It is not a loop hole, it is a command line utility that is installed, and then some client based software is also installed to control it remotely. Most consumer routers support NAT out of the box, which by default, disallows remote hosts to connect to the machines in your network with out the proper ports being forwarded. Remote desktop won't even work unless you forward the ports to the proper client. I doubt any student is going to do that.

Yes I am sure it is embedded in firmware, but only on PCs because Apple is not quite agreeing with this concept yet, though I hear it is in the works. That way if a machine's HD is wiped your client software is also not wiped. I would say it is worth it since it is tracked, they contact local authorities, and it is backed by an insurance premium and if they can't recover it they pay for the loss of product.

It's nothing at all similar. They haven't spied on your computer. They've looked at their sales records and sent you an e-mail.
The school wasn't keeping an eye on their own property, they were keeping an eye on the student. Keeping an eye on their property would have been inspecting the contents of the computer, either remotely or in person. Turning on the camera is drastically different.
Using the camera to help locate a stolen device would be valid, but there's no evidence that they thought it was stolen. In fact, the student captured in the screenshots was the "owner" of the device, which is evidence that it wouldn't have been thought to be stolen.

It looks like they were using the LANrev suite from Absolute software. I have pretty much no experience with it, but I do use their anti-theft product called Comp-U-Trace. We use Casper to manage the Macs at work

http://www.computerworld.com/s/artic...?taxonomyId=12

Here's Techdirt's take on it: More details emerging...

There are many laws about the use of cameras. Many gyms ban phones in locker rooms, people who look middle eastern can't photograph tourist attractions or bridges w/out getting hassled. Just owning one doesn't allow you to do whatever you want with it.

I'm sure people would be alarmed if I started secretly taking pictures of kids while they were doing homework in their own bedrooms.

A more reasonable use of this big brother technology would be to implement a policy that this remote safety measure violation of privacy is only used when the student is on the school's LAN.

The company I work for constantly reminds people that the computers are company equipment. At the same time we respect their privacy and ask permission before we connect. Extending this same courtesy to students would be a good move.

Looks like subpoenas are already in process.

I know that CWT feels that this is within the rights of the owners of the machine and that might legally be the case. What's dead wrong about this however is that laptops are often used in bedrooms in which teenagers might well be getting undressed. If I were the father of a young daughter in that school I'd be very upset at the possibility that someone for entirely illicit reasons could observe her when she happened to leave her laptop on. We've argued about privacy in the home, but there's an even greater expectation of privacy in bedrooms.

And that is precisely why schools should treat this technology as if it was high-level nuclear waste - run away, very very fast.

Nuke waste is rare too. But that's a stupid thought.
What I still don't get is the why they would do this? If they are connected to the Internet, they would be able to get your coordinates anyways (IP, Skyhook…). So you would know if they were stolen. Deeueheh…

Amazon has a terms and agreements page that you are required to agree to before opening an account. It's not their fault if you didn't read it before accepting the terms. You opted in when you opened the account. It's your responsibility to understand what you're joining. And it's not their responsibility to opt-in or opt-out. They're providing a service according to terms that they set forth. No one is forcing you to join if you don't agree with the terms.

To bring it back to this spying case, the school has admitted that they did not disclose that monitoring was possible or likely. If you're going to hold Amazon accountable for sending you an e-mail, in accordance with their terms, how could you possibly give a free pass to this school that actively monitored a student in their home without informing them that this monitoring might occur? Or is it now the student's responsibility to sort out every hidden (and invisible) option?

More info on the school spy
 

I just found some new, astonishing links to this spying story. The first contains an article that names a tech at the school, Michael Perbix, as being in charge of the monitoring software, and goes into some technical detail:

http://strydehax.blogspot.com/2010/0...gton-high.html

And Michael Perbix's website:

http://bestsinceslicedbread.blogspot...n-and-off.html

None of this answers my original question, but it's still important stuff.

