Posted by Steve Lay
While I was traveling back from our US Users Conference several weeks ago, a debate was raging on social media following news that a testing company had been monitoring Twitter to detect evidence of leaked content. The Guardian newspaper, for example, reported that a New Jersey superintendent had found this ‘disturbing’.
In case you haven’t read about this case, here are the basics: after school, a student tweeted information about a test administered earlier that day. An automated Web monitoring system discovered the tweet, and the school was notified. The student later deleted the offending tweet.
According to the test provider, administrators are supposed to tell participants that sharing any test question online is prohibited. It isn’t clear from the press reports whether this warning was issued prior to the test or whether the student would have considered the tweet prohibited or not. Whatever the case may be, enough information was shared to trigger the automated warning.
Perhaps more interesting than the story itself is the reaction to it. Strong words have been used, but should monitoring social media really be regarded as spying?
The monitoring of online forums to check for exam leaks is not new. It goes back to the very earliest days of the Internet. When I first read about this case my first reaction was that this type of thing is happening all the time. Indeed, brand owners are constantly monitoring social media to help them understand the public’s reaction to their products and services and to help them target their advertising more effectively. Copyright owners also monitor the web to check for infringement. Trademark owners must pro-actively monitor for misuse to prevent their trademarks from becoming unenforceable. So if an organization has such rights, wouldn’t monitoring the web–including social media–to enforce them surely be expected?
This assumption is probably naive. Many people are not aware that this information is available in a form that can be subscribed to. They do not understand the subtle difference between a comment being made in a ‘public place’ like twitter and it being instantly discoverable. In our everyday experience, a conversation that happens in a public place like a café or store is not recorded, transcribed and then made instantly available to business partners of the venue. In this case, the student, the student’s parents and even the superintendent were surprised and shocked by the level of surveillance. They reacted as if a private conversation had been overheard.
It is interesting to contrast this recent case with one reported by Techcrunch in 2009, when information from Facebook was used to hold students to account for cheating. But in the Facebook case, the information was discovered by other students and brought to the attention of the test authorities. Why would the students do that? Likely because test takers are key stakeholders too! If cheating becomes commonplace, then the test will become worthless. So both the test publisher and the test taker have an interest in ensuring fair practice.
Coming back to the rogue tweet, what’s frustrating here is that there is no suggestion that the test taker was trying to cheat or to help someone else cheat. I haven’t seen the 140 characters in question, but it seems likely that the tweet was just a trivial extension of the type of verbal conversation that people frequently have after taking tests.
The mismatch in privacy expectations and the feeling that the student was being accused of malpractice were a toxic mix. Both of these can be avoided.
When monitoring people using CCTV or similar technologies, it is good practice to inform people that they are being monitored, and for what purpose. In many jurisdictions this may also be a legal requirement. Likewise, why not inform test takers of the type of monitoring that is taking place and why? This may have the added advantage of helping to inform them about the risks to their own privacy that over-sharing on social media can pose.
Also, when issues are flagged by monitoring services, test publishers should think carefully about any follow-up actions. Are these actions consistent with the stated purpose of the monitoring? Are they proportionate? Remember, the test taker and the test publisher should be on the same side!