Back in 2014, the headlines around Apple and K–12 education revolved around the cancellation of a major contract with the Los Angeles United School District. When Apple announced the contract in early 2014, there was a lot of excitement around the project. The approved deal allotted $115 million for deploying between 40,000 and 70,000 tablets to classrooms for use by students and teachers. One of the main drivers behind the project was standardized testing. As someone who just finished up another year of standardized testing on iPad (and getting back the results immediately), I can empathize at the benefits of using the device for testing. The LAUSD project ended up being a massive failure. We covered it extensively throughout the process, and while there were a lot of mistakes, I want to look at it from a technical point of view to explain the LAUSD iPad hacking scandal.
About Making The Grade: Every Saturday, Bradley Chambers publishes a new article about Apple in education. He has been managing Apple devices in an education environment since 2009. Through his experience deploying and managing 100s of Macs and 100s of iPads, Bradley will highlight ways in which Apple’s products work at scale, stories from the trenches of IT management, and ways Apple could improve its products for students.
LAUSD iPad Hacking?
Things have changed a lot since the early days of iOS management and Apple Configurator 1.0. Apple Configurator was essential to iPad management when LAUSD went to deploy their iPads. The problem is they didn’t use it. Because of the sheer number of iPads they deployed, they used a mobile device management system with over the air enrollment.
In 2019, that would be the recommended method. In 2013/2014, to supervise a device (so configuration profiles can’t be removed), you had to enroll them into Apple Configurator. Now, I don’t know who made the mistake here. Did Apple not warn them or did the LAUSD IT department ignore them? Essentially, they deployed 40,000+ iPads with the hopes that students wouldn’t figure out they could remove the configuration profile that controlled all of their security settings. A year after this project, devices could be supervised over the air straight from the factory. But at the time, LAUSD couldn’t. Once students removed the profile, the iPads were basically wide open. That’s it – removing a profile (that could be removed) was the root of the LAUSD iPad hacking scandal.
Failure of Vision
When this deal was struck, Apple had a lot of great press in the headlines around it. It was seen as a big win for Apple, students, and the district. Was the whole project (technically) rushed? Did the people in charge of the pre-sales aspect of the project write checks Apple’s technical team couldn’t cash? Only a handful of people know that, and I’ve never heard even a whisper of rumors about who was to blame. At the time of the failure, the headlines were reported as the iPads were hacked.
Students at Roosevelt, Westchester High, and the Valley Academy of Arts and Sciences in Granada Hills disabled security measures on their iPads to access Facebook, YouTube, Twitter, and other unauthorized sites, according to the Daily News.
The hack is that the iPads weren’t locked down in a way to prevent students from removing a profile. There wasn’t a security problem with iOS or the iPad. They were just not configured at the time with best practices.
At the end of the day, LAUSD was simply a year too early for the type of easy deployment the district wanted — and it didn’t have an adequate plan, given the tools available at the time. Who was at fault? It’s likely everyone played a role, but the bottom line is that the plan was doomed from the start unless LAUSD supervised the devices using Apple Configurator. The project was eventually cancelled, but let’s be clear, there was no LAUSD iPad hacking scandal.