¶ Intro / Opening
Knock knock oh
No who's there.
¶ Introduction and Jokes
Justin justin who justin time to change your power school password on this week's episode the k12 tech talk podcast we learned that ai is terrible at writing jokes before diving into cell phone vans took effect this new year and our main topic is a story out of upstate new york where a teacher was fired for sharing her password who's to blame find out on this week's episode.
Live from the NTP studios, this is the K-12 Tech Talk podcast. My name is Josh, K-12 IT director in Missouri. Chris is here. Hey, Chris.
Hello.
He, too, is a K-12 tech director in Missouri. And Mark. Hey, Mark. Mark isn't a K-12 tech. Well, he kind of does. He does K12 Tech Consulting. He was a former CIO of a very large district on the East Coast, and he's with us tonight as well. Shoot us an email, k12techtalk at gmail.com. We love feedback. We love questions. If you have an idea for us to talk about, send us an email. Let us know. Share us with your friends. That's how we get better. This is not a PowerSchool episode, right, guys?
No, I hope not. I haven't heard anything about PowerSchool lately. no have you yeah no no mark might be on tv in canada tonight we yeah no we've been told that's gonna happen we'll.
Probably we'll need to do some some updates in the in the next couple of weeks but i don't think we'll need to do any more special episodes for that one
No no so if you haven't heard we did a special episode about the power school breach uh just go uh wherever you're downloading this from it was the episode before this special episode power school breach uh give it a listen if you are a power school customer fellas this is uh well this is the second time we've been back after christmas break did you guys have a good break yep.
I got a battery USB vacuum for my car.
What is it? Okay, yeah, I can't ask that because it's too specific. Okay, cool.
Just a vacuum that you can plug into your car.
Yeah, and that wants one too, which makes me think it's...
It wowed me.
The style of car that you and her and she own. Something about those drivers.
Exciting.
By the way, if you've tuned in looking for updates on PowerSchool, no. You're getting updates on Chris's car vacuum.
Did you do anything fun over Christmas, Mark?
No, not really.
Take it easy.
Yeah. I had the flu for most of it.
I got addicted to Marvel Rivals on Steam.
You're crazy. You're a gamer.
My family thinks so. They make fun of me now. I had a UPS die in my data center over Christmas break. That was fun.
i was in the shower getting ready for work one day and the my phone starts going off like crazy and it's the food service director who shares an office with us she said hey there's beeping coming from your locked room and i don't know what it is i'm like great so i went running into the office real quick like wearing practically pajamas and it was a stinking ups had rolled over so that was fun i.
Bought the game undertale for nintendo switch supposed to be good mark do you game not
Really hmm i do the new york times puzzles every day that's my that's my addiction
Nerd alert nerd i know all right uh should we just sit.
For break one dead battery backup and some video
Games some video gaming the lot and the.
Flu and the flu
Yeah mark got the flu all right uh do we want to jump into the news mark mark mark has curated news articles and stories for us that are not related to power school that's.
¶ New Year Updates
Right that's right so if you're from power school and you're listening you get a break
Yeah besides the jokes that come later oh
There will be jokes
You're here for the power school jokes stick around well hey i i want to mention this mark uh we are it's 2025 we got some new sponsors coming on but light speed has been around with us for a little bit but check out light speed systems light speed systems.com uh for your content filter your classroom management your mobile device management and more uh go to light speed systems.com if you ask for pricing or details mention the podcast please
They've got a really cool reporting tool now like app usage reporting tool it's awesome i.
Have a light speed tattoo
On the small your back right, All right, Mark, go ahead.
All right. There is a slew of articles coming out right now about cell phone bans. It sounds like a bunch of school districts use the switch of the semester to implement their cell phone bans. We've talked about this on the podcast quite a lot. LAUSD has been obviously the biggest newsmaker with cell phone bans. They were originally supposed to come back January and implement a new kind of put it away and lock it up kind of policy.
Not necessarily you can't bring it to school, but it needs to be not taken out during classroom or lunchtime periods. They did push it back a month. I will say at this time we're recording the fires out in L.A. are raging. And so our hearts go out to the folks at L.A. USD and the neighboring school districts. I know that all of LA is closed tomorrow for school.
I was wondering if they were even in session.
Yeah, they had a number of schools. I think they closed about 100 schools yesterday or today, and then the whole district had to close down for Friday, January 10th. So, yes, back to the topic of cell phones. They are implementing their cell phone ban in February. Portland, Oregon just announced their cell phone ban. They had some really interesting data from a neighboring district that saw a dramatic drop in behavior incidents after a cell phone ban.
I read that article too.
Yeah, so very interesting to see that this is where they're coming from. They're looking at neighboring districts and using data. We'll link to that article in the show notes. And then South Carolina implemented their cell phone ban. And then the one that raised a few eyebrows is Alabama.
¶ Cell Phone Bans
They are, well, I shouldn't say they. there is a lawmaker in alabama that is actually proposing fees or fines for students who violate this let's go stupid i i i read through this and i thought well this is insane but i i i think in all honesty this is just one person trying to make a point uh through legislation but yeah that's how extreme they're trying to take this one and they're trying to send the message to parents to say that we're taking this thing very seriously.
Overall, all the school districts I've looked at, their policies are a put-it-away kind of thing that it should not be taken out. They're not banning students from bringing the phones in the first place, but they are not allowing students to bring them out during class time especially, and then it's kind of split 50-50 in terms of schools allowing students to use
it during lunch or transition periods and those that are not. So Cell phone bans are in full effect, and I expect that by the end of the year, we're going to see that number of district banning cell phones just skyrocketing.
That could help my tech department budget.
Why? Yeah, what are you guys doing with cell phones?
Oh, the fines?
Yeah, charge 15 bucks, you bring your phone.
Chris, I would come down and give comment at your board meeting if you guys did that. That's so dumb. That's ridiculous. because all if you're no that's just it.
Says some oh there's some schools in texas some texas schools are imposing 15 fines and suspensions
Sure why not what.
Do you guys do in your districts for cell phones
It's up to the building uh each building kind of sort of has a keep it out of sight can't be a distraction um and really it's up to they leave it up to the classroom teacher to enforce uh and that you know that's the that's the frustrating thing when you have policies like this and even if the district as at the district level comes out and says okay cell phones are going away out of sight during the day if you have let's say a high school and you have three teachers in that high school that
are mr cool teacher or this is cool teacher and they don't enforce that rule it i i don't know i don't know what you i mean it's it's then a disciplinary problem between the principal and the teacher are you gonna go you know is that gonna end up becoming an issue i don't know i don't know it.
Pits teachers against each other i don't i don't like that either
Yeah but i also don't like putting that responsibility on the teacher to manage those devices like if it's a teacher collects the devices at the beginning of the hour and then hands them back at the end of the eye. I don't, I hate that idea too. That puts way too much responsibility on the teacher to handle $30,000 worth of equipment every hour, twice an hour.
It's just time away from instruction too.
Yeah. But the computers teach now, Mark.
That's true. Do you, do you get asked in your role to do anything around cell phone bands? Are you ever asked to like block cell phones from wireless or look into, I've, I've, some people have actually asked if if i know of any uh cell phone blocking technologies as well
It's illegal to block cell phone signal right i.
I'm not sure i i just wouldn't do it for we very very obvious reasons
But i've been told that by several different people that's actually illegal to do, um now to keep them off your wi-fi that's your that's your own prerogative but to go out of your way and install like a cell phone jammer. I don't think you can do that. We have that. Go ahead, Chris.
We still have a brain-grown device network. So We issue students devices and we say, you know, for all your classwork, do this, but you can use a personal device if you're wanting to. But we've had a longstanding. I was just looking it up. It looks like it's from like 2011 where we say no cell phones as a board policy. But funny is that that wasn't really followed for years and years and years. It was like you said, Josh, it was classroom discretion.
this particular school year was when I heard at the middle schools and high schools like cell phones are up don't have them out but we encouraged cell phone usage as far as be at our basketball game, jump on our wifi, be in the football stands, you want to pay attention to the radio while the game is going on, you can kind of thing there was a reminder nearing Christmas break from our high school principal to the staff about, hey, let's not forget our cell phone stuff because we had
some teachers getting lax with it again.
Yeah, unless you have everybody on the same page and willing to enforce that rule the same way, you're going to have that teacher against teacher, you know, kids using that as an excuse when teacher A calls them out on it. Well, teacher B lets me do it. Great. Thanks.
Yeah, it's similar to me. We have our Chromebooks in cases, and it's policy, it's rule. They should remain in the cases. Yeah. But we'll have kids that don't like doing that because it's not as cool looking. So they'll take the Chromebook out of the case. And again, we have teachers that don't enforce that rule in their class. So then before you know it, you have a lot of kids that don't have their Chromebooks in cases, and we have to remind our teachers like, hey, this is an actual rule
that we need you to enforce. are
You the bad guy in the halls yelling at kids.
A thousand percent yes well i'm not i'm i'm the guy with like the chromebook comes because it's broken or having an issue uh we make it really awkward for the kid because my first thing is where's the case at yeah um and like we don't give the when we fix the chromebook that doesn't have a case we don't give the chromebook back until they present the case to me so
Do you have the soft cases or hard clamshell cases.
Depends on the building we have mix but we moved the hard clamshell this last year for middle school previously we had the soft with like the front pocket in the front so they could put their papers and pencils in and stuff you know
We've always had the hard clamshell and I can't say that we've had a rash of kids taking them out of the clamshell because they're a giant pain in the butt to take out of hmm.
I, it's this weird deal too. I think like at high school with, with phones there, that there, there was a time when we almost encouraged phones to be out, to take like pictures, to incorporate those into slideshows and learning.
Yeah, no, I, yeah. Pre Chromebook or on that early, the early stages of Chromebook rollout whenever, you know, like we, when we first went with Chromebooks, we had one cart per grade level.
Yep.
So you had teachers relying on forms and slideshows and interactive technology like that, but they always didn't have the Chromebook cart in their room. So, you know, I've made a lesson plan. How else are we going to execute this? Kids, get your phones out.
It messes that up, too.
Yeah.
Well, another thing.
I'm for the money, though. Give me the 15 bucks to enforce it.
But, okay. So devil's advocate here. if you're going to say don't don't bring it on cider has to be locked and put away our high school the students rarely we have a very small percentage of students that actually use their lockers or actually even get assigned lockers because kids don't want them they carry their backpacks everywhere so if you're going to say it has to be locked away put in a locker you know that's it that's it for us would
be a change of operation every kid would would then be assigned a locker again and have to go to their locker, put their phone in it. Well, take it another step further. If you're going to say, just don't even bring it on site, high school kid. You know, I, if when my kid was in high school, I'd want them to have their cell phone on them when they were driving back and forth to school or from school to work or work to home.
So I would want them to have that phone. So then you're telling them to keep that phone in their car, which is then a theft, threat. There's a whole lot of moving pieces there. I don't know.
Mark, you didn't really say your opinion on this, and I don't really know if I know your opinion.
I am fully in support of getting rid of cell phones in schools. I don't think that the benefits of cell phones are anywhere near the damage that they cause to classrooms and to social emotional learning for students. So I think cell phones need to go. I think this is hard to say, though. I think adults, we need to lead to that and put our cell phones away in the hallways, in the classrooms.
But I think what's unfortunate, though, is it just feels like everybody kind of passes the buck in terms of, well, you should institute the cell phone ban or everything I have seen has always been a district will pass a policy and then they'll ask the schools to enforce it or a school pass a policy has the teachers to enforce it. I think we, at the state level, at the district level, need to draw a line in the sand and say, we're going to ban cell phones, and here's how we're going to do it.
And here are the repercussions that everybody has to follow. Because, honestly, if you don't have consistency, as Josh mentioned before, it's worthless.
¶ Kids Online Safety Act
Didn't the Federal Department of Ed just come out with a rule that districts have to come up with a cell phone policy of some sort? Didn't that happen right before Christmas break?
Yeah, I think they're urging states and districts to come up with policies. They're kind of stopping short after after that, though.
Yeah. Well, Missouri, you know, it's a local control state. The state can only say you have can only be so prescriptive in what they tell schools to do. And then they leave up the majority of that decision making and control to local school boards. So, yeah, then. One size is definitely not going to fit all for this.
¶ Ransomware Decline in Education
Yeah. Yeah. So kind of on a related note, we do have the Kids Online Safety Act. It's a bill moving its way through Congress. It's passed a super majority in the Senate and incoming President Trump. And even Elon Musk is urging the House to pass this one as well.
