The Los Angeles Times recently reported on a snafu compromising the efforts of California's Los Angeles Unified School District to lessen its students' reliance on paper and streamline the information management process by leveraging take-home iPads instead.
The goal of the initiative was to issue an iPad to every student in the district, which is the nation's second-largest school system, within a year. However, this timeline now looks uncertain, as approximately 300 Theodore Roosevelt High School students – plus attendees of several other schools, including Westchester High and the Valley Academy of Arts and Sciences – have figured out a way to override the security settings on their iPads and surf the Web freely while they're not on the school's network.
"Outside of the district's network … a user is free to download content and applications and browse the Internet without restriction," two senior administrators explained in a memo to the Board of Education and LAUSD Superintendent John Deasy quoted by the news source. "As student safety is of paramount concern, breach of the … system must not occur."
Overriding the system
But a breach is exactly what did occur. By deleting their personal profile information, users were able to tweet, use Facebook, stream music and engage in other restricted activities while using their iPads at home.
"I'm guessing this is just a sample of what will likely occur on other campuses once this hits Twitter, YouTube or other social media sites explaining to our students how to breach or compromise the security of these devices," wrote LAUSD Police Chief Steven Zipperman in a confidential memo to senior staff obtained by the media outlet. "I want to prevent a 'runaway train' scenario when we may have the ability to put a hold on the roll-out."
As a separate article by the news source explained, Deasy had been a major proponent of the $1 billion initiative, which he viewed as a way to level the educational playing field for students in low-income and prosperous areas.
What exactly happened?
"Based on the information provided in the LA Times article, it appears that the Los Angeles Unified School District relied on simple ActiveSync profile restrictions in order to apply security policies to the students' iPads," wrote Lee Hutchinson for online IT news and review website Ars Technica.
He went on to explain that the profiles allow system administrators – in this case, school officials – to perform a variety of tasks, such as instating browsing restrictions, enforcing passcodes and remotely updating applications, but also noted that "an ActiveSync profile is easily installed – and it's also easily removed."
So why didn't anyone foresee this problem? As Hutchinson explains, the deployment of an ActiveSync profile's use within a business setting is very different to its use within schools. Specifically, workers who tweak or remove their profiles end up shooting themselves in the foot by limiting the accessibility of important tools they need to do their jobs (email, calendars, etc.) and might also be reprimanded for taking these actions. "Students gifted with locked-down iPads, on the other hand, almost certainly don't care about their school email accounts and they don't have to worry about being fired," Hutchinson pointed out.
The bottom line
Taking cues from the world of business process automation to become more efficient, a number of schools recently kicked off their academic years by debuting paperless initiatives that switch out textbooks and notebooks with ebooks and tablets. With this trend likely to further spread, educational institutions need to make sure they're taking the appropriate precautions to safeguard both the devices and their users.
Brought to you by Image One Corporation, providing complete information governance since 1994.