As the end-of-year exam season approaches, Australian universities are continuing to use spyware-like remote invigilation software despite official government guidance that it only be used as a last resort.

Proctored online exams – which fight cheating by requiring students to install specialised apps on their computers and mobile devices – “should be used only after other options have been considered and deemed unsuitable,” advises recently published guidance from the Tertiary Education Quality and Standards Agency (TEQSA), which accredits tertiary courses and oversees standards for learning delivery at all Australian learning institutions.

Online proctored exams “should not be seen as a default assessment task type, applicable to all learning outcomes in all circumstances,” the guidance notes.

“If the recall of factual knowledge is not essential for verification of program level outcomes, the assessment moment could instead be adapted into a higher-level task which may not need the sort of information restriction that online invigilation affords.”

Invigilation “should be used only after other options have been considered and deemed unsuitable.”

Nonetheless, some 24 Australian institutions last year used remote proctoring software such as Mercer Mettl, Janison Remote, Examsoft, ProctorU, ProctorExam, RPNow, IRIS Invigilation and others, despite the tools being repeatedly flagged by privacy and security advocates.

The software’s design has raised widespread concerns that it is little different than the malicious spyware used by domestic abusers and foreign intelligence services to track, manipulate and steal information and message content from victims without their knowing.

As well as requiring students to photograph their entire room, on and underneath their desks and even inside their ears, the apps require full access to the system’s camera, microphone, and the ability to monitor and control the contents of the student’s screen.

Many use artificial intelligence technology that raises alerts if background movement is detected, students look away from the screen for too long, if typing patterns suggest answers were pre-prepared, or other movements associated with cheating.

Data is typically transmitted to unknown third parties overseas, and there is little or no visibility into where and how it is stored, or what happens to it next – unless, as happened to more than 444,000 ProctorU users last year, their data is hacked.

Recognising security concerns, Curtin University built its own platform, called IRIS@Curtin, that stores data inside university systems in which “student data is protected and kept securely in the same manner as all other assessment data at Curtin.”

That platform, the university claims, has been audited with a full Privacy Impact Assessment and regular external penetration testing “to ensure that your data is protected”.

A better way to examine

Mandatory installation of invigilation spyware created a worldwide furore last year, with students unhappy, educators warning that the systems’ inadequate AI was perpetuating inequality, and privacy advocates like the Electronic Frontier Foundation (EFF) imploring authorities not to use the technology for ill-fated US state bar examinations.

The technology was used anyway, with recriminations flying after widespread technical issues with ExamSoft-based online bar exams in October, and again in July this year.

Faced with “significant” software problems during the administration of stressful exams, many panicked students called technical support to resolve the issue – only to find, as over 3,000 State Bar of California candidates were, that the calls had generated non-compliance notices that could imperil their professional careers.

“It’s always a worry with surveillance when things are put in place in a hurry,” Justin Warren, managing director Melbourne-based boutique consulting firm PivotNine and treasurer of privacy-rights group Electronic Frontiers Australia (EFA), told Information Age.

“Very rarely do we go back and look at them to find out how we should do it properly,” he added. “This is surveillance being installed on private devices that are not university property, that surveil people in their own home – and everyone else who is in that house is also subject to this kind of surveillance.

“Some clever rethinking of things might actually make it better.”

A recent UWA study found that one in 10 uni students are cheating on assignments and most are getting away with it – yet for privacy and security advocates the forcible installation of spyware tools is a bridge too far.

The software’s imperfect design has also raised questions about its equity, with one anonymous university librarian arguing that “algorithmic proctoring is a modern surveillance technology that reinforces white supremacy, sexism, ableism, and transphobia.”

Her university’s use of AI-based Proctorio software – currently used by Australian National University and the University of Canberra, among others – raised practical issues for students of colour, who were told to shine more light on their skin because the AI couldn’t make out their features.

“Products that violate people’s privacy and discriminate against them go against my professional ethos,” the librarian wrote, “and it’s deeply concerning to see such products eagerly adopted by institutions of higher education.”