Security and the e-textbooks proposal
I have a test of nerves for you. I want you to go grab $200 in twenties and some plastic wrap. (Look in the kitchen for the plastic wrap; you're on your own for the cash.) Wrap the cash in the plastic. Now find a kid, preferably one of about elementary-school age. An assortment of kids of various ages is better, if you have multiple instances of plastic-wrapped bills, though the ease of finding extra cash around the house is of course inversely related to the number of kids present.
Each child should come naturally equipped with a backpack, which they use to haul stuff to school, playdates, and the homes of other family members as well as for random covert storage purposes. Now, I want you to reach into each backpack (don't be scared!) and place a plastic-wrapped bundle of money in there. Tell the child that the money is her responsibility from now on; it must be present and accounted for at all times; they will spend much of every day looking at it but will not be allowed to use it as they please; damaged money or plastic will get the child into trouble.
And oh yeah -- if anything bad happens to this money, no homework for the kid.
The proposal released yesterday by the Democratic Leadership Council entitled "A Kindle In Every Backpack" (PDF available here) is a fine example of why many of us (yes, conservative friends, even on the left) still have a hard time using the words "democratic" and "leadership" in sequence without flinching. Lack of electronic books is the core problem facing our public schools, really? I would have guessed... I don't know, disintegrating facilities or disastrous testing mandates or vanishing funding for staff and programs or lack of money for basic supplies or even creepy security theater, this being a security column.
But since this is a security column, let us view the proposal through that lens. Because honestly, someone should have before this "just a concept, an idea" piece was ever released to a nation that needs serious thought about fixing its schools, rather than dreamy-eyed drooling over a gadget.
- A Kindle, really? I appreciate that the title "A Kindle in every backpack" was a ploy to get our attention. But the very fact that Thomas Z. Freedman and his co-writers could name-check a single dominant device in the space points to problems with both a potential monoculture and with intellectual property issues as DRM enters the classroom.
- And in a backpack? The report frets about the high incidence of back pain among kids currently hauling masses of textbooks around. But I corralled a child in my vicinity, and found that the weight of the back in question (held together by duct tape, by the way, and suggestions that it may be due for replacement are screaming-fit fodder) isn't just books but Pokemon cards, random pieces of vaguely steampunk-looking debris, an extra roll of duct tape, various papers I assume he was supposed to have shown his parents (dating from the previous school year)... you get the idea.
I'm pretty sure there's no current e-book reader suited to that high-test environment. I'm also sure that any other environment -- separate bag, hand-carry, world's largest belt holster -- presents some seriously enhanced loss opportunities, not only when kids mislay the device (because they're naturally focused on the treasures in their backpacks) but when devices are taken accidentally by classmates, or not-so-accidentally by bad people of any age.
- And with DRM? Printed textbooks, once they're sold, undergo a brutal and hyper-extended lifespan -- the report notes this and so say we all. However, they have the added advantage of staying bought once they're bought -- in other words, publishers aren't known to swoop down and remove books from the classroom once they're paid for.
The report cites the potential convenience of publishers being able to push new content to textbooks as the world changes; that implies an ongoing financial relationship. (Or did you think that publishers and authors were just going to update all that stuff free? If so, let's pause here while you think back to college textbook purchases and how often a "new edition" -- required for your coursework! -- was all but identical to the previous edition the bookseller was selling for half the price.)
The specter of digital content management (digital rights management, DRM) in the classroom is chilling, not least for one of the very things the report says it would help: curriculum flexibility.
Students of copyright history will recall Basic Books Incorporated v. Kinko's, in which the publisher sued the copy shop for photocopying materials for educational purposes -- a practice Kinko's argued constituted fair use for non-profit educational purposes. (No, Kinko's was not an educational facility; that was part of the problem with the case.) In the aftermath, most schools got very, very nervous about photocopying "packet" materials for students, often requiring them to buy an entire textbook in order just to acquire one or two pages of relevant content.
The Kinko's case took years and many lawyers to get the publisher's desired result -- that is, shutting down the practice. With an electronic book, the process could be as simple as flipping the proverbial switch. Amazon has already run into controversy for locking Kindle users out of their accounts (and thus their purchased texts). What happens when a school can't pay for "updates" and the publisher decides to pull access entirely? For that matter, what happens when some kid messes with the settings on her e-book reader and the device decides it hasn't got any of the textbooks it's supposed to have?
- Who's protecting these devices? The paper claims that students want electronic textbooks because they want (among other things) podcasts and videoconferencing and Google Earth. You may well ask yourself exactly how many podcasts have to be playing in one classroom before the teacher might as well just leave for a coffee break, but from a security point of view, I wonder who's managing anti-malware efforts on these devices -- which, as I mentioned, would likely be a monoculture, which all the trouble that implies.
A nation full of kids using Net-enabled devices in a [*yawn*] classroom setting looks to me like a gorgeous target for a sliver of social engineering backed up by a fat malware payload, as we just saw with Neopets. Make sure those machines have a nice load of personally identifiable information on them, and we're off to the races. Do you want to be the guy in charge of protecting those machines? Ask the sysadmins in the Julie Amero case how that might play out in a classroom setting.
TechFlash today is reporting on a spate of cracked Kindles -- by which they mean actual cracks in cases -- owned by grownups who simply used a certain leather cover case for the gadget. Look into your kid's backpack and ask how long a Kindle would survive in there; look at the Kindle and ask if the best use for your local school's budget is to divvy it up into piles of $200, wrap it in plastic, and throw it in the bottom of a duct-taped backpack.
And then there's this: We're all still getting to the bottom of the horrific home-invasion murders of Byrd and Melanie Billings, but something about today's report caught my eye: Apparently some other accomplice was supposed to disable the Byrd's surveillance system, but failed to do so. The sheriff investigating the mess hypothesized that perhaps the unknown disabler had an attack of conscience. I'm not sure simply neglecting to do evil is a moral action equivalent to, say, telling someone about an imminent double murder, but it does remind us that, as with passwords or sensitive files, one is careless with access to one's physical-security plant at one's peril.