Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Education

These Parents Built a School App. Then the City Called the Cops (wired.com) 133

Stockholm's official app was a disaster. So annoyed parents built their own open source version -- ignoring warnings that it might be illegal. From a report: Commissioned in 2013, Skolplattform was intended to make the lives of up to 500,000 children, teachers, and parents in Stockholm easier -- acting as the technical backbone for all things education, from registering attendance to keeping a record of grades. The platform is a complex system that's made up of three different parts, containing 18 individual modules that are maintained by five external companies. The sprawling system is used by 600 preschools and 177 schools, with separate logins for every teacher, student, and parent. The only problem? It doesn't work. The Skolplattform, which has cost more than 1 billion Swedish Krona, SEK, ($117 million), has failed to match its initial ambition. Parents and teachers have complained about the complexity of the system -- its launch was delayed, there have been reports of project mismanagement, and it has been labelled an IT disaster. The Android version of the app has an average 1.2 star rating.

On October 23, 2020, Landgren, a developer and the CEO of Swedish innovation consulting firm Iteam, tweeted a hat design emblazoned with the words "Skrota Skolplattformen" -- loosely translated as "trash the school platform." He joked he should wear the hat when he picks his children up from school. Weeks later, wearing that very hat, he decided to take matters into his own hands. "From my own frustration, I just started to create my own app," Landgren says. He wrote to city officials asking to see the Skolplattform's API documents. While waiting for a response, he logged into his account and tried to work out whether the system could be reverse-engineered. In just a few hours, he had created something that worked. "I had information on my screen from the school platform," he says. "And then I started building an API on top of their lousy API." The work started at the end of November 2020, just days after Stockholm's Board of Education was hit with a 4 million SEK GDPR fine for "serious shortcomings" in the Skolplattform. Integritetsskyddsmyndigheten, Sweden's data regulator, had found serious flaws in the platform that had exposed the data of hundreds of thousands of parents, children, and teachers. In some cases, people's personal information could be accessed from Google searches. (The flaws have since been fixed and the fine reduced on appeal.) In the weeks that followed, Landgren teamed up with fellow developers and parents Johan Obrink and Erik Hellman, and the trio hatched a plan. They would create an open source version of the Skolplattform and release it as an app that could be used by frustrated parents across Stockholm. Building on Landgren's earlier work, the team opened Chrome's developer tools, logged into the Skolplattform, and wrote down all the URLs and payloads. They took the code, which called the platform's private API and built packages so it could run on a phone -- essentially creating a layer on top of the existing, glitchy Skolplattform.

The result was the Oppna Skolplattformen, or Open School Platform. The app was released on February 12, 2021, and all of its code is published under an open source license on GitHub. Anyone can take or use the code, with very few limitations on what they can do with it. If the city wanted to use any of the code, it could. But rather than welcome it with open arms, city officials reacted with indignation. Even before the app was released, the City of Stockholm warned Landgren that it might be illegal. In the eight months that followed, Stockholms Stad, or the City of Stockholm, attempted to derail and shut down the open source app. It warned parents to stop using the app and alleged that it might be illegally accessing people's personal information. Officials reported the app to data protection authorities and, Landgren claims, tweaked the official system's underlying code to stop the spin-off from operating at all.

This discussion has been archived. No new comments can be posted.

These Parents Built a School App. Then the City Called the Cops

Comments Filter:
  • News Flash (Score:2, Insightful)

    by DesScorp ( 410532 )

    Government doesn't like competition for power or authority, even in the smallest things. Especially from the people it rules over.

    • Re:News Flash (Score:5, Insightful)

      by bill_mcgonigle ( 4333 ) * on Monday November 08, 2021 @09:35AM (#61968165) Homepage Journal

      Dig deeper and you'll find some politician's cousin holds the contract for the shitty app. The goal was never to help children - that was the excuse.

      It's a big club and you ain't in it.

      • by magarity ( 164372 ) on Monday November 08, 2021 @11:24AM (#61968447)

        The contracts are spread around FIVE companies. The entire city council has a relative to one degree or another involved.

      • Well please dig and try to find that. Basically that is not how public procurements works over here, and the project have changed contractors at least once when the first one selected couldn't deliver what they promised on the terms that they agreed to.
    • "Government doesn't like competition for power or authority, even in the smallest things."

      If what you assert is true, how do you account for the fact that the government of the United States constantly and enthusiastically submits to the authority of Corporate America?"

