Kids breach school's iPad security; mom alleges cyber-bullying

Kids breach school's iPad security; mom alleges cyber-bullying »Play Video
Mandy Keilwitz

FOREST GROVE, Ore. - Are iPads in public schools full of promise or full of problems?

Neil Armstrong Middle School launched a landmark pilot program last year to make learning 100% digital. The devices were supposed to be safe from student tampering, but the On Your Side Investigators found flaws in the security that may have backfired into rampant cyber-bullying.

"At first I thought, 'Oh wow this is really cool!'" said mom Mandy Keilwitz.

Keilwitz couldn't wait for her daughter, Amber, to receive an iPad. Amber, who was 12 at the time, was one of 855 students at Neil Armstrong Middle School to get the device as part of a digital conversion pilot project.

The pilot - launched last year and set to last three years - would cost the district about $500,000.

"I could go on her iPad and read every note from her teacher, I could email her teachers, I could talk to her teachers, I could check her work that she was doing, I could see her progress," Keilwitz said. "It, in theory, was a good program."

Principal Brandon Hundley pushed for the iPads as a way to prepare students for Common Core standards, but said the tablets transformed the essence of the learning experience.

"The engagement level in the classroom is really unbelievable when you walk in," Hundley said.

"It's awesome, it's really fun. It's really fun to see the teachers experimenting and trying new things and then watching the kids explore."

The kids could explore within limits. The iPads came with strict rules, including no unauthorized downloading, and filters to ensure they couldn't download applications.

"We have a mobile device management system and we work really closely with our tech department and the Northwest Regional (Education Service District) to set the filters and security measures in place so that kids can't get to areas that we don't want them to," Hundley said.

Hundley also said district officials warned the middle schoolers that their school-issued iPads could be accessed any time.

"We stressed this with our students and made a big deal about the fact that while we wanted them to use the devices for education," he said. "(We told them) 'big brother' could monitor their use and they needed to make wise decisions about the devices."

According to the iPad Acceptable Use Agreement students and parents were required to sign, using the iPads for non-educational purposes during class times was forbidden, as was "sending, accessing, uploading, downloading, or distributing offensive, profane, threatening, pornographic, obscene, or sexually explicit materials; and so on."

However, Hundley expected there would be some challenges too.

"Children are natural explorers and problems solvers and they really wanted to figure out how to solve the problem of getting around the security," he said.

And get around it they did.

Keilwitz said her daughter accessed several social media sites including Facebook, Instagram, and Snapchat.

"There was a single proxy server that these kids got access to in December and that was when we recognized, this was a bigger problem than we anticipated," Hundley said.

A proxy server functions as an intermediary between a web browser, such as Internet Explorer, and the Internet. Students used them to get around the district's filters and access unauthorized websites.

"But as soon as we found out, we were able to make adjustments to negate that," Hundley said.

He said the district's technology team ran a weekly report to see how students were using the iPads.

"There were certainly some students that were able to get around, and those sorts of things, but to say that (it was) all students is inaccurate," Hundley said.

How easy is it for students to find work-arounds? According to tech expert Benjamin Diggles, really easy.

"They will always find a way around it," said Diggles, the marketing director and co-founder of Yix. "Just because when you think of all the channels of communication you can use on an iPad, there's no way they're going to be able to monitor that."

Hundley wouldn't provide the On Your Side Investigators with specific numbers of the district's digital discipline problems, but when iPads were handed out in Los Angeles schools, for example, 300 kids out-smarted the school security within the first week. The instructions are easy to find on the internet.

The biggest flaw in the school's cyber security may have been the kids' ability to supersede the school's profile manager and sync up to their personal Apple accounts at home, which Amber did last fall.
 
"Once they go outside what has been provided by these software solutions, then all bets are off," Diggles said.

Keilwitz said her daughter didn't think she was doing anything wrong when she shared her Apple ID; Amber just wanted to share her iTunes downloads with friends.

"I think originally when she shared her Apple ID with a friend at the sleepover, I think she was just being a nice kid sharing her music," Keilwitz said.

Problem is, when all students are networked, it doesn't take long for information to spread at school. At some point, Amber's Apple ID got passed to the wrong people.

"'Somebody hacked me!' -  I mean, that was the first thing that came out of (Amber's) mouth and I just thought, 'Amber no,'" Keilwitz said.

Keilwitz said the tormentors got around the filters by using the proxy servers and started emailing obscene messages from Amber's personal account to friends and family.

"I was freaking out just a little bit and I texted back on the phone 'Who is this? What are you doing?'" Keilwitz said. "They started taunting me: 'your daughter is a slut, your daughter is not a virgin, your daughter (expletive) my (expletive)."

Worse, the bullies changed Amber's password so Keilwitz couldn't get in to stop them. Eventually, she turned in the iPad and pulled Amber from school, hoping the abuse would stop.

It didn't.

"For those three months before anyone was listening to us and actually taking us seriously, everything was up in the air," Keilwitz said. "I was scared to death because she was getting death threats and things like that too, because people thought she was sending those messages."

Forest Grove police are now investigating and for Keilwitz, that's a relief, since the school still doesn't believe her story.

Principal Hundley says any bullying they've discovered was done on student's personal devices, not using school property.

"As far as we know, the iPad was never used for bullying and we have no knowledge of her account being accessed by other students.," Hundley wrote in an email to KATU.

Since last year's device management system was not as robust as Hundley anticipated, he said the district is starting this school year with a better, stronger filter.

"I think we are doing as much as we possibly can to protect our students," Hundley said. "Bullying and harassment are extremely unfortunate events and we work really hard to develop ways for students to report the negative behavior and to deal with the information once it is reported to us."

But Diggles believes today's software is designed to solve yesterday's security problems, not the flaw someone finds tomorrow.

"Most of these kinds, considering they're raised on these devices, they know how to navigate them better than adults," Diggles said. 'There's no technology that going to stop kids from using devices to bully each other."