Skip to content

The Blame Game

September 14, 2013

Shortly after returning from a TMA sponsored Disney vacation, my minor student was solicited to purchase another vacation package.  This time, the vendor was a company called Voyageurs International, LTD. and the invitation was addressed to my minor child and not to his parents.  The completely disingenuous solicitation presented Paul with an impressive Certificate of Recognition signed by Anthony DiBartolomeo lauding Paul for his musical achievements.  (When you read the bullets, use the voice of the Wizard of Oz.)

This tour de force would cost me…an undisclosed amount plus a $600 deposit.  The cost to the Timberlane employees who would accompany the kids was also…undisclosed.

Before I continue, I want to talk about the Timberlane Music Association.  I have had a relationship with the TMA for the better part of a decade.  Over the course of the ten years, I have seem a lot of people give a lot to the Timberlane music program via this organization, but i have seen a lot of people take a lot as well.  In all my years of working for and with school ‘booster’ clubs, TMA is the first I have known to primarily benefit the adult members of the organization.  TMA is organized as a 501(c)(3) charity.  So, who benefits from this charity?  They won’t say.  My kid did not.  It cost me more to send him to Disney with TMA than it cost to book my own vacation — absent school discounts, group discounts, and considerations for performing at the park.  The beneficiaries were the TMA members, Timberlane employees, and spouses who ‘chaparoned’ this vacation — they paid $0.  The other major outlay of the TMA is its scholarship program.  If you review the winners, you will see that TMA has not exempted the children of officers from the program.

So, I contend that TMA primarily benefits its adult leaders and many of these beneficiaries are employees of the Timberlane Regional School District.  In fact, the director of the TRSD music program is a leader of TMA and routinely vacations in Disney, Europe, and other destinations at parents’ expense.  Mr. DiBartlomeo also happens to be on the staff of Voyageurs International, LTD.  Louise Pajak, William Metevier, and John Mainella are listed as TRSD employees associated with Voyageurs International, LTD. on the solicitation.

I was very upset that VI had solicited my minor child and asked if the program was sponsored by the school district.  The superintendent of schools responded…

The trip is not a Timberlane trip, but one that Timberlane students participate in. You were contacted by a Timberlane employee that works with the program on behalf of our students. I have been assured that your information was not sold or shared with an outside group. I can dig deeper if you wish. Thanks, Earl

This is ILLEGAL.  The TRSD employee that provided the information to Voyageurs International, LTD. is a criminal.  The employee that provided this information to the person who provided this information to Voyageurs International, LTD. is a criminal.  Later, Dr. Metzler told me…

Len – Agreed. I will address this. I completely understand where you are coming from. I am certain that we have a policy not allowing this. Thanks for the “heads up”.

And his final communication…

Len – This is being addressed system wide this week. Thanks again, Earl

So, TRSD acknowledged that its employees were acting inappropriately, promised to act on the issue, and did nothing.  All of the employees continue to be employed, no communication has been issued to parents, and the music department continues to run its vacation club.

I wandered a bit, but, while I am unhappy that TRSD employees are vacationing at the expense of the kids, my concern is that TRSD employees provided names and addresses of minor children to Voyageurs International, LTD. which used that private information to solicit business from minor children.

You might expect that this would cause TRSD to be more careful about protecting the privacy of our children, but you would be wrong.  Over the summer, TRSD moved a database of personal information from their private network to the internet.  They provided access to this private information to anyone who could offer a code which was mailed to parents.  You can read more here.  In this post, I would like to talk about TRSD’s response to my concern.

Initially, Superintendent Metzler feigned concern, but in the end he passed the problem off to one of his minions…

Len – I am on this. You will hear from John Holland, our technology director. Please let me know how you feel after hearing from him. Thanks for the help.

John Holland immediately blamed InfoSnap…

Infosnap is one of the top well known online student registration systems designed specifically for, and used by over 400 K-12 schools nationally, including other NH school districts.  Infosnap utilizes a number of security measures to protect data for confidentiality.  These measures are identified and described on their website.

InfoSnap batted the birdie back to TRSD…

We understand the security implications of this, thus it is the school/district’s responsibility to ensure the contact information is up to date and the snapcode is sent to the correct parent or guardian. There is also an additional snapcode verification feature requiring that the person using the snapcode know the birthdate of the student in order to access – this feature is implemented only when a district/school chooses to use it. We work with the school or school district to build a form that will collect all the information the district/school desires, thus the content of the form and the data collected is dictated by the district/school…I also wanted to confirm that the information you provided specifically in regard to your security concerns has been passed along to our technical operations team. We do appreciate your concern and thoughtfulness on this matter. Please understand that we care deeply about such security concerns, but cannot always guarantee a personal response.

