Defending Assessment Security in a Digital World Defending Assessment Security in a Digital World explores the phenomenon of e-cheating and identifes ways to bolster assessment to ensure that it is secured against threats posed by technology. Taking a multi-disciplinary approach, the book develops the concept of assess- ment security through research from cybersecurity, game studies, artifcial intelli- gence and surveillance studies. Throughout, there is a rigorous examination of the ways people cheat in diferent contexts, and the efectiveness of diferent approaches at stopping cheating. This evidence informs the development of standards and met- rics for assessment security, and ways that assessment design can help address e-cheating. Its new concept of assessment security both complements and chal- lenges traditional notions of academic integrity. By focusing on proactive, principles-based approaches, the book equips educa- tors, technologists and policymakers to address both current e-cheating as well as future threats. Phillip Dawson leads research into academic integrity at the Centre for Research in Assessment and Digital Learning (CRADLE), at Deakin University in Melbourne, Australia. He uses his background in assessment and cybersecurity to protect education from cheating. His work involves unorthodox methods like computer hacking and paying professional cheaters. Defending Assessment Security in a Digital World Preventing E-Cheating and Supporting Academic Integrity in Higher Education Phillip Dawson First published 2021 by Routledge 2 Park Square, Milton Park, Abingdon, Oxon OX14 4RN and by Routledge 52 Vanderbilt Avenue, New York, NY 10017 Routledge is an imprint of the Taylor & Francis Group, an informa business © 2021 Phillip Dawson The right of Phillip Dawson to be identifed as author of this work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988. All rights reserved. No part of this book may be reprinted or reproduced or utilised in any form or by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying and recording, or in any information storage or retrieval system, without permission in writing from the publishers. Trademark notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identifcation and explanation without intent to infringe. Disclaimer: References are made to use of the Internet in which material, products and services of potentially illegal nature may be found; the author and publisher maintain no responsibility or liability for any loss, damage or other outcome from searching for, or attempting to procure, any material, product or service, regardless of intent or method. British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging-in-Publication Data Names: Dawson, Phillip, author. Title: Defending assessment security in a digital world : preventing e-cheating and supporting academic integrity in higher education / Phillip Dawson. Description: Abingdon, Oxon ; New York, NY : Routledge, 2021. | Includes bibliographical references and index. Identifers: LCCN 2020019978 (print) | LCCN 2020019979 (ebook) | ISBN 9780367341541 (hardback) | ISBN 9780367341527 (paperback) | ISBN 9780429324178 (ebook) Subjects: LCSH: Cheating (Education)–Technological innovations. | Cheating (Education)–Prevention. | Educational technology–Security measures. | Universities and colleges–Examinations. | College students–Conduct of life. | Education, Higher–Moral and ethical aspects. Classifcation: LCC LB3609 .D39 2021 (print) | LCC LB3609 (ebook) | DDC 371.2601/3–dc23 LC record available at https://lccn.loc.gov/2020019978 LC ebook record available at https://lccn.loc.gov/2020019979 ISBN: 978-0-367-34154-1 (hbk) ISBN: 978-0-367-34152-7 (pbk) ISBN: 978-0-429-32417-8 (ebk) Typeset in Bembo by SPi Global, India Contents List of Tables x Acknowledgements xi 1 E-Cheating 1 Defning e-cheating 4 What is diferent about e-cheating? 5 Academic integrity, fraud, hacking and e-cheating 7 An afordance-based taxonomy of e-cheating approaches 8 Providing access to unauthorised information 9 Cognitive ofoading to a tool 11 Outsourcing work to a person 13 Disrupting the assessment process 15 E-cheating: a signifcant problem, but what can we do about it? 17 Things to do 18 2 Assessment security 19 What is assessment? 