An Open Letter to Parents
Recently, our school district, North Attleboro Public Schools, announced that they will be implementing a digital 1:1 program for our district. I want to be clear that I support and applaud the District on embracing technology as a learning aid in our schools. I think many students stand to benefit greatly on the responsible use of digital assets as the world increasingly moves to a digital mainstream way of life, social, and business aspirations. The District’s move in this direction, I feel, would best prepare and position the youth in our town for success as positive contributors in an increasingly digital world. For those parents who do not know what the 1:1 program is about, I encourage you to read about it here. The program stands to benefit both educators, administrators, and students alike. Though there is obvious benefit to such a program, there are also some red flags that parents need to be on the lookout for.
Chances are, if your school district is issuing equipment, ie. chromebooks, laptops, iPads, etc, they are likely managed as part of a fleet of devices that have an “always on” connection with the school system. This would be necessary for several reasons:
- Theft tracking – in the case of theft, a device has a better chance of being recovered because when reported missing, administrators can do things like geolocate the IP address the unit is connected from, open the built-in webcam to take pictures giving clues as to the wherabouts, opening the microphone to listen in on surroundings, or even screenshot current and past sessions. In all these evidence gathering scenarios, an asset has a much better chance of being recovered and the thief brought to justice.
- Administrative updates – software patches and application updates administered by the District.
- Student progress and involvement in assigned classwork.
- Compliance with school policies and procedures for use of issued equipment & software.
- The biggest concern: tracking, collecting, and recording student activity, usage and behavioral profiles in and beyond the school campus!
There are many possible methods of usage collection that could be employed by a program of this type:
- Screenshots – full captures of anything displayed on the screen
- Keylogging – full capture of all keystrokes entered in sessions by students or any user of the equipment
- Opening Built-In Webcams – this can be done in the case of theft reporting, but there is ONE KNOWN CASE where a District abused this functionality and wrongfully captured and accused a student of doing drugs in his bedroom, when he was eating “Mike & Ike” candies that look like pills. So long as this is a functionality, it is available for abuse by a school district – make no mistake!
- Opening the built-in microphone – taking sound samples and transmitting them to administration (again a possible theft reporting & recovery functionality)
- Snapshots of system memory & storage – Keeping track of files that students place or download from the internet
The concern is primarily focused on what can be or is transmitted to the District when the asset is OFF CAMPUS being used in the privacy of a student’s home where they may falsely believe they have an expectation of privacy – by being in their own residence, and using their own electricity and internet – which the parents are paying for, not realizing nor agreeing that the asset is quietly transmitting user session data back to District servers for analysis by AI, faculty, and administration – possibly for building a case of some sort against the unknowing student.
In a program aimed primarily at 6-12th graders, I say what the hell do 6th graders know about responsible use of digital assets? Is it OK to allow the younger range of students to be silently profiled without their knowledge and in their own homes? As a parent, there is NO WAY such stuff would be welcome or permitted in my home! HELL NO! In that particular case, you cross the line and it is perceived as an invasion of FAMILY privacy since we are talking about MINORS here! Minor children are (and should be) under the domain of proper parental guidance when their actions occur out of school – it should NOT ever be something the District is ever privy to or within the domain of school responsibility when such actions occur off campus on student owned equipment – if a minor access inappropriate content, it should be something the parents take charge of in policing and providing proper digital guidance. I have 3 children, 2 of whom are old enough to use the internet. I do consider it my responsibility to take an active role in monitoring, policing, and guiding their internet usage and teaching the concept of “Think Before You Send” – a valuable lesson every minor NEEDS to learn. This responsibility should always be in the domain of responsible and proper parenting, and NOT relinquished to the District. The District’s authority & oversight has NO PLACE in my home, other than the assigned school work that is expected of my children as students.
MY (and your) FAMILY DESERVES PRIVACY AND DIGNITY
WHAT I LEARNED ABOUT THE DISTRICT’S 1:1 PROGRAM
I emailed my concerns to Superintendant Holcomb, who referred me to Giddeon Gaudette, Director of Technology for the District. In an email exchange which continued to include the Superintendant, I expressed my concerns about the program and asked for information on how the school issued devices will be managed, and what if any data is collected and transmitted to the District. Mr. Gaudette referred me to the District’s technology partner, GoGuardian. GoGuardian is an educational MDM platform that allows faculty to manage a fleet of Chromebooks in a classroom, and allows Administration the ability to remotely manage said issued assets.
