Are School Bus Tracking Systems Dangerous?

There has been a lot of hype recently in Tampa Bay about the “Here Comes the Bus” app. This is system that allows parents to see when their kids have gotten on a school bus, and where the bus is. Some parents are concerned that systems like this one could let malicious users, or government agents track their children. So I’m going to give a quick overview of how systems like these work, and why they are not dangerous. We will also look at what parents SHOULD be concerned about.

How it works

The system is fairly straight forward. Students have either a barcode or a passive RFID chip printed onto their “Bus Pass” – which is just a card they carry around. This card is scanned once the student boards the bus, either with an RFID reader or a barcode scanner (basically the same technology used at grocery stores and clothing shops).

The barcode or the RFID chip carries a simple ID number. This number does not represent the student in any identifiable way – it’s just randomly assigned. The RFID scanner is connected to an internet-enabled device and sends the ID number securely to a server.

Keep in mind, if any data is intercepted up to this point, it is of no use to an attacker. The attacker would at best get a random number that means nothing.

On the other side of the system is the parent’s app. This app is connected to Here Comes The Bus‘ servers, which lets them know that their child is on the bus. The bus also has a GPS tracker on it, which connects to the internet and lets the Here Comes the Bus‘ servers know where the bus is.

That random ID number is then looked up in a database which lets the application know which child has been assigned that ID number. The parent’s device securely requests that information, and it is provided securely down to the app.

It is possible the data coming down to the parent could be intercepted by an attacker. However, as this technology is very secure and is commonly used in almost every piece of software these days (from your health systems to banking apps), it is HIGHLY unlikely.

Could you track kids using their cards?

Some of these bus passes contain a chip, and that sounds scary right? Well, you don’t have to worry too much. These chips are passive RFID chips, the same type of technology that is imprinted in clothing labels to stop theft. Passive means that they need to be picked up by a powered scanner. In order to track a child, you would need to know their ID number (the randomly assigned one), and then set up expensive, high-powered scanners all around town. So it is possible, but there are WAY cheaper and easier ways to track someone. So this seems incredibly unlikely.

Could you track kids if you hacked into the Here Comes the Bus servers?

So the one thing that COULD happen is the Here Comes the Bus’ servers could be hacked. An attacker could break into the database and potentially be able to work out where a child has been, but this does not necessarily mean they will be able to find information on a particular child either. This data is hopefully encrypted, or linked to the school’s secure systems. I can’t speak to how this system has been secured and architected. My best guess is the system was designed with the understanding that this is sensitive data, and great care should be taken over the security. There are also a number of regulations in place that govern the usage and security of student and child data. The Children’s Online Privacy Protection Act of 1998 (COPPA) provides strict regulations regarding a child’s data. The Family Educational Rights and Privacy Act of 1974 (FERPA) gives parents certain rights with respect to their children’s education records. These two regulations will have been taken into account by the developers and the school board when evaluating this software.

Should I be worried about this?

No system is perfect and inherently has its risks, but these risks need to be balanced against the rewards. I think that the safety aspects of this application far outweigh the highly remote possibility of the system being misused. There are WAY easier ways to track people than trying to exploit a system like this.

So what should I be worried about?

There are real threats and issues out there for you to be worried about. Kids download all sorts of things to their devices, and these downloads represent real, actual threats. Malware embedded in games, social media apps, and even downloaded backgrounds can track your exact GPS location, leak your phone number, show inappropriate content, or steal personal information.

Instead of worrying about the government tracking your kids while you send them to a Public school, take a look at your kids’ actual devices. Install something like Norton Security Online and Norton Security for iOS or Android, or Malwarebytes. Also talk to your kids about what apps they’re using, and listen to hear for anything strange about their data usage, or content that is coming up unexpectedly, or unusual phone calls they’re getting. These are indicators of real threats to kids’ information and of valid concern by parents.

Previous ArticleSoftware Development Teams: Build vs. ContractNext ArticleCapture The Flag Games in Role-Playing Games

Greg

I help companies turn their technical ideas into reality. CEO @Sourcetoad and @OnDeck. Author of Herding Cats and Coders. Fan of squash, whiskey, aggressive inline, and temperamental British sports cars.

You must be logged in to post a comment.

Don’t Fall Into the Trap: Why Startup Software Development Isn’t Like Corporate Development

19 hours agoNovember 14, 2024In Startups, Technology

So, you’ve left the corporate world, and now it’s time to build your own startup. You’ve probably managed dev teams before, overseen product launches, maybe even helmed some fancy project management tools that made everything run like a well-oiled machine. You’ve done this before, right? Not exactly. When it’s your startup, everything changes—and, as I’ll explain, if you assume it’ll work the same way, you’re heading for a few surprises.

