At Klein Oak High, a freshman reportedly gained computer access to thousands of employees’ personal information while in class.
“He was just clicking on folders in a network. Then he clicked on a folder that was not password protected,” said Daniel Merritt, the boy’s father.
When Klein Oak handed out 3,000 laptops last fall, it became apparent within, oh, about 30 seconds that Klein ISD was in over its head. That’s about how long it took the teens to start exploring their new little toys. And we all know how kids love to test boundaries.
What it essentially boils down to is that the district was completely unprepared, which is just mind-boggling.
Michael Garfield, a computer expert, said that a network is a shared pipeline where any number of people can share the same files.
“If you don’t want anybody else accessing it, you have to make sure it’s locked down with password encryption,” said Garfield.
Daniel’s father and uncle are standing behind him. They said the teen realizes he made a mistake, but so did the school.
The school district admitted that not all files are password protected, but other restrictions are in place to prohibit access.
“Not all files are password protected.” Stunning.
And so, yesterday, a computer generated call was made to all Klein Oak parents warning of the consequences of students doing things they shouldn’t be doing:
On behalf of Klein Oak High School administration, beginning Monday, December 15th, students will no longer be issued warnings for technology violations. All technology violations will receive a discipline based upon the severity of the incident. Please remember that these disciplinary measures may affect your child’s exemption status.
Secondly, due to the number of violations of the district’s technology acceptable use procedures, students will no longer be able to run executable files from their USB or media ports. Also, in lieu collecting the tablets for the holiday and in order to ensure safety and prevent violations of the acceptable use procedures over the winter break, all students will be denied internet access except to the district’s LMS site from the afternoon of December 19th to the morning of January 5th. During this period, students will also have zero access to USB and or media ports.
In the comments at the end of KHOU’s story is this:
Klein ISD knew they had poor security back in October. They were warned by a security expert.
So when does Due Diligence play a part for Klein ISD when it comes to protecting peoples data? Giving students access to the same network this data is stored on only proves they have a very poor understanding of security.
Their new policy to restrict the use of portable devices via the USB port will NOT stop a full breech of the system.
As for the student:
Simply taking the files because they were in an unlocked folder is the same as saying it’s ok to take stuff from someone’s house because they didn’t lock their door; it simply doesn’t fly.
That being said Klein MUST accept the fact that THEY failed to practice Due Diligence and therefore MUST accept at least HALF the responsibility of this breech.
Following the same analogy of the house:
If you live in a violent neighborhood (and any network can be violent) and are warned to lock your doors, and fail to do so and get robbed, you must accept at least half the responsibility of the theft as you failed to follow due diligence in protecting yourself.
(Old) Forum Comments (25)
