School District PREYing on Students

The Lower Merion School District recently admitted to activating the webcams on 42 “missing” school-owned laptops without the knowledge or permission of students and their families. Surprisingly, the software that performs this function is not only widely available, it’s free and downloadable by anyone.

One such program is called Prey. It’s open source and was recently discussed in this TechRepublic video.

Prey is a lightweight program which runs in the background and is completely hidden to the end user. It’s built in modules so an administrator can choose whether or not to install certain features like the ability to activate a laptop’s webcam. Clearly, if they were using Prey (and it is by no means certain that they were), someone in the Lower Merion School District choose to enable this function. A laptop does not need to be “missing” in order to activate one or more of Prey’s monitoring capabilities. An administrator, or anyone with access to the Prey internet control panel, can activate, for example, a laptop’s webcam, anytime.

I am, perhaps, always the skeptic in these matters. But as anyone who has read this blog knows, this kind of activity is not surprising. Remember Brannum v. Overton County School Bd, covered here, where school administrators installed and operated video surveillance equipment in the boys’ and girls’ locker rooms? What about strip searching students over Advil in the Savana Redding case? Even the FBI was implicated when several employees were caught using security cameras to spy on underage girls in a dressing room during a prom dress charity event.

Sadly, it shouldn’t be shocking to anyone that the Lower Merion School District administration is finally joining the cyber sexting party. Even sadder is the fact that some students knew something was amiss with their webcams but either didn’t care or just chose to cover the webcam with a post-it.

Now where did I put my laptop? Hey, who deleted my copy of Brave New World. And why is my webcam blinking . . . . Thank goodness it’s only the school nurse making sure I’m not chewing on an illicit Advil. Ms. Miller, if you’re out there, it’s only a cinnamon flavored tic tac. Really. It is.

4 Replies to "School District PREYing on Students"

  • James R. Marsh
    February 23, 2010 (5:30 pm)

    Apparently they were Mike and Ike candies, not tic tacs. Read this piece about the contraband candies, the assistant principal’s admission that she “caught” a student using illicit drugs via the webcam (which lead to the lawsuit), and a Lower Merion tech staffer crowing about the benefits of the remotely activated webcams in a May 2008 webcast. Simply incredible.

  • James R. Marsh
    February 23, 2010 (6:45 pm)

    More interesting details in this story from the Washington Post:

    “Despite some reports to the contrary, be assured that the security-tracking software has been completely disabled,” Superintendent Christopher W. McGinley said in a statement on the district’s Web site late Friday. Officials vowed a comprehensive review that McGinley said should result in stronger privacy policies.
    “We believe that the administrator at Harriton has been unfairly portrayed and unjustly attacked in connection with her attempts to be supportive of a student and his family,” the statement on the Lower Merion School District site said. “The district never did and never would use such tactics as a basis for disciplinary action.”
    Only two employees in the technology department, not administrators, were authorized to activate the cameras, which captured still images but not sound, officials said.
    “While certain rules for laptop use were spelled out … there was no explicit notification that the laptop contained the security software,” McGinley said. “This notice should have been given, and we regret that was not done.”
    The district’s Web site said 42 activations of the system resulted in the recovery of 18 computers, not 28 as district spokesman Doug Young had said earlier. They reiterated that it was done only to locate lost, stolen or missing laptops.
    “The district has not used the tracking feature or webcam for any other purpose or in any other manner whatsoever,” the Web site said. The site also noted that there was nothing to prevent students from covering the webcam with tape.

  • James R. Marsh
    February 25, 2010 (10:35 am)

    For people interested in the tech aspects of this case, check out these blog entries by Stryde Hax:
    The Technology Behind School Spying
    The Spy at Harriton High
    Network Fingerprint for LANRev Agent

  • James R. Marsh
    April 3, 2010 (9:47 am)

    Today’s New York Times editorial:

    Conducting video surveillance of students in their homes is an enormous invasion of their privacy. If the district was really worried about losing the laptops, it could have used GPS devices to track their whereabouts or other less-intrusive methods. Whatever it did, the school had a responsibility to inform students that if they accepted the laptops, they would also accept monitoring.
    The law should also do more. The Wiretap Act prohibits electronic eavesdropping on conversations and intercepting transmitted communications, such as e-mail. It does not cover visual surveillance. That was a mistake when parts of the law were passed in 1986, but it is an even bigger problem today, with the ubiquity of cellphone cameras, and online video services.
    The act should be amended to prohibit video and photographic surveillance of people without their consent in their homes, hotels, and any other place in which they have a legitimate expectation of privacy.