School Surveillance | News

Lower Merion Seeks Outside Help with IT Policies in Wake of Webcam Suit

The school district enmeshed in a lawsuit for using school laptops to capture images of students without their knowledge has just signed a $25,000 contract with SunGard Services to help with IT auditing and policy development. The school board for Lower Merion School District in Pennsylvania approved the emergency expenditure in May 2010 after reviewing a report from a national legal firm that investigated the district's use of a "theft tracking" Webcam feature.

"There are a number of policy requirements delineated in the recent court order the district received," said Superintendent Christopher McGinley during a board meeting. "In order to fulfill both requirements and to make certain we're taking appropriate considerations in terms of the state of the art in other school districts, we are asking the school board to approve the contract with a company that specializes in IT governance, so that our policies we'll be working on in the next couple of months are fully developed and complete before we turn them back to the board. This will involve a number of policies in the area of technology."

McGinley told the board that one reason the district chose SunGard after a request-for-approval process was because the company has worked with several school districts, "including a local school district that faced a number of very significant challenges a couple of years ago. We've heard very good reports about that work."

The district has also rounded up 50 volunteers--made up of students, teachers, staff, and community members--to participate in an expanded Technology Advisory Council. The district told the Philadelphia Inquirer that the council would be meeting shortly for the first time.

LANrev, the program at the heart of the school district's problems, is under added scrutiny lately since the release of a video by a Seattle security firm to Wired showing a security vulnerability in the software that allows a hacker to spy on users. Leviathan Security Group told Wired that it began examining the computer tracking application when business clients asked whether the program could be exposing their employees' machines to outside intrusion.

The company said it discovered the vulnerability in the program's authentication key, which has nothing to do with the contentious Theft Track feature at the heart of the district lawsuit. The Theft Track feature has been turned off by vendor Absolute Software, which acquired the company that had developed it. The security problem, which exists on all computers running LANrev, is "fairly easy to decipher," Wired wrote. "It took Leviathan just a few hours to determine that it's a stanza from a German poem. The key is the same for every computer using LANrev."

Absolute Software told Wired that it was aware of the vulnerability and would be fixing it in time for a new release expected in July.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.