Zoom-bombing the Future of Education

by Bill Dutton and Arnau Erola based on their discussions with Louise Axon, Mary Bispham, Patricia Esteve-Gonzalez, and Marcel Stolz

In the wake of the Coronavirus pandemic, schools and universities across the globe have moved to online education as a substitute rather than a complement for campus-based instruction. While this mode of online learning may be time-limited and is expected to return to campuses and classroom settings once the Covid-19 outbreak subsides, this period could also be an important watershed for the future of education. Put simply, with thousands of courses and classrooms going online, this could usher in key innovations in the technologies and practices of teaching and learning online in ways that change the future of education. 

However, the success of this venture in online learning could be undermined by a variety of challenges. With dramatic moves to online education and a greater reliance on audio, video and Web conferencing systems, like Zoom, Webex and Skype, have come unexpected challenges. One particular challenge that has risen in prominence is efforts of malicious users to sabotage classrooms and discussions, such as by what has been called Zoom-bombing (Zoombombing). Some have defined it as ‘gate-crashing tactics during public video conference calls’, that often entail the ‘flooding of Zoom calls with disturbing images’. There are a growing number of examples of courses and meetings that have been bombed in such ways. It seems that most ‘Zoombombers’ join illegitimately, by somehow gaining access to the meeting or classroom details. But a student who is actually enrolled in a class could create similar problems. In either case, it is clear that zoom-bombing has become an issue for schools and universities, threatening to undermine the vitality of their teaching and relationships with faculty, students, and alumni of their institutions. 

We are involved in research on cybersecurity, and see this as one example in the educational domain, of how central cybersecurity initiatives can be to successfully using the Internet and related social media. We also believe that this problem of the digital gate-crasher and related issues of malicious users can be addressed effectively by a number of actors. As you will see, it is in part, but not only, a cybersecurity problem. It involves training in the use of online media, awareness of risks, and a respect for the civility of discussion in the classroom, meetings, and online discussions. Unfortunately, given how abrupt the shift to online learning has been, given efforts to protect the health of students, staff, faculty, and their networks, there has not been sufficient time to inform and train all faculty and students in the use of what is, to many, a new media. Nor has there been time to explain the benefits as well as the risks, intended and unintended, such as is the case with digital gate-crashers. 

Not a New Phenomenon

From the earliest years of computer-based conferencing systems, issues have arisen over productively managing and leading discussion online. One to many lectures by instructors have been refined dramatically over the years enabling even commercially viable initiatives in online education, such as Ted Talks, which actually began in the early 1980s and have been refined since, as well as live lectures, provided by many schools for at home students. 

But the larger promise of online learning is the technical facility for interaction one-to-one, one-to-many, many-to-one, and many-to-many. An early, pioneering computer-mediated conferencing system, called ‘The Emergency Management Information System and Reference Index’ (EMISARI) led to one of the first academic studies of the issues involved in what was called ‘computerized conferencing’ in the mid-1970s (Hiltz and Turoff 1978). Since the 1970s, many have studied the effective use of the Internet and related social and digital media in online learning. It would be impossible to review this work here, but suffice it to say, problems with the classroom, and online learning have a long and studied history that can inform and address the issues raised by these new digital gate-crashers.

Actors and Actions

This is not simply a problem for an administrator, or a teacher, as online courses and meetings involve a wide array of actors, each of which have particular as well as some shared responsibilities. Here we identify some of the most central actors and some of the actions they can take to address malicious actors in education’s cyberspace. 

Recommendations 

There are different issues facing different actors in online education. Initially, we focus on the faculty (generally the conference host) side, providing guidance on essential actions that can be taken to diminish the risks of zoom-bombing the future of education. We will then turn to other actors, including students and administrators.

