US School Remotely Spying On Kids With Webcams

The big news that has been blowing up in the past week or so is about a relatively unknown school district in Pennsylvania, US that has been spying on its students using Macbook webcams.

It has actually turned into a class action lawsuit and there is a lot of debate surrounding the story, the school claims they were using the software and ‘spycam’ functionality simply to recover lost laptops rather than actually spying on their students remotely.

The lawsuit deals with the issue of unauthorised access to the webcams and the actions could also possibly violate wiretapping laws. The lawsuit itself can be found here [PDF].

A suburban Philadelphia school district accused of secretly switching on laptop computer webcams inside students’ homes says it never used webcam images to monitor or discipline students and believes one of its administrators has been “unfairly portrayed and unjustly attacked.”

The Lower Merion School District, in response to a suit filed by a student, has acknowledged that webcams were remotely activated 42 times in the past 14 months, but only to find missing, lost or stolen laptops — which the district noted would include “a loaner computer that, against regulations, might be taken off campus.”

“Despite some reports to the contrary, be assured that the security-tracking software has been completely disabled,” Superintendent Christopher W. McGinley said in a statement on the district’s Web site late Friday. Officials vowed a comprehensive review that McGinley said should result in stronger privacy policies.

Harriton High School student Blake Robbins and his parents, Michael and Holly Robbins, filed a federal civil rights lawsuit Tuesday against the district, its board of directors and McGinley. They accused the school of turning on the webcam in his computer while it was inside their Penn Valley home, which they allege violated wiretap laws and his right to privacy.

It’s turning into a massive case and is generating press all over the globe, someone powerful technology was used by a perhaps over-zealous network admin named Mike Perbix.

You can also check out this very well-written and researched post on the technologies and methods used here: The Spy at Harriton High

There are people on all sides of the fence in this case, I personally think it was an interesting and effective use of technology but definitely should not have been implemented without disclosure. If you want to officially spy on people for theft prevention or asset tracking you should forewarn them.

The suit, which seeks class-action status, alleges that Harriton vice principal Lindy Matsko on Nov. 11 cited a laptop photo in telling Blake that the school thought he was engaging in improper behavior. He and his family have told reporters that an official mistook a piece of candy for a pill and thought he was selling drugs.

Neither the family nor their attorney, Mark Haltzman, returned calls this week seeking comment. A listed number for Matsko could not be found.

“We believe that the administrator at Harriton has been unfairly portrayed and unjustly attacked in connection with her attempts to be supportive of a student and his family,” the statement on the Lower Merion School District site said. “The district never did and never would use such tactics as a basis for disciplinary action.”

A district spokesman declined further comment on the statement Saturday.

Lower Merion, an affluent district in Philadelphia’s suburbs, issues Apple laptops to all 2,300 students at its two high schools. Only two employees in the technology department, not administrators, were authorized to activate the cameras, which captured still images but not sound, officials said.

“While certain rules for laptop use were spelled out … there was no explicit notification that the laptop contained the security software,” McGinley said. “This notice should have been given, and we regret that was not done.”

There is a plethora of information about this online including testimonies from current students, previous students and parents of both.

Many students suspected they were being spied on and taped up the cameras, wisely so it seems. But for the average computer using teenager if the school network admin tells them the green light next to the camera blinking now and then is a glitch they are going to believe it.

That right there is lying and makes the whole thing horribly suspicious, surely you only have the right to spy on kids if you have their parents consent..and even then it’s still a bit shady.

Either way this is a morally, legally and technically interesting case and I’m sure it’ll be heating up even more before it blows over.

Source: Yahoo! News

Posted in: Hardware Hacking, Privacy

, ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

5 Responses to US School Remotely Spying On Kids With Webcams

  1. Morgan Storey February 25, 2010 at 1:50 pm #

    They could have disabled the little green light. I had a friend who was a Blackberry admin who setup a lost/stolen blackberry script that would then message the phone to turn on the camera and email pictures, gps location, and audio recordings till he told it to stop. The staff where aware of this feature though and so where managment, the person who lost the phone would have to call before he would activate it, he only ever used it to find lost or stolen phones, and managed to nab a few crooks in the process.
    Maybe they needed to secure it from their admins if they were un trustworthy, something like having to put in a result of a password the owner could give them that was hashed against a management known passphrase.

  2. cbrp1r8 February 25, 2010 at 3:56 pm #

    This is a huge privacy issue, and nothing noted in writing or in warning on the laptops from what i’ve read. Even though its school property there’s still the “assumption of privacy” inside one’s home and this violates privacy law.

    I personally, have a nephew in Ohio that they do something similiar to this with, they issue laptops to computer science students at the beginning of their year in the class and the student/parents pay a percentage of use fee and then keep the laptop at the end of the course which i think is like 2-3 years. This offsets schools costs, gets the kid a laptop and helps school not have to deal with old equipment removal at the end of courses. These are monitored and there’s a warning on there screen that pops up (this is to make sure there not virus infected etc as well as to protect the schools network). This is assumed and makes sense for all parties in this case to protect them and the school from malware.

    Now take this case, and twist it in the worst way possible…if this was your 14-17 yr old son/daughter and he/she was getting undressed into pajamas at night when this camera pops on..well that’s now child porn..they should all go to jail IMHO…This is rediculous that a school would do this…i say prosecute to the full extent of the law. It’ll probably be some peon IT guy that goes down for it, but still he was directed by someone …yes?

  3. jim February 26, 2010 at 1:27 am #

    What would happen if the picture came back with a younger sibling that did not even go to that school in a state of undress.What would the school do then.

  4. geohac February 27, 2010 at 4:37 am #

    A very bizarre story indeed!

  5. Glenn February 28, 2010 at 6:40 pm #

    Educators on a power trip without any understanding of technology and law. Duct tape fixes all problems.