Article Preview
TopIntroduction
Massive Open Online Courses (MOOCs) have gained popularity in higher education and currently thousands of learners worldwide rely on MOOC platforms (or applications) to access learning materials either free or at low cost (Emma and Pro, 2014). These MOOC applications come with features to capture sensitive information of the learners (e.g., birth dates, addresses) and offer analytics functionality so learners can monitor their performance and educators can improve learning experiences by mining data logged by these platforms.
Among several MOOC providers, currently, Coursera (2016), EdX (2016) and Udacity (2016) are the most popular. It is estimated that these three platforms currently account for over 15 million users. Earlier study indicates that over 7 million students in the United States alone have taken a minimum of one online course (Daries et al., 2014). This user base generates enormous amounts of logged data. The data contains valuable information regarding student-learning behaviors, student interactions, use of learning resources and other interests.
Researchers have already studied user behavior while accessing learning materials (Brinton et al., 2016; Lebron and Shahriar, 2015) such as mouse click pattern mining during video watching. Recent MOOCs research focuses on analyzing its logged data to improve the student learning experience through analytics (Coffrin et al., 2014; Guo et al., 2014), enhance technology support by performing data gathering for student performance and behavior analysis (Ruiz et al., 2014), or, in comparing MOOCs platforms in terms of their pedagogical framework and capabilities (Lebron et al., 2015). However, there is a lack of studies explaining possible security and privacy breaches when applying or adopting MOOCs platforms for students.
Recently, an analysis of student behavior based on 100 gigabytes (GB) of time-stamped log data for a specific MIT course was realized (Seaton et al., 2014). Protecting this data while enabling robust computations warrants specialized expertise and resources not readily available to a majority of application developers (Song et al., 2012). Much of this data is actively sought by private companies for commercial interests, which may lead to a violation of federal privacy laws (FERPA Act (Daries et al., 2014)). Promises not to release and carefully secure such data has been utterly ineffective, and of late, been laden with security breaches. These security breaches compound with the use of Cloud technologies.
We believe that security and privacy concerns are founded based on the basic building blocks (see Figure 1) of MOOCs that typically include web (browser, server application), database (both relational and non-relational), and cloud technology as the delivery platform. Thus, traditional software vulnerabilities (e.g., arbitrary code injection, session hijacking) are applicable for MOOC applications.
Figure 1. MOOC building blocks: web, database and cloud technologies