• Authentication: as far as possible, limit the connection to specific users by only allowing users authenticated with specific credentials, having a valid and unique link, or possessing an access code. Ideally, many want courses to be open to visitors, but the risks of this are apparent unless the moderator is able to eject malicious users, as discussed below. A pre-registration process for attendees  (e.g. via an online ticketing system) could help limit the risk of “trolls” joining while keeping an event open to visitors. 
• Authorization: limit the technical facilities to which the students or participants in any meeting have access. Keep to the minimum required for the class session. That is, in most circumstances, the instructor should restrict file sharing, chat access, mic holding or video broadcasting if they do not need to use these in the session. This does not prevent students from using chat (interacting with other students) over other media, but it limits disruption of the class. The need to access these resources varies largely depending on the type of classroom, and it is the responsibility of the instructor or host to grant the permissions required.
• Monitoring: careful monitoring of the connected participants can help avoid unauthorized connections – the gatecrashers, so the course lead should have access to the list of participants and monitor it routinely. In some cases, virtual classrooms can be locked when no more participants are allowed. (See the last bullet point with respect to stolen accounts.)
• Moderation: in the same way that participants are monitored, their participation in the form of text, voice, video or shared links or files, should be reviewed. This can be a tedious task, particularly with a large class, but it is an advantage of online courses that instructors can monitor student participation, comments, and gain a better sense of their engagement. That said, it can take some time and it might not be possible during the class. 
• Policies: Each institution should have adequate policies and reporting mechanisms to deal with offensive, violent and threatening behaviour in the classroom, real or virtual. Actions or words that are judged offensive, or otherwise toxic language, should not necessarily exclude a student’s opinions from a class discussion, but the students should be aware of and try to abide by the institution’s standards and policies. It is also helpful if student participants have the facility to report offensive posts, which instructors can then review, delete or discuss with the individual(s) posting them. 
• Procedures: procedures need to be in place to deal in a timely manner (quickly) with stolen credentials and participants behaving irresponsibly. That could involve removing classroom access for an offending user and their loss of authorization to the specific credentials, as well as processes for generating new ones in case they are needed.

The above recommendations provide general guidance in securing online classrooms without any specifics on the technology used. Some platforms such as Zoom, have published their own guidelines for the administrators of online educational initiatives. But here it is useful to identify some of the responsibilities of other actors.

Students need to understand how the principles of behaviour in the classroom translate into the online, virtual classroom. The Internet is not a ‘Wild West, and the rules and etiquette of the classroom need to be followed for effective and productive use of everyone’s time. Students should have the ability to express their opinions and interpretations of course material, but this would be impossible without following rules of appropriate behaviour and what might be called ‘rules of order’, such as raising your hand, which can be done in the virtual classroom (Dutton 1996). Also, just as it would be wrong to give one’s library card to another person, when credentials or links are provided for enabling authentic students to join a class, it is the student’s responsibility to keep these links to themselves, and not share with individuals not legitimately enrolled. These issues need to be discussed with students and possibly linked to the syllabus of any online course. 

Administrators and top managers also have a responsibility to ensure that faculty and students have access to training on the technologies and best practices of online learning. It is still the case that some students are better equipped in the online setting than their instructors, but instructors can no longer simply avoid the Internet. It is their responsibility to learn how to manage their classroom, and not blame the technology, but it is the institution’s responsibility to ensure that appropriate training is available to those who need it. Finally, administrations need to ensure that IT staff expertise is as accessible as possible to any instructor that needs assistance with managing their online offerings. 

Points of Conclusion and Discussion

On Zoom, and other online learning platforms, instructors may well have more rather than less control of participation in the classroom, even if virtual, such as in easily excluding or muting a participant, but that has its added responsibilities. For example, the classroom is generally viewed as a private space for the instructors and students to interact and learn through candid and open communication about the topics of a course. Some level of toxicity, for example, should not justify expelling a participant. However, this is a serious judgement call for the instructor. Balancing the concerns over freedom of expression, ethical conduct, and a healthy learning environment is a challenge for administrators, students and teachers, but approaches such as those highlighted above are available to manage lectures and discussions in the online environment. Zoom-bombing can be addressed without diminishing online educational initiatives. 

We would greatly welcome your comments or criticisms in addressing this problem. 

References

Dutton, W. H. (1996), ‘Network Rules of Order: Regulating Speech in Public Electronic Fora,’ Media, Culture, and Society, 18 (2), 269-90.

Hiltz, S. R., and Turoff, M. (1978), The Network Nation: Human Communication via Comptuer. Reading, Massachusetts: Addison-Wesley Publishing.