I received an email from a person in a foreign country; I am not free to identify the name of the informant or the country as I do not want the informant to be fired. I have deleted the names of the two university students who were investigated. Both have fewer than 100 twitter followers. Frankly, I find this level of scrutiny of individuals by a huge multinational corporation to be shocking.
The message reads as follows:
Diane I work for a company in XXXX that Pearson has retained to spy on students.
Find attached the text of the kind of surveillance in place – It’s run at Pearson by some guy called Marc Lueck – he’s an American living in the UK. He runs the Pearson threat team and that’s how he views these kids, as threats. He wants to spend more and more money monitoring the internet and has retained a number of comapnies around the world. We call him the childcatcher. You can see from the text that Pearson and this Marc guy are expending real money and resources to make sure no stones are unconvered. I have kids and what these guys are doing is wrong – I want to track down hackers and criminals not spy on kids. We state in the report that these kids pose no threat to Pearson but Pearson wants us to keep monitoring them.
I could lose my job for this, but I thought you should know.
[NOTE: AT THE ADVICE OF READER FLERP!, I REMOVED THE REPORT TO PEARSON. THERE WERE ITEMS IN THE REPORT THAT WOULD HAVE ALLOWED A SNOOP TO TRACK DOWN THE PARTIES INVOLVED. I DON’T WANT TO GET THEM IN TROUBLE. WE LEARNED LAST SPRING THAT PEARSON HAS AN OPERATION TO WATCH FACEBOOK, TWITTER, AND OTHER SOCIAL MEDIA SITES FOR ANY MENTION OF THEIR TESTS OR TEST ITEMS. SO, MAYBE IT IS NO SURPRISE TO LEARN THAT THIS IS A BIG DEAL FOR THE TESTING CORPORATIONS.]
Diane Ravitch's blog 
I would assume that there are hacked and pirated digital versions of “Death and Life” and “Reign” floating around on various illegal download sites. Do you think that your publishers are shrugging and saying “oh well!”
Whether the people stealing copyrighted material are “kids” is irrelevant. If one copy gets out there, it will spread like wildfire and can cost a company real money.
I am certain my publisher is not snooping into social media accounts in search of people selling my books at cut rate
I was correcting the previous poster’s misapprehension that these works were published by not-for-profit presses.
I don’t know about a global security team, but I would hope that someone at Vintage/Random is monitoring and protecting its copyrights. You should hope so, too, as a stolen or pirated copy represents income that’s potentially lost to you.
academic publishers like the ones that actual academics work with do not have the resources for this kind of spying.
pearson clearly does.
Both of those titles were published by arms of large for-profit media conglomerates. And here’s where things get tricky! A 47% stake in “Reign’s” publisher is owned by — you guessed it! — none other than Pearson PLC. FOLLOW THE MONEY.
Tim,
Do you think that Pearson’s global security team is protecting the copyright of my books and searching out evil-doers?
Yes, it is true that major trade media are owned by for-profit corporations. Also, authors get paid royalties.
So? What’s your point?
Dr. Ravitch,
If your publisher is not looking to enforce the copyright on your books, you both are losing potential sales and thus income. I have no doubt that your publisher is looking out for free PDFs of your work.
Basically any information, be it originally printed or recorded media, is available at no cost on the internet if you know where to look. Efforts by publishers to discourage the illegal distribution of these works can make downloading the pirated copy more trouble than it is worth for many people.
Pearson books can run hundreds of dollars each for college level publications so there is real money involved. That being said, they indicate themselves that their books make the rounds on pirate sites and the dark web.
It is a little shocking that so much time and energy went into investigating one instance of piracy with the assumption that pirates must be interested in hacking Pearson.
What is interesting is the request for more surveillance – I have no idea what threat they think could exist from lurking pirates on a hacking forum that rarely speak.
If they can devote this much to one such instance it is more than a little scary what they would or could do to someone that they could identify as having pirated Pearson material.
Note they don’t even know if this person actually succeeded yet still consider him a viable threat – he might have ripped off the pirate or the pirate could have stolen from the buyer are viable alternatives.
So these are students trying to hack into Pearson servers?
Yes. In related news, bears are using the woods as a toilet, and the new Pope is a Catholic.
Mea culpa–I first read this as “there are students,” not “these are students.” That’s what I get for behaving boorishly in Diane’s living room.
Nah you’re just a jerk and consistently. It’s expected
Hi, Linda!
I don’t think that you ever answered a follow-up question in a conversation we were having in an earlier thread: the public school district whose schools you send/sent your own children to, were/arethe vast majority of children living in it “at risk”/FRPL-eligible, and are there charter schools sited within it? Thanks.
No, these are students making a deal to buy and sell a Pearson textbook. Pearson hacked into the students’ social media accounts.
Curious that they would pursue such small fry with so little at stake
The student was attempting to buy access to a digital copy of a copyright protected work that could very easily and instantaneously be posted to hundreds of file-sharing sites. Whether the fry is small or large doesn’t matter, and small fries (frys?) can often reveal the whereabouts of the large.
In the account presented here, Pearson did not hack into anyone’s accounts or personal information; they observed and monitored activity on a variety of social media.
There is also the possibility that this is a tactical leak by Pearson. Why leak a low level, non threat when there are doubtlessly other more serious ones that would show Pearsons response when they feel there’s a real threat? Is there no one hacking them for reasons other than academic cheating? On the other hand, if this was a purposeful leak, challenging the hacking community in this way would be foolish, unless Pearson thinks that they have what it takes to lay such a trap and not get bit by what they think they will catch. In the end, since we were not told how and where this incident was initially detected, this is much more of a window into the world of hacking and the defense against it rather than any overview of Pearsons general surveillance of students, though it does provide a brief view of that as well. I wish the person who provided this had gone into much more detail concerning Pearsons general, broad based surveillance of students before they detect what they consider to be a problem. That would be useful.