20 Two key features of assessment security 21 Authentication 21 Control of circumstances 22 (Im)perfect assessment security 24 Approaches to improving assessment security 25 Detection, evidence and penalties 25 Technology 26 Assessment design 32 Legal approaches 35 Problems with assessment security 36 Things to do 36 vi Contents 3 The E-Cheating lifecycle and how to disrupt it 38 Awareness raising 39 Students don’t just fnd e-cheating; e-cheating fnds students 39 Review sites, discount codes and seduction 41 ‘Free’ e-cheating 42 Approaches for disrupting e-cheating awareness raising 42 Purchasing 43 Contract cheating websites 44 E-cheating hardware websites 45 Gig economy websites 46 Large-scale e-commerce sites 46 Dark web 47 Approaches for disrupting e-cheating purchases 47 Content production 48 Human cheating content production 48 Computerised cheating content production 51 Approaches for disrupting e-cheating content production 51 Delivery, submission and after-sales care 52 Delivery 52 Submission 53 After-sales care 54 Approaches for disrupting e-cheating delivery, submission and after-sales care 55 Things to do 57 4 Cybersecurity, E-Cheating and assessment security 59 Cybersecurity basics 59 Implications of cybersecurity for assessment security 61 Cybersecurity depends on an adversarial mindset 61 Assessment security has a harder authentication problem to solve than regular cybersecurity’s authentication problem 61 The contexts of assessment security impose some challenging constraints for security 62 Assessment security depends on hardware security and software security 62 Assessment security will always be imperfect, but that doesn’t mean we shouldn’t try 63 Security through obscurity is not enough 63 Once an expert makes software that can cheat, everybody can cheat 64 Attack is easier than defence 64 Attackers don’t need to account for laws, policy, ethics, student rights or public opinion 64 Improving assessment security through cybersecurity 65 Contents vii Penetration testing 65 Disclosure and transparency 66 Working with students 68 Working with cybersecurity 69 Things to do 69 5 Lessons from E-Cheating in games and gambling 70 Cheating in online games 70 Cheating in esports 73 Cheating in online gambling 75 Anti-cheating technologies in games and gambling 77 What lessons can we learn? 79 Even with much bigger budgets, e-cheating cannot be completely defeated 79 Schneier is right: once an expert writes software that can do something, anybody can do that something 80 Honest players are a big asset in reducing cheating 80 Anti-cheating technologies reify particular understandings of e-cheating 80 Independent bodies can regulate and keep records on individuals that span contexts 81 Some degree of secrecy and undercover operations is necessary to keep ahead of e-cheating 81 Anti-cheating can be ofered as a service 82 To understand e-cheating’s future, look to games and gambling 82 Things to do 82 6 E-Cheating, assessment security and artifcial intelligence 83 What AI is and what it can and cannot do 83 AI for e-cheating 85 AI can already meet some learning outcomes for students; do we still need to assess them? 86 What if AI becomes so good at meeting outcomes for students that we can’t spot it? 87 Where is the boundary between AI help and AI cheating? 89 AI for assessment security 90 Can AI detect e-cheating? 90 Can AI be the decision-maker? 90 AI is imperfect but it scales well 95 What will humans and machines need to do? 96 Things to do 97 7 Surveillance and the weaponisation of academic integrity 98 Academic integrity, e-cheating, assessment security and surveillance culture 99 viii Contents Who will surveil students and to what end? 100 Routine surveillance will catch too many 102 Trust, surveillance and gamifcation 102 The future of surveillance is weaponisation 103 Alternatives to surveillance 104 Living with surveillance 105 Things to do 107 8 Metrics and standards for assessment security 108 The problems of metricless assessment security 108 Difculty to cheat metrics 109 Cost to cheat 110 Limitations of cheating difculty metrics 115 Detection accuracy metrics 116 Limitations of detection accuracy metrics 119 Proof Metrics 119 Limitations of proof metrics 120 Prevalence metrics 120 Limitations of prevalence metrics 122 Learning, teaching, assessment and student experience metrics 122 Limitations of learning, teaching, assessment and student experience metrics 123 Towards standards for assessment security 124 Things to do 126 9 Structuring and designing assessment for security 128 Assessment design trumps assessment security 128 Assessment design decisions 130 What doesn’t work in designing assessment for security 132 Obvious mistakes that weaken assessment security 133 Reusing the same assessment task 133 Unsupervised online tests 133 Take-home ‘one right answer’ or lower-level tasks 134 Poor examination practices 134 Invigilation and assessment security 135 Group work and assessment security 135 Authentic restrictions and assessment security 136 Programmatic assessment security 137 Dialogic feedback and assessment security 138 Random assessment security checks 139 Assessment design and quality control processes 139 Things to do 140 Contents ix 10 Conclusion: Securing assessment against E-Cheating 141 Focus on assessment security alongside academic integrity 141 Take an afordance-based approach to understanding e-cheating, and a principles-based approach to stopping it 142 Perfect is the enemy of good, so aim for incremental improvements 143 Build a culture of evidence and disclosure 143 Resist assessment conservatism and assessment security theatre 144 References 146 Index 164