These parents created a school app. So the city called the police


Open Skolplattformen hoped to succeed where Skolplattform had failed.
Enlarge / Open Skolplattformen hoped to succeed where Skolplattform had failed.

Comstock | fake images

Christian Landgren’s patience was wearing thin. Every day, the estranged father of three was wasting precious time trying to get Stockholm City’s official school system, Skolplattform, to function properly. Landgren searched endless and complicated menus to find out what his children were doing at school. If figuring out what your kids needed on their gym equipment was a hassle, then figuring out how to report them as sick was a nightmare. Two years after its launch in August 2018, Skolplattform had become a constant thorn in the side of thousands of parents in the Swedish capital. “All the users and the parents were angry,” says Landgren.

The Skolplattform was not meant to be this way. Commissioned in 2013, the system was intended to make life easier for up to 500,000 children, teachers and parents in Stockholm, acting as the technical backbone for everything related to education, from recording attendance to keeping a record of grades. The platform is a complex system consisting of three different parts, containing 18 individual modules that are maintained by five external companies. The expanding system is used by 600 preschools and 177 schools, with separate logins for each teacher, student, and parent. The only problem? It does not work.

The Skolplattform, which has cost more than 1 billion SEK, ($ 117 million), has not been able to match its initial ambition. Parents and teachers have complained about the complexity of the system: its launch was delayed, there have been reports mismanagement of the project, and has been labeled as IT disaster. The Android version of the app has a 1.2 star average rating.

On October 23, 2020, Landgren, developer and CEO of Swedish innovation consultancy Iteam, tweeted a hat design adorned with the words “Skrota Skolplattformen” loosely translated as “trash the school shelf”. He joked that he should wear the hat when picking up his kids from school. Weeks later, wearing that same hat, he decided to take matters into his own hands. “Out of my own frustration, I started creating my own app,” says Landgren.

He wrote to city officials asking to see Skolplattform’s API documents. While waiting for an answer, he logged into his account and tried to find out if the system could be reverse engineered. In just a few hours, he had created something that worked. “I had information on my screen from the school platform,” he says. “And then I started building an API in addition to their lousy API.”

Work began in late November 2020, just days after the Stockholm Board of Education received a SEK 4 million fine under GDPR for “serious deficiencies” in the Skol platform. Integritetsskyddsmyndigheten, Sweden’s data regulator, had found serious flaws in the platform that had exposed the data of hundreds of thousands of parents, children and teachers. In some cases, people’s personal information can be accessed from Google searches. (Since then, the failures have been fixed and the fine has been reduced on appeal.)

In the weeks that followed, Landgren teamed up with fellow developers and parents, Johan Öbrink and Erik Hellman, and the trio hatched a plan. They would create an open source version of Skolplattform and release it as an app that could be used by frustrated parents in Stockholm. Building on Landgren’s previous work, the team opened the Chrome Developer Tools, logged into Skolplattform, and noted all the URLs and payloads. They took the code, which called the platform’s private API, and built packages so that it could run on a phone, essentially creating a layer on top of the existing, faulty Skolplattform.

The result was Öppna Skolplattformen, or Open School Platform. The application was launched on February 12, 2021 and all its code is published under a open source license on GitHub. Anyone can take or use the code, with very few limitations on what you can do with it. If the city wanted to use any of the codes, it could. But instead of welcoming him with open arms, city officials reacted with outrage. Even before the app was launched, the city of Stockholm warned Landgren that it could be illegal.

Over the next eight months, Stockholms Stad, or the City of Stockholm, attempted to derail and shut down the open source application. He warned parents to stop using the app and claimed that he could be illegally accessing people’s personal information. Officials reported the app to data protection authorities and, according to Landgren, they modified the underlying code of the official system to prevent the spin-off from working.

Then in April the city Announced he was involving the police. Officials claimed that the app and its co-founders may have committed a criminal data breach and asked cybercrime investigators to investigate how the app worked. The move caught Landgren by surprise, who had been meeting with city officials to address concerns about the enforcement. “It was pretty scary,” he says of the police involvement.




arstechnica.com

Leave a Reply

Your email address will not be published. Required fields are marked *