OGDEN -- Three Weber State University students and one at Ogden-Weber Applied Technology College were among the 39 Utah students who made changes on their online course websites last week when student users inadvertently were granted teacher-level access.
On Sept. 11, Canvas Education Management System -- an online site used statewide for teacher-student communication -- was undergoing a maintenance update when teacher-level access was granted to the 278 students logged on during two time periods that totaled 105 minutes. Canvas is hosted by Utah-based software company Instructure.
Of the 278 students, 39 made changes, some altering their own test scores. All 278 students were able to view classmates' scores, although there is no way to know how many did.
All test scores have since been restored to the original numbers that were input by the teachers.
"At the tech college, it only impacted a single class and a single student," said Elsa Zweifel, OWATC director of marketing and diversity.
"This was an older student who was probably not aware that she even had additional rights. The most she could have seen is other students' assignments and grades," Zweifel said. "We do take all student information seriously, so instructors will debrief the student."
At Weber State, three students made changes on web pages for three courses out of the 45 courses for which students had heightened access.
"Forty-three students with access may have seen the information about other students in the course, but did not attempt to access any additional information," said John Kowalewski, Weber State spokesman.
Andrea Jensen, director of WSU Online, said one of the three WSU students clicked on another student's grade accidentally, making it disappear.
"She immediately contacted her professor and told her what she had done and that it was an accident," Jensen said. "It seems to check out. There were no intentional grade changes by our students. It looks like all three were just trying to understand the new options the site suddenly gave them.
"I was pleasantly surprised how good our students were when they suddenly had access they didn't anticipate. They could have done some things, but our logs are fairly detailed and show that they didn't," Jensen said.
Kowalewski said WSU informed the students' professors, and is leaving it up to them to determine what to do.
"It's the faculty members' prerogative to determine what occurred and what would be the appropriate course of action," he said. "It could be very difficult to determine what intent was."
Kowalewski said it's important to remember this was a case not of hacking, but of students accidentally given access. Hacking in order to change data would be far more serious, he said.
Cory Stokes, University of Utah director of teaching and learning technology, said teachers use the Canvas system to post class schedules, copies of presentations given in class, and assignment instructions, among other things. Students have access to the instructional data, and can turn in assignments through the site and check their own test scores.
Stokes said the error that briefly allowed students teacher-level access has been fixed, and those circumstances won't happen again.
"As we look at the data and what students actually did, we can see every action they took," Stokes said. "They logged in and saw buttons and links they hadn't seen before. In a few cases, they changed the value of a grade, seeing if they could do it, then changed it back to the original scores. They were experimenting with their new-found powers. In the majority of cases, the students were very honest.
"It speaks to the integrity of students in general. Most kids do the right thing."