Alarm Over the School iPad Bandwagon

Raising Alarm Over Electronic Devices To Be Sent Home With Kids

Posted: September 30, 2013; Last Update: October 1, 2013

This letter is for three purposes regarding the roll-out of Apple iPad devices to our children from the local school district:

  1. To observe that children and their families will be exposed to significant and real risks;
  2. To educate parents about the risk factors and issues around the use of such devices for schools in specific;
  3. To raise important questions that the school district has not publicly answered before launching and then expanding this program.

In summary form, the concerns this letter addresses include:

  • The school district is placing Internet-enabled remote-controlled video web-cams in the hands of our children via the iPad devices and mandatory school-installed software. By sending the devices home they put children at risk of being covertly observed, tracked, or photographed, as has already happened in other school districts;
  • The school district is requiring parents to either purchase an insurance program for the devices issued to their children, or else take on full personal financial responsibility for repair and/or replacement;
  • The school district will not be able to prevent children from hacking the iPads and bypassing content restrictions and controls, as has been widely demonstrated in other school districts;
  • No scientifically accepted data has been presented for the improvement of education outcomes iPads to date;
  • Fundamental questions regarding purpose, criteria, and success or failure metrics have not been discussed or presented to the community;
  • No sustainable financial framework behind the adoption of these devices has been formulated.

As parents of children in the Corvallis school district (CSD509J), we were surprised when we read Cheldelin Middle School’s first newsletter for the academic year and learned that an Apple iPad would be issued to one of our children this year.  The advanced public announcement appears to have taken place in the Corvallis Gazette-Times in late August 2013, but we do not receive this paper. According to the Corvallis Gazette-Times reporter Anthony Rimel, there were a few write-ups in various forms within the Gazette-Times, as well as discussions in CSD509J school board meetings.  As parents, we were unaware we should attend school board meetings to be informed of significant upcoming events. We assumed erroneously that the schools would notify us directly of such events in a timely manner.  We were informed that by sending the iPads home the school district is expanding a prior small pilot program testing iPad use in the classroom. Cheldelin is one of several schools in the district that will now issue Apple iPad2 devices directly to each of their students through the new 1:World program. A brief Q&A document hosted by the district on the topic can be found on the district website [11] and in their specific 1:World document [9].


These iPad devices are being issued with the expectation that they will go home each night with the students.  Each iPad has a built-in camera and microphone that cannot be physically disabled. Additionally, the iPad will have a district-selected software product, AppTrak by Lyceum Solutions, installed for management purposes.  This particular piece of software includes the following abilities as an advertised “benefit” for the educational market by the vendor on their website:


[…] a teacher can enable and disable things like cameras, […] FaceTime, […] etc., on-the-fly […] on the devices […] all from a simple web interface.


I hold a PhD in Computing, and am a Senior Research Scientist working for a high-tech company in Hillsboro, Oregon.  When I personally read that vendor claim, in lieu of the opening phrase “a teacher” I substitute the phrase, “any person with access to the school system software, or anyone that can hack into the school system network.”  I encourage you to re-read that excerpt from the AppTrak website with my substitute phrase, and then reflect about what that might mean for you, your children, and these devices in your home.

As an example of how this kind of well-intentioned software has turned out in real usage, look no further than the various lawsuits (some still ongoing) between Philadelphia’s Lower Meriod School District and their students.  Those students were issued Apple laptops with similar software installed, and discovered that some laptops were filming them in their bedrooms, many students in partial states of dress.  These video recordings were being sent back to the central school computer system and stored there.  Wikipedia has a review of the history, evidence, and status of the lawsuits arising from these incidents [6] including non-trivial settlements.  Needless to say, the idea that the school-issued laptops were secretly recording nude, partially-nude, as well as fully clothed students in their bedrooms should be a significant wake-up call to the school district regarding remote-control over cameras.  The concern should not just be limited to monitoring in the bedroom, obviously.


Privacy concerns are not restricted to the environment outside of school, however.  The Cheldelin Middle School technology staff member runs the computing resources within the school.  My daughter came home this past week with a story about how the students know that the school technology person monitors them from time to time when they use class sets of iPads, although they had never obtained proof of this.  One student decided that it would be funny to use his iPad to compose a letter to the tech person. He was in the middle of doing so when apparently the screen was observed, and the tech person responded to the student directly via his iPad by typing back.  While the children were amused and amazed at this example of remote control over a computer, this technology has been around for decades and is well known. It is trivial to not only see what students are doing on their devices, but also to manipulate the device features.  We worry that students will carry some of these devices without covers or bags into sensitive locations such as restrooms or the PE locker room, where students will be in various states of undress. While we understand that teachers and administrators want the ability to monitor students in the classroom for on-task behavior, it takes just one accident and the PE locker room has been visually recorded. In the 1:World FAQ provided by the school district, the PE locker room was mentioned, but only as a location where the devices might be at more risk for theft – the privacy situation has been overlooked.


I asked the Cheldelin Middle School principal, Jeff Brew, whether the devices would be expected to come home or stay at school, and was told yes, the children would be given work they would be expected to complete at home using their iPad device. I also asked the principal whether parents would be given full “administrative” rights and controls over the device, such that we could disable cameras and microphones, limit access to the Internet, and put further restrictions on the device.  I was told by Principal Brew, via his inquiry to the district technology specialist Rob Singleton, that the answer was no. Parents will not be given administrative rights or the equivalent control over these devices.


In essence, the school district is issuing an Internet-enabled webcam to my 12-year-old daughter, and is telling her to take it home and keep it with her at all times.  Meanwhile, it is remote-controlled, cannot be blocked or disabled by parents due to lack of “administrative” rights, and is trivially enabled to “wake up” at any arbitrary time and take recordings of what my daughter is doing.  If the school were issuing a device under my personal control, without the remote-control software, I would at least know that I put in my own best efforts to make the device safe for my daughter. As things stand, however, all I am being told as a concerned parent is, in summary, “there’s nothing you can do about it other than decline to allow your daughter to receive the device.”


