The Death of Privacy
While there is certainly a high level of value placed on academic integrity in our university, the question still exists: is it worth an extreme invasion of privacy? With finals quickly approaching, the anxiety that students have come to dread from this time of year has come unbidden as it has every other year. In light of all that has changed this semester, however, it hardly seems strange that that stress is also somehow different, tinged with an air of distrust unknown to our past. With remote learning has come the threat of remote proctoring, an evil that we have all encountered at one time or another.
Last semester, YU chose Top Hat for their remote online proctoring service. Proctorio, the Top Hat exam proctoring Chrome extension, is a reputably toxic program with more one-star reviews than seems possible. To verify the slew of negative press, I took to their website to learn more and was shocked to discover what an incredible breach of security students have been confronted with.
All of the following information is logged by Proctorio and can be stored live for six months and as physical backups across the U.S. for one year. It can record your physical location, school or government ID, mouse movements, webcam footage, eye, head, and mouth movement, your entire screen, every browser tab and all windows you have open, any website you visit, any other applications you have running, your entire clipboard and all of your keystrokes.
Of all the data being monitored, keystroke logging, background applications, and the record of the clipboard being taken are the most invasive. Do you keep a notes document with your passwords, credit card numbers or social security number? Have you ever copied and pasted any of it? All of that information is theoretically accessible to this program.
One of the most dangerous things about this software is that Proctorio runs even when Top Hat is not actively being used. According to the Top Hat website, “the extension has to be configured to run on all sites in order to take a remotely proctored test in Top Hat.” This fact, coupled with the logging of your keystrokes, yields an immense invasion of privacy. Imagine you finished your exam and went to make an online purchase, forgetting that Proctorio is still running. You have just unwittingly provided the Top Hat cloud storage system your credit card information, as well as the exact text of your search and the names of the sites you visited.
As we learned with the recent YU database identity theft scandal, even heavily encrypted data can be stolen. Even if the data being collected by Top Hat is truly inaccessible, there are other issues as well. The software itself is taxing on your computer, causing those with older machines to be at a test-taking disadvantage to those with newer devices. Top Hat also creates a toxic environment to take a test in. The constant implication that a distracted glance out the window is “suspicious” is an unwarranted addition to the already oppressive anxiety that we all feel during finals. Maybe you, like me, talk quietly to yourself while taking a test, or have difficulty keeping your hands on your keyboard for an hour straight. The algorithm is not human, there is no explaining your actions, and that thought is justifiably upsetting.
It is important to note that these programs do in fact adhere to a handful of privacy policies that make it more difficult, but not impossible, for your data to be accessed by third parties. I don’t wish to characterize the YU administration as completely ignorant, when in fact, there are definitely worse options out there and many other universities are also using Top Hat or services like it. That being said, the issue of personal security is absolutely not limited to the possibility that the data that is being collected on students could be intercepted and misused. The feeling of disquiet that we all feel after reading the above information does not originate in a fear that our information will be sold and distributed. That feeling is caused by the fact that the collection is happening at all, and even more importantly, that we were not asked for our opinion on the matter before it was implemented. It is akin to the feeling of horror everybody would feel if, while taking the subway to Midtown, a stranger took a picture of you. No matter what they do with that picture, the violation of privacy comes from the collection, not the misuse, of personal data.
As finals are once again rounding the corner, I urge YU and any other university using Top Hat to work with the student body to find a better solution. Academic integrity doesn’t have to be a battle between students and faculty as it seems to have been last semester. This coming finals season, many professors have already chosen alternative ways to test mastery of the material, including written assignments, projects and presentations. Hopefully next semester our on-campus experience will return to normal, but even after that, data privacy should not be taken lightly - just ask those who had their identity stolen in the YU leak this semester.
This article was updated on May 11 to clarify some inaccurate critiques by the author.
Photo caption: The Top Hat logo
Photo Credit: Wikimedia Commons