Category: Technical


Security protocol to help schools keep student photos safe online: SchoolBench

By ,
Schoolbench: keep student photos safe online. Image: Security Cams by Andrew via Flickr.

Schools often have policies for taking, storing, and using photographs but sometimes security protocols to keep student photos safe online are incomplete.

For example, Australia’s eSafety Commissioner, has the following guidelines for schools:

Schools should have protocols on the storing of videos and photos which require:

  • secure passcodes/passwords for all devices to stop unauthorised access
  • use of devices that are owned by the organisation and/or school to take photos and videos
  • secure storage of photos and videos (e.g. secure school server) and their deletion from the devices within a reasonable time

Sadly, even with these measures in place, there are still ways for sensitive data about students to “leak” from the images and videos shared online by schools.

Keeping student photos safe online: The firewall

If there’s one thing certain in life, apart from death and taxes, it’s that cloud-based storage systems are targets for hacking.

Writing in The Conversation, Haibin Zhang, Assistant Professor of Computer Science and Electrical Engineering, University of Maryland, Baltimore County, has recently argued that cloud services that offer online indexing of your files, puts your data at risk of being tampered with or stolen.

Commercial cloud storage systems encode each user’s data with a specific encryption key. Without it, the files look like gibberish – rather than meaningful data.

But who has the key? It can be stored either by the service itself, or by individual users. Most services keep the key themselves, letting their systems see and process user data, such as indexing data for future searches. These services also access the key when a user logs in with a password, unlocking the data so the person can use it. This is much more convenient than having users keep the keys themselves.

But it is also less secure: Just like regular keys, if someone else has them, they might be stolen or misused without the data owner knowing.

Given this vulnerability, the SchoolBench web app is designed to be installed “on premise”.

This means the system operates safely behind your school’s firewall, on your servers.

Thus, SchoolBench ensures school IT professionals can monitor the application in a known and trusted environment.

Keeping student photos safe online: Active Directory

As most schools have role based access controls in place through Active Directory, SchoolBench uses this AD first for access, but also through AD groups SchoolBench can control what individuals access and do.According to Microsoft, Best Practice initiatives for “hardening” Active Directory against attacks include:

  • Patching applications
  • Patching operating systems
  • Deploying and promptly updating antivirus and antimalware software across all systems and monitor for attempts to remove or disable it
  • Monitoring sensitive Active Directory objects for modification attempts and Windows for events that may indicate attempted compromise
  • Protecting and monitoring accounts for users who have access to sensitive data

As a result, SchoolBench has been designed to work with access permissions granted by a school’s Active Directory settings.

In such environments, it means SchoolBench can access the resources it needs while staying robustly within the access parameters it’s been granted.

Keeping student photos safe online: Tailored permissions

A further step towards keeping student photos safe online is the way SchoolBench can limit permissions for teachers and other contributors to relevant areas of access.

In the School Governance article, Online Predators and Cyber Grooming: Does your school know how to respond, Deanne Carson shares the insight children are at risk from known and trusted people, which included teachers.

One in five Australian children will experience some form of sexual abuse before they turn eighteen. In 90% of those cases, the offender will be known to the child; often a family member, close friend or trusted person working or volunteering with children.

While this is a disturbing insight that applies to all organisations, including schools, the SchoolBench developers believe the prudent move of  limiting access to media file collections and directories pertinent to a user’s role can mitigate damage if and when a “bad actor” is at work.

An example of limited access to student photos and videos in SchoolBench would be the situation in which a Year 7 teacher only has permission to see images for their class or year.

By instituting access on an “as needs” basis, SchoolBench helps keep student photos safe from staff, unless they have a particular role that requires them accessing specific media files.

Keeping student photos safe online: Hidden metadata

One of the weakest links in the chain, when it comes to keeping student photos safe online, is the metadata that is encoded within each media file.

We’ve previously expanded on this, here: How Facial Recognition Technology makes media files School Ready.

However, further points have been made about just how much personal information is revealed through metadata, in an article by Adelaide University PhD candidate, Richard Matthews, Image forensics: What do your photos and their metadata say about you?

In a photo he took of the bookshelf in his office, his review of the metadata for that image revealed not only which building he works in on Frome Street, Adelaide, but also whereabouts in the building his office is.

Exif data example. Used with permission. Image by Mr. Richard Matthews BElec(Hons) GradIEAust

To make SchoolBench fast and accurate in its indexing and ability to find images, it uses enhanced metadata, combining the file’s data with cross-referenced datapoints from school sources, like class timetables, usage permissions, etc.

However, as part of the school security protocols in place in SchoolBench, that enhanced metadata is kept in the secure database and not stored in the image.

This means unauthorised people and predators, are unable to download the image and review its metadata like child’s name, year, event, etc.

Keeping student photos safe online: Police checks

In granting just how insidious privacy breaches can be, especially with student photos and videos, Parashift, the company that has created SchoolBench, has added an extra layer of security for schools.

