Remember meForgot password?
    Log in with Twitter

article imageU.K. schools break data protection laws by using spyware on PCs

By James Walker     Nov 8, 2016 in Technology
Schools across the U.K. are failing to comply with data protection laws by installing specialist "classroom management" software on their computers. The findings were made after civil liberties group Big Brother Watch contacted 1,000 secondary schools.
The software is routinely used by schools to monitor students' online activities. The stated aim is usually ensuring pupils don't behave inappropriately on the computers or abuse their privileges online. However, it's thought the programs are also seeing increasing use as snooping tools. In response to pressure from the government to comply with anti-extremism measures, some schools may be using software to identify individuals who could be radicalised.
Several vendors offer classroom management packages to schools. The majority provide similar features, typically consisting of the ability to block inappropriate websites, log keystrokes and flag up alerts when certain words or phrases are typed. The browsing history of each student is made available to the teacher. Teachers can also remotely monitor every student's display from their computer.
Big Brother Watch found over £2.5 million has been spent on the software. It is now installed on over 800,000 devices in 1,000 secondary schools across the UK. Schools are supposed to issue "acceptable use" policies to pupils and parents that explain how they will be monitored when using IT systems. The group found the policies are often lacking in detail and do not make clear the depth of tracking provided by the programs.
15 percent of the 1,000 schools that responded to Big Brother Watch's Freedom of Information request attached their acceptable use policy. The researchers found the policies generally used vague terms, such as "I know that the school can remotely monitor what I can do on the computers." A few warned students they are "NOT invisible" online, terminology the privacy campaigners deemed "inappropriate."
By not fully disclosing the tracking methods being used, the schools are breaking data protection laws designed to safeguard online privacy. Just 10 percent of the acceptable use policies studied included the name of the installed software, making it difficult for parents to find out for themselves the capabilities it affords.
Concerns have been raised about schools' monitoring of pupils in the past. In 2010, one report warned that pupils are captured on CCTV cameras "as frequently as inmates in prisons and passengers at airports." Schools do not ask for consent before taking photos of students and storing them for later reference. It came after the revelation that the webcams in 1,800 laptops supplied to pupils at a Philadelphia school could be remotely activated, including while at home.
Schools may soon be forced to be more transparent about the data they collect. Under the European Union's General Data Protection Regulation, set to be introduced by May 2018, any organisation collecting data from third-parties must "inform the individual exactly why their data is being gathered, used, shared or monitored." The individual must then consent to the monitoring.
Big Brother Watch warned that more needs to be done to protect the security of school students. It suggested that pupils could be conditioned into expecting constant surveillance, turning spying into a normal activity. It also noted that the software packages used by schools are insecure. Last year, a security researcher revealed how popular classroom management program Impero used "password" as its default password and let anyone gain access to its data. It's thought that rival products could have similar flaws, waiting to be exposed by malicious attackers.
More about Spyware, Cybersecurity, Security, Privacy, Schools
Latest News
Top News