Internet Security is, essentially, a never-ending arms race.  Today, each person using a computer or other electronic device installs some anti-virus package and other “security” software to protect against malicious attackers.  This effectively means that the attackers must write even more clever software and find new weaknesses to exploit. The unending stream of patches and update notices we each receive on our computers, most of which are to fix security holes after attackers have already exploited them, are unpleasant markers of how poorly this race is progressing. Over the past thirty years, this arms race has done nothing but go faster, with higher stakes, and higher extortion rates.  It is not a question of “if” a system becomes compromised; it is a question of “when” and “how bad.”


Once a picture or video clip has been taken in the Internet age, it is “out there” on the Internet forever.  Kids have been bullied over all kinds of things online [7], with a large part of the online victim populace bullied for explicit pictures taken with or without consent.  Too many children have taken their own lives after the subsequent stalking, harassment, and emotional trauma from these events [8].  By the time something wrong happens with these devices, it is too late for us to do anything to prevent further dissemination of pictures or videos – it will be “out there” on the Internet forever.


In today’s society, it is even becoming routine to discover “sexting” extortion/blackmail [18] by malicious students in high school and college that exploit software weaknesses to secretly film others.  These recordings are deliberately made for blackmail purposes. The common element to all of these scenarios is that blackmailers knew that the victims possessed such devices and thus knew where to look for weaknesses in the technology. By focusing their attack on these weaknesses, they were able to covertly manipulate the devices for their own purposes.


How long will it be before those outside the school district, who strive to exploit others, focus all of their efforts on a publicized single point of attack at the school system computer services?  The CSD509J district cannot afford a technology security staff or equipment that is capable of defending from such efforts, or from the escalating sophistication of attacks.  Even with CSD509J pooling resources with other school districts, their capabilities will never be sufficient. Defenders always lose an arms race, and the more information that is available to potential attackers, the easier their task becomes to gain entry.


There are no published security evaluations of the district-installed remote control client software running on the iPad devices, nor a “hardness” rating for security of the protocol and command structure of the remote control system itself to that client.  Is the AppTrak client software running on the iPad prone to attack due to weak protocols, lack of encryption, unsophisticated validation of credentials, or other flaws?  What third party security agency has been contracted to review and validate the design and implementation?


We are all aware that inappropriate relationships sometimes happen between students and teachers or staff. From time to time we hear of these events in the news. They represent sad, extreme cases where something has gone very awry in the teacher-student relationship, overpowering the sense of right and wrong. Although they are rare, we question whether the district has thought through the potential consequences of issuing iPads to both teachers and students, while allowing teachers to have control of the devices remotely. The iPad’s remote controlled cameras and ability to function as a private communication device may prove too much temptation for those adults who would otherwise refrain from inappropriate contact out of fear of exposure.


Under the proposed school district system, it takes exactly one teacher or school district employee with one moment of weakness to ruin the life of a child.  It takes exactly one malicious attacker, aware of the already publicized software the district will use, exactly one success breaking past one school firewall, perhaps because one particular person had a weak password or weak client software security design.  It takes just one event to ruin a child’s life – potentially, that child is my child, or that child is your child.


Control and regulation of the device is not a concern that is limited to external threats in the form of accidents by school staff or malicious attackers.  Besides using the iPad for school work, the students receiving these devices can be counted on to explore the limits of the iPad for their own purposes.  The school district is using their own security services and filters to “lock down” the devices so that students will not have unlimited access and usability of features, such as downloading custom apps or accessing inappropriate content over the Internet.  While this is a well-meaning effort, other school districts have encountered the same Internet security arms race in controlling their devices, and have yet to come up with a working solution.  Within hours of distributing approximately 2,000 iPad devices in Indiana, one district found that the students had bypassed school controls on 20% of the devices [13]. This allowed them to bypass restrictions on pornographic material, apps, and download controls.  Very recently the Los Angeles school district abruptly halted a $1,000,000,000.00 roll-out of iPad devices to every student when students trivially bypassed the school’s internet controls [19].


While the specific methods used to bypass the Los Angeles controls would not be as easy to replicate with the CSD509J’s controversial district software AppTrak installed, it simply demonstrates the nature of the arms race: given time and bored students, all weaknesses will be found and exploited.  Every device issued by the school district will route all traffic through the school network for content filtering reasons.  That same school network is the primary vehicle for remote controlling any device via the AppTrak software.  Given that every student is by default on the school network at all times, how long will it be before students are hacking the remote control software interface of their peer’s systems?  Regardless of intent behind such actions, students that attempt to do so become the same as any other malicious attacker to the system, except that they are already inside the school network and thus have a much lower barrier to success.


To further complicate things, the 1:World program guidelines state that schools may add or remove software at any time from the devices.  No statements or policies are expressed that detail what procedures will be followed or notification given regarding such additions and removals.  What level of consent will be asked of parents before new software is added?  What if the new software contains significant privacy risks (or other forms of risk) that we would not find acceptable?  The lack of documentation and policies regarding transparency and consent is very troubling.


In yet another twist of privacy concern, nearly all current Apple devices are capable of silently tracking their physical location.  This location information is generally logged into a file on the device, which is trivially accessible [22].  Earlier models required certain hardware features, but in general all current-generation devices have the features required for location tracking.  Should our children be trackable by anyone?  Will predators be able to exploit this information?  Will children in protective custody be inadvertently put at risk by their carrying of a school-issued device?  Will the remote control components of the school-issued device, which allow silent modification of installed software, be used to silently install (by the school or malicious third parties) one of hundreds of location reporting applications [23] to the device?


Since the iPads are being issued by the school, with school-mandated remote control and monitoring software installed as well as content filters, will the school district become liable for what happens when students use them to inappropriately (e.g. bullying)?  Schools increasingly find themselves held legally and financially responsible for actions that happen with their resources and when children are under their observation [24], including bullying, threats, and other socially-unacceptable actions.  Additionally, there is a legal expectation to maintain records of all events done when such devices are monitored [25].  What are the policies regarding data collection from these devices?  What is the lifetime of that data collection?  Under what conditions can any or all of that data be given to third parties?  What data is Apple able to collect, and what are the policies regarding that data?


Were any legal experts asked to perform a deep legal analysis over these packages, their implications, and how these systems will be managed?  How did such remote-controlled software get approved?  What written policies are in place, what is their enforcement mechanism, and who is legally responsible for violations when they arise?  At what point was this situation explored with law enforcement and the district attorney, considering the ramifications of these devices and their software, as well as the legal liabilities that the schools are bringing upon themselves when things go wrong?  What happens if recordings without consent outside of school property violate doctor-patient confidentiality?  What if recordings occur at home, around parents and other adults, that then violate attorney-client privilege, contain trade secrets, reveal classified information, or a large variety of other materials that are highly illegal to monitor?


In email exchanges with Principal Brew and Mr. Singleton, initial responses to queries about the iPad program were answered with either reference to the district website documents, or with direct responses to questions not covered in those documents.  However, when I raised the privacy concerns and risks stemming from the AppTrak software for the iPad rollout, I received no further email responses despite updated requests for information.  I am left puzzled at the lack of responsive comments to very specific questions around these issues [26].  I also discussed my concerns with my workplace colleagues (all experts in computing, several of whom specialize in software). As a result of those discussions, my concerns have only grown in breadth and magnitude.


Up to this point, I have focused entirely on the disturbing privacy and security aspects of these devices.  I would now like to explore broader questions, probing the rationale and decision making process overall behind providing electronic devices to our children from our schools.


Why do our children need an electronic device issued to them?  What is the purpose of this program?  Why does it need to go home, instead of being confined to the classroom or school?  What, specifically, are the concrete goals of this program?  What are the specific criteria and timeline for judging the success or failure of this program?  If you read the materials on the district website for the 1:World program [11], including the FAQ [9], you will find no answers to these questions.


Many school districts in Oregon and elsewhere have run pilot programs, issuing laptops and tablets to children and experimenting with them in the classroom as learning aids.  What data shows that children with a device such as an iPad or MacBook score higher on tests, or that they are better prepared for life after school?  What scientific studies with peer review of the data demonstrate that this is the smart choice to make with our limited funds and resources for schools?


A careful reading of articles reporting the results of pilot studies of iPads and laptops in the classroom reveals a common flaw in the studies’ design: they lack randomness. Others have noted and reported on this flaw in design as well.  By lacking randomness, I mean that the study results are biased because teachers adopting the new technology were either carefully selected by the principal, self-selected themselves by volunteering (implying personal interest), or have other non-random criteria for being part of the pilot program. Moreover, they spend significant time revamping course materials for the new electronic device framework, and tend toward bias in excitement levels and personal involvement when compared to traditional non-device courses.  The lack of randomness is well known to skew and bias all results that may be obtained in a study.


Ignoring the issue of randomness in the study samples, some pilot programs have reported increased standardized test scores [4], but the data in these reports is widely criticized. These studies only report on the specific schools or specific classrooms that do perform better, which are a small fraction of the total schools or classrooms participating in the pilot studies.  These reports do not provide detailed data for independent analysis and verification.  In other heavily-publicized results from Maine [5], the data represented show no statistical difference between a group of students using iPads and students who do not use them, despite much press that asserts the iPad was an across-the-board improvement.  For several years now the Canby school district in Oregon has been held up as a role model for how iPads increase test scores. Every Canby student at every grade level has an Apple device issued to them; however, the most recent data to date [17] shows that within the district the number of students meeting state standards went up for some grades and down for others, ironically with “reading” among the skills receiving declining scores. Thus Canby’s long-term trend is not clear as to whether the devices improve or hinder standardized test results.


To date, I have been unable to find a well-researched, peer-reviewed study published in a recognized forum that provides evidence of improved outcome by use of electronic devices.  The lack of such definitive, peer-reviewed results suggests that the answer is still not known, which should encourage a continuation of small pilot programs but is not sufficient evidence for a wholesale adoption of the new approach.  While there is clearly a tidal-wave or bandwagon effect of schools rapidly adopting these devices, there is a dearth of validated data demonstrating that this demonstrably improves student outcomes.


The cost of maintaining these devices includes additional technology infrastructure for network bandwidth, disk storage, teacher training, repair, maintenance, replacement, technical personnel, and technical personnel training time.  Using Cheldelin as an example, our daughter reports that the school technology person is already very busy supporting the current resources in the school, let alone a large number of new devices.  Teachers experiencing problems using their SmartBoards, computer systems, or in-class iPads are sometimes forced to alter their lessons because the tech person is unavailable to provide them with help in a timely manner.


Clearly the schools will require additional technology support staff to adequately administer a network of 500+ student iPads. The district has said that the funds for the iPad devices, reaching $1.2 million dollars per year when the program is fully implemented, cannot be used for other purposes such as salary for staff.  Where will the funds for additional support staff come from?  How will the district justify the additional staff?  If the funds come from the same resource pool as teachers, how can we justify this expense for iPad support staff when we cannot fund sufficient teachers to keep class sizes reasonable?


