EDITORIAL: Proctortrack breach must be investigated
Potential damage to students is high, risking it not an option
Nothing about online learning has been particularly amazing so far, but taking exams in the pandemic era may be the most frustrating part of Zoom university.
Between slow internet connections, unclear directions from professors and faulty computers, taking exams has never been more annoying. To top it all off, us Rutgers students get a special difficulty — our data being stolen.
Proctortrack is a service that essentially watches you (in a very Orwellian fashion) take your exam, making sure that students are not cheating. Rutgers uses it, and, just like that, our data has been hacked into.
But how, exactly, does Proctortrack work? Let us take a look at its website.
"The Proctortrack student experience begins with a seamless integration into all major LMS (learning management system) environments, by simply selecting a Proctortrack-enabled exam. Students will be prompted to run Proctortrack, a light application that should download quickly, in less than one minute, and does not require administrative rights. Proctortrack uses multi-factor biometric authentication to verify the identity of students, upon entry," according to Proctortrack's website.
Already there is a cause for concern. Proctortrack's methods of authentication require some pretty personal documentation that data thieves may be pining for.
"Each student will provide face, ID and knuckle scans, which will be measured against the student’s baseline biometric profile, stored on file. All proctoring data will be transferred to Proctortrack’s secure servers to process against our proprietary algorithms and delivered back to instructors for review, after which it will be purged in accordance with the data retention policy to which your institution agreed," according to the Proctortrack site.
Considering its usage in a Proctortrack proctored exam, the failure of Verificient Technologies, Inc. to protect our data has, at minimum, exposed personal information, photos and our chosen form of identification to hackers, according to The Daily Targum.
“Proctortrack, the software used by Rutgers for remote proctoring on Canvas and Sakai, was shut down last week after a security incident. The security breach was detected on Oct. 13 at approximately 3:30 p.m., according to Proctortrack’s website. Verificient Technologies, Proctortrack’s parent company, suspended the software’s services on Oct. 14 at 6 p.m to perform a security review and external audit that could take a number of days to complete,” according to the Targum.
The hack happened after Rutgers students sounded the alarm about the service's flaws. Rutgers did not listen to its students, and now we have this problem on our hands.
Data security is a huge issue nowadays. Google, for example, collects user data like it is nothing. As the internet grows in importance and scope — a change accelerated by the pandemic — the very notion of privacy may one day be obsolete.
Still, nobody should expect their information to be out there, and furthermore, nobody should expect a school service to prove dangerous to use in terms of privacy. Luckily, Verificient Technologies, the parent company of Proctortrack, is investigating the data breach and determining if students’ information could have been stolen.
“Verificient Technologies is investigating the incident in hopes that no (biometric) data, videos, images or any recorded data have been affected or exposed,” Rutgers Business School Senior Associate Dean Martin Markowitz said, according to the Targum article.
That is all fine and dandy, but what role is Rutgers taking here?
The University’s students were made vulnerable by a company that Rutgers hired with the presumptive expectation that they would serve the student body and their academic needs — not put their personal information at risk. It is also not as if students have the option of opting out of Proctortrack-surveyed exams. They must take them or face academic consequences.
Basically, Rutgers makes its students use this technology, and that technology puts those students at harm. Therefore, Rutgers has an obligation to protect their students — and, in this case, protection would take the form of overseeing and watchdogging Verificient Technologies’ investigation into the matter and assuring that it is conducted in a clean, responsible manner.
The security breach could very well turn out to be minor in consequence or absent of any serious repercussions completely, but the reality of the alternative — that students had their data stolen on a wide scale — is dangerous enough to require intense oversight from Rutgers.
Fidelity National Information Services, Inc. (FIS), a technology and information company well versed in data and data breaches, explains the serious economic harms that data theft can lead to.
“Criminals find that data valuable, too. Data that businesses rely on to serve their customers better is also the target of criminals to use fraudulently. That puts an uncomfortable target on the back of any business that accepts credit and debit card payments. The Ponemon Institute’s 2018 Cost of a Data Breach Study found that the average cost of a data breach globally was $3.86 million, a 6.4 (percent) increase over 2017,” according to FIS Global.
Personal information and photos could contain valuable data for hackers to steal. This is no time for Rutgers to exude a relaxed attitude.
Going forward, it has become evident that testing in the pandemic age is difficult and, frankly, not quite worth it. Students may find it easier to cheat, whether they admit it, and enforcement, clearly, as it did in the case of Proctortrack, comes at a price.
Instead of tests, professors and their departments — or whoever truly designs course requirements — should switch to more constructive learning models, at least until exclusively online learning finishes. There are benefits to group work or individual projects that cannot be fully accessed with exams.
“Project-based learning determines (in-depth) knowledge and experience of the students and sometimes of teachers in comparison to the fixed length of learning experience of traditional classroom-based learning,” according to eLearning Industry.
By switching to project-based learning, professors and deans will be able to experiment with new pedagogical methods and get past the nightmare of testing during a pandemic. That should be high on Rutgers’ priority list — right after holding Verificient Technologies accountable.
The Daily Targum's editorials represent the views of the majority of the 152nd editorial board. Columns, cartoons and letters do not necessarily reflect the views of the Targum Publishing Company or its staff.