Privacy & Security

Los Angeles District Responds to iPad Security Breaches

By Benjamin Herold — October 01, 2013 3 min read
Students photograph themselves with an iPad during a class at Broadacres Elementary School in Carson, Calif.
  • Save to favorites
  • Print

The Los Angeles Unified School District responded Thursday to a slew of media reports detailing security breaches in its high-profile rollout of student iPads, issuing a statement detailing a number of steps taken to “ensure it has 100 percent control over what is accessible” on the devices.

According to the district, the precautions include “limiting tablets from being taken off campuses,” “increasing technical capabilities of remotely controlling tablet content,” and “holding students, educators, and parents and guardians accountable for responsible technology use.”

But at least one prominent expert on such device deployments told Education Week that such fallout is “absolutely preventable” and said many of the measures that Los Angeles Unified is pursuing do not reflect current best practices.

“I’ve been in this business for 12 years,” said Leslie Wilson, the chief executive officer of the One-to-One Institute, a Mason, Mich.-based nonprofit providing support for districts implementing 1-to-1 programs. “What we don’t do is deploy thousands of devices into a system that is not prepared from a human capital, network, bandwidth, or security standpoint.”

Last Tuesday, the Los Angeles Times reported that nearly 300 students were able to “hack” through the security filters on their district-issued devices in order to access Facebook, Twitter, Pandora, and other unapproved websites when using the devices outside of school.

The school system has since revised that number upwards, now saying that “approximately 340 high schools students removed [mobile device management, or MDM] software, thus potentially opening their devices to access content that was non-educational when they were outside the district’s firewall.”

The Times also reported last week that a total of 71 iPads—including 69 from a single campus—went missing during a 13-school pilot last spring.

“We are working with Los Angeles school police to get those devices recovered,” said Shannon Haber, a spokeswoman for the district.

After the hacking occurred, Superintendent John Deasy ordered an immediate moratorium on allowing students to take iPads off school grounds. On Monday, according to the district’s statement, “all tablets were re-routed through the district’s device-enrollment process ensuring the MDM systems were fully installed and functioning correctly. The district has also ordered that tablet deployments be delayed at any school that is unprepared to keep tablets on campus full time.”

In addition, Apple will soon be releasing a new operating system that will include “functionality that will allow the district to lock down the devices and prevent student tampering,” according to the statement.

Los Angeles Unified is also “ramping up” a cyber security awareness program, incorporating “digital citizenship” lessons into its curriculum, updating its discipline policies “to ensure consistent and effective practices for intervening when a student is found violating the basic principles of digital citizenship,” and redoubling its efforts to get acknowledgement forms signed by the parents or guardians of students who may be bringing an iPad home.

I explored questions surrounding the Los Angeles district’s iPad purchase recently in a story published in Education Week’sManaging the Digital District” report. The story includes an interview with the district’s chief facilities executive, Mark Hovatter.

Wilson, who was not involved in the planning or rollout of the Los Angeles 1:1 initiative, said she has “never seen this kind of large-scale deployment with this many very serious caveats.”

“This kind of work is very complex, and it requires a lot of pre-planning,” she said. “You’ve got to be on message with all your key leaders, departments, schools, and sites. That in itself is a safeguard.”

The One-to-One Institute official also took issue with the Los Angeles district’s emphasis on “locking down” the devices.

“It was common six years ago that we would give kids personal, portable devices but not allow them to do anything with them,” she said. “But we’ve since learned that we can open them up for kids in a safe way to do the things they want to do while enhancing learning and working together with each other and with teachers.”

A version of this news article first appeared in the Digital Education blog.