So this is one that is mostly about protecting kids against social media and the dangers of it there's a few implications on schools but it's very much focused on the impacts of social media one of the things i like but it always comes down to the devils and the details here the where or the devil is in the details that it requires social media platforms to have a reporting mechanism and specifically calls out the ability for a school to report issues
uh within that we kind of have that now you know when there's an issue on social media we can report to meta and instagram and and but but to be honest with you that just kind of goes into a black hole i'm hopeful that this bill um is a little bit more forward in its requirements to allow social media companies to receive reports from schools because i've been involved in some extremely Extremely disruptive and serious incidents,
and you just feel like you're throwing a complaint into the wind here. So hopefully this bill does get passed relatively soon. It's good for kids, but in all honesty, I think it might give schools a little bit more teeth in enforcing social media issues.
Yeah, and so many of those social media issues are manifest at school. Yeah. Discipline issues, you know, stuff like that.
Yeah. so and the only other thing on the news we do have a we're going to talk about another article shortly but uh the big one for me is the 2024 end of year wrap up on ransomware and i swear this is not related to the topic we're not going to be talking about tonight uh there's a a news outlet called compare tech they can report on different tech issues and research and they came up with their ransomware end of year report and i'm really sorry i i swear i was going to talk about this this week
without bringing up power school but whatever they they were really excited that that education is the only sector where ransomware attacks have declined in 2024 this is the first year where ransomware in k-12 or education i should say has declined truth be told, this is all voluntary reporting. CISA has talked about increasing the reporting requirements for school districts. So they're only showing 116 confirmed attacks on education and an average ransom demand of about $850,000.
Interestingly, I was kind of chuckling about this before the show. This researcher had said that last year in education, 1.8 million records were impacted by ransomware issues. Unfortunately, I think the power school just blew that number out of the water. And we'll see if the power school breach falls into 2024, 2025. But we will see.
I think there's an important distinction there, though. if this report is strictly ransomware, I don't know that PowerSchool would fall into that because, yes, they were ransomed.
But it wasn't ransomware.
Does that make sense?
So, I mean, what you're saying is that their systems weren't held hostage. Is that what you're saying?
Yeah, the data was held hostage with the threat of being released, and they got the pinky promise that said they're not going to release it.
I think it was more than it was more than a pinky promise it
Was a robust pinky promise um you know it was ransomed it wasn't ransom where where machines were encrypted and held hostage i don't know i don't maybe maybe splitting hairs there.
Hey so i'm gonna interject here since we're talking about power school i asked chat gpt to write um some jokes about power school cybersecurity data breach. And chat GPT told me cybersecurity is a serious issue. So any conversation around it is sensitive. It can have a real impact. But there's some good ones in here. What did PowerSchool say to the hacker? You might be wondering. I guess you really wanted access to those grades, huh?
That's bad. That's real bad.
How did PowerSchool respond to the breach? You might be wondering, they said, well, we didn't expect this level of cheating. Here's a good one, and then I'll quit. What's the new power school motto after the breach? Protecting grades, but still working on protecting data. That was ChatGPT. It was not me.
You can write the complaint letters to Chris at K12 Tech Talk.
And then again, at the end, it says, remember, cybersecurity is a serious issue. So make sure any conversation around it is sensitive to the real impact it can have.
Oh, the motto one. That one cut close to the bone, man.
Wow.
Chris, why don't you, instead of making jokes, talk about one of our new sponsors?
Yeah, let's talk about Lumu. That's L-U-M-U. You can check out lumu.io. They are the newest sponsor of the podcast. They offer some cool AI-powered decision-making for your network. They can do 24-7 incident response. So visit Lumu, L-U-M-U.io, and mention us.
It's not Limu, the insurance company mascot. It's Lumu. So many jokes. So many jokes. All right. So this this next story, it's a couple of days old. And quite honestly, you know, we're we were coming out of Christmas break and. Mark came back to life and started texting us again, and we were chatting about this next story, thinking this was going to be the big story of the week until yesterday, or day before yesterday.
It's the story about the school district where a teacher shared the Wi-Fi, you can't see me, but I'm using air quotes here, the Wi-Fi password with a student, and things went south, and it ended up with the teacher being terminated. fired, not killed, and charges being pressed against multiple students. Mark, you got the details on this one?
¶ Teacher Fired for Password Sharing
Yeah, this is out of Liverpool. I believe it's Liverpool, New York.
Good old England?
Oh, no, no. And it says a staff member in Liverpool High School has lost her job for sharing a password with a student whose classmates then use the login credentials to tamper with electronic discipline data.