      • by GlennC ( 96879 ) on Monday November 08, 2021 @09:45AM (#61968185)

        how do you account for the fact that the government of the United States constantly and enthusiastically submits to the authority of Corporate America?

        Simple...employees generally submit to the will of their employer.

      • "Government doesn't like competition for power or authority, even in the smallest things."

        If what you assert is true, how do you account for the fact that the government of the United States constantly and enthusiastically submits to the authority of Corporate America?"

        The government could shut corporations down in a heartbeat if it wanted to. Crush them like a bug.

        The government finds corporations useful for their purposes. Simply put. Especially tech corps.

  • People with Power (Score:5, Insightful)

    by endus ( 698588 ) on Monday November 08, 2021 @09:39AM (#61968171)

    I have come to the conclusion that a lot of the types of people who seek leadership roles, especially in government, are the exact people who should never be allowed leadership roles. It attracts egotistical pigheaded sociopaths who are utterly incapable of Making Good Decisions or understanding what is going on around them.

    It's not that I don't understand having concerns about this, I do. However, the reaction should be, "Wow, the old system was so bad you spent all this time writing your own? And it's open source? And it's working better? We've had all these problems with the system since it was rolled out, let's get together and start figuring out a way forward to leverage the work you've done". Instead it's, "You did something that I haven't controlled since it's inception and which undermines the perception of my own competence? I'm calling the police".

    • Re:People with Power (Score:5, Interesting)

      by Voyager529 ( 1363959 ) <voyager529 AT yahoo DOT com> on Monday November 08, 2021 @09:58AM (#61968231)

      "Anyone who is capable of getting themselves made President should on no account be allowed to do the job.." --Douglas Adams

    • I don't know how old you are, but I went through a similar thing and then it went a bit further.

      I was probably 20, when I realized that people who seek leadership roles are the exact people who should not be allowed in leadership. Went down a reasonably libertarian path.

      Today, I'm 40. My outlook has changed to recognize that we need leadership to function. Our goal as regular people who generally don't seek leadership is to choose the best sociopath to be our leader :)

      I use that word sociopath on purpose. N

    • with a quick google search of their history, but you need to vote in your primary election to keep them out. It's hard enough to get people to show up for a mid term, let alone a primary.
    • by dddux ( 3656447 )

      I couldn't agree more. Thank you for posting such insightful post. d-;)

  • Natural reaction (Score:3, Insightful)

    by Dog-Cow ( 21281 ) on Monday November 08, 2021 @09:46AM (#61968187)

    The natural reaction to being shown one's own incompetence is to bury the messenger in legal shit.

  • world wide. The education cartels rarely share power, they rule/profit from on high. And no one else is invited to the party.
  • by yerex ( 205782 ) on Monday November 08, 2021 @09:49AM (#61968199)

    A very similar situation happened at the University of Alberta in the early 2000s.
    They spent millions on a new registration system that turned out to have a completely crap web interface. So a student wrote his own, which rapidly became the only one used by anyone.

    I believe the university eventually just bought it, and hired the student⦠rather than trying to shut it down.

    https://www.itbusiness.ca/news/u-of-alberta-gets-behind-student-developed-it-system/5587

  • Reality check (Score:4, Informative)

    by Wolfrider ( 856 ) <kingneutron@@@gmail...com> on Monday November 08, 2021 @09:52AM (#61968217) Homepage Journal

    --Time to remind these indignant city officials of who they actually work for, and whose taxes are paying their salary.

    • --Time to remind these indignant city officials of who they actually work for, and whose taxes are paying their salary.

      LOL. When has that ever worked? What you gonna do? Vote for someone who pledges to lead an inquiry into what went wrong? Ooooh I'm sure those incompetent public servants are absolutely quaking in their boots. /s

  • by technomom ( 444378 ) on Monday November 08, 2021 @09:56AM (#61968225)

    So, first off, were the school APIs (I assume they are either REST or GraphQL queries) at least secured? That is, did you require at least some kind of access token that regularly expires? If so, how is that token acquired? Does it require at least 2 factors?

    If they were not at least secured, then the school system itself has a shitload of explaining to do.

