With the rise of home automation products intended for the consumer market such as Amazon Alexa, Google Home, and others, many of our faculty and staff have enjoyed their use at home. Some VCS faculty and staff have asked if it's acceptable to use a smart speaker at work. There are five reasons why a smart speaker is not supported on the school network.

1. Smart speakers are constantly recording

Due to their design, smart speakers are listening to, and recording their surroundings at all times. This is the nature of how they work, in order to respond to any spoken commands. They then store these recordings in the associated Amazon or Google account.

Having these speakers in an educational setting where students and/or student data are discussed is a possible Family Educational Rights and Privacy Act (FERPA) violation due to the recording being considered an educational record. Because of this, schools are advised against their use. Moreover, COPPA compliance forbids a company from storing a child’s personal information, including recordings of their voice, without the explicit consent of their parents. VCS staff cannot reasonable ensure these recordings aren't taking place since we are not provided with a way to do that beyond policy and procedures. 

2. They use Peer-to-Peer networking

Peer-to-peer networking is where devices talk directly to each other. Best practices in data security forbid these types of connections because they cannot be effectively monitored nor managed.

For example, if an employee had student, financial, or other confidential data, and transferred it to a third party via a peer-to-peer connection, we would have no visibility or control over this data exchange.

3. They require “wide open” connections

For educational or administrative digital tools, we sometimes allow or whitelist specific ports and domains to make sure they can be accessed. This is done on a case-by-case basis and only when necessary. Smart speakers generally require a “wide open” connection that allows blanket access to many ports and domains. We cannot open the network to all of these because doing so could allow access to harmful content that would expose children to inappropriate content and violate the Children’s Internet Protection Act (CIPA). Opening our network to all kinds of data traffic further exposes our users to potential security and data breaches. Our filters will certainly interfere with the normal functionality of Alexa, Google Home, and other digital assistants and smart speakers.

4. They don’t support enterprise-level security

For these digital assistants and smart speakers to work, they require a weakened level of authentication to any Wi-Fi network to which they connect. This is because as a consumer device, they are built to support home networks and simply lack support for enterprise level wireless security. We would have to “dumb-down” our security posture to allow them to connect to our corporate network, thereby adding a vulnerability to our enterprise network, and to you, our users.

5. They are not designed for, nor made to work well in the enterprise resulting in a poor VOI

Smart speakers are designed for home use. Problems that will invariably arise when trying to make them work on a corporate network is likely to cause frustration by users. Those users would naturally seek support from IT staff through support tickets. The added time and cost of supporting smart speakers would far exceed the value received to the organization from their use. Smart speakers and digital assistants currently add nothing to the educational value of a classroom, nor to the administrative office, that can’t otherwise be achieved using any existing computing device.