I forwarded this information to John Holland, cc’ing the superintendent of schools and a school board member.  The only response…

I want to thank you for forwarding the information you received from the Infosnap service group. We either were not informed about the student DOB verification feature, or it somehow slipped through the cracks during our initial setup and configuration. I agree completely that this feature would provide an additional level of security that we should certainly utilize. I have contacted Infosnap support and they have enabled this feature for us.

The information sent to parents for how to access Infosnap was emailed to the guardian email address that we had on file in our SIS. Or, if we did not have a guardian email address on file, a letter was mailed to the parent/guardian mailing address that we had on file in our SIS. The Infosnap online forms parents see are customized to meet our own specific needs, and is a collection of information that has been traditionally requested on multiple paper forms parents have been asked to fill out and return.

Please let me know if I can help with any additional questions you may have.

No remediation or reparations were offered.  There was no admission of responsibility, incompetence, or guilt.  I believe the vernacular is GFY.

At this time the chair of the school board entered the fray…

“Reading though the string of emails I’m not understanding what the initial concern is. There’s mention of an email you sent to infosnap and your questions but these were not forwarded to us.

Can you forward these please so we can better understand what’s going on here?”

I pretended not to know he had already been forwarded the emails and forwarded them along with this…

I’ve posted the concerns here…

Dr. Metzler identified Mr. Holland as the TRSD expert and Mr. Holland indicated he relied on InfoSnap for guidance, so I emailed them…

My child’s school began storing information on an infosnap server this year.  I have concerns about how access to the system was granted, what information is being harvested, and the security of the system.  
I was allowed to access my child’s personal information after entering a fifteen digit code that was mailed to me.  Anyone could have taken this document out of my mail box and accessed and modified information about my minor child.  Since parents were not alerted to the mailing, stolen letters would not likely have been noticed or reported.  An attacker would not even need the letter.  The fifteen digit code is only really secure if you are trying to access a specific account.  A person or program would be able to access some record by entering similar codes.
Infosnap is prepopulated with PII.  Anyone having access to the snapcode mailed to parents could access this PII.  
This system would be significantly more secure if only part of the snapcode was delivered with the instructions.  Is it not possible for a school to require a snapcode which included a school PIN that could be distributed via our phone alert system plus a unique code distributed by mail?  Or challenged the account creator with a child’s DOB or homeroom number before granting access to the PII?
Infosnap should not cache logon IDs.  Someone using a public computer has access to half the credentials of a previous user.  My bank does not cache my username on a public computer.  You need to change this.  You should also not use an email address as a logon id.  When LinkedIn was compromised, the hackers collected their password file which included logon id and password.  Since LinkedIn used an email address as the logon id and many used the same password for both email and LinkedIn, the hackers were able to access the email account using the LinkedIn credentials and use the email account to change passwords on other accounts by having logon information sent to the email account.  Even if InfoSnap were very secure, I can use a hijacked account to initiate a password reset.
InfoSnap requires a six digit password — password and 123456 both work.  
Assuming we want to put our children’s PII on the internet, a better registration process would have looked like this…

  1. automated call to parents alerting them to the mailing of the InfoSnap letter
    • including a four digit PIN which combined with a mailed snapcode would provide first access to the system
    • warning them to contact the school if the letter was not received by a certain date
  2. registration process challenging parents for evidence of eligibility for access (dob of child, homeroom of child)
  3. userid which is not an email address
  4. no option to save userid on computer
  5. no caching of userid values
  6. strong password requirement

Can InfoSnap be deployed like this?
How does one (parent or school) monitor access to the data.  Is it possible for two people to create accounts using the same snapcode?  Would an account creator know what other accounts have access to the data?
Who determines what information is collected?  Too much information is being collected, stored, and put at risk…
I have come to expect that participation in a program like this would be preceded by presentation of a privacy statement explaining what would be collected, why it is being collected, what authorizes the collection, and how the date will be protected and use.  I received no such information during the infosnap registration process.
Infosnap meets none of the standards of protecting personally identifiable information.  Is this because your product is not secure or because our school system’s implementation was poorly executed?
I’ll wait for your response to this before contacting my attourneys general office about this.

You’ve seen their response.  The peripheral issue is that a TRSD employee provided information to Voyageurs International, Ltd. that allowed them to directly market to minor children.  The mailing is here…
These events and Mr. Hollands comments paint a picture of an organization that should not be trusted with personal and private information.

Mr. Collins, whose first significant act as a school board member was to seal the minutes of a meeting (during which the school board and superintendent agreed to protect the privacy of an admitted pedophile and allow that middle school teacher to continue to prowl the locker rooms of the Timberlane Middle School) for 99 years, did not even review the attached document.

My kid’s information has been removed.  Has yours?  Have you at least created an account and protected that information with a password?  The longer it sits out on the internet, the greater the risk that a pedophile — or Voyageurs International, LTD. — will solicit your kid.

 TRSD does not care.  Dr. Metzler does not care.  The School Board does not care.  Do you?

Advertisements

Comments are closed.

%d bloggers like this: