Wednesday, February 29, 2012

CMS won't snoop teachers' tablets

Rumors that Charlotte-Mecklenburg Schools will demand access to all data on teachers' phones and tablets have been flying since the district announced it will launch wifi at all schools in 2012-13 and encourage teachers to  "bring your own technology."

The concern is that teachers who want to use their own iPad or other device in class will have to give CMS a password that provides access to everything on it.

Not so,  says Chief Information Officer Scott Muri: "Students and staff will have the same level of guest access, similar to the Starbucks experience.  Users will be directed to a CMS web site where they will accept our use policy and then proceed through our filtering system to the Internet.  We will not have access to personal devices."

At this point,  CMS hasn't budgeted to buy iPads and provide technology training for teachers,  the way it has for school administrators.  A key thing to remember is that by the time this actually begins,  a new superintendent will be in place,  so most of the practical details remain to be crafted.


Anonymous said...

I know you're just reporting what CMS told you, but sorry, not buying it. CMS is too top-down to let that sort of chaos happen.

Anonymous said...

@ 1:32 - Agreed. CMS is not upfront with the community about anything else, why would this be any different.

BolynMcClung said...


A long time ago King Farouk of Egypt borrowed a large sum from his brother-in-law, a prince or something in Arabia. Farouk said he'd pay it back when "times are better."

Farouk, on receiving the loan, wrote back that "now that I have your money times will never be better." The prince never was repaid. Farouk was overthrown a year later.

So, Mr. IT Guy, lets hear that policy upfront.....least you be related to King Farouk.

Bolyn McClung

Anonymous said...

I can assure you they don't have the manpower to be sitting around trying to read hard drives on thousands of machines...think logically and be glad you can take the technology and use it!

Christine Mast said...

In case anyone is wondering, here are the details of how much has already been spent (per Scott Muri):

"858 iPads have been provided to principals, assistant principals, deans and facilitators at all 159 schools in CMS. In addition, the individuals that are in direct support of our schools have been provided these tools as well. These folks include selected Zone staff, curriculum and instruction staff, professional development staff, and exceptional children's staff. The cost for the tools, software, and professional development is approximately 1.2 million dollars. Local funds were used to pay for this portion of the project."

Christine Mast said...

I then asked Dr. Muri these questions:

Thanks for these answers. I have some follow-up questions.

For every person that received an iPad, how many of them have CMS-issued desktop computers?

For every person that received an iPad, how many of them have CMS-issued laptop computers?

Can you please break down the total cost of $1.2 million? How much was for the iPads? How much was for the software? How much was for the professional development?

Finally, do you have a written CMS policy detailing the technology plan behind issuing this technology?

Christine Mast said...

Here was his answer:

"All school based CMS employees have access to computers. Some of these employees have computers that are issued to them while others have access to devices that are located in their work space or other locations around the campus. Further information about our budget, technology plan, as well as Strategic Plan 2014 can be found on the CMS web site."

When someone finds the real answers to my questions on the CMS web site, can you let me know... I have yet to put my hands on the figures...

Anonymous said...

Anonymous 2:24 PM -
You're right, CMS doesn't have the personnel to read the hard drives on "thousands of machines." However, the control focus of the organization regarding the teachers is the issue. As this BYOT idea moves forward, I see the time coming when teachers will be "asked" to allow access to the devices they use in the classroom. The justification will probably be "security." All it will take is a parental complaint of some sort, or a teacher - in CMS or anywhere - getting caught with inappropriate material on their drive or in their search history. The real security issue is a large school system covering its bureaucratic backside. Also, teachers using system supplied devices can be told, "We own the machine, we own the servers, we own the network, and we own you." Only a matter of time. Now, back to monitoring: They can't spy on all the devices coming onto their network, but if CMS doesn't put some monitoring system at server level, they're even crazier than I am. Of course, students can do whatever they want, no consequences. Teachers? Welcome to the Digital Minefield.

Rev. Mike said...

Ann, in case you didn't catch this at the last Privatization Advisory Committee meeting, this is one of the MANY reasons we are anxious on that committee to take a deeper look at IT. Here we have a career educator with no apparent IT background making decisions like this that have everything to do with politics and nothing to do with sound IT policy. Really, if you "bring your own technology" and infect the entire network, does CMS seriously not intend to reserve the right to "clean" these devices as a condition for using the network?

But never mind all that ... CMS already manages its IT resources in a 20th century model; what evidence is there that 1) they have any capability to manage this grandiose plan and 2) they even have the bandwidth capacity to deal with, for example, perhaps between 1,500 and 2,000 students and staff at a high school all trying to access a wifi network simultaneously?

