While ubiquitous open source has brought tremendous changes and innovations in the field of science and technology, security issues have also become the focus of global attention. Recently, Landgren, a programmer from Stockholm, Sweden, just because he couldn’t get used to the IT system (Skolplattform) of his child’s school, he pulled other parents and refactored an open source version of Öppna skolplattformen, which triggered a meeting with the city government. The "tug of war".
Landgren is the developer and CEO of the Swedish innovation consulting company Iteam. As the father of three children, he spends precious time every day trying to make the Skolplattform, the official school system of Stockholm City, function normally. He hopes that the arrival of Öppna Skolplattformen will improve Where Skolplattform failed.
A tug of war triggered by the "IT disaster" school administration system
The school IT system called "Skolplattform" was purchased by Sweden in 2013 at a cost of approximately 1 billion Swedish kronor (approximately 117 million U.S. dollars) and is currently used in 600 kindergartens and 177 schools in Stockholm. The system consists of 18 independent modules and is jointly maintained by 5 outsourcing technology companies. It is mainly used to register attendance and record grades. It aims to make the lives of more than 500,000 students, teachers and parents in Stockholm easier.
"But the only problem with this platform is that it doesn't work," Landgren commented.
Skolplattform cost more than 1 billion Swedish kronor (approximately 117 million U.S. dollars), but failed to meet its original goal. Parents and teachers complained about the complexity of the system, the launch of the system was delayed, there were reports of poor project management, and it was called an IT disaster (the Android version of the app is only 1.2 stars on average.)
Through countless complicated menus, Landgren can see what his children are doing at school. Two years after its launch in August 2018, the Skolplattform system has been a thorn in the eye of thousands of parents in the Swedish capital. "All users and parents are very angry," Landgren said. The experience of the system is very poor. For example, figuring out what children need in fitness equipment is a very troublesome thing, and "how to report a child's illness." "It was a nightmare.
Landgren believes that Skolplattform should not be like this.
On October 23, 2020, Landgren posted a hat design on Twitter with the words "Skrota Skolplattformen" printed on it, which roughly translates to "junk on the school platform." He joked that he should wear this hat when picking up children from school. A few weeks later, wearing that hat, he decided to handle things himself. He said: "Out of my own frustration, I just started to create my own application.".
He wrote to city officials and asked to view Skolplattform's API documentation. While waiting for a reply, he logged into his account, trying to determine whether the system can be reverse engineered. In just a few hours, he created something that worked. "I have information from the school platform on my screen," he said. "Then I started building APIs on their bad APIs."
This work began at the end of November 2020, just a few days after the Stockholm Board of Education was fined 4 million Swedish Krona GDPR for “serious defects” of the Skoll platform (at that time, the Swedish data regulator Integritetsskyddsmyndigheten found that the platform had serious defects). Defects, exposing hundreds of thousands of parents, children, and teachers' data). In some cases, people’s personal information can be obtained through Google searches (Since then, defects have been fixed and fines have been reduced on appeal.)
In the next few weeks, Landgren worked with other parents of school children who were also developers to devise a plan. They will create an open source version of Skolplattform and release it as an app for frustrated parents across Stockholm.
Based on the earlier work of Landgren, the team opened Chrome's development tools, logged into Skolplattform, and recorded all URLs and payloads. Using this code to call the platform's private API and build a software package, so that it can run on the phone, basically creating a layer on the existing glitchy Skolplattform.
The result was the Öppna Skolplattformen open school platform. The application was released on February 12, 2021, and all of its code was released on GitHub under an open source license. Anyone can accept or use the code, and there are almost no restrictions on how to use the code.
Developers involved in privacy and security issues and the city government "due to court"
But for the open source program Öppna skolplattformen, the city government stated that the new system may leak data privacy and infringe copyrights. It has repeatedly warned and called the police.
Officials claimed that the app and its co-founders may have committed criminal data breaches and asked cybercrime investigators to investigate how the app works. This move surprised Landgren, and he has been meeting with city officials to address people's concerns about the app.
Landgren stated that ÖPPNA SKOLPLATTFORMEN is not a complicated application. Although the official school platform was established for everyone involved in education in the Swedish capital—200,000 parents, 23,500 school staff, and 140,000 students, its open source alternative is only for parents. And this 1 euro app has been downloaded about 12,500 times on iPhone and Android (4.2 stars on average) and only displays basic information.
Öbrink, one of the co-founders of Öppna Skolplattformen, said: “Everything we show is public and public information.” He explained that when student results are displayed, the student results will be displayed through the in-app browser, and the app cannot be accessed Any data. The first iteration of the app included some personal information about parents, which was available through the official platform, but was later deleted.
Öbrink added: "This is an accidental success." "We never expected it to work like it." He said that the Öppna Skolplattformen team held a meeting with the city government and the official can use their code and their version. Application, but “they don’t want to cooperate with us, or even discuss cooperation with us, they just continue to report to the police.”
At the same time, Landgren and the parents also believe that the data used by Öppna skolplattformen is government public information, and the security agencies and police involved in the investigation believe that Öppna skolplattformen has no data security issues. On the contrary, the official version of the software takes many years and huge capital investment, but it is full of loopholes, which has caused multiple dissatisfaction.
This resulted in a "tug-of-war", which eventually rose to discussions on the Swedish government's digital transformation and open source collaboration methods.
Holmdahl, a member of the Stockholm City Board of Education, admitted that although Öppna skolplattformen is different from the official app, it may be easier for parents to use. “User-driven IT development is interesting, but it must be combined with legislation and responsibilities to protect personal data.”
Before the release of Öppna skolplattformen, Hélène Mossberg, deputy head of digitalization and IT in the city’s education department, revealed that she was generally positive about the app, but she still said that a “rigorous” investigation is needed.
Currently, the two parties are trying to reach cooperation through a licensing agreement. Now that the details of the transaction are still under negotiation, the city encourages developers not to release the application until the investigation is completed.
android
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。