Because Parashift staff work closely with school IT departments in installing, configuring, and setting up SchoolBench on site, all staff are police checked annually.

This final piece in the 5-star security protocol ensures that at all points along the journey through the SchoolBench system, processes are in place to help keep student photos safe online.

To discuss your school’s security concerns in managing student photos and videos, contact SchoolBench for a preliminary discussion and to arrange a demonstration of this robust web app.

 

Image: Security Cams by Andrew via Flickr. CC BY-SA 2.0

Facial recognition in schools: How the new SchoolBench™ web app identifies student images more accurately than humans

By ,

Facial recognition in schools is the next inevitable step for this technology, which has taken substantial steps forward during the past decade, and major leaps since Woodrow Wilson Bledsoe pioneered the field in the 1960s.

Back then, Bledsoe used a RAND tablet to manually trace facial features, such as eyes, nose, hairline, and mouth, and plot them into a database.

Later, when a new photo was manually scanned, the database could retrieve images deemed to be a close match.

Fast forward to 2017, and developers at Adelaide’s Parashift have rolled out SchoolBench™, a cross platform, java-based, web application that can be deployed locally on existing school infrastructure, using facial recognition technology to capture, index, and share digital photos and videos of students and staff.

Machines now better than humans at facial recognition

In the paper, Face Recognition Algorithms Surpass Humans, researchers concluded that while most of us, including computer vision researchers and psychologists, assume humans are better than machines at matching faces, that assumption is now challenged.

This is especially so when “matching face identity between photographs that are taken under different illumination conditions”.

Experiments conducted as part of the research show that machines leave humans behind except where the subjects are known to the humans doing the identification.

In school situations, especially schools with many hundreds of students, communication and administration staff often face situations in which they are sorting images of students unknown to them personally.

This is where processing images through an application such as SchoolBench™ not only delivers correct identification but also the accurate parsing of usage rights per student.

SchoolBench™’s Neural Network for Facial Recognition

Developers at Parashift based the neural network on Google’s Facenet because it has continued to prove itself as a leader in accuracy.

In fact, Google researchers published a paper, FaceNet: A Unified Embedding for Face Recognition and Clustering, in which they show that Facenet achieved nearly 100 per cent accuracy on a dataset of human images called Labeled Faces

Training happens by having the neural network guess the pictures based on known labels and then comparing it against how close it was to being correct.   It will then continue to make guesses, tweaking values slightly to get closer and closer to an accurate way of guessing.

By using the LFW dataset to train Facenet and SchoolBench™ in facial recognition, the systems “learn” how to contrast and compare faces in different poses and lighting environments.

Furthermore, approximately one in ten of the people in the LFW database have two or more distinct photos in the collection, which adds extra finesse and rigour to the artificial intelligence.

It is common for researchers in the facial recognition field to benchmark their systems against Labeled Faces in the Wild because it provides a sound “verification” test.

This means high accuracy rates correctly analysing LFW images lead to algorithms performing at or above industry standard.

Humans teaching machines: Faster, better facial recognition in schools

Out of the box, SchoolBench™’s digital assets are stored in a single repository.

It then automatically classifies them using metadata from the image and video files, and applies indexation by referencing school-oriented taxonomy, such as class, year, term, and pupil names for later use.

The index of these images and media files is built up using a reverse term index, which stores the terms of each media file and a pointer to them rather than the media files individually.  For example if you search for images in “Term 3” it will look up “Term 3” in the index and find all media files associated with that term.  In this way, you don’t need to look through every image to find out which ones are in “Term 3”.

The resulting output means authorised users can quickly sort, view, and share digital media filtered by one or multiple fields, from class to location to usage rights.

While other systems can achieve this sorting output, it is the introduction of facial recognition using Facenet that speeds up the processing and accuracy of finding and sorting student record files.

From hours to seconds: We know who that is

By using reference images for each student, taken from annual school photo shoots, SchoolBench™ can create a unique, 128 byte number, or “signature”, for each student and then compare that to similar signatures extracted from faces found in images and videos.

Similar faces will have similar signatures, and by doing a distance comparison between each number, we can find all images that exist within a set threshold.

This means staff and other users can upload images and video in bulk and have them automatically scanned by SchoolBench™’s facial recognition system to:

  • identify faces
  • create a unique signature for each face
  • look for matches it to the database
  • add supporting data such as time, place, activity
  • link the file to a student’s usage rights settings

In rare circumstances where an angle of a photo leads to a variation in the signature file for a student, a second signature is generated and added to that child’s record so they can be identified in various poses into the future.

Once a list of known faces to labels is generated for a given school’s data set, retraining can be applied just like using Labelled Faces in the Wild, except with the data from the school included, allowing SchoolBench™ to learn uniquely to your school.

What once took hours will now take seconds, with the ability to apply manual oversight to correct matches and help SchooBench become even more adaptable and robust in the future.

Our team enjoys sharing insights into the technical infrastructure of SchoolBench™ and would be happy to meet with you and your ICT colleagues to conduct a demonstration and Q and A session.