Common (and Uncommon) Approaches to Preventing the Theft of Computers, Laptops and Tablets in Schools

if you don't pay attention, I'll steal this tablet right out of your pocket!

Many critics of contemporary schooling practices have noted that, if a teacher from the 19th century was magically transported into a typical classroom today, she would feel very comfortable with how things look. The room itself would be very familiar.

(Whether that teacher would be comfortable with today's students is another matter entirely, given that they probably look a little different than they did 'back in the day' -- to say nothing of how they might act and some of the opinions they might have!)

Contrast this, such critics note, with the situation of a surgeon from the 19th century teleported into an operating room today -- he would be bewildered, and perhaps disoriented, by all of the technology on display.

Few would deny that, in many fundamental and obvious ways, technology has revolutionalized medicine and healthcare.

Why hasn't it done so (yet) for learning and education?

One way that critics illustrate and reinforce this question is to share pictures of 'typical' operating rooms in the 19th and 21st centuries, alongside pictures of 'typical' classrooms from both centuries. The classrooms in such examples usually do look quite the same, with a teacher standing at the front of the room and neatly lined up rows of students intently (if metaphorically) drinking from the fountain of the teacher's knowledge. The chief noticeable difference (again, apart from the students themselves -- and the teachers as well) is that there are now computing devices of some sort on display in the 'modern' classroom, sometimes (depending on the country) lots of them, although the room essentially looks and functions the same way. The arrangement and nature of these ICT devices don't fundamentally alter the architecture of the room, nor what occurs inside it. In others words, the changes are additive, not transformative. (It is of course possible to provide pictures of some of today's 'innovative' classrooms that complicate this simple and popular narrative, as well as to ask some fundamental and important questions about what such pictures may obscure and what they illuminate, but I'll ignore such inconvenient complications here.)

Side note: Over a dozen years ago I visited the launch of a computer lab at a school in Cambodia. The headmaster had proudly transformed a room formerly used for sewing instruction into a 'technology lab', with a new PC atop each desk in place of the 'old-fashioned' technology of the sewing machine, with neat rows of students facing forward toward a teacher who was energetically shouting instructions.

Let's also put aside for a moment whether all of this technology 'makes a difference' (as well as perhaps more relevant questions about how and under what circumstances ICTs have an 'impact'). Let's ignore discussions about whether or not today's classrooms are a legacy of a 'factory model of education' that once existed but is no longer useful, or about the potential need to re-think school architecture in the age of ICT. Let's also ignore related 'big picture' issues around policymaking and planning.

Let's focus instead just on the technology itself.

Many regular readers of the EduTech blog are no doubt familiar with scenes of ICT equipment sitting unused in schools, locked away in computer labs or even still resting peacefully (and undamaged!) in unopenedboxes. Often times, getting teachers and students to use such equipment, let alone to use it 'productively', can be a rather tall order, for all sorts of reasons. Nevertheless, education ministries, local educational authorities, and schools around the world are buying lots of technology: PCs, laptops, tablets, projectors, and lots of other devices and peripherals.

What are they doing to make sure that this stuff doesn't get stolen?

No matter how strategic an investment or policy on technology use in education might be, and whatever side of the fence you find yourself on related to whether or not ICTs in education are 'worth it', there is little disagreement that such purchases are indeed *never* worth it if the equipment itself is stolen. You can't use this stuff if it isn't there. (Nor, it should be noted, can you use this stuff if it is there but not usable or accessible, but that's another issue.) Increasingly, the most valuable parts of a education system's IT infrastructure will not be found in the physical equipment itself, but rather in the data transmitted across and stored in the system at various levels and places. That said, as numerous recent news reports from countries around the world demonstrate (here's one from South Africa, for example), securing the equipment itself remains a rather important and acute challenge for many schools and education systems.

For what it's worth, and based on conversations with government officials, IT personnel, vendors, teachers and headmasters and visits to hundreds of schools rolling out ICTs over the past decade in scores of countries, rich and poor, and in urban, rural and suburban environments, here are:

Ten common (and a few uncommon) approaches to preventing the theft of computers, laptops and tablets in schools around the world

1. Lock it down and/or chain it up (physically)

For all of the (important) talk, policymaking and planning related to computer security within education systems, of preventing things like data theft, identity theft, and unauthorized access to networks, systems and data (all areas where almost all education systems could do *much* better, in my experience), in lots of places there is still also a lot that needs to be done to combat the old fashioned kind of computer theft: when people just pick up something that doesn't belong to them and walk away with it.