Oh, I thought it was grades. I didn't realize it was discipline data.
I thought I remember seeing grades. But yeah, they essentially logged into the student data, the student information system, a system called School Tool,
Which is local to New York. Not Power School.
No, this one's local to New York. And they discipline records and referrals were deleted from the SIS and attendance records were altered. I don't see anything about grades, but yes, discipline and attendance.
Okay.
So, five students have been charged with computer trespass and computer tampering charges.
Both felonies.
Okay.
And so, one teacher's lost their job. Two additional students were charged with unauthorized computer use, which is a misdemeanor. So, you got a total of seven students in hot water, legal hot water, obviously, in addition to their school discipline.
Okay. But they're probably minors. So will that legal trouble follow them to adulthood would be the first question. Yeah, not not downplaying it, but let's be honest. That's how it works.
Sure. And they also use VPNs to master IP addresses. These were at least one student is 16 years old. So that's kind of the general age of this. And they have been disciplined and charged. And a teacher is now unemployed.
Okay.
So this story has been getting a lot of traction on a number of people that I follow on LinkedIn, several posts, a lot of comments. So let's kind of step through this and I guess make some assumptions or try to read between the lines of what really happened here. Yeah. The first phase, sharing the Wi-Fi password that ended up leading to a Sys, we'll call it breach.
To me, reading between the lines here, if that's a single password, that was probably some version of SSO credentials or 802.1x authentication credentials. So probably an Active Directory credential for the staff member that was shared that worked on a number of other applications, wireless, SIS, probably email, God knows what else. So the first comment I'm going to make are all of the brouhaha that I'm seeing about, what's this IT department doing?
One password and it works for Wi-Fi and SIS, and what else does one, that's, you know, low-hanging fruit, That's ridiculous. Okay, so what happened to SSO kind of being the rule of best practice of you don't have a thousand passwords, remember, so you are able to have a stronger password as one master password type scenario? And yes, we'll get into the other precautions, but to poo-poo this and lay blame at the IT department for having one password that operates multiple things,
to me, is a little heavy-handed and ridiculous. Thoughts?
Yeah i think you're just assuming it's like your home password where you have a single password that everybody shares a wpa2 password right technical here yeah i think what you're saying is this is probably using 802.1x where the employees logging in with their their district credentials and they essentially shared their district credentials that the students just said well let's just use this on something else let's try so yeah
that that's a that's a very big possibility it is possible that you know maybe they do not have kind of single sign-on and the students just assumed that whatever the teacher uses for their wi-fi password let's try this in different places so yeah but yeah that's that's more likely what happened and
Again if that's the case if it's not sso and the teacher just has bad password password hygiene and is using the same password multiple.
Places again
That's not necessarily the it department's fault right um so the the treatment of the teacher as far as, summarily being terminated for this is that the right action is that too far is that the right outcome.
I got strong opinions on this one i'm giving your strong opinion let chris start i'm
Gonna investigation and conversation on did the staff member know How much thinking did the staff member do or whatever when this was given out? If it was, yeah, I knew that that was the same as these other things, that they had used their head enough for that. Yeah, let's can't.
But how would you not know? How would you not know that's the same for these other things?
I mean, I've been in K-12 tech for like 20 years and I've dealt with some doozy teachers over time. So I could see a teacher doing something without any kind of thinking. yeah
A lapse okay.
So if that would be the case i lean more towards not a fireable thing but for sure a note in the folder um
But does the note in the folder.
Discipline the kids but i don't think we're i have a hard time thinking that we're firing the teacher over this do
You does it make a difference if this is not the first incident like this for the teacher.
For sure it would okay which is where that note would come in you hope there was a previous note in there mark
What's what's your strong feelings.
Um what what if this was a different industry what if this was a bank what if this was uh an ed tech vendor yeah uh and an employee share a power name and password with somebody in the either in the organization or outside i i think this is a no-brainer that the employee needed to be, uh, terminated.
Does it, does it change your opinion due to the outcome? If the kids, if the kids had only jumped on wifi and not change discipline or attendance records, would that change your opinion of the teacher needs to be terminated?
Um, if the risk is the same, then, then no, it doesn't change my opinion.
The risk, the risk would be the same. Yes. Just the outcome is different.
Yeah.
