Data breach stirs new university protests about proctoring apps

A recent intrusion into a proctoring app may not have resulted in the exposure of students’ biometric data, but it has given more oxygen to an anti-surveillance campaign sweeping university campuses nationwide.

Proctoring software identifies test-taking students (typically taking university courses) and monitors them for behaviors associated with cheating. Biometrics often used by proctoring apps include facial recognition-based eye tracking and voice recognition.

It was Verificient Technologies’ Proctortrack software that was attacked October 13, sparking calls to pull the app. The service was taken offline on October 14, causing last-minute exam cancellations. But the makers of competing products, including Honorlock, Proctorio, Respondus and ProctorU, also have drawn protests by students in the United States and Canada. Proctorio is also engaged in a legal battle with a learning technology specialist at a Canadian university, per Business Insider.

Verificient issued a statement a week after its attack saying that no personally identifiable information had been involved in the intrusion. Some app source code is all that was stolen, according to an independent audit that the company said it had approved.

The Electronic Frontier Foundation is compiling a lengthy list of schools where students are protesting proctor apps, generally with petitions.

Concerns cited would be familiar to anyone watching the broad use of biometrics to track people in public.

Some students say voice tracking and facial recognition capabilities can collect information about anyone seen or heard in their house while the app is active.

Others warn that gaze-tracking algorithms trained to spot cheating behavior might flag students suffering, for example, ADHD symptoms, forcing them to defend themselves for innocent behaviors.

Gathered data can in some cases be kept for weeks or months after a test, a period during which that information is vulnerable to theft.

This post was updated at 9:44am Eastern on November 4, 2020 to clarify that the Canadian university staff-person is a learning technology specialist, rather than a professor.

Article Topics

biometric data  |  biometrics  |  data collection  |  data storage  |  eye tracking  |  facial recognition  |  privacy  |  schools  |  surveillance  |  voice biometrics