Thoughts on the Canvas LMS Hack

Full Post: Unraveling the Canvas Hack The Canvas learning management system is AGPL-licensed, open-source software. However, our educational institutions don’t run their own instances of Canvas! They’re all paying customers of Instructure’s hosting services. Instructure holds the master credentials, the privileged API keys, OAuth tokens, and database access. This creates a single point-of-failure. If you can compromise this layer, you gain access to 9,000+ institutions in one fell swoop. This is a bad model for an LMS that forms the backbone of our nation’s education infrastructure, for exactly the same reason that AWS’s dominance over the internet is a bad model for the web. Central points of failure are bad. Shocker. And it’s made even more ironic by the fact that Canvas is free and open-source software! Canvas itself was not the vulnerable component here. The vulnerability is the fact that every educational institution is relying on Instructure’s hosting services instead of running it themselves! We have surrendered sovereignty over our data for the sake of administrative convenience. Our education system should be built on free and open-source software, but it should also be built on distributed infrastructure. We should be running our own instances of Canvas. We should be hosting our own data. The fact that a single company’s security failures can paralyze global higher education is a failure in the design of the system. To school administrators, to policymakers, and to the open-source community itself: We can do better.