If, if, um, if a teacher is sharing the password with a student or with anybody and that password could be used to alter grades to tamper. I mean, that's, this is cybersecurity one-on-one. You, you are, you are destroying the, uh, efficacy of these, of your security and you're, you're putting major liability or risk on your, your record, uh, your records, I think the employee needs to be terminated.
Um, if scenario, if you walk into a classroom and you see a password on a sticky note, is that a fireable offense? Assuming the same things.
Um, this is a hard one is I think it comes down to intent. If, If the teacher is putting their username and password, we've all seen a teacher with a username and password on a sticky note. I think I live with a teacher who puts a sticky note, a password on a username.
You're going to fire her, Mark?
Wow. I got to talk quietly so she doesn't burst in the room here. If that teacher is taking reasonable effort to protect that username and password, it's a different conversation. It's still a conversation.
Absolutely.
It's a different one. Absolutely. It was an example where somebody knowingly shared access to.
But what if in the teacher's shoes, to Chris's point, at the time the teacher was sharing that password, the teacher only thought it was the Wi-Fi password. Didn't put two and two together. Didn't remember 10 minutes ago when she signed into SIS that it was the same password. if she honest to god thought that it was just wi-fi, but it still led to this other incident.
That's a that's a pretty i mean i i would like to assume that that was a that was a dumb mistake that the teacher didn't realize
Because you can you can poke it you can poke at my feelings with this too if teacher if student wanted wi-fi access and teacher knew that was against tech policy, but teacher gave password anyway. Yeah. I mean, there's a real thing there of defiance against the place that you work at.
I guarantee it's against some sort of either procedural or board policy to give out passwords.
You can dissect this because there's going to be a need or a want in here.
¶ Intent and Consequences
student had need want whatever to have his device on wi-fi so something was going on that teacher has well i have solution uh so either devices weren't allowed and teacher defied that policy to put it or maybe she was just doing some great troubleshooting yeah
Yeah, I mean,
Just trying to help a kid out.
It's a good kid. They won't do anything wrong.
The details always matter in a case like this. And I think intent is the most important thing for the superintendent or principal to understand. If the teacher went to the student's device and typed them in herself without giving the password out, that's, you know, the intent is different there. The intent is to help the student with Wi-Fi and not share the password. But from what the article is saying, from what everybody's saying, it sounds like the teacher just blatantly gave out a password.
Everybody has a policy that protects against that. And I think that is a fireable offense. And if the teacher does not realize what they are doing, there's a different situation with I don't think I want that teacher teaching my child.
Ooh, Mark has got hot takes tonight.
No, listen, with everything that's happened this week, I think we have to be, as an industry, we've got to take a harder line when it comes to account security.
He's working on his TV interview talking points.
Yeah, I'm working on it.
Wow.
That's my two cents. I am glad to see a school district taking that level. I think we have, for long times, we have seen a lot of just blatantly obvious issues happening and no repercussions. And what is the point of having a policy if you don't want to enforce it? So that's my strong opinion on the teacher.
And that's where school districts really get themselves in trouble is having a documented policy and then not following that policy.
¶ IT Department Responsibility
Yeah.
So, okay, so student side, are charges appropriate for what they've done? And again, I think this is a different scenario if it stopped it getting on Wi-Fi. Yeah. But it went much further, and that one student then apparently, supposedly, shared that password with five other kids, six other kids.
Yeah.
Because there were seven kids total that ended up logging into the SIS and changing attendance and discipline records.
Yep.
So you have an intent. You clearly have an intent there. Yeah.
I, I think obviously the students need to be disciplined according to the school's code of conduct. This is where I have a little bit of sympathy. I don't, I think, I think going to the legal system for this, for the students is, is a stretch. I, I don't think there's too many judges out there that are going to throw the book at these kids. They're going to realize that this is, this is kids' behavior and scare them, but we don't need our court system clogged up with that kind of stuff.
And I think the kids, you know, whatever the code of conduct or the code of discipline is going to do is going to be the best course of action.
You give grace to these kids, these troublemakers.
They're kids.
What if does it matter if they have a discipline? Well, clearly they have a discipline record because they were changing their discipline records.
That's a good point.
Does it matter that they have a discipline issue history?
Oh, man. I mean, there is a whole host of ways you can answer that question of like, well, maybe these seven kids were the seven kids that every single year they just keep hacking in the systems. And that's what they're deleting from the similar racism system.