The district has stated they are providing these devices now by deferring some costs to future years, which is not an indefinitely sustainable option.  The eventual sustainability model is based on special grants, eliminating physical textbook purchases, reductions in paper costs, reduction or elimination of computer labs, and strategic fund raising activities [15, 16].  What happens when special grants and targeted fund raising cannot cover a gap between a yearly contract with Apple and the funds available?  What services will the district eliminate when it cannot feed its technology appetite?  If the 1:World program cannot be made cost-neutral, such that no special funding or line items exist beyond a standard budget from a typical year before the introduction of the 1:World program, then there is no sustainable plan for keeping these devices.


The cost of maintaining devices like the iPad has been cited to be as high as $150 per device per year [1].  Educators in Florida that issued iPads to their students in a 1:1 ratio of device to student said [2] that, “an iPad 1-to-1 program will not, and cannot, be sold to constituents as a cost-saving initiative” and that “our experience suggests that schools will merely transfer costs from paper savings to the sustenance of the technological vision.”  The latter statement is frequently overlooked when adopting technological approaches, as these devices require network bandwidth, centralized management, disk storage pools, etc.  All of these in turn put pressure on the technology support groups in our schools and require updated electrical and networking infrastructure in buildings that were designed in an era where networks and large-scale electrical use for device charging in the classroom was not even imagined as a possibility.


A frequently cited study around iPad costs in education is a pilot study at Oklahoma State University [3]. In Fall 2010, students in selected programs were given an iPad with a MSRP of $499.  It was found that using an iPad in place of traditional textbooks may have been cheaper for students, but only through a textbook price difference over one semester and ignoring the cost of the device itself.  Publishers agreed to sell the books involved in those courses at a lower value than the physical book counterpart would be sold for under normal conditions.  What the study failed to follow-up on is that most college students sell their textbooks back and recoup some amount of those initial funds spent for books. Additionally, many college students buy used textbooks at a discounted price – and that used electronic textbooks do not exist.  The study also neglects to explore the additional costs the university had to cover for network infrastructure, additional support staff, training of faculty and staff, etc., which casts strong doubt on drawing beneficial cost savings conclusions, and suggests that higher total costs over the course of a college education may occur.   Regardless, such college-based studies do not reflect on the reality of a K-12 school system which will re-use the same textbooks for many years.


To make iPads in schools a success, the school district must invest a significant amount of funds to teacher training, certification, and lesson plan development.  What standards are there for training teachers in how to utilize these devices in a constructive and efficient manner?  What accreditation, certification, or validation of such skills exists in plan or in reality?  How will teachers obtain, maintain, and develop new skills – while continuing their current burden of education-related skills development and certification renewals?  Simply handing out the devices to teachers and assuming they will work it out on their own is not viable.  Teachers are already over-worked and typically under-paid.  How will they have the time to learn a new device, new software, and prepare all new materials for the iPad without additional assistance?


As a community, we are facing fundamental questions about the financial rationale for the iPad program.  Two easily identified questions are:

  1. Should we be providing new electronic devices every few years, including the maintenance/replacement and ongoing overhead costs? This cost will reach $1,200,000.00 per year when the district’s 1:World plan is fully implemented, and represents a significant budgetary constraint.
  2. Should we instead use those same funds to provide additional targeted resources that are already demonstrated to work in improving student outcomes from education?  This would allow more time to think through the plan while waiting for validated studies to demonstrate that a more widescale 1:World type of system is beneficial for students and staff.


If there is fear that those families that cannot afford to buy devices for their children will “slip through the cracks” of technology have/have-nots, then the school district can set aside some of its budget for iPads for these students.  This would allow families that can prove their need to get discounted or free devices on the same upgrade cycle the school district must already be planning to support under 1:World.  However, simply issuing these devices to “have-not” families may be far from sufficient, particularly when the CSD509J district has many families identified as “homeless” for various reasons.  These “have-not” children and families are not likely to have internet access readily available, nor will they necessarily have access to electrical outlets for recharging their devices to get their homework assignments done.  The issue of physical security will also be of extreme importance to children without stable homes, as theft or damage is much more likely to occur.

From a cost burden perspective, why do schools adopting devices today consistently go with Apple devices?  Historically, with the Apple 2 computer family in the 1980’s, and later the original Mac family, the machines sold to schools were (by standards of the day) inexpensive, resilient to physical abuse, and sufficiently powerful for teaching computer use and simple programming.  Today, the landscape and ecosystem around these products is very different.  Everyone knows that Apple devices are more expensive than other options for the same features.  In a recent interview, the CEO of Apple, Tim Cook, asserted the companies’ now long-standing position [10] that they have no interest in trying to make inexpensive devices.  There is no altruistic tendency of Apple in the education market – Apple makes extremely hefty profits from its customer base, including education, and offers relatively small discounts to schools.  When students are exposed to one device environment, they will naturally put pressure on themselves or their families to buy devices from the same environment, regardless of whether it is economically wise to do so for the tasks and features needed by the user.  This should be of particular concern for the technology “have-not” families that may not be able to easily afford Apple products.  Is our attachment to the historical legacy of Apple worth the price premiums of Apple devices today?  From a functional point of view, many school districts are discovering that iPads were never meant to be multi-user, nor were they intended to be used with software to restrict the device features.  Trying to after-market modify a device to a purpose for which it was never designed will always lead to sub-optimal results.


What specific applications of the CSD509J program mandate Apple devices?  The district website contains the list of applications required by Cheldelin Middle School in the 1:World program materials.  The list constitutes: word processor, PowerPoint-like presentation package, web browser, QR code scanner/reader, note-taking software, Google Drive (an online file storage and sharing system), a mechanism to submit homework electronically, and a Jeopardy-like “buzzer” clone interface for quiz-based interactions. None of these are actually Apple-centric by any means; the same or similar software exists for Android, Linux, and Windows environments.  The Android software environment, as well as the ChromeOS variant, can freely and easily be installed on any standard computer hardware – including inexpensive tablets and laptops.  Many of these platforms are far less expensive, while still available from vendors with warranty contracts such as Dell, Lenovo, IBM, Aus, Acer, Samsung, etc.


