Herman’s computer was confiscated and investigated. However, multiple questions still remain unanswered. How thorough were the investigations carried out? What circumstances prompted the examination of an ISB student’s computer? Should ISB students fear random examinations of their school computers?
The answer to the first question begins with pealing back the layers of a student’s MacBook. When a large organization like ISB hands out thousands of laptops to students and faculty alike, it is standard practice in the IT industry to load what is called a “Mobile Device Management (MDM) Solution” onto each laptop. The MDM Solution that ISB employs is called JAMF. The most common interaction that ISB students have with JAMF is through Self-Service, which is an application that allows ISB students to update and download software that the school distributes. Beyond that however, JAMF has the capability to do so much more. JAMF allows an ISB Macbook to communicate with servers in the school to make sure that the computer is running up-to-date software, and to ensure that ISB students are acting in accordance with the ISB ICT Responsible Use Guidelines (RUG).
The question then becomes, how would ISB ICT know whether a student is acting in accordance with the RUG or not? The website for JAMF states that “[JAMF] track[s] software installed on the [Macbook]”. Mr. Daw, ISB’s educational technology facilitator conceded, “JAMF does in fact have the ability to read files on student computers”. Which in fact suggests that the foundations are in place on a school-issued MacBook for whomever runs the JAMF servers to access and open any files that are located on students’ laptops. A quick visit to the Console app on any school-issued MacBook states that MacBook is communicating with the ISB JAMF servers at seemingly random times. What is the laptop sending? Unfortunately ISB’s assistant ICT director Mr. Nunan did not respond to The Break’s requests for comment.
Given that there clearly exist mechanisms in place for the remote investigation of ISB student computers, the discussion then shifts to due process. What procedure is in place for the issuing of an investigation of a student’s computer by the administration?
When asked, Dr. Wood directed The Break’s inquiry to the RUG. The RUG however appears to be worded in a way that allows little oversight as to the justification for administration-sanctioned searches. The relevant section (G.6.) writes that an investigation “will be reasonable and in the context of the nature of the alleged violation [of the RUG]”. In addition, the blanket statement in Section G.1. that “all electronic communications sent, received or stored on ISB ICT systems are the property of ISB” makes the stance of the school pretty clear on this issue.
Although the school does have access to logs of students’ Internet use on campus as well as personal files, students should keep in mind that school issued laptops are school property, purchased with the intention of providing a well-rounded education. However, as more of students’ academic and private lives become centered around computers, maybe they should revisit the RUG they had signed upon receiving their first ISB computers.