Security Issue: Observer Permissions in Conferences Needs to Match Canvas

Idea created by on May 24, 2018
    Open for Voting
    • Marcella Wheeler
    • Rob Ditto
    • Brenda Likovetz
    • Megan Maurer
    • Jeffrey Brady
    • Chris Gallion
    Conferences (BigBlueButton) are great. Unfortunately they disregard the observer permissions set in Canvas. This is now a student privacy and security risk. Observers are purposefully restricted in Canvas from viewing and communicating with other students in the course.
    When a teacher creates a conference, all users enrolled are invited by default. This includes observers. All is well until an observer gets into the conference.
    After entering a conference, the observer/parent can now do the following:
    • view all student names (first and last) inside the conference
    • private chat with any other student in the conference
    • view a live webcam of other students if enabled
    Ignoring these security issues, even from a 3rd party vendor, raise huge red flags.
    Possible Solutions:
    • Observer permissions are honored in conferences:
      • restrict the ability to see other student names including when using multi-user drawing
      • restrict private chat with anyone except the teacher and the student being observed
      • restrict viewing the webcam of anyone except the teacher and the student being observed
    • Restrict observers from conferences.