As if Lower Merion Schools didn't have enough trouble now the publisher of the software they allegedly abused has spoken out:

The company selling the software used by a Pennsylvania school district to allegedly spy on its students blasted what it called laptop theft-recovery "vigilantism" today.

Absolute Software said it dissuades users of theft-recovery software from acting on their own. "We discourage any customer from taking theft recovery into their own hands," said Stephen Midgley, the company's head of marketing, in an interview Monday. "That's best left in the hands of professionals."

Yep.  That's because, among other things, the sort of activity that LMSD is alleged to have undertaken is both unnecessary and in addition is actually harmful to the prospects of recovering a stolen device.

Calling LANRev a "legacy" product, Midgley also said that Absolute would ship an update in the next several weeks that will permanently disable Theft Track, the name of the feature that lets administrators switch on a laptop's camera to take photographs of a potential thief after the computer is reported stolen. "It really doesn't serve any purpose," said Midgley of Theft Track.

Oh, it serves a purpose all right.  It serves the purpose of allowing whoever activates it to capture images of whatever might be in front of the camera.

You decide whether that capability has any legitimate purpose being on a laptop that is intended, by the issuer of said device, to wind up in a minor's bedroom where a reasonable expectation exists that said minor will at some points in time be in various states of undress!

In a Q&A section of the letter, McGinley said that students could mask the camera lens on their MacBooks if they wished. "There is no requirement that a student use the camera's standard webcam feature," he said.

So why didn't you order the notebooks without said cameras?  You did order over 2,000 of them.  That's plenty to have a production run without them - go ask the various branches of the DOD as they do it all the time for obvious security reasons.  I'm sure it's not the first time that Apple has been asked about laptop computers without webcams and built-in microphones.

To kick off the recovery of a stolen or lost laptop, customers first must file a police report -- not a requirement of LANRev -- and only then contact Absolute, which in turn tracks the location of the missing machine via its IP address when the system goes online. Absolute employs a team of former law enforcement professionals who reach out to local police, provide them with the location information and then get out of the way. "We take the responsibility out of the hand of the end user," said Midgley, "and do the work for them."

Exactly.  As I noted, if you want to write your own software then that's fine. "LoJack for Laptops" does essentially what I described - it transmits a packet to the central (company, not school) server with the MAC address(es) of the machine, which can be matched against a blacklist of known stolen machines.  Since MAC addresses are unique, a "hit" is extremely solid evidence that said machine is present on "X" network at that instant in time.

Armed with a police report of a stolen machine and a time-stamped (certified by said company as a business record) report of the machine at a given location the ISP involved (cable company, phone company, etc) can produce the physical address.

Said law enforcement agency can then head on over with a cruiser in an attempt to recover the stolen property.

Again, I used to get these requests all the time when I ran my ISP, MCSNet.  They typically had nothing to do with theft but in each and every case I was able to give said requesting agency everything we had, down to the (in this case) the phone number dialed from (since most of our connections were either modem or ISDN, and both returned ANI to us as we were paying for the trunks - and no, you can't block it!)

There's no excuse for the way this was set up, irrespective of how or whether it was used.

And I still want to know if these laptops were configured with VPN.

market-ticker.org/archives/1996-The-Oven-Just-Got-Hotter-LMSD.html