Caveon Security Insights

The State of Florida recently imposed a cell phone ban on students while taking the FCAT. All the parents of school children in the state received a letter explaining the ban. On the other hand, the Legislature in the State of Utah voted down a bill that would require school districts to establish policies governing cell phone use. The sponsoring legislator said, “[Cell phones] can be used to cheat. We’ve had inappropriate photos transmitted. The problem is pervasive.” An opposing legislator was quoted as saying that “he thinks electronic devices could be better used in education and wouldn’t necessarily like to see policies that simply prohibit them.”

In another story last week reported by Wave3 of Louisville, we read: “Teachers at Oldham County High say they’ve had problems with students using their cell phones to cheat in class. ‘I saw a boy texting under his desk during a test. Then I picked it up. Clear as day it said number five –D- and I took it to the office and we were able to trace the number and it was to another student in the same class,’ said Newkirk.” Now contrast that experience with this column from the Muskegon Chronicle, where the writer claims that gadgets don’t help cheaters. The following points were made:

1. Yet research indicates that cheating in high school and college isn’t any more common today than it was 30 years ago.
2. “And 99 percent of cheating is still done the old-fashioned way, like copying from a neighbor,” said Scott Gomer, media relations director for ACT,
3. But in her four years at Northview High School in Plainfield Township, Kelsey Perras has heard of someone pulling out a cell phone to take a picture of a test “only once,” she said.
4. “High-tech cheating isn’t really something you see a whole lot of,” said Hudsonville High senior Travis Martin. “Most people won’t pull out their cell phone during a test. It’s tough to make that discreet.”
5. Perras said cheaters at Northview are caught more often than not.

Muskegon must be a very sheltered place with extremely astute teachers. The credibility of each of the above statements is easily challenged. I see a lot of data and from what I see, I feel very confident in stating that cheaters are rarely caught. The only way that I can explain some of the cheating I see is through wireless communications. And, research from the Josephson Institute and Center for Academic Integrity convincingly shows that cheating in school is rising and has been rising for the last two decades.

Confusion concerning cell phones in schools is raging throughout the whole country. The issue is being intensely debated in New York City where it has spilled into the court system. Last spring the New York State Supreme Court upheld a ban on cell phones imposed by New York City in 2006. The Supreme Court decision is now being challenged in appellate court.

Surprisingly, security arguments are given by both sides of this debate. Proponents of cell phones argue that parents and administrators need constant contact with students, because without constant contact student security is jeopardized. Opponents of cell phones in schools cite privacy violations with videos posted on the Internet of students in restrooms and teachers disciplining students. And, of course, they do not overlook the implications of cheating. As reported by WSAZ, the solution at Marshall University has been to allow each instructor to determine in their course syllabus whether cell phones during tests are banned, but to not restrict cell phone use on campus.

Penn State has addressed the issue by creating secure testing environments, where the computers do not have Internet access and where cell phone transmissions are silenced. The technology they are using includes: secure workstations, cameras and monitors on every test taker, and metal-lined testing rooms (known as faraday cages) that passively prevent wireless communications. While this may seem extreme, contrast this with the exam breach of 2004 in South Korea where 314 test results were invalidated after police discovered answer keys being transmitted using text messaging. As another example, consider the January 2, 2008 report by the Boston Globe where firefighters in Boston sent text messages from the restroom to cheat on their exams.

It is clear that cell phones are used to surreptitiously cheat on tests. People, in general, feel strongly that cheating shouldn’t be tolerated on tests. We don’t want doctors, lawyers, nurses, accountants, firefighters, police or any other person who provides a service to us to be an incompetent, bumbling cheater. On the other hand, the public sentiment appears to be confused when it comes to setting aside the cell phone while an exam is being given. The public seems unwilling to restrict the individual privilege of being able to communicate with a child in school while taking a test in order to prevent cheating.

The principle of fairness and integrity dictates that students should have a level playing field. It is very difficult to convince me that the playing field was level when cheaters in China were caught with radio receivers in their shoes:

Police in Jiutai, in the northeastern province of Jilin, became suspicious when a mini-bus remained parked outside a school hosting the exam on Thursday, Xinhua said.