Yeah, yeah.
Okay, so maybe that does change my opinion. But I don't, yeah.
You can get there easily with the threat of law enforcement with felony misdemeanor. Absolutely. Because you do some simple math on how much time it probably took to like fix this, that dollar amount. I'm sure that equates to whatever becomes a misdemeanor or a felony that you could pursue. Computer trespass, that's heavy. That would be heavy on you for the rest of your life.
Computer tampering. Not if they're charged as juveniles and charged as juveniles.
Okay, yeah, yeah.
I don't know.
Luckily, we only oversee the technology. We don't oversee the kids, so it's not our decision to make.
Chris, you want to talk about ClassLink real quick before we get into the last bit of that content or these questions for this story?
Yeah, ClassLink, hanging out with us for 2025. ClassLink, like Clever but Better, you can go to classlink.com. They can do your single sign-on. They have Launchpad Analytics, OneSync, and more. So check out classlink.com.
So we started off this conversation about password sharing with the assumption of or with the statement of not laying the blame at the feet of the IT department for having one password does it all like the Lord of the Rings ring.
Well, listen, if you look at some of the Facebook articles, the public has put all the blame on the IT department.
Okay, so let's talk about that. Does the IT department have some blame in this for not having that second layer of authentication, on the student information system with the assumption, wait, with the assumption that the student information system supports multi-factor authentication? Because not all student information systems do.
I checked. Does it? This one does.
Okay. Okay. So we can clear that assumption away.
Well, okay. I'm going to, this is, this is, I'm going to try not to like go on my rant about edtech companies, but if you go to the login page of this information system, you can either log in with a standard username and password, or you can use Google login.
Okay.
So my assumption would be if you're using Google login and you have MFA, boom, you're protected.
¶ Security Layering
Yep.
That's not always the case. And there are ways around that.
Well, again, that has to be turned on by the IT department. And honestly, that's the way our old student information system was. They didn't have MFA support built in, you know, baked into the product. You had to enable Google SSO and then turn on Google MFA to be MFA protected with our old student information system. So I get that.
Yeah. And I think to your point, I guess the first question is, does this SIS have reasonable security measures that would allow the school district to enforce MFA on their staff accounts and prevent this kind of thing or reduce the likelihood of this happening? So the first question is to your SIS, do you, can you support and enforce this?
um and then the next question is to your it to the it department are you enforcing google login and are you enforcing mfa on employee accounts because let's be honest with you we could see enough information from this article to conclude that the students were using a vpn there's no mfa even if you're using google login on their on your sis you're clearly not enforcing mfa and And we can point the fingers at the tech department on that one,
but let's be really, really transparent. If the superintendent is going to be putting these kids in jail and handcuffs for this, then the superintendent should also be taking responsibility for enforcing MFA.
That's a great point. If considering the district has gone to the steps to terminate the teacher and criminally charged seven students with with computer trespassing, whatever, whatever.
Yep.
There is a very real likelihood that that would also fall over into the IT department, someone in the IT department getting canned.
Yep.
No, that's a great point, Mark.
And I know that we're going off of these articles, but you know what's interesting, too, is we're talking about, the article says discipline referrals and attendance records. That means that teacher account had access to those things.
To be able to edit those things.
And that's interesting.
That's another great point. There's some user rights issues. Yeah.
Our student information system was set up that teachers could not delete that information.
Yeah.
They could make a discipline referral. You could enter in attendance. Well, there was a setting. You could change how many days back a teacher could go and edit an attendance record. So there is a technical configuration that you could do to do that. But obviously, this teacher's account had the ability to make whatever changes they wanted to in their SIS. And that's interesting. Took advantage of that.
That's a really interesting point.
Yeah, that would bring up, did that teacher have more rights than they should have had? Were those rights by design that they did have? There's a lot of questions with that.
Maybe that teacher was a super user, and they had those rights for training purposes, or they were the point person for the grade. They were the grade leader and needed that extra rights, whatever. We are making a lot of assumptions and drawing a lot of conclusions.
I'm going to draw one more assumption. is
This the one that you wanted you said before the show that you were saving it for the.
