A few weeks ago we covered
a controversial case that erupted in Pennsylvania's Lower Merion School district. A student at the district, Blake Robbins, was disciplined for activities that allegedly occurred in the privacy of his own home. The district's evidence for said activities was a photo taken by Robbin's school-issued notebook without his knowledge or consent. Robbin's parents were similarly unaware that the laptops had remote monitoring capabilities and sued the school district for breach of privacy
The school district revealed today that its two IT administrators, Carol Cafiero and Michael Perbix, have been on administrative leave (with pay) since the story originally broke two weeks ago. It's also come to light that the information the students' webcams captured was accessible to more than just the IT administrators—information provided by the two admins has revealed that the photos were published on a specific unknown website that was made available to local police for the purpose of assisting in laptop recovery.
Harriton High School's campus (currently under renovation).
The school district continues to insist that laptop cameras were only activated when a system was thought to have been lost/stolen, despite the fact that this doesn't explain how Blake could have been caught acting out at home with a laptop that was neither lost nor stolen. The additional information that's surfaced in the last two weeks, however, does explain how the disclosure system could leak even if the webcam remote access was implemented in good faith by all of the parties involved.
We now know that an activation order passed through at least two separate groups and three in some cases. First, a school administrator (presumably including embattled vice principal Lindy Matsko) had to issue the request. That request was then passed to the IT staff. We don't know how many IT staff had access to the cameras—two administrators have been placed on leave but the district has some 7,000 kids enrolled, over 500 teachers, and the various administrative staff of each separate building. It's entirely possible that other, lower-ranking staff also had permission to activate the webcams.
Finally, there's the private website, where we know photo/video footage was at least occasionally made available to the Lower Merion PD. There are now at least three levels (School, IT, PD) where access or access requests could have potentially been abused. Depending on how requests were logged, who could order them, and what justification had to be provided it's entirely possible that everyone
in the chain of command acted in good faith on false data.
Unless the IT administrators acted carelessly or with deliberate disregard for student privacy they're probably the least to blame for the problem. It wasn't the IT staffs' responsibility to ensure that parents and students were properly informed of potential privacy ramifications, they weren't tasked with deciding whether or not to activate the cameras in any particular scenario, and they presumably made no decisions as to whether or not information gathered from a webcam should be used to penalize a student.
According to Carol Cafiero's lawyer, Charles Mandracchia, the IT staff had no reason to think anything was amiss. ""It was their duty to turn on the camera," Mandracchia told WTXF-TV of Philadelphia in an interview last Friday. "But they would only do that if they received a request from the two high schools, the two buildings, because they had no direct contact with the students, they didn't know the students...Every time a tracking device was activated, it was activated at the request of an administrator or another IT person."
As the case progresses we're starting to get a sense for who wasn't at fault—hopefully we'll soon have a clearer picture of who is.