One obvious way to help prevent this sort of thing is pretty straightforward, and so most schools do it to varying degrees -- they buy and install lots of locks, of various types, in various places. For example, it is quite common to see schools do the following things in order to protect ICT equipment from theft:

  • Lock the door to the room where ICT equipment is kept.
  • Lock the windows and/or put bars on them.
  • Designate a special storage room for ICT equipment. Store equipment there when it is not in use -- and lock the room!
  • Install (and use) specialized physical locks for desktops and laptops and other equipment (e.g. locking desktop PCs to the desks on which they sit).

One argument often made *against* the purchase and use of devices like laptops and tablets in schools has been that the small and portable nature of such devices make them especially vulnerable to theft. This holds true for smaller devices as well: phones; interactive voting devices, or 'clickers'; probeware and sensors that can be connected to such devices, etc. Fair enough! But such things are presumably not going to go away nor become less useful any time soon (nor presumably will the increase in size). Within classrooms, charging stations for laptops or tablets can also serve as secure storage for a variety of devices.

It is worth noting that chargers themselves may be attractive targets for theft -- as well as non-ICT equipment that is vital for the use of computers in many places (the fans and air conditioners that help keep computer labs cool, for example).

Less attention is sometimes paid to the security of devices while they are in transit within the school. Some schools transport laptops or tablets between rooms using a dedicated mobile carts (sometimes referred to as COWs, or 'computers on wheels') which can be locked -- and lock up the carts in a separate room when they are not in use. (One side note about COWs: Because these things can be used by thieves as a convenient means by which to take lots of your laptops out of your school quickly, you may not want to store them near the entrances to the school -- and you may want to consider ones where the wheels can be locked.)

2. Lock it down and/or chain it up (electronically)

In addition to physical measures to prevent theft, a variety of electronic measures are possible.

At a basic level, requiring the people log into machines before they can be used is almost always a good idea. There are many ways this can be done, which provide different levels of security (at the level of the operating system, the BIOS, etc.).

It is possible to create electronic 'ring fences' around schools (or parts of schools), so that if computer equipment leaves this area, it no longer functions (in whole or in part).

It is also possible to remotely disable computers, should they be reported stolen (provided they connect to the Internet somehow, of course). Alternatively, it is possible to require that the computer connect to the Internet or a network at certain intervals in order to keep functioning fully.

Such measures don't always really prevent the physical theft of equipment, of course, but they make the equipment itself much less valuable, in that it can't be used once it is stolen. Of course, there are potentially ways around such electronic 'locks', depending on how good they are and the sophistication of the thieves. And: Thieves who are unfamiliar with such measures may not be deterred from stealing equipment in the first place (even if there are later unable to use or re-sell it).

3. Hide it -- or at least obscure it

No matter how many (or how few) physical or electronic/digital 'locks' you have on equipment, there are a number of simple and low cost ways to make theft less likely. Storing equipment in inaccessible (or less accessible) places (like a locked computer room) is of course one example of this, but there are many others as well. Simply closing the shades (and not placing equipment near windows) can help. Places tablets in desks or laptops on computer carts when they are not in use can help. Leaving empty computer boxes stacked outside the school after new equipment is delivered essentially advertises to potential thieves that there is something in the school that might interest them -- don't do this!

There are many other potential signals to thieves that computers are in the school -- and where they might be. In many hot climates, the presence of air conditioners attached to windows for some rooms, but not others, may suggest where the computer room might be. Bars on the windows and locks on doors can send similar signals.

If you have a choice, not locating school technology labs or computer storage rooms on the ground floor or near the front entrance of the school can be a wise choice.

(Side note: In some schools and district education offices, the rooms which were previously used to 'safely store' textbooks -- which may as a result have gone unused in some cases -- have been converted to 'safely store' computers -- which, as with the textbooks previously, then also remain unused.)

4. Take special care after hours, on weekends and during school holidays

It should be obvious that it might be useful to consider different approaches to security when school is in session, and when it is not.

During long holidays, many education systems physically repossess many devices in schools so that they can be stored safely in a central, secure location. At this time they can also do a number of other things, including take a general inventory, update software and load new content, as well as make any needed repairs.

It is perhaps worth noting that the transportation of equipment between schools and district/ministry offices for safekeeping can represent a particularly opportune time for thieves to strike, so plan accordingly.

5. Keep an accurate and up-to-date inventory

It can be easy for equipment to disappear if you don't have a record that you have it. Keeping accurate and up-to-date lists of your inventory can help you quickly identify when things may have gone missing. Also, the fact that you take such inventories regularly can signal to potential thieves within your schools or education system that you are paying attention!