Perhaps a better question is why these devices need to be issued to the students in the first place, rather than simply being available through the school library or classrooms on a per-project need basis?  One frequently used argument is that students will use iPads in lieu of textbooks; however, most publishers already have versions of their textbooks available online that do not require a special device to access them.  This online textbook access does require additional licensing costs to the school district, but if the goal is to eliminate physical textbooks, how are devices issued to every student necessary for that goal?  For those infrequent projects that might genuinely need or benefit from such a device as the iPad, why not let students check them out from their school library?  For those classes that wish to demonstrate some concept in an interactive manner via such a device, why not hand them out to the classroom for the period and collect them when the lesson is over?  If the goal is textbook elimination, attach an iPad to every desk and include online access in the license negotiations, with a small number of physical copies purchased for those students or families that prefer that medium.  What specific need is being met by pushing the responsibility for these devices onto the individual students?


Some online reference material around the state-wide push for electronic devices cites fear that the forthcoming Common Core standards change requires extensive online testing and that kids need to be prepared for this eventuality.  It is not stated how or why the prior the CC testing represents a change from the Oaks testing – which was already extremely frequent and also computer based.  If we accept the premise that the CC will require even more regular testing, what indicates that CC tests will only be available on similar Apple devices?  If students are suddenly presented with a different type of system or interface during testing, will they have any advantage at all, or will they be at a detriment?

Finally, the school district is requiring parents to either purchase an insurance program for the devices issued to their children, or else take on full personal financial responsibility for repair and/or replacement.  While this seems like an obvious approach to dealing with a large number of expensive devices, other places in the United States have different contracts with Apple which do not require this type of insurance or personal liability.  One example is Raleigh County schools in West Virginia, where Apple directly covers damage or loss [12, 14] in their iRaleigh device program. While this may translate into slightly higher costs for the school district in purchasing Apple’s insurance program, by definition insurance tends to be less expensive when distributed over larger risk pools.  In the local school district case, CSD509J will charge parents $45 per year for insurance, plus a $150 deductible toward repair or replacement.


As part of the district contract, iPads are replaced by Apple every three years.  Over the course of three years parents will pay $135 in insurance fees with a potential further cost of $150 deductible for damages or loss. Essentially, if anything happens to the iPad within its three year lifespan, parents will have paid as much money as for a simple iPad device purchased directly from Apple at full MSRP. The cost is even higher if your family has multiple school-aged children (multiply $135 per child). Why are parents of our school district being made to either pay additional funds for insurance or take personal liability for a device, when it is not necessary?  What is the cost difference between a local insurance program with high deductibles vs. the Apple provided program?  And how will the “have-not” families cover these yearly expenses and/or repair deductibles?


We understand that all the people involved in these decisions, including those creating the software and managing the tools and infrastructure are confronting hard, complex topics that carry few good solutions..  We are not seeking to place blame or to attack anyone’s character, but we must accept that the software will be hacked into, people will use bad passwords, etc., and there is nothing that will change these facts.  We parents are being denied any insight, say, or control over the resulting outcome.  It remains unclear why the students need personal devices, or whether such devices will enhance or hinder the educational experience.  It is unclear if the financial sustainability of this program is possible, or whether unexpected costs will render it implausible to carry out.  It does not make sense to push these devices, at great cost, onto the students and families when there is no data to support such a transition as beneficial.


As a parent, my job is not to provide my child with the latest and greatest bit of disposable culture wrapped up as an electronic device.  My job is to raise my child in a safe, healthy, balanced environment, and to provide her a well-adjusted foundation for the good and bad things that life will bring.  Part of a safe environment includes knowing when to say “no” even when you want to say “yes” to a request.  At this time, and under these conditions, I can only say “no” to the school system for their current trajectory and actions.  If you are a concerned parent or guardian, I encourage you to ask hard questions on these topics, and decide whether you should say “no” as well.  Examine the answers you are given, and ensure that the data you use to make your decision is sound and defended by independent review.


As a parent that is expecting to refuse such a device, I am left wondering how my decision will affect my child’s educational experience. We are aware that she may experience social stigma for having perceived Luddite parents. Of greater concern to us, however, is the question of what alternatives will be made available for children who do not receive iPads.  When assignments are given, what will their options be to get their work done?  The Cheldelin Middle School principal admitted this is an area they are thinking about, but did not at present have any answers for the issues raised.  How will our children be given the same level of education when we decline to accept the risks of the situation?


Josh Fryman, PhD, Senior Research Scientist

Hathai Sangsupan, OSU PhD Student


Additional details:
























[23] ; or try: ; or try:



[26] The last response from school employees was on Sep 20.  Our most recent attempt to get further information from the school was on Sep 27, with several prior attempts before Sep 27.  Requests to share our concerns with other parents via the school listserv or other mechanisms on Sep 25 have remained unanswered.

18 thoughts on “Alarm Over the School iPad Bandwagon”

  1. Update on events, October 1, 2013:

    Further Responses from Cheldelin Assistant Principal, Lisa Krause

    On October 1, 2013, I received an update on my inquiries from Asst. Principal Lisa Krause. In summary format, the key responses were:

    • The school (and the district) will continuously identify additional apps to add or remove from the devices;
    • The school (and the district) will do these updates without consulting with parents regarding any issues or concerns, and these updates will be silent and cannot be observed;
    • The school (and the district) believe they will not have the ability to turn on cameras, or to see/record anything from the cameras on the devices – this is in direct conflict with the AppTrak vendor website claims;
    • The school (and the district) believe they cannot get data remotely from the device – which also appears to conflict with the vendor website for AppTrak;
    • And the school (and the district) will not provide administrative controls to parents. The district maintains total control (and thus responsibility) for the devices.

