The recent news that Proctorio’s CEO Mike Olsen publicly posted, on the site Reddit and under a different name, sections of a chat between himself and a student who had complained about Proctorio earlier, has led to consternation at the University of British Columbia in Vancouver, Canada. Olsen was said to have violated his company’s promise that no one working at Proctorio would ever have access to data or footage of users. Olsen has since deleted the posts and apologized.
TU/e has been using Proctorio for a significant number of exams since the third quartile, and it uses this online proctoring program for one in five exams during the current exam period as well. 21 students requested a so-called opt-out this exam period, because they claim to have serious objections to online proctoring.
Niels Verbeek, student at the department of Mathematics and Computer Science, became aware of the incident involving Olsen through an article in the Australian edition of The Guardian. In light of this case, Verbeek started to wonder just how much the agreements made between TU/e and Proctorio are worth. Verbeek: “It was said that all data collected during our exams would be secured and made available to relevant persons only.”
Cursor posed this question to Patrick Groothuis, director of Education & Student Affairs (ESA). Groothuis says that TU/e believes to have made very meticulous and conclusive agreements with Proctorio, and that these are in line with the General Data Protection Regulation (GDPR). Groothuis: “We had several matters assessed extensively, because we believe that privacy is an extremely important component. It’s difficult to address this exact case because it didn’t happen here, and it’s always difficult to rely on information you read in the media without knowing the entire case. The Guardian article stated that Mike Olsen, CEO of Proctorio, supposedly used a different name and edited and subsequently publicly posted sections of a chat with a student after that student publicly – perhaps falsely – complained about Proctorio. I also read that Olsen has since apologized for everything.”
Groothuis says that this case doesn’t involve images, audio, room scans or things like that. “The type of chat messages we’re talking about here are anonymized in Proctorio’s software. This means that employees can only see a message when it has a hashed code (pseudonym). Our set of agreements assures that only a very small number of people at TU/e can decode this code, thus determining the identity of the student in question. That identity therefore can’t be traced back to an individual by anyone other than the people from that group. So far, we had no reason to do this.”
Groothuis says that TU/e is currently investigating the possibility, in cooperation withthe collaborative organization for ICT in Dutch higher education (SURF) and other institutions, of carrying out a joint audit of Proctorio’s software. “That’s normal practice with software that is considered critical for operational management or privacy. That audit will once more objectively assess all aspects.”
The ESA director says that he does however see sufficient reason “to ask Proctorio for clarification about this matter. Particularly to hear from them how they guarantee that this won’t happen again in the future. Because aside from the underlying agreements and technical obstacles, this is all very inappropriate. It seems clear to me that Proctorio understands the risk as well. The company has eight hundred institutions worldwide among its customers, and their trust, as well as that of students, is in Proctorio’s utmost interest.”