    • I do not know if the Stockholm school APIs are secured. However, I am almost certain that authentication is required. That is not the same as the application being secure. My children's school district has a web app for parents, and it uses authentication. Once I have authenticated to the app, I can view information by putting any student ID in the URL's query string. This would be OK if the student ID was a UUID, but student IDs are sequentially assigned numbers. It would be easy to write a script that che

      • by zarr ( 724629 )
        If your school district is anywhere in the EU, they're in for a fine. The GDPR has been in force for a while, so there is plenty of precedent covering exactly this situation by now.
    • They are using BankID which is the standard way to digitally authenticate a person in Sweden for banks and stores.
  • Is it my imagination or has Slashdot started posting much longer "synopses" on the front page? This one is long enough that you just read it and ignore the original. Is this just to fill up more space? Does it allow more ads on the side? Why is this happening? Inquiring minds want to know.
    • by gnapster ( 1401889 ) on Monday November 08, 2021 @11:10AM (#61968419)
      I'm pretty sure they are getting longer, but let's get one thing straight: there has never been a synopsis on slashdot that was so short you couldn't ignore the original!
    • It's not your imagination - it's become the new Slashdot "style", or lack thereof. I complained about it a while ago and IIRC was modded down for doing so. It used to be that summaries were just that - the writer summarized the article, largely in his or her own words. Now TFS is just a copy-and-paste of a substantial portion of TFA - in some cases the 'summary' contains close to half the article.

      Maybe we brought it on ourselves because we seldom RTFA - now we read it whether we want to or not.

  • by F.Ultra ( 1673484 ) on Monday November 08, 2021 @10:12AM (#61968265)
    Actually the City of Stockholm turned around on the 9th of September and decided to purchase the Open Sourced version in order to hand it out for free to everyone: https://www.nyteknik.se/digita... [nyteknik.se]
    • Good link and update. But it seems that /. editors are resolutely and systemically English-biased and, moreover, many would think that the acceptance and adoption of OSS is less newsworthy than the attempt to shut it down. I’m concerned that the city chose to buy it. Is this actually about buying to close it down? (Not an uncommon strategy used by many big name IT companies - one does not have to have oracular powers to find them).
      • by F.Ultra ( 1673484 ) on Monday November 08, 2021 @07:38PM (#61970029)
        The reason that the city is wanting to buy the app is so that they can hand it out for free to parents, schools and teachers of the city. At the moment the "Open App" costs $1.40 so it's open but not free as in free beer while the official city app (that cost the city millions) are free as in beer. So they simply want to make the better version as available as the original.
    • by GuB-42 ( 2483988 )

      Mod parent up.

      Considered this way, the city reaction is understandable (it doesn't mean I approve). The have no control over the open source app, and it may indeed contain malware or vulnerabilities, introduce bugs by using the private API incorrectly, maybe even DDOS the platform.
      It is not clear if they changed the API in order to block the open source app or to fix some issue or upgrade, but it highlights one of the reason you may not want to allow 3rd party apps: controlling both the client and server al

  • The platform is a complex system that's made up of three different parts, containing 18 individual modules that are maintained by five external companies

    This here is a key sign that the process of a bullshit political process for technical design. There is no sensible reason that I can fathom (but of course, I would be happy to hear sensible claims otherwise) that any component needs to be a consortium of 5 different firms. This inflates costs, messes up timelines and makes every problem a recursive dumpste

    • It's because they have segmented it into 5 different services (which is not to say that this way is dumb or smart) and then they (and here comes the real problem) that interoperability would be handled by the city itself and the individual contractors should not focus on that.

      The five different services are

      • 1. Children and student register
      • 2. Management of absence / presence
      • 3. Handling of student documentation
      • 4. Educational material (Digital creation and handling of material)
      • 5. Pedagogical implementation (Pla
      • I think you missed the point. Yes it was segmented -- I believe this is a terrible idea from an engineering perspective because it begets a lack of responsibility and ownership.

        I also suspect that this was motivated to allow 5 different companies to get government contracts and "share the bounty" as it were rather than just picking a firm to deliver it end-to-end.

  • This ain't just a problem with the city or the incompetents they hired to do their coding for them. This is a problem with human psychology--if it didn't come from their in-group it's suspect. Especially if it makes their in-group look bad.

    The most important part about solving someone else's problem is making them think the solution was their idea in the first place. This goes double if they hired you to solve their problem.

  • The good news, is if anybody is arrested, they will eventually come to identify with and even love their captors.

  • was started as a grad student project answer to the almost universal frustration with "the only game in town" Blackboard.
    Moodle was similarly started as an alternative to WebCT.

This is now. Later is later.

Working...