A.

Are School Bus Tracking Systems Dangerous?

By In Technology

There has been a lot of hype recently in Tampa Bay about the “Here Comes the Bus” app. This is system that allows parents to see when their kids have gotten on a school bus, and where the bus is. Some parents are concerned that systems like this one could let malicious users, or government agents track their children. So I’m going to give a quick overview of how systems like these work, and why they are not dangerous. We will also look at what parents SHOULD be concerned about.

How it works

The system is fairly straight forward. Students have either a barcode or a passive RFID chip printed onto their “Bus Pass” – which is just a card they carry around. This card is scanned once the student boards the bus, either with an RFID reader or a barcode scanner (basically the same technology used at grocery stores and clothing shops).

The barcode or the RFID chip carries a simple ID number. This number does not represent the student in any identifiable way – it’s just randomly assigned. The RFID scanner is connected to an internet-enabled device and sends the ID number securely to a server.

Keep in mind, if any data is intercepted up to this point, it is of no use to an attacker. The attacker would at best get a random number that means nothing.

On the other side of the system is the parent’s app. This app is connected to Here Comes The Bus‘ servers, which lets them know that their child is on the bus. The bus also has a GPS tracker on it, which connects to the internet and lets the Here Comes the Bus‘ servers know where the bus is.

That random ID number is then looked up in a database which lets the application know which child has been assigned that ID number. The parent’s device securely requests that information, and it is provided securely down to the app.

It is possible the data coming down to the parent could be intercepted by an attacker. However, as this technology is very secure and is commonly used in almost every piece of software these days (from your health systems to banking apps), it is HIGHLY unlikely.

Could you track kids using their cards?

Some of these bus passes contain a chip, and that sounds scary right? Well, you don’t have to worry too much. These chips are passive RFID chips, the same type of technology that is imprinted in clothing labels to stop theft. Passive means that they need to be picked up by a powered scanner. In order to track a child, you would need to know their ID number (the randomly assigned one), and then set up expensive, high-powered scanners all around town. So it is possible, but there are WAY cheaper and easier ways to track someone. So this seems incredibly unlikely.

Could you track kids if you hacked into the Here Comes the Bus servers?

So the one thing that COULD happen is the Here Comes the Bus’ servers could be hacked. An attacker could break into the database and potentially be able to work out where a child has been, but this does not necessarily mean they will be able to find information on a particular child either. This data is hopefully encrypted, or linked to the school’s secure systems. I can’t speak to how this system has been secured and architected. My best guess is the system was designed with the understanding that this is sensitive data, and great care should be taken over the security. There are also a number of regulations in place that govern the usage and security of student and child data. The Children’s Online Privacy Protection Act of 1998 (COPPA) provides strict regulations regarding a child’s data. The Family Educational Rights and Privacy Act of 1974 (FERPA) gives parents certain rights with respect to their children’s education records. These two regulations will have been taken into account by the developers and the school board when evaluating this software.

Should I be worried about this?

No system is perfect and inherently has its risks, but these risks need to be balanced against the rewards. I think that the safety aspects of this application far outweigh the highly remote possibility of the system being misused. There are WAY easier ways to track people than trying to exploit a system like this.

So what should I be worried about?

There are real threats and issues out there for you to be worried about. Kids download all sorts of things to their devices, and these downloads represent real, actual threats. Malware embedded in games, social media apps, and even downloaded backgrounds can track your exact GPS location, leak your phone number, show inappropriate content, or steal personal information.

Instead of worrying about the government tracking your kids while you send them to a Public school, take a look at your kids’ actual devices. Install something like Norton Security Online and Norton Security for iOS or Android, or Malwarebytes. Also talk to your kids about what apps they’re using, and listen to hear for anything strange about their data usage, or content that is coming up unexpectedly, or unusual phone calls they’re getting. These are indicators of real threats to kids’ information and of valid concern by parents.

