Thread by @doctorow, The Australian National University is insisting that students install "invigilation" software that [...]

The Australian National University is insisting that students install "invigilation" software that monitors their computer use to prevent cheating during tests.

This is incredibly worrisome.

https://www.woroni.com.au/news/analysis-the-issues-surrounding-anus-proposed-online-invigilation/

1/

These exam proctoring are typically rootkits that sink incredibly deep hooks into the OS, and it's not really feasible for students to determine whether these tools have been fully removed, or even whether they're currently operating.

2/

That's by design: proctoring tools have to run with more privilege
than even root users have, so they can detect cheating tools.

This has broad implications, especially for nonacademic uses of the
laptops that have these tools installed.

3/

Think of what it means to have university-supplied, unremovable, omnipotent rootkits installed on the laptop that you ALSO use for finance, dating, telemedicine, and psychiatric counselling.

Or what it means to have this installed on a laptop that you share with a household.

4/

This is an increasingly common situation, because laptops are how you participate in society during lockdown, and the economy is imploding, leaving parents, siblings, and co-habitants to share a laptop or be excluded from the world because they can't afford to buy their own.

5/

That means that your parents' employers' trade secrets are being monitored by university-supplied spyware.

Worse still, uni IT departments - which have always struggled with security and ops - are stretched thinner than ever, facing layoffs/furloughs/hiring freezes.

6/

Key personnel on sick leave (or have died in the pandemic) and they are being asked to support orders of magnitude more activity than ever before. It's a bonanza for cybercriminals as their traditional adversaries are overtaxed and understaffed.

7/

This is generally worrisome, but it's particularly a problem with ANU, which has a history of ghastly cybersecurity failures and massive breaches.

https://www.smh.com.au/politics/federal/chinese-hackers-breach-anu-putting-national-security-at-risk-20180706-p4zq0q.html

8/

Chinese hackers breach ANU, putting national security at risk

China based hackers have successfully infiltrated the IT systems at the Australian National University.

https://www.smh.com.au/politics/federal/chinese-hackers-breach-anu-putting-national-security-at-risk-20180706-p4zq0q.html

Compromising online proctoring software is a really scary prospect: if someone can seize control of the university's back-end, then, by design, they can undetectably and unstoppably take over the computers of the entire student body.

9/

From there, they can spy on the students and anyone they share the laptop with, as well as probing the students' home network and other devices.

Proctoring tools are being installed at a scale never seen before, exposing new vulnerabilities.

10/

A massive explosion in Zoom use revealed unforeseen failure modes and new defects. We should expect this to happen again with invigilation tools. The different is that invigilation tools are designed to operate against computer owners' consent, and to hide those operations.

11/

That makes their defects far more consequential.

This is a ticking timebomb.

Image:
Rawpixel Ltd
https://www.flickr.com/photos/byrawpixel/40640192185

Cryteria
https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY
https://creativecommons.org/licenses/by/2.0/

eof/

Aerial view of computer laptop on wooden table

Free for commercial image created with love by rawpixel.com. Download this image in high resolution under Creative Commons 0 at www.rawpixel.com. Want loads more? Check our site. Questions? Contact:...

https://www.flickr.com/photos/byrawpixel/40640192185

You can follow @doctorow.

Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: