Month: January 2023

For New York teacher Michael Flanagan, the pandemic was a crash course in new technology — rushing out laptops to stay-at-home students and shifting hectic school life online.

Students are long back at school, but the technology has lived on, and with it has come a new generation of apps that monitor the pupils online, sometimes round the clock and even on down days shared with family and friends at home.

The programs scan students’ online activity, social media posts and more — aiming to keep them focused, detect mental health problems and flag up any potential for violence.

“You can’t unring the bell,” said Flanagan, who teaches social studies and economics. “Everybody has a device.”

The new trend for tracking, however, has raised fears that some of the apps may target minority pupils, while others have outed LGBT+ students without their consent, and many are used to instill discipline as much as deliver care.

So Flanagan has parted ways with many of his colleagues and won’t use such apps to monitor his students online.

He recalled seeing a demo of one such program, GoGuardian, in which a teacher showed — in real time — what one student was doing on his computer. The child was at home, on a day off.

Such scrutiny raised a big red flag for Flanagan.

“I have a school-issued device, and I know that there’s no expectation of privacy. But I’m a grown man — these kids don’t know that,” he said.

A New York City Department of Education spokesperson said that the use of GoGuardian Teacher “is only for teachers to see what’s on the student’s screen in the moment, provide refocusing prompts, and limit access to inappropriate content.”

Valued at more than $1 billion, GoGuardian — one of a handful of high-profile apps in the market — is now monitoring more than 22 million students, including in the New York City, Chicago and Los Angeles public systems.

Globally, the education technology sector is expected to grow by $133 billion from 2021 to 2026, market researcher Technavio said last year.

Parents expect schools to keep children safe in classrooms or on field trips, and schools also “have a responsibility to keep students safe in digital spaces and on school-issued devices,” GoGuardian said in a statement.

The company says it “provides educators with the ability to protect students from harmful or explicit content”.

Nowadays, online monitoring “is just part of the school environment,” said Jamie Gorosh, policy counsel with the Future of Privacy Forum, a watchdog group.

And even as schools move beyond the pandemic, “it doesn’t look like we’re going back,” she said.

Guns and depression

A key priority for monitoring is to keep students engaged in their academic work, but it also taps into fast-rising concerns over school violence and children’s mental health, which medical groups in 2021 termed a national emergency.

According to federal data released this month, 82% of schools now train staff on how to spot mental health problems, up from 60% in 2018; 65% have confidential threat-reporting systems, up 15% in the same period.

In a survey last year by the nonprofit Center for Democracy and Technology (CDT), 89% of teachers reported their schools were monitoring student online activity.

Yet it is not clear that the software creates safer schools.

Gorosh cited May’s shooting in Uvalde, Texas, that left 21 dead in a school that had invested heavily in monitoring tech.

Some worry the tracking apps could actively cause harm.

The CDT report, for instance, found that while administrators overwhelmingly say the purpose of monitoring software is student safety, “it’s being used far more commonly for disciplinary purposes … and we’re seeing a discrepancy falling along racial lines,” said Elizabeth Laird, director of CDT’s Equity in Civic Technology program.

The programs’ use of artificial intelligence to scan for keywords has also outed LGBT+ students without their consent, she said, noting that 29% of students who identify as LGBT+ said they or someone they knew had experienced this.

And more than a third of teachers said their schools send alerts automatically to law enforcement outside school hours.

“The stated purpose is to keep students safe, and here we have set up a system that is routinizing law enforcement access to this information and finding reasons for them to go into students’ homes,” Laird said.

‘Preyed upon’

A report by federal lawmakers last year into four companies making student monitoring software found that none had made efforts to see if the programs disproportionately targeted marginalized students.

“Students should not be surveilled on the same platforms they use for their schooling,” Senator Ed Markey of Massachusetts, one of the report’s co-authors, told the Thomson Reuters Foundation in a statement.

“As school districts work to incorporate technology in the classroom, we must ensure children and teenagers are not preyed upon by a web of targeted advertising or intrusive monitoring of any kind.”

The Department of Education has committed to releasing guidelines around the use of AI early this year.

A spokesperson said the agency was “committed to protecting the civil rights of all students.”

Aside from the ethical questions around spying on children, many parents are frustrated by the lack of transparency.

“We need more clarity on whether data is being collected, especially sensitive data. You should have at least notification, and probably consent,” said Cassie Creswell, head of Illinois Families for Public Schools, an advocacy group.

Creswell, who has a daughter in a Chicago public school, said several parents have been sent alerts about their children’s online searches, despite not having been asked or told about the monitoring in the first place.

Another child had faced repeated warnings not to play a particular game — even though the student was playing it at home on the family computer, she said.

Creswell and others acknowledge that the issues monitoring aims to address — bullying, depression, violence — are real and need tackling, but question whether technology is the answer.

“If we’re talking about self-harm monitoring, is this the best way to approach the issue?” said Gorosh.

Pointing to evidence suggesting AI is imperfect in capturing the warning signs, she said increased funding for school counselors could be more narrowly tailored to the problem.