Anonymous said...

If anyone has had the misfortune to sit in a technology classroom with 30 computers you will see what's coming. The students spend half their time playing video games or shopping for shoes.

Now let's fast forward to every student in all classes with their laptop, ipad, iphone, etc. You don't need to be a brain surgeon to see the result.

Jeff Wise said...

If I may, as a 13-year IT Director, comment on all this.

Any Bring Your Own Device program will need a disclaimer policy. CMS is smart enough that they'll have something in place. It'll be akin to the swim at your own risk signs at hotel pools.

If a teacher/student device has malware that hits the network, CMS can ID the offending machine(s) and knock them off the network - either physically or network-wise.

They can then deny access to that machine based on its MAC address. There will be *no* need to clean off that machine or access files on it.

So yes, CMS can legitimately state that they will not access files on non-CMS devices.

Any BYOD program is a 2-way street. CMS is allowing non-CMS devices to access a network resource that will connect the device to the Internet. And reciprocally the user is granting CMS access to their device to make that connection.

If a student device unleashes malware into a wi-fi stream and a teacher's device gets infected, CMS does not (should not) hold responsibility for that result. The teacher (or any other user) is taking the risk of letting their device access the network.

This is the way it works at Starbucks, the library, airport, etc.

In a perfect world, CMS would host a PD class for all teachers on basic technology skills and educate them on the basics. Since I can't do that with 150+ users where I run the IT shop, CMS won't be able to either.

Still it would behoove teachers to take some time and understand the technology a bit and not rely on Chicken Little fears of Big Brother and what not.

Regarding the one comment about the crush of devices tee-totaling the network, I completely agree. It'll be interesting to see how long the wi-fi at say Myers Park HS or other large high schools last before being slowed to a crawl with literally thousands of devices accessing the network.

Wiley Coyote said...

I'm willing to bet that if any teacher or admin uses their personal equipment and any data or emails from an authorized CMS owned server goes back and forth on those private machines, they can be subject to search.

If that is not written into CMS' use policy, it should be.

Personal is personal and business is business. Don't confuse the two.

Anonymous said...

Suuurrrreeee, riiiiigggggghhhhht. I'm sure you'll understand that I don't believe them.

Anonymous said...

Who needs to read the harddrive
when they can see all your network traffic?

Now don't tell me they won't be able to do that...

You know that they will.

I'd be encrypting everything I could in that situation.

Certainly any personal info I may be reading or sending.

Don't use your "cloud" based e-mail for example.

Do you think Yahoo or Google encrypts your connection?

Better check...

Anonymous said...

Here's an older article on encrypting Wifi access to some popular social networking sites:

Someone "in the know" may want to let us all know if those connections to mail, myspace, facebook, etc., etc., are encrypted or not.

If it's "just like Starbucks", then there are wifi sniffers out there that may let people read the traffic.

Again, I may be a year behind on this technology, but it should be verified.

Anonymous said...

Still want to know when teachers will be provided with their iPads and the appropriate training.

If you are going to insist that teachers use these devices in the classroom, then you must rovide them for them. It is abusive to evaluate them on using something they themselves are forced to purchase or just can't afford.

Ann, I'm sure several people have asked this of you already. Has there been any comment from CMS about this?

Ann Doss Helms said...

5:14, that was the point of the final paragraph: There are no clear plans now, and that's kind of understandable since there will be a new superintendent making the decisions.

I am finding this overall comment thread fascinating. Technology is not my strong suit, but I hope and expect that the CMS folks are reading this and, if they haven't considered these issues, taking note.

Anonymous said...

Is Firesheep still a Wifi threat?

Among the websites whose cookies Firesheep can identify are Facebook, Flickr,,, Google, Twitter, Yahoo, WordPress, and many others.

Anonymous said...

7:23 We may not have Firesheep but in the HR department is a elite group name Firesheeple. They are not restrained by laws, codes, or moral guidelines. Their unstated goals are nefarious, root out the teacher or administrator that follows not the party line and zap! they're gone. On a somewhat related line, what about the contrarian employee who refuses to purchase technology? Get a loan from Uncle Thom's predatory education lending specialists?

Anonymous said...

I do remember the CMS Direct Line pimping for Countrywide Mortgage prior to the meltdown. Mighty fine benefits that were passed to clueless employees.

Anonymous said...

They monitor it now folks. I recently heard of a person as a HS that was called on the carpet for looking at porno while at work. Believe me they know.

Anonymous said...

You better believe they are monitoring ALL social networking sites.There is a CMS nazi patrol out there. Do you not remember the FIRED teachers that posted negative posts about CMS.