Inside, they found three people, “two of them staring at a computer screen and talking into a walkie-talkie,” Xinhua said.

A student in the examination hall used a wireless microphone to read out the questions and received the answers from the van; Xinhua quoted their confessions as saying.

Police had found some 42 pairs of so-called “cheating shoes” with transmitting and reception ability, selling for about 2,000 Yuan each, in a flat in Shenyang, the provincial capital, state media said on Thursday, adding that they — along with “cheating wallets” and hats — had proved popular this year.

There is no confusion in my mind on this issue. But, I’m just a statistician and who am I to know differently?

The other day I realized that visitors to Caveon’s website are very interested in “cheating methods.” John Fremer and Jamie Mulkey wrote an article titled “The Ten Most Wanted Cheaters” (http://www.caveon.com/articles/newsltr_04_Q1_1.htm) which is quite enlightening and informative. And, as a follow up to that article John Fremer and Don Sorensen created a “wanted poster” that is very entertaining (http://www.caveon.com/conference_photos/poster.html). I doubt that the presentation of my taxonomy will be more interesting that those descriptions, but I hope that it provides you with a structure from which to make security decisions. A taxonomy or classification of cheating methods and ways in which individuals commit test fraud is critical for establishing a scientific foundation for the study of cheating.

There are three main branches at the highest level of test fraud classification: stealing or exam piracy, cheating and collusion, and tampering with or falsification of test results. I have represented these activities by three classes of individuals: thieves, cheats and liars, as shown below.

In the above figure, I have overlaid these three basic activities of test fraud on three basic areas of process management for the testing program of test development, test administration, and results management. Testing programs face both security threats from insiders (internal risks) and test takers (external risks). History is replete with examples that criminals who are inside an organization and have security responsibilities inflict much greater damage than thieves, cheaters, and liars can do from the outside.

In compiling this simple taxonomy, we have culled and analyzed lists of ways to cheat from a large number of Internet sources. Unfortunately, we did not always keep track of the URLs. Even so, I acknowledge and am indebted to the compilers of those lists. I also acknowledge the influence of Greg Cizek’s excellent book “Cheating on Tests: How To Do It, Detect It, and Prevent It”

(http://www.amazon.com/Cheating-Tests-How-Detect-Prevent/dp/0805831444). I admit that the taxonomy below is incomplete and welcome your feedback.

Test Fraud – An action to misrepresent a test result, which usually is performed to gain an unfair advantage by one or more test takers.

1. Stealing – The test content is stolen and distributed to one or more individuals.

1.1. Physical theft - The actual test materials are removed and stolen. Copies of the stolen materials are usually made and distributed by pirates.

1.1.1. Booklet pages - Are taken and removed (razor blades or dental floss may be used to remove pages).

1.1.2. Test booklets - Are taken and removed (the booklet may be hidden under a jacket or garment in the test event, the booklet may be hijacked while in transit, the booklet may be taken from storage).

1.2. Unauthorized reproduction - The content is reproduced or copied.

1.2.1. Transcription - The content is transcribed using audio recordings or handwritten facsimiles.

1.2.2. Image acquisition - An image of the content is captured. The thief may elect to remove a test booklet, make an image, and then return the booklet in order to acquire the image without being detected. Other methods for copying an image are miniature cameras (e.g., button cameras, pen cameras, watch cameras, and other concealed spy cameras). Cameras are also found on cell phones, calculators, and PDAs. Some of these cameras have wireless capability to transmit the images to accomplices. Hand-held copiers and scanners (e.g., DocuPen) may be used to copy test items. If the tests are given by computer, the print-screen key or other image capturing software may be used. An insider may train video cameras on the test items to record them.

1.2.3. Item recall - Test items are remembered and recalled. Piracy rings and cram schools may assign ring members to memorize certain portions of the test. Individuals may disclose item content through Internet forums, chat rooms, or e-mail with high probability of accurate item reconstruction.