Among a number of disturbing aspects of this story, many students at the school (maybe most, maybe even all) were seeing the webcam activity light activate frequently, and when they mentioned this to school officials, they were told it was a glitch common to Macs. Though Apple says something similar, I think the school was using this as cover for their activities--Perbix says in his video, that there were a number of cases in which they thought various laptops were stolen, but the laptops were right in the classroom, in use, and that he had to go through a number of snapshots of kids and teachers in the classroom before determining that the laptops were where they were supposed to be. He never adds that they also had supposedly erroneously collected photos of kids at home, and elsewhere outside school grounds, as a result of whatever supposed glitch was causing this to happen (which seems like a really sloppy glitch). For all we know, they're using the story about erroneous in-classroom "stolen laptops" as cover for why they also have pictures of kids outside school grounds.

Yes, and I'm sure the parents agreed to terms when the kid got his laptop. I have little doubt that those terms will eventually exonerate all involved, with a possible exception being the kid.

As has been said several times, both here and in other media, the school's terms did NOT mention this capacity.

Question for school IT staff: If a school laptop is required for classes, and an agreement is required to get the school laptop, what happens if the parents refuse to sign it?

http://arstechnica.com/tech-policy/n...of-lawsuit.ars

"Parents were never made aware that someone could remote desktop into their kids' computers—and possibly take a snapshot. The district now claims that it won't turn the feature back on without written notification to students and families."

Have you read any of the reports about what's going on here? What parent would sign an agreement that stated their children may be monitored by a 3rd party over video at any point?

Dude, you're giving them your credit card number. You're entering into a contract with the company. You don't think it'd be a good idea to read through their terms or see what they're going to do with your personal information?

And again, it's not your responsibility to wade through a terms of agreement document, but it is the responsibility of someone else to wade through the terms to find the monitoring clause, that you claim existed (with no supporting evidence), for these laptops?

Every parent who's ever accepted a school computer.
Being made aware is a red herring. The rules were set, and how they were to be enforced is up to the school.

No, I don't think it's a good idea. Legally, you enter into a contract when you buy a cup of coffee. That doesn't give the vendor the right to sell your contact information.

So then you agree that Amazon is on equally shaky ground with the school? I have no problem giving the school a hard time over this as long as we do the same with corporations like Amazon.

Re: Quibbling
 

.
CWT,

While your earlier posts were on topic, you’re now quibbling and pushing the thread off on a tangent. Poster after poster has told you so. Please cease and desist!

There can be no reasonable comparison between activating a webcam in a student’s bedroom and sending an innocuous but unwelcome email.

The idea of Amazon invading your computer is patently absurd! Amazon’s unwelcome email was not sent to your computer -- it was sent to your mailbox. You yourself used your computer to fetch it from that mailbox. ;)

If you wish to discuss spam and unwelcome email -- or argue the point -- you must do so in a separate thread.

-- ArcticStones

.

That secret, hard to remove program is not installed on your computer. It's installed on their computer. When anyone installs anything on their own computer, it is not spying.

Honestly, I see this thread as being about two things:

1.) Sexism, as parents are mostly concerned with protecting their daughters, who they obviously see as the weaker sex.

2.) Rampant anti-government hysteria that's been generated by international corporations like Fox News ever since the Democrats won last year. Businesses do far worse every day, but one school district has a small public relations problem and it becomes a big issue. Sad.

.
I believe you’re right.
Thread locked for now.
.

NB. Split thread
 

.
PLEASE NOTE:
In a series of posts, Webcams activated by a school were compared to Amazon sending out unwanted email. As this is a very different issue, I have started a separate thread and moved over the posts in question. For those interested in discussing that issue, do so in Amazon, privacy and spam.

This thread is reopened. Let’s keep it on topic!

-- ArcticStones
.

D'oh! I just posted a winded and well thought out response in the other web cam thread since this was closed:

http://forums.macosxhints.com/showpo...6&postcount=19

Here are my thoughts on it.


[Moderator’s edit:
I am duplicating that post here, as it is highly relevant to both threads.]


