Security Issue: Observer Permissions in Conferences Needs to Match Canvas

Idea created by on May 24, 2018
    Open for Voting
    Conferences (BigBlueButton) are great. Unfortunately they disregard the observer permissions set in Canvas. This is now a student privacy and security risk. Observers are purposefully restricted in Canvas from viewing and communicating with other students in the course.
    When a teacher creates a conference, all users enrolled are invited by default. This includes observers. All is well until an observer gets into the conference.
    After entering a conference, the observer/parent can now do the following:
    • view all student names (first and last) inside the conference
    • private chat with any other student in the conference
    • view a live webcam of other students if enabled
    Ignoring these security issues, even from a 3rd party vendor, raise huge red flags.
    Possible Solutions:
    • Observer permissions are honored in conferences:
      • restrict the ability to see other student names including when using multi-user drawing
      • restrict private chat with anyone except the teacher and the student being observed
      • restrict viewing the webcam of anyone except the teacher and the student being observed
    • Restrict observers from conferences.