    Reading through these responses, I concluded that I should personally call the vendor to sort out the truth of the matter. What the district believes to be true does not agree with the vendor’s public website.

    Momentarily setting aside the issues regarding the camera, privacy, and so forth, the additional stance that the parents will not be consulted about the installation (or removal) of apps on the device is very troubling. If even the most basic of applications can raise privacy and security concerns and app installations can happen without our knowledge, how will we know if our children are facing additional risks?

    We cannot expect our children to recognize or understand the issues involved, but as parents we should think carefully about whether the school district has the right to send a device into our homes, while retaining the ability to modify that device, without any discussion or consent from the adults living in that home. The privacy, security, and liability issues are too involved to for us to simply transfer trust to a third party for what happens in our home.

    A Conversation with Lyceum Regarding AppTrak

    The following information is from an October 1, 2013 conversation I had with Lyceum, the AppTrak vendor, regarding the behavior and design of their software.

    Unlike the responses I have received from the school district administrators, Lyceum did not dismiss any of my critical concerns by saying “that concern does not apply to this software” or “the iPads cannot do that.” Insead they explained the AppTrak software mechanisms and answered my questions directly and easily.

    AppTrak comes in two pieces: a client piece installed on the iPad device and a central piece that runs on school servers. The interface for control of the devices is a standard web page system. Users of the software select which iPads to manipulate, and what to do with those devices.

    Yes, the software does allow the enabling or disabling of the camera (and other features). No, the software does not directly allow launching of Apple based applications as part of the iPad operating system iOS, except for the web browser, Safari. These restrictions on the iOS default applications are enforced by Apple, and only apply to the Apple iOS applications. It is important to note, however, that with AppTrak, third-party software (not Apple iOS software) can be launched and activated.

    In discussing how their product works from a security perspective, Lyceum sales staff said that they had no security people on staff, nor had they contracted or consulted with external security people. There is no security assessment of their system, or of how hard it would be for an attacker to override their design.

    The basic model of operation is that school district staff can use the web interface to change applications, enable or disable features, and then tell the system to activate those changes. This set of activities could include enabling cameras, launching FaceTime (a video chat system), or manipulating other third-party software – as well as installing new software. When district staff make changes, the servers at the school district trigger a notification that tells the iPads to update. The iPad then “phones home” to the server.

    When the iPad “phones home” it connects to the same web interface that the school employee used, and then executes whatever changes were asked of it. Nominally, this uses a SSL-based “secure” web communications. Unfortunately, there is decreasing confidence that SSL is actually “secure” given all of the recent revelations about NSA surveillance. This implies that SSL security can also be breached by large-scale malicious attackers, of which there are many.

    Regardless of the security of SSL communications, the fact that Lyceum did not consult with any security experts in the AppTrak design, either on their own staff or through outside consultants, leaves many questions about the vulnerability of the system. For instance, how hard is it for an attacker to route the app to a different website for a list of commands? Or how hard is it for someone to break a school employee’s password and control a device without bypassing AppTrak network message security at all? Why has the school district purchased software to protect our children that has not itself been audited for security purposes?

    In summary, the remote control nature of AppTrak, coupled with how it can manipulate iPads, leaves all of the key privacy questions and liability issues open. While the school district is telling us that the software cannot enable cameras or launch these types of applications, a simple, direct phone call to the vendor reveals otherwise. I made the phone call to Lyceum during my lunch break and after 10 minutes of speaking to the courteous sales staff I had all the information that I have written here.

    You can easily call them and check for yourselves. From the Lyceum website:

    Our Sales-team is available Monday through Friday, 8:00a.m. to 5:00p.m., Alaska Time. Please feel free to call us toll-free at 1-855-999-8765 if you have any questions or comments, or would like to contact us for a quote.

  2. Thank you for this well researched and presented letter. However, I believe that focusing primarily on the potential downside is a disservice to students. Yes, the iPad can deliver “…the latest and greatest bit of disposable culture…” but it can also deliver incredible learning experiences. Take a look at the Star Walk app. My children have learned more about astronomy in an hour than they ever could from a flat printed page or even a web page. The Natural User Interface inherent to touch screens allows them to touch the stars, comets, satellites, planets and constellations and interact with content in a revolutionary way. I eagerly anticipate the possibilities of having my child’s school deliver even more apps and experiences like Star Walk.

    The fear of cameras being remotely activated is a non issue, in my opinion. After assessing the role of the cameras in relation to the educational apps, I can disable them with a piece of electrical tape if needed.

    In a broader sense, educating our children about the use of touchscreen devices is necessary to their role as content consumers. Like it or not, these devices are the future of information delivery. Steering our children to view them as educational tools, and not just gaming/junk info platforms is going to help them as future consumers of learning.

    Finally, I am encouraged by the acknowledgments of Jeff Brew and the school district that many questions remain. This is an honest acknowledgment that existing data is weak. I look forward to the prospect of working with the school and my child to resolve these issues and get the data flowing.

    1. Jack,

      Thanks for sharing your point of view.

      You will never hear me say that I think these devices can’t be useful – as a technology person, I know that they can be powerful aids. My android devices, for example, have a similar astronomy program that when used with GPS and the rear-facing camera, can show constellations and other fun things.

      What you will hear me say is that these devices, under these conditions, have no business leaving the classroom.