I opened a query with GoGuardian directly and pursued them for answers to my questions:
- Does the product data collection include a) screenshots b) webcam samples (ability to take pictures by remote command), c) audio samples (ability to record and capture audio).
- Keystrokes (ie. keylogging), and pasted data
As you read the transcript of my inquiry with GoGuardian, you can clearly see they tried their best to evade my questions. After ending the chat session, I took it upon myself to try to get answers. I found a discussion thread on a Google Education forum that discusses many of the remote monitoring features in detail regarding GoGuardian’s core product. The product is capable of using artificial intelligence to collect data on students searches, usage, videos watched on youtube, and build a risk profile along with evidence that is transmitted back to the school system where is it then reviewed by school administration – whomever that is. None of this was told to me by Mr. Gaudette nor GoGuardian Tech Support in my initial inquiries. I felt like neither party wanted to disclose anything. When I circled back to Mr. Gaudette, I asked these questions to validate some facts and got a very terse reply:
- Can students bring their own device to participate, instead of using school supplied equipment?
- If the answer to question 1 is yes, does the school require the use of the GoGuardian software and by doing so does that action make the student-owned asset monitored by the school in the same likeness as school issued equipment?
- Are there any other MDM (Mobile Device Management) applications installed on school equipment besides GoGuardian? If so, what are they and to what extend and method is the monitoring carried out?
The terse reply:
This was of course, after I also included the copy of the chat transcript with GoGuardian in my previous email containing those questions. Mr. Gaudette was visibly unhappy I was prying about the BYOD option and the direct question to BYOD devices being “hands off” to the school, after all, I wonder how much have they invested in this GoGuardian spyware network they are assembling? Is that what our override is paying for, to send home chromebooks to students and spy on our students? I’m not a fan. Clearly if that is part of the agenda, a BYOD option in the program would counter the investment in the spying GoGuardian software the District plans to use! OOPS!
Later the same day, I also received a response from GoGuardian‘s team. They told me that GoGuardian does not:
- monitor microphones in deployed assets – what a relief!
- capture images with the built-in webcam – this is encouraging!
- keystroke logging (keylogging) – fantastic!
What they chose to omit clarifying was what I already learned in the Google Education forums: SCREENSHOTS of student sessions & activity, and recording and transmitting all internet searches and behavior! OUTCH!!!!
Seriously?!?! I specifically asked in my query for ANY AND ALL methods of data collection and monitoring techniques! GoGuardian IS NOT TO BE TRUSTED, and NEITHER IS THE SCHOOL DISTRICT! Here’s the email (click for larger image):
So they are basically not offering nor denying that they do the above activities (screenshot, search monitor, etc) in their core product, when there are administrators in the Google Educational forums actively sharing the fact that GoGuardian’s core product DOES do this!!! SHAME ON THEM AND THE NORTH ATTLEBORO SCHOOL DISTRICT!
See THIS Google Education Help thread about the subject! (image below in case thread is mysteriously taken down – click for larger image if needed) Seems this Kristen Mansell is a school admin that is quite knowledgeable on GoGuardian’s capabilities!
I am going to re-iterate that I applaud the District for embarking on 1:1, but I want them to offer to the Public, transparency about asset monitoring that CLEARLY declares:
- Full transparency: what they monitor, transmit, & store on issued assets when used off campus – exactly
- that there IS a BYOD option to the program (this seems to have been quietly withheld as I can’t seem to find any language of it on the school district’s website or original press release in both the email that went out to parents or the writeup in the Sun Chronicle
- that BYOD devices will not have any MDM or other software installed that reports student usage off campus back to the District.
- the specifications for hardware or software so that parents have some starting point guidance on selecting appropriate chromebook offerings in the market to be used with the 1:1 program, allowing students to participate when parents opt to supply equipment for their kids
I implore parents not to play down the issue, but rather give due consideration to what this means for your child and family as technology becomes increasingly used in the school curriculum. I’d ask that parents carefully consider the privacy implications for when the day comes that this is not an optional program, but a core curriculum requirement. Now is the time to seize the moment and ensure that our students have access to these teaching aids but not at the expense of digital intrusion by school districts into our private family lives. The line in the sand must be clearly drawn and respected. Please share with any other parents that may want to understand the full scope of the concern. Thank you for your time in reading.