Previous ArticleNext Article
I help cruise lines turn their technical ideas into reality. I'm experienced in all stages of innovation and technology management. I've also been programing since I was 8 years old, and have somehow retained the ability to have normal human interactions. Occasionally I speak about how Industrial Psychology and Neurophysiology can be interrogated with IT and systems management, because I spend a lot of time thinking about the subject, as strange as that may seem.

Leave a Reply

How to Land Your First Tech Job: Or at least what I will tell you

In Technology


Ah, the age-old question that haunts every college graduate’s dreams: “How do I get a job?” But not just any job. A job that doesn’t involve asking, “Would you like fries with that?” unless it’s a cheeky Slack message to your new tech team while deploying code (because, let’s face it, multitasking is key).

So, you’re fresh out of college, armed with a degree, and ready to conquer the tech world. But there’s a catch – everyone wants experience, and you’re fresh out of that. It’s like needing a job to get experience but needing experience to get a job. A real chicken and egg situation, except less philosophical and more annoying.

Now, before you start sending LinkedIn invites to every CEO with a pulse, hoping one of them will notice your enthusiasm (or desperation), let’s talk strategy.

1. Start a Blog – No, Seriously

First things first, start a blog. I give this advice to everyone, and you’re not going to take it, but I will keep trying.

“But I’m not a writer,” you protest. Well, guess what? Neither are most of your competitors when it comes to that job interview. But here’s the thing – writing helps you articulate thoughts, share knowledge, and most importantly, shows you’re committed. Write about what excites you in tech. Dissect the latest AI breakthrough, or maybe just rant about why tabs are better than spaces. It’s your stage. It’ll also help you greatly when interviewing. If you’ve actually researched and forced yourself to write about a topic, it’s WAY easier to talk about it.

If the thought of cranking out 500 words twice a week makes you sweat, consider this: if you can’t commit to a blog, how will you commit to a job? Harsh but fair.

2. Ship Something… Anything!

Next, if you’re a coder, designer, or any species of maker, you need to create something and get it out into the world. A portfolio is great, but a product is better. It doesn’t have to be the next Facebook. Heck, it can be a to-do list app that makes a satisfying ‘ding’ sound when you check off an item. But it shows you can see a project through from start to finish. Plus, nothing beats the thrill of seeing your creation out in the wild, even if it’s only used by three people (including your mom). And three users is way more than what most juniors come to interviews with.

3. Polish That LinkedIn Profile

Ah, LinkedIn, the worse MySpace of the professional world. It might not be the most exhilarating social network, but it’s where the grown-ups and LinkedIn Lunatics go to humble brag. So, get your profile in tip-top shape. Showcase your blog, add a professional photo (no, your beach selfie doesn’t count), and maybe sprinkle in a few insightful comments on posts. Show the world you know how to play the game. It’s only for show as a junior, and everyone knows it, so don’t go overboard.

4. Read. Then Read Some More.

While not the world’s biggest Jim Mattis fan, I got a bit of a kick in the pants after reading his Call Sign Chaos: Learning to Lead. In it he said “If you haven’t read 100 books on the field in which you claim to be an expert, then you are functionally illiterate.” That was a bit of a wake up call for me as a CEO. So if you’re a junior, lets make that rule “If you haven’t read at least five books about your chosen profession, you’re not ready to be a junior anything.” It’s a bold claim, but let’s face it, you’re competing with people who live and breathe this stuff. Catch up.

5. Network, Even If It’s Painful

Finally, networking. Yes, it’s awkward. Yes, it feels like speed dating but with business cards. But knowing what’s happening in your field and who the players are is invaluable. So, go to those tech meetups, chat with people, and yes, maybe even endure a few boring conversations about someone’s revolutionary blockchain startup. Try and meet one or two people who know me before you reach out to me. Then we can have someone to gossip about, and it’ll feel more personal. Tampa has a few good tech networks that throw decent, free events where you can find people who know me. Check out Tampa Bay Wave, Embarc Collective, and Tampa Bay Technology Forum.

And there you have it. Five steps to improve your odds of landing a job in tech. Most won’t follow this advice, but if you do, you’ll be ahead of the game. And who knows, one day, I might be asking you for a job. Or at least, for some tips on my blog.