Keeping track of serial numbers is standard practice in most places these days (and something that should always be done). Affixing bar codes to individual items and then using scanners to assist with the inventory process is increasingly common as well. (A side note about scanners: You might consider using a mobile phone app instead of buying separate scanners, which break down, go missing, or even get stolen themselves. One clever way for insiders to facilitate regular small-scale theft is to 'lose' the scanners, which makes it difficult to keep up-to-date inventories; by the time new scanners are procured and delivered, some of the equipment may be long gone.) RFID tags are increasingly in use in some education systems as well.

Note that this issue of inventorying can be complicated in practice in many instances by the phenomenon of schools keeping multiple sets of 'ICT ledgers'. I have visited more than one school that keeps an inventory list that it shows to the central ministry which only includes the equipment that was centrally provided, omitting equipment that was e.g. donated locally, purchased by parents, bought by the school itself and/or provided by local educational authorities. Schools may be disinclined to include equipment obtained via other means on the 'official' list, as they might worry that this would signal to the central authorities that they may not need additional equipment. I once spoke to a school IT administrator who kept separate lists that he showed to the parent-teacher association, the district education office, a local philanthropic donor, and the national education authorities. The actual master list was a closely guarded secret, only shared with the school principal.

In addition to taking physical inventories, you can take 'virtual inventories' at a distance as well. If, for example, a device hasn't logged onto the network for a long time, you might want to investigate.

Make sure that you keep your inventory lists in a safe place -- and have back-ups. If someone steals your list, you might be in trouble! (And: Do you really need to publish your inventory list on your school web site in a place accessible to the public?)


6. Watch over it closely

hey check this out, I think someone is stealing our pico projector!

People are an important part of any an approach to preventing the theft of ICT equipment of schools. Posting guards outside computer facilities is an expensive or drastic approach, but, where there are guards in schools already (for better or for worse), instructing them to pay particular attention to places where computer equipment is found is a rather good idea.

Installing security cameras can help (although even considering this sort of thing should bring up larger questions about 'surveillance' in schools), whether the resulting video feed is viewed within the school itself or at some remote location. Cameras that aren't actually connected to anything can even provide some level of deterrence. (I have been in schools where they took old web cams and pointed them at the technology room. "These don't actually work", an IT guy at a school once told me, "but the kids and teachers don't know this!")

As mentioned, conducting regular inventories can be an important way to help monitor equipment.

While it may not prevent the theft of equipment (especially if thieves don't know it has been installed on devices), tracking software ('find my phone' is one well known example of this general type of thing) can potentially help you figure out where the equipment it after it has been stolen.

Alarms (on doors, on equipment) can help alert people to where a potential theft may be in progress or has recently occurred.

Designating teachers (or even students) with special responsibility to make sure equipment is not stolen can be another useful, low cost way to help prevent theft. (If no one feels responsible for ensuring that equipment doesn't disappear, no one *is* responsible as a practical matter.)

7. Know who has the key(s)

Your security plan should include attention not only to where the equipment is, what it is, and who is looking after it, but also who has the keys (and master passwords) that can provide access to it. Change keys and/or passwords at regular intervals, as might be possible/appropriate/affordable. Have a policy about key possession, use and duplication and the access to master passwords -- and the storage of 'extra' keys.

Side note: A clever thief may use a key and then break a door only once he is leaving, as a way to throw suspicion away from people who have access to the keys. While a heist is in progress, a broken door would certainly suggest to passersby that something might be wrong.

The people who know best how to steal your equipment are probably those who work with it most often. Here's an exercise to try: Ask them where there are holes in the security procedures and systems. IT people are often especially good at 'hacks', both physical and digital. Ask some of them how to hack your security and then plan some related defensive measures. (Education systems in rich countries may hire an outside security firm to do 'penetration testing', i.e. engage a group that tries to steal equipment so that education officials can learn what isn't working and make any needed changes to their policies, practices and procedures. This remains relatively rare in most places, of course -- although, where related insurance is available, this might be a function that could be performed by the insurance company).

8. Make it look distinctive

Where countries procure very large numbers of educational laptops or tablets at a national or regional scale, ministries of education may wish to consider requiring the manufacturer, assembler or distributor to ensure that the devices looks distinctive in some way. (Maybe they have a red cover, for example, or a picture of national flag on them.)

Even where the equipment itself doesn't look distinctive, it is quite common for logos to be burned, embossed or etched into equipment marking it as e.g. property of an education system or school and/or for stickers (less permanent, obviously, but better than nothing) with the same message to be affixed to the equipment.