“There are huge concerns,” she said. “But maybe technology isn’t the first step to answer some of those issues.”
…

The United States and European Union announced Friday an agreement to speed up and enhance the use of artificial intelligence to improve agriculture, health care, emergency response, climate forecasting and the electric grid. 

A senior U.S. administration official, discussing the initiative shortly before the official announcement, called it the first sweeping AI agreement between the United States and Europe. Previously, agreements on the issue had been limited to specific areas such as enhancing privacy, the official said.  

AI modeling, which refers to machine-learning algorithms that use data to make logical decisions, could be used to improve the speed and efficiency of government operations and services.  

“The magic here is in building joint models [while] leaving data where it is,” the senior administration official said. “The U.S. data stays in the U.S. and European data stays there, but we can build a model that talks to the European and the U.S. data, because the more data and the more diverse data, the better the model.” 

The initiative will give governments greater access to more detailed and data-rich AI models, leading to more efficient emergency responses and electric grid management, and other benefits, the administration official said. 

Pointing to the electric grid, the official said the United States collects data on how electricity is being used, where it is generated, and how to balance the grid’s load so that weather changes do not knock it offline. 

Many European countries have similar data points they gather relating to their own grids, the official said. Under the new partnership, all that data would be harnessed into a common AI model that would produce better results for emergency managers, grid operators and others relying on AI to improve systems.  

The partnership is currently between the White House and the European Commission, the executive arm of the 27-member European Union. The senior administration official said other countries would be invited to join in the coming months.  
…

An international ransomware network that extorted more than $100 million from hospitals and other organizations around the world has been brought down following a monthslong infiltration by the FBI, the Justice Department said Thursday.

The Hive ransomware group, known to operate since June 2021, targeted more than 1,500 victims, including hospitals, school districts and financial firms in more than 80 countries, DOJ and FBI officials said at a press conference. The network’s most recent victim in Florida was targeted about two weeks ago.

FBI agents, who penetrated the group’s computer networks last summer and thwarted multiple attacks, seized its two Los Angeles-based servers  Wednesday night, while taking control of darknet sites used by its affiliates, officials said.

German and Dutch police took part in the international law enforcement action.

Attorney General Merrick Garland and other top law enforcement officials announced the operation.

“Cybercrime is a constantly evolving threat,” Garland said. “But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack.”

In a ransomware attack, hackers encrypt the data on a victim’s network and then demand payments in exchange for providing a decryption key.

Hive used a “ransomware-as-a-service” model in which highly skilled developers build the malware and then recruit less-sophisticated affiliates to deploy them against victims.

Garland said Hive affiliates targeted “critical infrastructure and some of our nation’s most important industries.”

In August 2021, at the height of the COVID-19 pandemic, Hive affiliates attacked a Midwest hospital’s network, preventing the medical facility from accepting new patients, Garland said.

The hospital was able to recover its data only after paying a ransom, the attorney general said.

While no arrests have been made in connection with the operation, FBI Director Christopher Wray warned that “anybody involved with Hive should be concerned, because this investigation is very much ongoing.”

“We’re engaged in what we call ‘joint sequenced operations’ … and that includes going after their infrastructure, going after their crypto and going after the people who work with them,” Wray said.

FBI agents infiltrated Hive from July 2022 until its seizure, covertly capturing its decryption keys and sharing them with victims, saving the targets $130 million in ransom payments, officials said.

“Simply put, using lawful means, we hacked the hackers,” Deputy Attorney General Lisa Monaco said.

In all, the FBI provided more than 300 victims with decryption keys, Garland said, among them a Texas school district, a Louisiana hospital, and a food services company that had been asked to make millions of dollars in ransom payments. The FBI also distributed more than 1,000 additional decryption keys to previous Hive victims.

The takedown represents a win for the Biden administration’s efforts to crack down on a recent surge in ransomware attacks that cost businesses and governments around the world billions of dollars a year.

U.S. banks and financial institutions processed nearly $1.2 billion in suspected ransomware payments in 2021, more than double the amount in 2020, the Treasury Department’s Financial Crimes Enforcement Network (FinCen) reported in November.

Roughly 75% of the ransomware attacks reported in 2021 had a nexus with Russia, its proxies or persons acting on its behalf, according to FinCen, which also says the top five highest-grossing ransomware tools used in 2021 were all connected to Russian cyberactors.

Officials would not say whether Hive had any known links to Russia.

John Bennett, a former senior FBI official who is now managing director of the Cyber Risk Business Unit at Kroll, a cybersecurity services company, noted that the seizure notice on Hive’s website, written in both English and a Slavic language, suggests it is aimed at an Eastern European audience.

“The fact that it is basically being broadcast in a [Slavic] language, I think, is telling that that’s the target audience that they’re letting know that they got this,” Bennett said in an interview.

The gang’s takedown, Bennett said, is a sign of what is coming.

“I think this is telling that law enforcement is catching up very quickly to the capabilities of getting inside of these groups,” Bennett said.
…