I circled back and combed the naschools website and found a “BYOD” and “Acceptable Use Policy” published and deeply hidden in the technology department’s section of the website naschools.net. It seems because they buried these policies far into the folds of the site, that they are unwilling to be fully transparent as to the terms of the 1:1 program that the school participates in. I also found this FAQ page which (at the time of this writing) had a broken link to the mention of a BYOD policy. The school has not made any effort in being transparent about the program monitoring and data collection that they use visa vie the GoGuardian management software on school-issued Chromebooks. The scope and detail of this ought to be offered in full by the school – they need to do the right thing and be square with parents!
Recently, I found out that my 5th grader was using a school-owned Chromebook (also referred to as digital asset) in class & I promptly emailed her teacher and expressed my “no consent” of use. I immediately provided my 5th grader with her own chromebook and told her and her teachers (which was also copied to the principal) that the student owned chromebook was the only digital asset to be used for any class requirements requiring the use of a digital asset. Yesterday, my 5th grader forgot her chromebook at home and was again allowed the use of the school-issued digital asset after written (emailed) withdrawn consent (this is a COPPA violation!). Today I paid a visit to the District Administration building and spoke with the superintendent’s admin and explained the history of this issue and re-affirmed my withdrawn consent in person. I also stated that the District needs to offer and publish a transparent policy that clearly outlines the options, scope, and methods of digital monitoring in this program for parents. During this short meeting, I also stated that the District needs to quickly adopt a method for insuring that parental withdrawn consent is adhered to by all faculty. After leaving the Administration building, I took another gander at the naschools program FAQ page and noticed that the broken link I discovered back in my previous update has still not been addressed several months later! Here are some screenshots taken today (click for larger image on each) this is clearly unacceptable:
It’s come to my attention in working with other parents who have gone the BYOD route, that the District is apparently able to record and monitor searches and actions on BYOD chromebooks! This fact was NOT disclosed by Mr. Gaudette (Director of Technology) in the initial inquiry on July 11, 2018 (as seen in this article above). His statement of “we will not deploy GoGuardian to a BYOD” is not entirely accurate as it has become clear that GoGuardian operates within the naschools.net google apps domain that the District operates. So what this translates to, is that anyone using a BYOD Chromebook is still scrutinized and monitored by the District as long as one thing is true: that they log into the Chromebook using a NASchools account. That’s the key! To fully protect your child from being monitored off campus an on a BYOD Chromebook, you must refrain from letting your child use a NASchools account. Upon learning this, I immediately requested Mr. Gaudette to delete my child’s NASchools account. She will use her own personal account going forward for all digital assignments. Here is a warning received by a 6th grader in the District. Here are the facts surrounding this:
- The report misappropriates the chromebook to be school property – it wasn’t. The Chromebook this occured on was student owned (I verified this with the parent – and they produced receipts for the Dell Chromebook.
- The alleged act reported occurred OFF CAMPUS in the PRIVACY of the student’s home when he was home sick from school that day
Here’s what I learned after further inquiry to Mr. Gaudette as to how this activity was captured (click for a larger view):
The district has finally fixed the broken link to the BYOD (bring your own device) policy, but the policy does not seem to address the following:
- That a student’s activities (both on and off campus) will be tracked, stored, and can be recalled by NASchools Administrator.
- Monitoring & recording of student-owned devices used OFF CAMPUS and using a naschools.net account! (NASchools has no right to record activities on privately owned machines used OFF CAMPUS!)
- How BYOD devices, when using naschools.net accounts are subject to monitoring by GoGuardian (installed in the domain) and how activity recorded can be used against the student.
- How students on BYOD equipment can continue to engage in collaborative assignments when using Google accounts outside the naschools.net domain.
- How the District plans to educate its staff to make them aware of students who are not using naschools.net accounts and how they can support inclusive collaboration with such students.
(NOTE: my children use Google accounts outside the school’s domain)
On another note, I had a meeting with Scott Holcomb on June 13th 2019 to bring up the the above concerns and how NASchools can/will address those and provide transparency to families. As of today (8/26) I have not heard back from Mr. Holcomb. I will attempt to follow up and share what I learn here.