Students shouldn’t have to sacrifice security for credits

Security vulnerabilities leave students’ personal information at risk of data mining

Protecting your personal data online is a lot harder when classes use insecure programs. Photo: Maxwell Gawlick/The Peak

Update (15/06/2020): This article has been updated to clarify Zoom’s encryption and law enforcement cooperation policies.

By: Michelle Young, Staff Writer

Ever since classes scrambled to put their materials online, students have been attending courses via Blackboard Collaborate Ultra, Zoom, or other video conferencing software. They’ve also been prompted to use proctor software during exams, which monitors students via webcam and watches their screen activity. In the rush to quickly adapt to online courses, students have had to sacrifice their privacy to continue their education, and the absence of control over personal data in this transition is unacceptable. 

With the use of Blackboard Collaborate Ultra, personal user data — which can include names, email addresses, IP addresses, cookies, geographical location, and other identifying information — is shared with vendors, partners, and other third parties, and may be transferred outside of the country. Then, there have been Zoom’s alleged alarming privacy concerns. These include security holes that allow for unwelcome guests to appear in meetings if the host fails to implement proper checks, sending data through other countries, and giving the host a large amount of power to monitor attendees on a call. While Zoom has since resolved some of these issues with the implementation of strong encryption software for all users, and reassurances that security is its top priority, Zoom’s willingness to share user information with law enforcement when a “valid law enforcement request” is received remains an issue. This is especially concerning considering the ongoing protests regarding police criminality, both nationally and internationally

While all these security issues might not sound too concerning to some, students should have the choice about whether or not to use potentially compromised platforms instead of having to pick between missing attendance marks or sacrificing their data. 

SFU isn’t the only institution to rush to create a working remote environment, many businesses and organizations have also quickly shifted to accommodate the new circumstances, sacrificing data security in the process. Cybercriminals recognize this and have been taking advantage of these vulnerabilities. Internationally, there has been a spike of reports that concern cybercrime — including a 350% increase of phishing in March from January. With the mandatory use of these platforms, students’ cybersecurity weakens. If personal data isn’t stored correctly, the risk of sensitive information leaking and identity theft increases.

Another issue that has recently surfaced is the use of proctor software. While this seems to be justifiable for the purpose of preserving academic dishonesty, the use of these programs aren’t only an invasion of privacy, but are also a genuine risk to students’ data. In some cases, students may have to verify their identity via webcam with a government-issued ID or allow the exam supervisor to control their computer if the supervisor wills it. Students don’t have much of a choice other than to surrender their information and privacy if they want to take their exams and complete their courses. 

 

SEE MORE: Students raise concerns over use of proctoring software during remote exams

 

Many professors and teaching assistants insist on using these platforms because they’re convenient. Even in cases where users can tighten security, the onus falls on the host to do so. They can set up waiting rooms where the host has to accept individual attendees into meetings and use password-protected meeting links to ensure that only those who are supposed to be there are able to attend. Students can keep their software updated to ensure any bugs that might have been there previously are fixed — but that’s all the control they have.

Students shouldn’t need to potentially sacrifice their privacy and data via third-party applications just to access and complete their courses. It also shouldn’t be up to students as individuals to spend the extra time to try and safeguard their security in the very limited ways available for them to do so. As a research university, SFU should be stepping forward to address these concerns. As of yet, they haven’t given any indication that they are creating their own proprietary software to provide students with a better solution other than to use questionable outside programs.