Security Questions

"One problem is that many users are careless"

Prof. Dr. Jörn Müller-QuadeKarlsruhe, December 2015 - As a professor of IT security at the Karlsruhe Institute of Technology (KIT), Jörn Müller-Quade deals with issues such as secure cloud computing, security definitions and models, and general security issues. As a speaker at the LEARNTEC 2016 convention, he will put eLearning security issues under the microscope and provide information on the areas that pose major risks in the realm of education.

Which security issues do you consider relevant in the eLearning context?

Prof. Dr. Jörn Müller-Quade: In addition to the common threats to any IT system like denial-of-service attacks and the manipulation of data, two risks come to mind that are especially relevant to eLearning. The solutions to online test items must be kept secret. Successfully completing an academic degree offers you better career opportunities and probably a higher salary. Now, when it is possible to get the right solutions using a hacker attack instead of via performance and studying,, there are great incentives and interesting business models for cybercriminals.

In addition to the solutions, test results appear sensitive to me. Information about high-potential individuals is very valuable and could enable headhunters to specifically target people and lure them to their clients’ companies.

You recently contended that the "digital I needs encryption". Does this also play a role in learning?

Prof. Dr. Jörn Müller-Quade: You’re referring to the FAZ Forum panel discussion and the article from the heise online portal.

To say the “digital I” needs encryption is a metaphor that means that digital identities have to be protected because identity theft is a major threat on the Internet. One problem here is the carelessness of many users.

We have no instincts that warn us about Internet threats. An example from the eLearning environment is those free online IQ tests. Many users reveal a lot about their personalities without any sense that they’re doing something that’s potentially dangerous.

What does this mean for computer-assisted learning?

Prof. Dr. Jörn Müller-Quade: Perhaps it should be easier to use such services anonymously with "disposable identities", which one assumes for a short time and never adopts again. They offer a degree of anonymity and might help mitigate some of the threats. Otherwise, you simply have to trust the eLearning providers and hope they won’t sell or misuse the data.

How much of the responsibility for education security lies with the eLearning-tech providers and how much does the user organizations bear?

Prof. Dr. Jörn Müller-Quade: Unfortunately, that's a difficult question. I’m afraid the various eLearning providers’ Terms and Conditions statements preclude any responsibility as much as possible, but perhaps the IT Security Law that’s under consideration in Germany will change something.

What options do end users have to protect themselves?

Prof. Dr. Jörn Müller-Quade: Many security problems are the result of negligence, and here the end user can do a lot. Using the same password for different accounts is one example.

 

For people who speak German, good sources of security precautions are websites of the Federal Office for Information Security (https://www.bsi-fuer-buerger.de/) and the Anti-Prism Party (https://www.anti-prism-party.de, under "Downloads").