Anyway-
It seems the whole mess was a storm in a teacup.
It seems it was just some setup where if a student reported a laptop missing the school which owned those laptops could remotely access it to try to figure out where it was and who was using it.
This is incorrect. It was not "just" some setup where a laptop could be located. It was a setup where other things could be done, such as having pictures taken of the user in their own home. This was admitted The fact that the stated intent was to only perform some minor, legitimate function does not mean the illegitimate functions did not exist.
And the responses you quote are bureaucrateeze for an organization that screwed up trying to backpedal. I'll do a gloss on some:
* No. At no time did any high school administrator have the ability or actually access the security- tracking software. We believe that the administrator at Harriton has been unfairly portrayed and unjustly attacked in connection with her attempts to be supportive of a student and his family. The district never did and never would use such tactics as a basis for disciplinary action.
Note the shiftiness here. They don't believe the administrator did it, the district would never do such a thing.
It sounds like a flat-out denial because of the wording, but there's nothing about the facts of this case. This really boils down to a general statement that the official district policy is not to break the law.
* Only two members of the technology department could access the security feature.
What does "could" mean? Policy? De facto practice? Number of people your admin said you should call when you want this done? How many people had the password to the web site? Under what conditions would they use it
* During the 2009-10 school year, 42 laptops were reported lost, stolen or missing and the tracking software was activated by the technology department in each instance.
Again, a non-answer: "How many times was the system used?" and the answer is "Forty-two laptops went missing, and we used the system all of those times." This doesn't address the main issue: Were there other times? Can administrators even tell?
* The district learned of the allegations Thursday, February 18th. No complaints were received prior to this date.
Hmm. Quick for a bureaucracy to do review of policy, investigation of authorization requests, logs & electronic audit trails, and interviews to see how the system was used in practice. At this point I'm wondering if they even have those things.
9. Is remote access activity by the district logged?
Yes. There is a log entry for every instance of the security feature activation. The logs will be reviewed as part of the special review conducted under the direction of special outside counsel.
Aah. Here we go; so there are logs. Maybe they are good electronic ones held by a third party, maybe editable ASCII text that wasn't backed up, and maybe just paper notebooks. Still better than nothing.
But--they haven't been reviewed yet. Which explains why every other paragraph is so evasive. They don't actually know squat at this point.
The district is basically blustering. I consider it a warning sign anytime a response to a credible claim of a serious violation is "No one did anything wrong!" before that can possibly be known; it implies to me a culture where it's just *assumed* everything acts correctly, and the people who should be enforcing good behavior are more interested in PR. Good organizations I've worked with say things like they are "reviewing logs to confirm that our stringent safeguards were followed" and "we take all violations seriously". Flat-out support comes after the facts are in.
It is possible that they are in this mode because of the lawsuit. I happily don't have experience with them, definitely not on the inside of such a public one, where immediate response seems mandatory. But my guess that they weren't on the ball, didn't think through possible abuses of their system (the intent was good, right?) and wouldn't have a clue if people had started using the feature for other reasons.