Berkeley High’s Principal talks about attendance scam

Pasquale Scuderi spoke today on KQED. Photo: Frances Dinkelspiel

Following last week’s revelation of student-generated attendance fraud at Berkeley High School, Principal Pasquale Scuderi and Quan Tran, a BHS senior and chief of service of the Associated Student Body there, were interviewed this morning by Michael Krasny on KQED’s Forum.

Thirty-two students have been suspended from Berkeley High School for breaking into the school’s attendance system and changing records, and Scuderi confirmed that two students are up for expulsion over the incident and that no criminal charges will be made.

The irregularities, which were discovered as part of an intensified focus on improving attendance at the school under the new Dean of Attendance, Daniel Roose, were discovered in late December and changes were found dating back to October.

Forum continued with a discussion with David Callahan, author of “The Cheating Culture: Why More Americans Are Doing Wrong to Get Ahead.”

Listen to the interview in the audio clip above.

Berkeleyside is a KQED News Associate.

Related:
Attendance fraud ring exposed at Berkeley High [04.18.12]

Print Friendly
Tagged , , ,
  • Willtheluddite

    Hasn’t anyone seen Ferris Bueller?  Kids have been scamming the attendance system forever.  The BHS system isn’t so exciting  when they just leave a generic voice mail “Your son/daughter has been absent…”  It is not a part of any “cheating culture” change.  The BHS authorities are just announcing that they have investigated this –don’t they get some of the blame for setting up a system that is so secure that high school students can figure out how to change it.  Maybe if they have a manual system, the kids won’t be able to figure it out.

  • 3rdGenBerkeleyan

    The difference is…the kids hacked into the computer system. And just because it’s been going on it doesn’t mean we should ignore it, also falsifying attendance documents is a form of stealing from the government. Parents could be liable for the money the state spent on the child when they weren’t there.

  • Heather_W_62

    I never commented on the first article, but I found it appalling that a widely used computer system such as this one, which unlocks all kinds of privileged information, would have a password that wouldn’t have to be reset regularly. At my job, I have a password for about 3 months, and then I have to reset it to a new one. Granted, it’s annoying to have to do this, but it ensures another level of security. I also think that this violation is a bit more than childish pranks — it was a lucrative business. They didn’t just do it for themselves or their friends, they were selling the service. Is expulsion enough? They would likely be eligible for review of expulsion in the next semester, so they’d likely just have a nice break between now and next school year. I know BUSD would still be required to educate them, but it is entirely possible that they won’t get enrolled elsewhere in a practical timeframe. Expulsion isn’t exactly the worst punishment. 

  • PragmaticProgressive

    If the passwords in question grant access to sensitive information, such as addresses, grades, and so forth, two factor authentication should be mandatory.

  • batard

    FERPA isn’t so prescriptive, but other regulatory and industry standards are — 2-factor is mandatory under PCI, and HIPAA says as much without actually saying so.  It’s too bad FERPA is so toothless, heck it doesn’t even have a breach notification rule!

    Problem is, does this City have the IT expertise and resources to make it happen?  I don’t think so … just look at the sorry state of the city web site.  Ideally the city would centralize their Identity Acesss & Management function, and then offer services like 2-factor and federated single sign-on to other departments.  Products like Phone Factor can make this a lot cheaper & easier than paying ransom to the crooks at RSA.

  • batard

    Oh come now, hacking your school computer to change grades and attendance is almost as cliche as WOPR.

    I give the kids a pass, this is as obvious as dogsh1t on your shoe.

  • Michael Rowe

    I dont understand why they don’t implement a service where you can telesign in.  Rather then deploying expensive tokens like batard mentioned, implement an inexpensive per user solution that sends a code to your phone and you telesign in.  Its so simple, I do it everytime I log into my email.

  • batard

    I specifically did not advocate for expensive tokens, my point was that there are lesser-cost options like Phone Factor.  RSA tokens are not the answer, unless physical tokens fits your use case and you are a corporate entity with the budget to make it happen.

    Don’t know what you mean by “telesign in”, please elaborate.  We may be talking about the same type of system.  FWIW, this is similar to the 2-factor authentication Google uses .. Facebook has something similar, but theirs is hopelessly broken.

    You might also be interested to read the Wikipedia entry on “Two Factor Authentication”, it has a very specific meaning in IT security circles.  In a nutshell, it means you have to demonstrate that you in possession of something (a keyfob, your cell phone, etc.) and you know a password.  The two are conjoined, not separate.