1.2.4. Computer files - Electronic files containing test items are taken. The perpetrators may infiltrate the test development servers or they may hack into workstations where the tests are being presented. A variety of hacking techniques, including social engineering and malware, will be used to compromise the security of the information systems. Industrial sabotage eavesdropping techniques (e.g. keyloggers, IP packet sniffers, remote electronic snoopers, and video t-connectors) may be used to steal the content from afar.

1.3. Content distribution – Once the test content is stolen it is sold, distributed, or shared with others. The Internet (e.g., websites, forums, chatrooms, instant messaging, peer-to-peer file sharing, and e-mail rings) is the dominant distribution medium for stolen content. Braindump sites specialize in aggregating stolen content to create “test bibles.”

2. Cheating – Test-taking rules and procedures are violated while answering the test questions.

2.1. Unauthorized assistance - A test taker gets illicit help from one or more individuals while taking the test.

2.1.1. Collusion – Two or more individuals communicate and share test content or answers during the test.

2.1.1.1.Low tech signaling - Some stand-by methods for communication are foot tapping, mirrors, hand signals, and note passing. In the “Flying V” formation, a smart test taker sits at the front of the room and conspirators are seated behind and to the left or right, passing along answers to the entire group.

2.1.1.2.Wireless and radio communication - Wireless devices and radios may be used to communicate (e.g., text messaging, radios embedded into miniature ear pieces, and pagers). A test taker may go to the restroom and phone a friend to get answers and help for the test. Another form of communication uses a chat-room or instant messaging on the Internet while taking the test.

2.1.1.3.Cheat sheet “on demand” - A smart test taker may quickly answer the test questions, transcribe the answers, and share them with conspirators through are restroom drop box or other method. A variation of this involves real-time stealing of the test content with rebroadcast of answers to test takers’ cell phones, pagers or miniature radios (worn as ear pieces) during the test.

2.1.2. Test coaching – An individual, usually a test administrator, gives improper assistance to the test taker. This assistance may be given overtly (e.g., hinting the correct answer) or covertly (e.g., displaying forbidden materials in the test location).

2.1.3. Unsupervised assistance – The test administrator may leave the room with the specific intent of allowing test takers to collaborate or another person to provide assistance. One variation of this has occurred in testing centers where test takers are granted access outside of normal operating hours. Cheaters have been known to use decoys and distractions during the test in order to provide an opportunity for accessing cheat sheets or communicating with each other.

2.1.4. Impersonation - The test is taken by a person other than the test taker. We call these proxy test takers or surrogate test takers. Clever impersonation schemes involve exchanging answer sheets or switching names on the answer sheets. The most blatant schemes involve proxies for hire. Proxies may fill out and turn in two answer sheets, while the test taker does not return answer sheet. A variation of this occurs when the test taker obtains or produces an identical answer sheet (or blue book) which is worked out before the testing event and switched when the answer sheet is turned in (the test taker impersonates himself in time).

2.2. Access to forbidden materials - A test taker uses forbidden materials to answer the test questions.

2.2.1. Answer Copying – A test taker, acting without assistance, copies answers to test questions from others, during or after the test. The behavior may include a large number of wrong-to-right erasures. If the answer copying is planned, the cheater will intentionally select a seat so as to copy from a specific test taker.

2.2.2. Crib notes and cheat sheets – A test taker brings or hides prohibited materials into the testing session. Some cheaters resort to invisible or barely visible writing techniques for preparing their crib notes. Two or more individuals may collaborate in smuggling forbidden materials into the test event.

2.2.2.1.Body writing - Notes are written on easily concealed body locations (e.g., hands, fingernails, legs, between the fingers, arms, feet, and ankles).

2.2.2.2.Clothing concealment - Notes are hidden in clothing (e.g., under shirt tails, under skirts, inside ties or shoes, inside bulky sweaters or jackets, on hat brims, and under belts).

2.2.2.3.Electronic devices - Notes are smuggled into the testing event using electronic devices (e.g., PDAs, calculators, watches, cell phones, MP3 players, CD-Rom players, iPods).