      I don’t use an iPad – in fact, I have never held one or used one at all. Even with that caveat, I can probably demonstrate to you that I can bypass all the security restrictions on your iPad or a school-issued iPad in less than 3 minutes. After that, it’s trivial to do anything you like from a network outside of the school: use social sites, chat with strangers, access pornography, etc. It will be obvious if I do it, because I’m not a sophisticated iPad user – I’m sure others could do it without leaving as many obvious traces.

      Here’s a really fun question: by handing out devices to children that are so easily bypassed for restrictions with well published steps (how-to guides), schools are violating the federal CIPA law. Who is legally culpable when that gets realized? And Federal funding is withdrawn? (See: )

      This is a *consumer* electronic device people are trying to use in *enterprise* network settings, and the two are not compatible – which is why students can bypass the restrictions as shown in other school districts. A real Apple computer (laptop or desktop) *is* such an enterprise-capable device, and has security built into it from the beginning. The iPad, iPod, etc. are not such devices. It took Microsoft about a decade to transition from an insecure DOS/Windows 3.x platform to Windows XP, which was the first “secure” version. I’d like to hope Apple will fix the iPad security problem in less than a decade.

      What you will hear me say is that the district does not have the financial model that can pay for these devices without ephemeral special external funds – or that is how they have explained it thus far. It’s also not clear they have sufficient IT staff, the resources to hire more IT staff, or anything else. And it is really not clear that if the district has the funds to hire more people, why it should be IT people and not teachers.

      What you should ponder is whether you are happy to spend $45 per year, per child, for an insurance program to cover these devices. Plus personally cover a $150 deductible per device when it gets damaged, which it will (lots of studies show how frequently these things get broken when taken out of the classroom). With every kid having a $500 device in their backpack on the way to and from school, are they going to become victims of theft and violence?

      What you will hear me say is that I cannot find any scientifically accepted study that demonstrates these devices improve education outcomes. Sure, there are corner cases we can sit back and think about (like astronomy) where it seems like it should. But there have been a lot of studies, and none of them have shown conclusive improvements when peer reviewed and analyzed. This is why *better* pilot studies should continue that can answer those questions, but wholesale adoption (eg: what LA tried to do) is not justifiable.

      What you will hear me say is that putting tape over a camera does not solve the fundamental problems, and it doesn’t even solve the audio recording problem. It is pretending the underlying fundamental issues aren’t real, rather than addressing what this situation is truly about.

      There are a lot of hard issues here. I am not against these or other devices in education. I am against how the district is approaching the situation. There is a big difference in those two statements.

      On the one hand, I am glad Jeff Brew admits they are trying to sort out these issues. On the other hand, they have already rolled these devices out to kids under this framework in other schools. That should make everyone pause for a moment. It has also been admitted the district didn’t think fully through some of these scenarios or questions. Isn’t that reason enough to stop and make sure that what is being done is proper? And to fix it now, before it’s too late?

  3. For the second time I’ve come across school districts that have negotiated contracts with Apple such that parents are not liable for loss or damage to the devices, this time from the LA districts. Why has such a contract not been negotiated for Corvallis schools? Is one planned?

    The following quote is from “,0,4465659.story”

    “There’s also confusion over responsibility forms parents were asked to sign. In an interview Tuesday, Deasy said there should be no confusion over this matter. If an accident or theft results in the loss or damage of an iPad, then the family will bear no responsibility, he said. If the harm is caused by willful negligence or worse, then the district would seek redress for the cost. Apple, the manufacturer, will repair or replace devices up to five percent of the value of the contract.”

  4. Josh,

    Your points are well taken. Personally, I see too much educational upside and prefer to work with Jeff Brew and the Corvallis School District to iron out the downsides. Thank you for the facts and viewpoints you brought up.

    Jack Kemp
    Cheldelin Parent

    1. Jack,

      Great! I’m glad that you, too, are willing to work with the district to get these problems solved. We’ve been struggling just to get light on the issues and for people to realize there is something to fix.

      The more the merrier.

  5. Thank You Josh for your comprehensive analysis and for opening my eyes to these issues. First I must say, I have an I phone and it is a great tool. But what I have learned from you is very concerning regarding this I-pad program. Having no control over “settings” when a camera or recording activates -remotely invading the privacy of my home- is so wrong it is maddening to me. Being forced to assume financial responsibility for something I do not own or did not want is utterly ridiculous. The Compulsory agreement- oops I meant “optional voluntary insurance” rubs me wrong for the same reasons. I may have to consider buying an I-pad for my child – so I have some control. However, the thought of buying something I did not want – so I can have some control also is unpalatable. I want my children to have a great education and wisely utilize technology – but invading remotely the privacy of the home should not be part of this system or tolerated by anyone. Lastly, I was told you were not able to ask questions at the parent meeting – which I find disdainful. I hope to learn more from you an others that post here – so I may make an informed decision – no doubt under duress from the 1:world I-pad bandwagon. Thad (Concerned Parent)

    1. Hi Thad,

      I should post an update on what happened at the parent-iPad night at the school, but I want to let it settle for a day or two. The short answer to your question about the Principal and Superintendent not letting me ask any questions at all in the main session is “true”.

      I was able to ask a few questions of a very focused nature about the insurance, to which the Superintendent (Erin Prince) kept trying to change the basis of the conversation. I was simply asking how $45/device per year for Corvallis through self-insurance compared to the Apple-provided all-inclusive, no-deductible program offered in Los Angeles, Raleigh County West Virginia, and other places. Erin kept phrasing it as “tens of thousands of dollars for the programs there” while in reality, several thousand iPad devices in Corvallis at $45/each is an equivalent number.

      Rob Singleton let me chime in a time or two about the security, but I tried not to derail the other parents learning anything of value. The whole night was structured to show off the “Isn’t this great?” part of the program – to which there are potential upsides. It was also completely structured to avoid any discussion or hint that there might be “issues” as to what my wife and I are raising.

