Imagine your search terms, key-strokes, private chats and photographs are being monitored every time they are sent. Millions of students across the U.S. don’t have to imagine this deep surveillance of their most private communications: it’s a reality that comes with their school districts’ decision to install AI-powered monitoring software such as Gaggle and GoGuardian on students’ school-issued machines and accounts.

“As we demonstrated with our own Red Flag Machine, however, this software flags and blocks websites for spurious reasons and often disproportionately targets disadvantaged, minority and LGBTQ youth,” the Electronic Software Foundation (EFF) says.

The companies making the software claim it’s all done for the sake of student safety: preventing self-harm, suicide, violence, and drug and alcohol abuse. While a noble goal, given that suicide is the second highest cause of death among American youth 10-14 years old, no comprehensive or independent studies have shown an increase in student safety linked to the usage of this software. Quite to the contrary: a recent comprehensive RAND research study shows that such AI monitoring software may cause more harm than good.

  • TexMexBazooka@lemm.ee
    link
    fedilink
    arrow-up
    2
    ·
    3 months ago

    Sooo schools should just provide devices to kids with no monitoring at all?

    There shouldn’t be an expectation of privacy on school/company provided devices, that isn’t how it works literally anywhere. It’s on the parents to teach their children not to use the device for personal reasons.

    Ideally the school machines should be limited to only allowing coursework and limited messaging between classmates and teachers, it’s a tool not a toy.

    Idk I just can’t get upset about this. Kids and privacy is kind of a tough one to begin with, I personally think kids shouldn’t have unregulated access to communication devices at all until like 14-15, maybe.

    • Vodulas [they/them]@beehaw.org
      link
      fedilink
      arrow-up
      17
      ·
      3 months ago

      Yes. There are tons of enterprise tools to lock devices to certain activities. Surveillance is not necessary and will be used to violate privacy, and I am not talking about just on device communication. Remember when companies were caught using their employees cameras without any indication on the device? The suspected benefits of surveillance is not worth the potential harm.

      • TexMexBazooka@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        3 months ago

        My company exclusively deploys machines with physical coverings for the camera and hardware disconnects for the mics.

        • Vodulas [they/them]@beehaw.org
          link
          fedilink
          arrow-up
          8
          ·
          3 months ago

          Good! Not all companies do that and I highly doubt school districts in most places will. They tend to be underfunded and understaffed

      • TexMexBazooka@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        3 months ago

        We just fundamentally disagree on what rights someone is afforded on a company provided devices. They can’t opt out because obviously not, you don’t get to just opt out of information security policies.

        It would be a different beast if the school didn’t allow you access coursework on a personal machine without installing their bullshit, thats a huge issue.

        • Hazelnoot [she/her]@beehaw.org
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          It would be a different beast if the school didn’t allow you access coursework on a personal machine without installing their bullshit, thats a huge issue.

          That’s exactly how it works at many places. Students can only use a personal device if it’s enrolled in the school’s MDM, which grants them just as much control.

          • TexMexBazooka@lemm.ee
            link
            fedilink
            arrow-up
            1
            ·
            3 months ago

            I agree on that point, nobody has the right to any information about me except for exactly what I choose for them to know. Speaking from an IT professional standpoint, if I deploy a device, I absolutely have the right to know anything that happens on that device. You have to from a security perspective.

            That’s why I don’t use any social media on my work laptop. Ideally that’s why social media is blocked on work machines so it’s a non-issue. Kids should understand that concept early, you do have a right to privacy but you also don’t control that device.

            • t3rmit3@beehaw.org
              link
              fedilink
              arrow-up
              4
              ·
              edit-2
              3 months ago

              Speaking as an infosec professional, security monitoring software should be targeted at threats, not at the user. We want to know the state of the laptop as it relates to the safety of the data on that machine. We don’t, and in healthy workplaces can’t, determine what an employee is doing that does not behaviorally conform to a threat.

              Yes, if a user repeatedly gets virus detections around 9pm, we can infer what’s going on, but we aren’t tracking their websites visited, because the AUP is structured around impacts/outcomes, not actions alone.

              As an example, we don’t care if you run a python exploit, we care if you run it against a machine you do not have authorization to (i.e. violating CFAA). So we don’t scan your files against exploitdb, we watch for unusual network traffic that conforms to known exploits, and capture that request information.

              So if you try to pentest pornhub, we’ll know. But if you just visit it in Firefox, we won’t.

              We’re not prison guards, like these schools apparently think they are, we’re town guards.