As schools rush to adopt learning-management systems, some
privacy advocates warn that educators may be embracing the bells and
whistles before mastering fundamentals like data security.
Like many privacy-minded parents of elementary students, Tony
Porterfield tries to keep close tabs on the personal information
collected about his two sons. So when he heard that their school
district in Los Altos, California, had adopted Edmodo, an online
learning network connecting more than 20 million teachers and
students around the world, he decided to check out the program.
Edmodo's free software allows teachers to set up virtual
classrooms where they can post homework assignments, give quizzes
and use third-party apps to complement lessons. Students can create
individual profiles, including their photographs and other details,
within their classes and post comments to communal class feeds.
Mr. Porterfield, an engineer at Cisco Systems, examined Edmodo's
data security practices by registering himself on the site as a
fictional home-school teacher. As he went about creating imaginary
students -- complete with cartoon avatars -- for his fictitious
class, however, he noticed that Edmodo did not encrypt user sessions
using a standard encryption protocol called Secure Sockets Layer.
That cryptography system, called SSL for short and used by many
online banking and e-commerce sites, protects people who log in to
sites over open Wi-Fi networks -- like the kind offered by many
coffee shops -- from strangers who might be using snooping software
on the same network. (An "https" at the beginning of a URL indicates
Without that encryption, Mr. Porterfield says, he worried about
the potential for a stranger to gain access to student information
and thus hypothetically be able to identify or even contact
To test this hypothesis, he used a computer on his home Wi-Fi
network to log in as an imaginary student; then, using another
computer, he installed free security auditing software, called
Cookie Cadger, to spy on the student's online activities. Though the
risk of this happening with actual students seemed small -- Edmodo
and other companies say they have no evidence that this kind of
breach has occurred -- he contacted his school district about his
"There's a lot of contextual information you could use to gain
trust, to make yourself seem familiar to the child," he said. "As a
parent, that's the scariest thing."
In response to an inquiry recently, Sara Mandel, a spokeswoman
for Edmodo, said the service provided "a safe alternative to open,
consumer social networking sites" because students could participate
only in groups created by their teachers and because teachers
decided whether students could send private messages to one another.
She added that "any school that chooses" had been able to use a
completely encrypted version of the site since 2011 and that the
company "is working to ensure that all of our users are using an SSL-
School administrators and teachers said they liked these online
learning systems because they could control the information that
students might share.
"Kids can't talk to each other. They can only speak to the
group," said Heather Peretz, a special-education teacher at Great
Neck South Middle School in Great Neck, New York, who uses Edmodo in
her English class. "It helps them learn to be good digital citizens
so they are not making inappropriate posts."
But as school districts rush to adopt learning-management
systems, some privacy advocates warn that educators may be embracing
the bells and whistles before mastering fundamentals like data
security and privacy.
Although a U.S. law protecting children's online privacy requires
online services to take reasonable measures to secure personal
information -- like names and e-mail addresses -- collected from
children under 13, the law does not specifically require SSL