Startup founders often fall into a dangerous trap when starting a software project from scratch: thinking it’ll be just like building software inside an established company. Here’s why it’s not—and some advice on how to navigate the differences.

1. Switching from Product Manager to Teacher

In an established company, a software team already has two things that give them a serious edge: an existing market and a deep understanding of the business. They’re working within a proven model. Developers in that environment know what questions to ask, can fill in gaps intuitively, and likely understand why they’re building what they’re building.

At a startup, however, your devs are going to need a whole lot more context. They’re not working with familiar requirements—they’re working with your vision, which may be abstract at this stage. If your development team doesn’t understand why something matters, it’s a recipe for ambiguity and frustration on both sides.

Advice: Think of yourself less as a product manager and more as a teacher. Your job is to make sure they understand the core problems, not just the features. Teach them why each requirement matters, help them visualize the end-user, and create that shared language for decision-making. It might feel tedious, but it’s essential to avoid future misalignment and expensive rewrites.

2. Beware of Perfectionism — It’s the Budget Killer

In a large company, products with an existing user base often have to be polished. Features need to be rock-solid, invoices have to be perfect, and everything needs an audit trail. Startups, however, have a different goal: get an MVP in the hands of users fast. It’s a classic trap for first-time founders—focusing on “perfection” and “polish” before knowing if the business model even works.

Startup perfectionism is budget poison. It’s shocking how quickly adding “nice-to-have” features can chew through funding, especially if you’re paying a dev team to build things like automated invoicing or churn management before you’ve even proven people want what you’re selling.

Advice: Ruthlessly strip down your MVP. If a feature doesn’t help you validate your market, it goes on the “later” list. Keep the scope laser-focused on what helps you test your business assumptions. Let the non-essential features wait until you know you have customers who’ll use them.

3. Zen and the Art of the Startup Pivot

Building software for a startup means embracing one cold, hard truth: the business model will change. According to research, 93% of successful startups pivot at least once (and often more). Imagine being asked to go out and passionately sell something that you know might not look the same next year—or next month. It takes a level of zen acceptance that your original idea will likely morph, but that’s what keeps you flexible and ready to capture new opportunities.

For founders, that requires a mindset shift. You have to believe in your product, while also knowing you might be building the “wrong thing” in some way. The focus should be on preserving capital and brainpower for what’s next. The game is less about proving you’re right and more about staying adaptable.

Advice: Budget with pivots in mind. Set your burn rate assuming you’ll need to make big changes. Don’t let ego get in the way of listening to the market, and keep enough gas in the tank for at least one big strategic turn.

4. The Hard Work of Being Your Own “Internal Customer”

Here’s another big one. In a corporate environment, you have internal customers—departments or stakeholders with specific goals that align with the overall company mission. For a startup, the only customer you have is you. You don’t have a preexisting feedback loop from various departments, and you don’t have established success metrics. You have to create that from scratch.

Advice: Start by building an internal customer profile based on your target market, then use that to set clear goals and success criteria for your dev team. If you’re focused on, say, usability for early adopters, set KPIs around usability testing and build from there. By acting as your own “internal customer,” you’re setting a clear direction and saving your team from working in a vacuum.

5. Get Ready to Build AND Sell

Corporate software development often has the luxury of a separate, dedicated sales team to deliver the product to the right audience. As a startup founder, you’re both the builder and the seller. That means you’re not just iterating on software—you’re iterating on messaging, product-market fit, pricing, and maybe even distribution models.

Advice: Factor in time for sales-ready iteration in your dev cycle. As you build, keep track of how each release or update affects the user experience. Ask yourself if the changes make your pitch clearer or simpler and how they align with the current market’s needs. Ultimately, this approach will help you bridge the gap between building the product and ensuring it’s market-ready.

Conclusion

Building software as a startup founder requires a whole different toolkit than you may be used to. You’re part-teacher, part-salesperson, part-zen master, and always the chief budget officer. By recognizing the unique mindset shifts and traps of startup software development, you’re positioning yourself—and your team—for the best chance of success. Focus on creating clarity for your team, set ruthless priorities, embrace change, and never lose sight of the fact that the first version is just the beginning. In the startup world, adaptability isn’t just a skill—it’s the entire game.

Greg Ross-Munro