2.2.2.4.Within object concealment - Notes are concealed in normal, everyday objects and often in plain sight (e.g., back packs, purses, pill bottles, water bottles, candy wrappers, on modified identification cards, inside a case of breath mints, inside jewelry, on erasers, on handkerchiefs, on rubber bands, etc.).

2.2.2.5.Planted notes - Notes are planted in the testing room, which are retrieved surreptitiously during the test (e.g., in restrooms, in books, on bulletin boards, underneath tables and chairs, and underneath shelves).

2.2.3. Pre-knowledge of the test content -A test taker may acquire (i.e., steal or purchase) the test content and memorize it. Another form of this is “teaching the test” where the teacher or trainer discloses actual test content to the students. A test taker may feign sickness or some other plausible excuse for missing the test and then gather information from others about the test content before taking the make up exam.

2.2.4. Access to reference materials - Reference pages are smuggled into the test event, or worse, an Internet-capable device is used to search the Internet or access previously constructed reference pages.

3. Tampering – One or more individuals modifies a test result without authorization.

3.1. Editing of answer sheets - Test answers are changed in order to change the test scores.

3.1.1. “Stray marks” removal - This may happen if a teacher changes answers on the answer sheets after they have been submitted by the students. A common practice in schools with standardized tests is for teachers to clean up “stray marks.”

3.1.2. Unlawful entry – Stored answer sheets are compromised through unlawful entry (e.g., burglary) and then the documents are modified.

3.1.3. Student grading – In the educational setting when tests are graded by the students, cheaters may mutually agree to modify each other’s answer sheet. A variation occurs when a cheater modifies the test to lower the score of a hated rival.

3.2. Changing the scores - Files or records containing test results and scores are invaded and falsified.

3.2.1. Hacking the system - Scores may be falsified by hacking into computer systems

3.2.2. Document alteration - By gaining unauthorized access, the score documents may be falsified.

3.3. Coercion or bribery - Pressure or inducement is applied in order to secure an advantage. For example, students may attempt to influence teachers to give them special consideration because they had a personal emergency or got sick during the test. They may ask to down weight the test score (e.g., “Throw out my lowest score,” or “Let me show you that I can do better”).

3.4. Lies and chicanery - A test result that should not be accepted (e.g., retake policy was violated or cheating was suspected) is accepted through some form of deceit, such as lying, extortion, badgering or cajolery.

In 1965, Gordon Moore of Intel observed that transistor densities were doubling roughly every 2 years. Since then the exponential nature of faster, smaller and more powerful computational units has continued. Initially, the observation was a remarkable statement of trends. Later, it became an expectation. And, it is now considered an unrelenting challenge for high technology. http://en.wikipedia.org/wiki/Moore’s_law

The trend of faster, smaller and more powerful electronic devices has spilled over from computers into all forms and types of electronics. Notably, consumer electronics commonly used by cheaters on tests are no exception. While Internet-capable PDAs have been available for some time, it was in 2007 that Apple introduced the iPhone, a cellular phone integrated with a browser and digital camera. It would be surprising if iPhones and text-messaging are not replaced with even more sophisticated cheating technology within the next few years. Those who administer tests must anticipate the appearance of these newer, faster, and more easily concealed cheating devices.

Small, fast devices appeal to two broad classes of consumers: (1) persons who want mobile and wearable electronic devices, and (2) persons who have a need for spy gadgetry. Wearable computing (http://www.media.mit.edu/wearables/) trends are very interesting, including smaller keyboards (http://www.frogpad.com/), head-mounted displays (http://en.wikipedia.org/wiki/Head-mounted_display), USB watches (http://www.amazon.com/Timex-Data-Link-Watch-T5C291/dp/B000B545B4), and PDAs and ultra-small computers (examples are: Nokia’s Internet Tablet http://reviews.cnet.com/pdas/nokia-n800-internet-tablet/4505-3127_7-32309517.html and OQO’s Model 02 http://en.wikipedia.org/wiki/OQO).

