Colgate University’s department of natural sciences held a NASC Colloquium in Robert H.N. Ho Science Center on Friday, Dec. 1. The lecture, given by Assistant Professor of Computer Science Noah Apthorpe, was entitled “Student Privacy and Management Systems.”

Apthorpe received his doctorate degree in computer science from Princeton University. His dissertation, “Network Privacy and User Protection in the Internet of Things,” examined privacy and consumer protection of products such as Google Echo, smart refrigerators and other everyday appliances.

In the lecture, Apthorpe discussed the privacy and security systems of learning management systems (LMS) and other plug-ins that are additional tools to LMS. Used at all levels of educational institutions, these systems help maintain information about students and courses. Major LMS systems include Schoology, Canvas, Compass and Moodle (which Colgate uses). 

“Now given that we have this entire collection of entities and space, it’s worth giving a second to think a bit about what kind of information these software naturally collect,” Apthorpe said. 

Apthorpe explained how these systems are collecting a plethora of data with little regulation. His most recent work has been focused on a better understanding of the type of data these systems collect and how schools can keep their students’ information secure. 

“Given this and given the increase in interest over the COVID-19 pandemic, I started to collaborate with professors at [the] University of Chicago, University of Illinois-Urbana Champaign and New York University, who are all going to work together on issues of ed tech privacy […]. We’re interested in looking at not just what the software of the companies providing but also what are the universities doing to protect their students and what are the regulators and lawmakers doing about this,” Apthorpe said. 

Apthorpe has worked on projects that research K-12 institutions to find out what kind of information LMS and associated platforms collect about K-12 students during normal use. Especially considering the majority of kids in K-12 are minors, Apthorpe found it important to know what information is being collected to ensure the safety of students. He explained how difficult it is to access these types of databases to conduct research because there needs to be a variety of data collected across many different districts with different endowment levels. 

Sophomore Carlyn Johnson attended the lecture for her Biology 181 class but felt the material was very relevant. 

“I think education technology is really interesting, and my mom is actually a teacher,” Johnson said. “I thought it was really interesting how there are limited guidelines and requirements for schools, especially in the K-12 level, to add new plug-ins and other technology. Also, with the amount of technology that is being used with those kids, it’s interesting that there are not many regulations for it.” 

Apthorpe also discussed his new project that he’s working on with a Colgate student, which looks to see if colleges are up to date on the current National Institute of Standards and Technology (NIST) password authentication guidelines. NIST recently revised its policy on password safety, which now states that refreshing passwords every few months, easily guessable security questions and composition rules are not recommended. Instead, universities should provide a password metric and multi-factor authentication — for example, Duo Push — to ensure the security of user passwords. The next step after researching which universities and colleges are up to date is to alert the universities of the results. This project is still ongoing. 

Junior Belle Drummond explained how important it is that universities keep up with the recommended guidelines for technology security. 

“I thought Professor Apthorpe’s new research about cataloging which universities complied with the recommended guidelines and which didn’t is super interesting and should be something that students look into when applying to schools,” Drummond said.