      Since they knew I would be there, and explicitly asked me to come, I found that positioning of the agenda a little troublesome. All we can do is offer our view, try to get parents to read this page, and hope parents talk to each other. Everyone should form their own opinion, even if it’s different from us.

      For us, though, we will decline any iPad device to be assigned to our daughter, and we will decline any form of liability for any device whatsoever – and we will not buy any insurance. If the school wishes to provide her an iPad within the classroom, we are fine with that – as long as the school takes all the risk, and it stays in the classrooms.

  6. Thank you for your article and research. I believe all too many parents are not doing research when it comes to what school districts are doing because “we” as a culture are leaving it all up to teachers and schools to raise our children. As a concerned parent, I appreciate your article and will be sharing it with other parents and teachers in our school district. As parents, we can never assume that the overworked and underpaid have the time to do everything possible to keep our children safe, that’s our job. I’m glad you that you remind parents that it is okay to say “no” when it comes to what’s best for our children. Thank you.

  7. “putting tape over a camera does not solve the fundamental problems” but it DOES solve the immediate problem of a hacker remotely controlling the camera. You should also point out to everyone who has your ear that it is against the law for school officials (or anyone else) spy on our children by remotely controlling the devices.

    1. Hi Jim,

      Sure, putting a cover over the camera will mask the video directly. It doesn’t do anything about remote screen captures if the video happens to be on and uncovered, and it doesn’t do anything at all for audio recording.

      You make a good point about the law, but I’m not aware of the specifics there – do you have a citation? Specific reference? Is a screen capture a violation, or is it only video? What about audio? Is this in Oregon, Federal, or some other state?

      Thanks for your input,

      1. Fouth Amendment.
        see also, 19 USC 1030, or just Google “federal computer intrusion laws.”

        Personally, I don’t think local school officials will take remote control of the iPads, even though they can. As some “friendly advice” i think you should be much more specific about the safety threat you are talking about. How can harm come to our children from these devices?

        1. Hi Jim,

          None of those rules will apply – part of the iPad rollout is signing off on permission to do remote access, and have remote control. This by definition says none of the 18 USC 1030 sections apply, unless extortion arises as a result – and if some content is subject to extortion, it’s already too late.

          In terms of taking remote controls, they actively plan on doing that routinely in the classroom setting. It’s just a web-based interface you click on, and it toggles features, etc. While I choose to believe no one has ill intentions that works for any part of the school district, the reality (reading the news) is that unfortunate things always do happen. So expecting the quasi-legitimate purposes for remote control to never be used outside of the classroom, particularly when there is no trust in the security model, is something I’m not comfortable with – are you? Again, look at what the school district in Philadelphia did in recording images, and the lawsuits that came out of that event.

          Given that the un-audited “after market” security software (AppTrak) was written by educators, not software professionals, and it is the vehicle for silently changing the software loaded on the iPad, providing remote controls/interfaces, etc. . . . my explicit concerns are very wide ranging. No one that is a security professional (or even just trained) was involved in the design, implementation, or testing of that software according to the vendor. Trying to make an exhaustive list would be impossible.

          A short list without even thinking much about specifics – peer-hacking the devices from the VPN; bypassing VPN restrictions; filters on VPN bypassed by just using the Google “search” box or equivalent; silent remote monitoring through camera/microphone (lots of methods) from the school or the hacking; screen captures of private content; untraceable cyber-harassment/bullying in its many forms; man-in-the-middle proxy attacks that masquerade as authorized servers sending commands, but are really doing anything but; etc.

  8. Thank you for a thoughtful comprehensive assessment of this Initiative. I am overwhelmed with all of my concerns about this use of funding. I keep coming back to the issue of whether or not this is the best allocation of resources. Technology is not the enemy but it should be supporting our education goals, not be the goal. I hope you’ll be at the board meeting on Monday (Jan. 13th) to testify. Your expertise and measured, thoughtful arguments would add a lot to the conversation.
    Thank you!

  9. A group of parents met last Monday to discuss concerns. The meeting was covered by the GT and this article followed:

    One of the actions we came up with was to create a google group. Maybe if we can get a more organized forum we can unite parents in a more productive fashion. Hopefully it will evolve. Anyone can join if you’re interested:!forum/corvallis-schools-ipad-concerns

  10. The concerns that I have for the “iPad plan” include:

    1. Have the benefits using iPad in classrooms been adequately demonstrated. Have the graduating rates, test scores increased for schools that have already adopted iPads? Show me the numbers!

    2. Have alternative devices been adequately considered and discussed. Note that a $400 iPad does not even have keyboard or pen. How are the students suppose to do their homework? Using fingers to write an essay? (Hoover school recently has been discussing purchasing keyboards for students—an additional $65 each piece.)

    Why not a PC or Surface? At least, with competitive bids, you can drive the cost down. Not to mention, in my family, we have two smartphones (almost as powerful as an iPad), two PCs, and an older iPad and other tablet/laptop computers. Have the school district discussed using these existing devices, rather than buying new ones.

    3. Will the IT support cost keeps increasing? At $600,000 / year, we can hire 10 more good teacher to reduce class sizes, or add art/music classes.

    4. More importantly, are the teachers being adequately trained? I don’t want the iPad to replace the teachers. Otherwise, why wouldn’t I buy ten iPads and keep my kids at home.

    5. Maybe it is my ignorance, but I feel the entire matter is not well communicated to the parents.

  11. 981 241 1462, We introduce ourselves,
     as a Manufacturer of all types of rubber sheet Conveyor Belts and Rubber Sheets, with all type of grades.
    However, for commercial floioring projects laminate flooring rules.
    Unlike a liner pondless waterfall, the parameters have already been established by
    the manufacturer of the pond kit.

Leave a Reply