I also work in a 1:1, which means I manage 6,000 Macbooks. Students all over the district tape their isight over since they think we are spying on them. Truth is, I build all the software installs and images and I have never once put the command line application to control the isight remotely.

This is most likely how the story went, as I have been in IT in academia for 5 years now.

1) School board has a meeting about possibly going 1:1 with their students

2) They get budget approval, parents feedback, project management

3) Concerns are raised about asset control, and how to mitigate stolen laptops

4) Board implements plan and tells IT to just make it work

While, I do not know this guy personally, so I cannot pass judgment on his character, but I can tell you how school systems work. Directors and executives sometimes go to IT and say here is a bunch of random technologies we want and this is how we want to use them, now make it work. This guy figured out how to deploy and control the command line binary to control the isight through the LANrev and when the beacon feature on absolute's end they were able to get the remote WAN IP and DNS and send out a policy to the client and have it execute. The guy probably thought he had figured out a really cool method of anti-theft. Which, we know is effective from previous stories of people's Mac laptops being stolen and users using things like logmein.com to remotely activate the web cam and take pics. That was probably the most famous one as it made several newspapers, but there are other stories where this proves as a valid tactic to recover your stolen equipment.

see this article: http://www.switched.com/2008/05/12/s...back-to-my-mac

Some people are saying that LANrev is a trojan and used as spyware by the IT crew on the students and staff. LANrev is a power tool, used by IT for enterprise implementation. There is a launch daemon that controls these tools that does in fact run as root. This is because some of the features are like if you can't recover a stolen laptop you can do a remote wipe of the drive rendering it useless and also possibly saving any "top secret" data your company may have on that laptop. These sorts of things need to run as root to execute, as well as installing packages and so forth. These tools give you great power over the system, and just like anything with great power comes great responsibilities. You need to use best practices and you need to not overstep your boundaries, but you also need to protect your organizations assets, because nobody wants to lose money on stolen equipment.

So, given the situation, when a computer is not your property, and many company's and organizations will flat out in their AUP say that you can and will be monitored while on company equipment and that is all with in the company's right to do so. The company is it's own entity and has the right to protect it's own property, which is a strange concept maybe but one that is stated here in our country. This laptop was considered stolen property, from what I can tell, and the method used to recover it may have been what I would call, "NOT a best practice." If the kid did indeed take the laptop home and was not suppose to, then that laptop is considered stolen, this is how it would be at my school district. I also think that activating the web cam is an OK practice if they had used, "Best practices."

Example, when a laptop gets stolen at my district we have the student or the person who is claiming it to be stolen (or missing) file a police report with the school officers. Then we take that police report with all the given info and go to Absolute's website since we use computrace and report it stolen on their end. We then activate the beacon, find out where it is and subpoenas and warrants are issued. Most of the time the school will give the person a chance to turn it back in before they press charges. When you get the police involved, people tend to give back your stolen property. I think we have recovered around 90% of our laptops this way that have been stolen. There have been several people that did not turn them back in and got prosecuted and since they are valued at over $1,000 each (after you include apple care and software licensing) it is actually a felony charge of theft. This also validates the police using that laptop as evidence for any other crime committed. This is where the 4th comes into play. If we did it on our own, and found the kid was selling drugs or committing crimes and there was evidence of this all around his room which was caught on the web cam, but none of it was on his computer it would be dismissed from court. However, you file it stolen, and there is a warrant and probable cause that changes the situation.

Some of the students are a pain in the ass, they love to break policies and give everyone a head ache, but that is how teenagers are. I was kind of a hell raiser myself back in the day. I think the worst part of this whole ordeal is that it is going to hurt that school's 1:1 program, which is a shame because I think high school kids benefit exponentially from having a laptop to use every day. Day to day computer use is an actual viable job skill, and can lead to many other jobs as well. Someone will most likely have to resign from their position, if not multiple people, the family may be able to file suit against the school in civil court and drain an already busted and under budgeted system crippling their 1:1 program. If the kid stole the laptop I don't think he should be rewarded anything for breaking the law, but like many people have said there is a lot of facts missing from the whole situation.