Canvas error temporarily lets students change grades
A set of temporary software glitches allowed students across the state to access teacher gradebooks on Canvas for almost two hours on Sept. 11.
The errors came as a result of a scheduled software updates at 12:30 a.m. and 11:30 a.m. and lasted a total of 105 minutes, said Devin Knighton, public relations director for the Utah-based company and Canvas creator Instructure. Any student who accessed Canvas in the hour before the update and re-logged on immediately after was able to view and edit the gradebook for their classes.
All changes made were fixed within the day, Knighton said. Because Canvas is not where permanent grades are kept, the Instructure staff was able to access a log and let school officials know exactly what changes were made.
Utah Education Network has been using the program for two years now, but this problem was a first, Knighton said. He said extra security, such as checks on coding and processes, are being put in place to prevent other major errors but that there’s no foolproof way to prevent errors.
“We can’t promise it will never happen again, because it’s software,” he said.
Scott Allen, learning systems administrator for UEN, said structures are being put in place to make sure the incident is not repeated. Overall, the number of students who made inappropriate changes was small, he said. USU and The University of Utah were the most affected colleges because of their size.
Most students didn’t take advantage of the error, he said.
According to the UEN website, every higher education institution in Utah uses Canvas.
While hundreds of students had access to the teacher permissions, Knighton said most students exited the page as soon as they could tell they weren’t supposed to have access. A nominal amount of students changed grades, and most of those cases were not on purpose, he said.
“I think this is an accidental study on the integrity of the students of Utah,” Knighton said. “I would not have suspected so many students would have immediately logged out.”
At USU, 78 students out of the 5,521 active users that day temporarily had access to the modified permissions and only three made changes to grades. Of the students who modified grades, two actually gave themselves lower scores, prompting officials to suspect the changes were experimental, said USU spokesman Tim Vitale.
A feature in Canvas allows students to calculate their grades based on scores they think they will get. Because of this, Vitale said he suspects the students were going about their regular work. He said no actions will be taken against the students.
“In class you’re almost asked or instructed to play with the system,” Vitale said. “We wouldn’t want to pin anything on these three students who discovered it by accident doing tasks that they would normally do.”
Rich Finlinson, UEN communications manager, said the organization is working with Instructure to make sure student information remains secure.
“One of UEN’s great strengths is that we’re a statewide consortium,” he said. “We’re collaborating with Canvas.
Vitale said the error did one good thing in showing USU student’s honesty.
“We are proud of the fact that our students in this example showed extreme depth of integrity.,” Vitale said.
– allee.evensen@aggiemail.usu.edu