Tim,
Are these books published by Pearson available through Amazon in paper form: hardcover or trade paperback?
If so, then it is very easy to pirate these books. All the pirate has to do is buy one tree book, cut off the spine, scan all the pages and digitize and convert into any e-book format they want; then throw it up on a site that sells or offers for free pirated e-books, and like magic, you have a pirated e-book.
Most of the larger pirate sites are located in countries where Pearson or the U.S. does not have much power to crack down—for instance, North Korea, China, or Iran. And if they aren’t, then the pirated site might have its own server and use proxy servers beyond that to make it difficult to track the originating location.
These two kids probably don’t know that or no one has bothered to pirate Pearson’s books—whatever they are about—because they aren’t that popular.
It’s a strange report containing many language errors (discuss about, a Pearson’s student, impose a cyberattack threat upon … among others). Judging from his LinkedIn profile, it almost certainly wasn’t written by Marc Lueck. Judging from what the author of the email says, it probably wasn’t written by anyone at Pearson, but by a sub-contractor. It’s an emotional take on a perfectly legitimate concern (fighting piracy), and much as I enjoy a spot of Pearson-bashing, I think the email needs to be treated with caution. Who is this sub-contractor? What exactly are they being paid to do (it certainly doesn’t appear to be gratuitous spying on students)? And is Pearson aware of what this sub-contractor is doing? Before those questions are answered, we ought to be circumspect.
Speculating, Dr. Stroup in Texas may not have thought the word, “circumspect” was in the Pearson lexicon.
I think part of the problem, at least for Pearson anyway, is that employee morale is so low there, even the employees are cheering for the place to implode, against their own self interest. The front line Pearsonite is truly restless and agitated. It’s not Dame Scardino’s Pearson anymore.
I wish Wiki Leak were still there for us to show the records of Pearson’s spying activity.
Wouldn’t be surprised to see some snitch site linked to Pearson.
This is clearly written by someone with no security industry experience. This is someone doing their job of preventing threats to corporate intellectual property and such a kneejerk response creates fear and uncertainty amongst employees and the public alike. Facebook accounts are public, no hacking has taken place. Your source is either lying or you aren’t checking facts. The source sending you private Pearson information is breaking the law, and could have easily reported his un-ease with the task at hand to Marc Lueck. I can tell you this with complete surety, because I used to work for Mr Lueck and he is the fairest and most even-handed manager I have ever had. I suggest you remove this post and check facts with him before you go any further with these accusations as you are treading a fairly thin line.
robnewby, should I check with Pearson before posting any commentary about it? Need to know.
That’s not what I said, and you know it. I said “check your facts”. Maybe check your source isn’t breaking the law (they are), or that you aren’t supporting something who has already broken the law (you are).
robnewby, I do not have any independent facts. I printed an email that I received from another country. I checked the names of the individuals mentioned in the email on Twitter, and they are young men. I deleted their twitter handles so they could not be identified. I verified by googling that Mr. Lueck is in charge of global security for Pearson. What else should I check?
robnewby, I forgot to ask: are you threatening me?
Diane, fyi, you might consider redacting this post further.
FLERP, I took your advice. Thank you.
And by “something”, I do of course mean “someone”…
What ARE you talking about? Threatening you in what way? I’m stating verifiable facts. There are no threats made or implied in anything I’ve said.
“I do not have any independent facts. I printed an email that I received from another country. I checked the names of the individuals mentioned in the email on Twitter, and they are young men. I deleted their twitter handles so they could not be identified. I verified by googling that Mr. Lueck is in charge of global security for Pearson. What else should I check?”
No, nothing, that’s all great journalism – printing emails and using Twitter and Google for facts seems legit.
Oh, except Marc isn’t in charge of global security, it’s threat management. And I could create a profile on twitter that said I was a 20 year old barmaid from Leicester. I could also write you an email that said all of the above, proving that he was molesting me at weekends. But he isn’t.
The source, the person Marc pays for, is breaking the law. It will be a pretty simple exercise to trace the provider of that report. The person stealing Pearson IP without paying is breaking the law. The intent behind finding them will not be to prosecute, perhaps to educate, certainly to find better ways of protecting Pearson IP.
You are supporting illegal actions. These are facts, not threats. Don’t keep twisting my words, I’m not stupid, and I’m not going to have you arrested, if that’s what you mean. I have nothing to prove, Marc is not at fault here, but you certainly are.
Very little point in redacting a report that has already been published online, cached and copied from the source page. Again, if you understood the web, what information security is, or threat management, you’d possibly get that.
I suspect that Marc will just talk to the person responsible and ask that they air their concerns internally before going to anti-Pearson blogs (I won’t say “press” as it hardly applies). He would be justified in having the leaker fired and/or cautioned by authorities by the way – but I know he doesn’t work like this.
Threat Management by the way – read the words. It’s about MANAGING, that is making sure it is controlled, the THREAT, that is, people or things that are exploiting vulnerabilities in your infrastructure that expose you to a loss of revenue. Marc is not arresting, prosecuting or even naming people, he is making sure he knows who is accessing Peason owned IP so that if that threat becomes worse, different, larger, he knows where it started, how to stop it, how resources are best used. I suspect in this case, once the knowledge was gained it was filed and not pursued.
You could take a leaf out of that particular book.