Oh yeah no that one actually that was funny because i was trying to figure out the name of the district and i googled teacher fired for and then the oh no no just put that into google and just look how it finishes the sentence it's amazing all the different options uh and do that at home too these are some things i probably wouldn't read um uh teacher fired for only fans uh well that's yeah that's number three um oh saying
womp womp i want to know who got fired for saying womp but anyways the last thing i was gonna say about teaching
Kids how to think.
Uh no i'm gonna i'm gonna withhold a whole lot of comments on this one yep i don't believe a that the school had mfa and i also don't believe that they were enforcing google login on the student information system because if seven kids logged in using a VPN to the student information system via Google, then Google's security would have shut...
Should have flagged it.
It would have flagged it. It would have shut the account down.
Okay. I'll go one step further with you. The school district was not using... What's that rule that you developed in Google?
Context-aware access.
Context-aware. They didn't have context-aware rules set up.
But I'm not putting blame on the IT department. There are things that you can do to prevent this kind of thing from happening within your district. So that if a teacher does share a password, if anybody's sharing a password, or if it gets out accidentally, this shouldn't have happened. Or the damage should have been a whole lot more minimal than seven kids using the account.
I know we said we're not going to talk about PowerSchool. But I think there is a similarity here. And... It's a it's a layered approach with security.
Yes.
Password good, strong, long passwords is one thing. That's one layer. MFA is another layer. Context aware rules for Google logins.
Is geolocation stuff that sometimes that was Jay was talking about it. Sometimes that feels like the thing that you enable that maybe you chase that too much. No, that would have helped here.
Yeah, Jay even said today that he got in an argument with somebody at a conference about how, you know, Jay said, yeah, I've got geo-blocking turned on and someone was poo-pooing him saying that's useless, you're wasting your time with it. Well, with the PowerSchool thing, that potentially could have helped. And if these kids in this story were using a VPN overseas, that potentially could have helped.
Context-aware rules, if they were logging into Google and Google SSOing, that absolutely would have helped. So security is a layered approach, man.
I was trying to think. So we have clear pass with our network stuff. And I know that we limit how many devices can connect on our Wi-Fi, like under a particular user. I was trying to think, like, would that have flagged in my school district? Again, another layer.
Yeah, right. Right.
Well, I'm going to close this with some more jokes about PowerSchool, but this time from Gemini.
And Gemini does a better job.
Let me plug the sponsor and then you take it. So this next segment, like it or not, is brought to you by Fortinet. Fortinet jokes we got coming. Email fortinetpodcast at fortinet.com. All your Fortin needs and wants, FortiGate, Firewall, and more.
They have a new Forda AI and their Forda Analyzer product to give you tips and suggestions with analyzing your security traffic. And now, without further ado.
¶ Closing Jokes and Reflections
Knock, knock.
Oh, no. Who's there?
Justin.
Justin who?
Justin, time to change your PowerSchool password. There's been a breach.
You need to say that in the Landshark voice. Landshark.
Um there's a whole lot of jokes there's some bad ones too about you know parents not really concerned but i've already know how bad my kids grades are blah blah blah um but yeah yeah there's a that
That's the only one you're gonna share it i'm gonna see chad gpt won this.
Knock knock
Again who's there.
Police police please tell me you are involved in the power school data breach
These are horrible.
Um did you hear the power school data breach was so bad that it even showed how many tardies the teachers had i
Like that one yeah that's a good one
Uh yeah i
I still think the winner was chris's yeah.
The model one
Was great yeah
Look, PowerSchool, we'll say it again. We appreciate how completely transparent you were in your webinars over the last two days. That's transparency we haven't seen before with breaches with third parties.
Gemini also does some pretty bad Fortnite jokes. So I'll just leave you with one. Knock, knock.
Who's there?
Patches.
Oh patches who bless.
You also patches are important for security
That's so bad i know so bad gemini's.
Got to work on its humor but it's there
Oh well those awful jokes hopefully won't return next week we hope you will return next week uh again shoot us an email if you're the district that fired the teacher and criminally charged seven kids and you want to defend practices, shoot us an email, k12techtalk at gmail.com. If you have strong opinions about whether or not you would charge or fight for charges against those students or fire that teacher, shoot us an email,
share us with your friends, and we'll see you next week. Thanks for listening.
The views and opinions expressed on the k12 tech talk podcast are the personal opinions of josh chris and mark and do not represent the views or opinions of our sponsors or other organizations that we're affiliated with the material information presented here is for general information and entertainment purposes only thanks for listening and we'll see you next week