How about it Ann? Can you ask if CMS funds the monitoring of this STILL?

Jeff Wise said...

Anonymous 8:08p - it's quite easy to uncover someone looking at inappropriate websites without any need of actually tapping into a particular person's equipment.

Overall though, think of the sheer numbers we're talking about here. There are 150,000+ students and teachers in CMS - let's say conservatively that only a third of them will regularly use some kind of personal technology per day - that's 50,000 pieces of equipment transmitting packets over various connections.

CMS would need a data center of servers to monitor that kind of traffic in real time to operate any kind of Big Brother environment.

Really the bigger concern should be how this will affect CMS' electricity bill. Students and teachers will be charging devices all over the school all day long and that's gonna add up.

(Ann has Muri or anyone commented about estimated impact on electrical usage?)

Wiley Coyote said...

VIII. Security

Security on the CMS network is a high priority. Attempts to tamper with the network, individual user accounts, software applications, to access the network using the name and password of another user, or to share a password will result in cancellation of user privileges. Electronic mail is not guaranteed to be private; system administrators have access to all e-mail. E-mail messages relating to or in support of illegal activities will be reported to the authorities, and appropriate disciplinary action will follow.

Anonymous said...

Winner in this is Duke Energy

The real power usage is in keeping the servers cool 24/7. Some large corporations have cooler buildings of nothing but constant AC and servers.

Anonymous said...


BolynMcClung said...

((story is from 2010)
“Federal judge orders Pa. schools to stop laptop spying…..
….Yesterday, U.S. District Court Judge Jan DuBois issued a consent order that prevents Lower Merion School District of Ardmore, Pa., from "remotely activating any and all web cams embedded in lap top [sic] computers issued to students ... or from remotely taking screenshots of such computers."

….By the admission of the school district, technology support staff activated student laptops' webcams 42 times thus far this school year in attempts to recover lost or stolen systems. Unlike most theft recovery software, the LANRev product used by Lower Merion allows local administrators to trigger recovery tools, including the laptop camera, which is used to snap photographs of the potential thief….”

Bolyn McClung

BolynMcClung said...

HERE'S WHAT HAPPENED IN THE STORY ABOVE....beware of schools bearing gifts

A student was suspected of drug use. The school system turned-on the camera of the laptop issued to the student and took pictures of him in his home.

Bolyn McClung

Wiley Coyote said...

The "drugs" the kid was doing turned out to be his eating Mike and Ike candy.

Anonymous said...

Looks like that figure doesn't include the cost of a service plan for each one of those tablets, at least in every building that isn't wifi enabled yet (and I don't know how many, if any, are).

Anonymous said...

My concern is not just what people watch at CMS.

There are/were wifi snooping tools that let people access OTHER people's personal information by allowing them to sign into their social networking sites by piggypacking off their signin.

That is what needs to be secured.

People need to know to use SSL to sign into their various social networking sites just to keep a kid with a wifi sniffer from signing into, say, a teachers facebook page or email account and sending something embarrassing.

Please check that.

Anonymous said...

CMS fires people for FaceBook but won't snoop activity on its own network? Even if CMS does not have the capacity to monitor its own network, some middle school hackers will in no time.

Anonymous said...

I would like to do a Freedom of Infomration Act request on adminitrative communications outside of email, though on the CMS network. Does CMS have a method to withhold such communication from the press and the public now?

Ann Doss Helms said...

9:50, I'm not familiar with the format you're talking about -- some kind of intranet messaging? If it's public business that's not exempted in public records law (personnel or student confidentiality, for instance) you should be able to get it. If you make the request, please let me know what you encounter ( We do "Sunshine Week" stories every year about citizens using public information laws.

Anonymous said...

Will CMS track users like Google does? What sites a user accesses, where the user is, other stats related to individual access? I can see this being a reportable for the CMS IT department. Knowing what educational sites are being accessed, for how long and by whom would be of value to CMS. This would be a software funtion, not one in need of numerous staff snooping about. Might CMS be hair splitting on what they will and will not do? Hard drives are old technology that don't really matter to the NET. Clarification may be in order with CMS.

Wiley Coyote said...

This is at the bottom of emails I receive from CMS:

Email correspondence to and from this address is subject to public records requests pursuant to the North Carolina Public Records Law, resulting in monitoring and potential disclosure of this message to third parties.

In compliance with federal law, Charlotte-Mecklenburg Schools administers all education programs, employment activities and admissions without discrimination against any person on the basis of gender, race, color, religion, national origin, age or disability.

Which means it doesn't matter if it is business directly related to CMS or not.

If it's sent from an authorized account, it's public info.