Private Eyes Are Watching You...

If you know anyone living in Pennsylvania--or if you just happen to follow such things--you probably heard something about the Great Lower Merion School District WebCam Scandal of 2010®, otherwise known as WebCamGate

For those who haven't heard about this incident, the nutshell version is that a school district in Pennsylvania has, for the past few years, participated in a "one-to-one" laptop computer educational program throughout their high schools. Every high school student throughout the district is given a laptop to either replace or enhance the traditional textbook curriculum, giving them the ability to do homework, write essays, do online research and so forth while also learning more about the use of technology in the classroom. These sorts of programs are becoming more and more common throughout the country as schools try to tear down the "digital divide" between wealthier and less-fortunate students, giving everyone equal access to the tremendous amount of information and power of the web.

Obviously handing out thousands of expensive laptop computers to teenagers also brings with it the potential for loss, theft and damage, which is why any properly-implemented version of a "one-to-one" program will include a carefully thought-out policy for preventing or correcting these problems. Lower Merion does indeed have such measures, including a mandatory insurance purchase requirement and strict rules about maintenance, inventory control and so forth.

Unfortunately, it turns out that they also had one additional theft/loss-protection method...which they failed to tell either the students or parents about: 24-hour a day, remote access to the laptops' built-in webcams, even when the laptops were off the school grounds. The school district apparently had the ability to turn on the cameras of any laptop at any time, regardless of whether the computer was on the school's network or the students' home ISP. If the laptop was turned on and online, the school could turn the built-in camera on, in most cases without the student ever knowing about it.

This part of the program was only made public recently, when one 15-year-old student and his family discovered the remote-surveillance capabilities and filed a lawsuit against the school district. Since then, the story has quickly spread all over the web and the news media. County prosecutors are investigating wiretap/privacy laws. Federal prosecutors have issued subpoenas and the FBI has gotten involved, as has the ACLU.

While this could certainly be effective in helping to locate a lost or stolen computer, it also should have also sent a huge red flag up to anyone involved in the decision-making process. The instant they realized they were talking about the ability to effectively install secret cameras in the bedrooms of high school students, they should have dropped that particular portion of the program like a hot potato.

Now, I'm not writing about this to try and scare anyone out of participating in similar programs. Not every laptop has a built-in webcam, and my guess is that most schools running "one-to-one" laptop initiatives don't have such software installed. Those which do are, for the most part, wise enough to restrict such capabilities to within the school network itself, and even they are probably scrambling to rethink the use of remote webcam software in the wake of the Lower Merion case.

HOWEVER, this case does highlight the importance of being aware of the fact that, whether it is actually being monitored or not, pretty much everything that you type or do online could be being either monitored or recorded by someone, somewhere. Deleting an email from your hard drive doesn't necessarily delete it from the server. Deleting it from the server doesn't necessarily delete it from your ISP's (or hosting service's) backup copy. And even if all of those copies are gone, that doesn't necessarily mean that the person who you sent the email to (or who sent it to you) deleted every copy they had--or that they haven't forwarded it on to one or a thousand other people. And even if every copy from everywhere has been deleted--there are any number of ways of restoring data from a hard drive even after it's been "deleted".

The same holds true of instant messages, Twitter or Facebook posts, and (as former Detroit Mayor Kwame Kilpatrick infamously discovered) mobile phone text messages.

Does this mean you should be paranoid? No. Not all personal information is easy for third parties to access, and doing so may be illegal, so this doesn't mean that everyone in the world is spying on you; the odds are that few, if any, actually are.

What it does mean is that you should use common sense when posting information online, just as you should anywhere else. You shouldn't shout out your credit card or social security numbers on a crowded bus, and getting undressed on your front lawn probably isn't a wise thing to do; similarly, use care when you post sensitive financial or personal information online. Making extreme political or social statements can lead to awkwardness at the office or around the dinner table--similarly, posting a political diatribe on Facebook can lead to unintended consequences if your boss, other co-workers or family members have been "Friended".

In short, say whatever you want to say--just remember that your words may be read by more people than you intended, and proceed accordingly.