Spy gadget shops sell tiny pin-hole cameras, but our research at Caveon indicates that the tiny digital cameras have insufficient resolution to capture high quality images of test questions. (See this review of the Casio WQV-1CR Wristwatch camera http://reviews.cnet.com/watches-and-wrist-devices/casio-wqv-1cr-wristwatch/4505-3512_7-2660570.html.) While we found that the pin-hole spy cameras did not have sufficient resolution to steal a high-quality image of a test, we did confirm that the hand-held scanner DocuPen (http://planon.com/) could be used very easily to steal a paper-and-pencil test. There is a clear trend for higher resolution digital cameras in smaller packages, such as the BenQ 8 megapixel camera which is 4 inches by 2.5 inches by one-half inch thick http://blogs.zdnet.com/digitalcameras/?p=151.) We expect to see eight megapixel cameras in cell phones before long due to Samsung’s announcement of a CMOS package for cell phones (http://blogs.zdnet.com/ip-telephony/?p=2737).

In 2007, we saw the introduction of ExamEar, an earpiece with a radio that was specifically marketed to cheaters on tests. This caused a lot of concern in Great Britain (http://news.bbc.co.uk/1/hi/education/6951524.stm, see also http://www.engadget.com/2007/08/20/examear-helping-students-make-the-best-of-exam-day/) and the website owners decided to cease operations. The ExamEar domain is now for sale. But, it would be very surprising if this technology does not resurface. In fact, two Chinese students were recently caught cheating on a test when they couldn’t remove their earpieces and needed medical attention (http://www.chinadaily.com.cn/china/2007-12/31/content_6361740.htm). We don’t know where they obtained these earphones, but they may have been ExamEar models.

Cheaters are usually engaged in one of four behaviors which may be bolstered by technology. These are:

1. Communicate with or copy from another (requires a miniature radio, cell phone, or other signaling device),
2. Smuggle test taking aids into the testing event (requires a miniature high-capacity data retrieval device with visual display, such as a PDA, iPod, or DataLink wristwatch)
3. Steal a copy of the test content (requires a miniature camera)
4. Engage in impersonation (requires an ability to tamper with or defeat identification safeguards)

Many of the current devices used by cheaters (e.g., cell phones, DocuPens, and PDAs) can be easily slipped past most test administrators, because they are so small. One of the gadgets shown at the 2008 CES (Consumer Electronics Show) which may cause concern for test administrators is the Bug Labs do-it-yourself modular electronics kit (http://gizmodo.com/346789/bug-labs-store-launches-monday-minus-wi+fi). It seems that the device will not include Wi-Fi initially, but it has support for a wide range of other functions, including cameras and cell phones.

Another recent innovation is the Bionic Eye (http://www.msnbc.msn.com/id/22731631/). This is a contact lens that features LCD circuitry which allows projection of an image into the wearer’s field of view. Researchers at the University of Washington have tested it successfully on rabbits. These researchers are the same people who developed the virtual retinal display (http://en.wikipedia.org/wiki/Virtual_retinal_display). It will be sometime before these contact lenses are used by people, but the technology is fascinating.

Another interesting product introduced in 2007 was the FlyPen, a pen-top computer. The company’s marketing literature states, “Meet the FLY Fusion Pentop Computer, the only pentop platform to offer a complete set of high-speed homework solutions and innovative note-taking applications for students of all ages. This next-generation FLY^TM system harnesses the same sophisticated Anoto technology as its predecessor, enhanced by PC connectivity, four times the memory, on-the-go calculating functionality, and a 1,000-word Spanish dictionary. Best of all, students can upload handwritten notes and drafts, digitizing them instantly into Microsoft Word documents or emails.” (See http://www.flyworld.com/presskit.pdf.) It will be interesting to see if students use this device for stealing test content.

Because consumer electronics are changing and adapting so quickly, it is very important that testing program administrators review current policies, procedures, and practices to ensure that these devices are not used by cheaters to gain an unfair advantage.