Side note: When the OLPC XO (the famous "$100 laptop") was first being marketed, some of the leaders of the sponsoring organization liked to note that the design of the little green and white devices was so distinctive that, if they were stolen and made available for re-sale in local markets, people would immediately know that these had been stolen from schools, as there was no other way to get them, which would help with theft prevention. (Based on anecdotal evidence, I believe that this was often actually been the case.) I have heard proponents of the use of iPads in schools in very poor countries where the devices were not sold in local markets make similar claims. (What making such arguments, OLPC folks sometimes referenced the appearance of postal trucks in the U.S. "No one steals postal trucks in the U.S.," went the argument, "because they are so unique and easily recognizable by everyone". I always thought that this was a clever comment ... even if the metaphor was often not immediately understood by policymakers in other countries who were not at all familiar with the distinctive jeeps used by the U.S. Postal Service with the steering wheel on the 'wrong side'!)

9. If you don't own it, they can't steal it from you

One way for schools not to have computer equipment stolen is not to own any of it in the first place -- or to own as little of it as possible.

In some more 'advanced' economies, leasing (not purchasing) equipment may be an option, and, as part of leasing arrangements, responsibility for security can potentially be transferred (at least in part) to the company that actually owns the equipment.

The growing trend in many education systems towards 'bring your own device' (or 'BYOD', sometimes this is referred to as 'BYOT', with 'technology' substituting for 'device) policies and approaches, where students and/or teachers bring their own ICT equipment to schools and use it, instead of using equipment provided by the school itself, can dramatically change the security dynamic when it comes to preventing the theft of such devices. If you own the device yourself, you may be much more incentivized to make sure that it is not stolen than if it belong to the school or education system! (BYOD policies don't necessarily lead to less theft in all circumstances, of course. In some circumstances, someone may be more willing to steal a tablet from another student than from the school itself.)

The difference between stealing a computing device that is being used in a school setting, as opposed to a computer that belongs to a school, may seem a semantic and legalistic distinction of little practical relevance, but it can be a compelling one to certain groups within educational bureaucracies. (The most important thing for teachers and students is that the equipment is there, not who owns it!) That said, it can be useful to note that who owns a particular device can impact whether or not it is stolen -- and who cares.

10. Educate your users and personnel

There are many additional measures that can be utilized to help prevent the theft of ICT equipment from schools that can be boiled down to one word: education. Training of IT personnel, school administrators and teachers -- and students too! -- about theft prevention and general related 'good practices' can help a lot. Posting signs supporting such messages can be useful. Including items related to security as part of standard 'acceptable use policies' is a good idea. (Standard in many education systems, AUPs serve as informal contracts of sorts, laying out rules for students, parents and teachers that must be agreed to in order to utilize ICT equipment).

Many other things can be done to help to prevent the theft of ICT equipment in schools, of course. All such measures carry with them various costs -- of money, accessibility, and usability. Schools and education systems have to consider important related trade-offs between prevention, policing, and accessibility. Given enough time and energy and smarts, dedicated thieves can probably find their way around all of these (and other) anti-theft measures. As with approaches to security in general, a multi-layered approach is typically best. A combination of measures, big and small, involving a variety of different people, incentivized in different ways to be part of the process, can help where any one single approach is insufficient.

Note: The image at the top of this blog post ("if you don't pay attention, I'll steal this tablet right out of your pocket!) comes from the Project Gutenberg archives via Wikimedia Commons. The image used at the end of this post of the locked gates at Harvard Yard is courtesy of Occupy harvard also via Wikimedia Commons. Both are in the public domain. The second image (of a locked door at the Tajjar Building in Pakistan provided by the Wikipedian Soban) also comes via Wikimedia Commons and are used according to the terms of its Creative Commons Attribution-Share Alike 3.0 Unported license. The image of two children outside a closed door ("hey check this out, I think someone is stealing our pico projector!") was provided by Deutsche Fotothek of Germany's Saxon State Library / State and University Library Dresden (SLUB) to Wikimedia Commons as part of a cooperation project. It is used according to the terms of its Creative Commons Attribution-Share Alike 3.0 Germany license.

cross posted at blogs.worldbank.org/edutech

Michael Trucano is the World Bank's Senior Education & Technology Policy Specialist and Global Lead for Innovation in Education, serving as the organization's focal point on issues at the intersection of technology use and education in middle- and low-income countries and emerging markets around the world. Read more at blogs.worldbank.org/edutech.