Last night one of my students sent me this screenshot with the message “You were right, Dr. Jacobs!” 

I’ve never used Canvas, because I despise it even when it’s working as designed. Some of my students tell me that I’m the only professor they have ever had who does not use it, which makes me sad: the ed-tech value-extraction machine deserves and should receive more hostility. But universities that deploy these big platforms should realize that our data — that of professors and students — as only as safe as the companies’ security practices are sound. And companies like Instructure are so deeply embedded in American university life now that they think they can’t be rejected — no matter how gross their failure to maintain security. An exploit like this is therefore easily predictable. 

Every university function that is on the internet is a security vulnerability. (Just look at how many online systems we have!) But every university function outsourced to a giant company whose tools are used by many universities is a far greater vulnerability, because there is so much money to be made from exploiting all that data. Locally owned and managed data is a smaller and less appealing target for hackers.   

Also predictable, however, is the refusal of universities to reconsider their dependence on these “services.” We use one such ed-tech tool — Lord knows how much Baylor paid for it — to record our activities for our annual reports to department chairs and deans. We once did this by writing up the reports in Microsoft Word, but somebody in authority at Baylor thought that was Stone Age behavior, so we got a new giant web app. Entering the data into it is difficult and slow, and then what is the app supposed to do? Spit everything out … as a Word document. But the formatting is always so terrible that we — you guessed it — we have to open it up in Word and fix the formatting. So couldn’t we then just go back to writing the reports in Word right from the start, to save time, energy, and frustration? Of course not. Baylor paid for the tool so we must use it. The sunk-cost fallacy has never been better illustrated. 

I don’t know whether Baylor will ever learn from these situations — my experience on the university-wide Technology and Learning Committee suggests that no one even thinks of saying No to the ed-tech snake-oil salesmen, because our aspirant peer institutions have already bought the snake oil. But even if we could work up the resourcefulness to ditch the completely superfluous crapware, I don’t see how we could get rid of Canvas. 

Because the primary function of Canvas is to make it possible to manage, without administrative assistance, classes with fifty, a hundred, two hundred, three hundred students. Whatever Canvas costs, it doesn’t cost as much as several additional faculty and/or administrative employees would cost. This kind of ransomware attack could happen every moth, and every Baylor student’s personal data could be bought and sold on the dark-web marketplace, and I don’t believe even that would cause the university to sack Instructure. We’ll cut faculty, cut assistance for faculty, cut anything any everything except Canvas. Well … we’ll still hire more deans.

Eventually there will be no faculty at all in American universities, just deans, IT guys, and AI instruction in Canvas. This is called The Pursuit of Excellence.