The Detection + Reaction Lockbox
Cary Straw, CESP
Cary Straw, Executive Web Patrol Manager, Caveon
The Evolution of Web Patrol
Cary Straw is one of two Executive Web Patrol Managers at Caveon. He has been with Caveon for nearly fifteen years and has over thirty years of extensive experience in online computing, design, brand management, sales, and test security. Those varied strengths enable him to understand and know where the bad guys really hide online and how to find them.
You might also like...
More Reads
Many of you undoubtedly have toolkits for various routine tasks, as well as for the occasional emergency that surfaces. But what’s in your toolbox for detecting test security problems?
Use the latest research conducted by your colleagues in the testing industry to evaluate your options and make the best decisions for your assessment program.
“Well, I’ve never seen that before.” After nearly fifteen years scouring the online world for the various types of exposed exam content related to our clients’ intellectual properties, I’ve learned to expect the unexpected. I am constantly surprised by how, when, or where exam content will be discovered online. The internet is constantly evolving, and so too must our focus and goals with regards to finding and addressing these exposures. In the beginning, most high-stakes testing companies weren’t aware of the security vulnerabilities introduced by the internet. Test security was either far down on the list of priorities, or it was not discussed at all—and information regarding any exam security issues or content exposure was certainly never made public! Back then, the online ecosystem was not nearly as robust as it is today, and social media was not the star of the show as it is now. The processes and goals were simple: Search online in forums, discussion groups, and websites for infringing content; report that content; have the client verify it; and send a letter asking to have the content removed. Clean, simple, and it worked a large percentage of the time.
Submit
Join our mailing list
Thanks!
Copyright© 2019 Caveon, LLC.
All rights reserved. Privacy Policy | Terms of Use
Contact
Interested in learning more about how to secure your testing program? Want to contribute to this magazine? Contact us.
"The internet is constantly evolving, and so too must our focus and goals with regards to finding and addressing these exposures."
In an ideal testing environment, these security threats would not exist. If the online environment was the utopian ideal envisioned by many people during its infancy, web patrollers would not have to continually update and modify their approaches to online exam security. However, until we reach those pinnacles, a comprehensive and broad scope system of Prevention, Deterrence, Detection, and Reaction is the best way to give your highly valued intellectual properties additional validity, lifespan, and security in the current online environment.

"We recommend that clients not only institute routine web patrol into their test security strategies and remove content where possible, but create an environment of both diligence and innovation that extends the useable life of their exam, both online and in the real world."
During these simpler times, infringing exam content typically came from individuals or small companies with no nefarious intent—they were mostly looking to either help out a friend, or in some cases, sell a few questions and gain some small advantage for customers taking the exam. Usually, a single strongly-worded letter was all it took to have those websites and individuals delete or modify the infringing content. Seldom was a client’s company required to take legal action, and rarely did clients need to go to court to protect their content.

Fifteen years later, the online ecosystem has drastically changed. Our industry now faces large conglomerates of braindump sites numbering in the thousands, each one owning hundreds (if not thousands) of individual URLs that routinely steal content from a vast number of private, public, and governmental industries. We must now deal with groups that recruit test-takers to travel the world to steal, remember, and record as much exam content as possible, and then turn around and sell and distribute that content at a global level. Most often, owners of these infringing sites are inundated from all sides with takedown requests from companies looking to protect their materials (and in some cases, substantial monetary investments) by leveraging the Digital Millennium Copyright Act (DMCA). But with DMCA letters becoming such a popular (and often misused) tool, owners of these infringing sites are beginning to push back by filing counter-notices, claiming the fair use doctrine as a defense, or simply ignoring the letters. Because of this, it has become exceedingly difficult to have content removed with a letter… or three.

But these braindump sites aren’t the only threat our exams must overcome—Social media, a practice so prolific and entrenched in our online discourse that even the greatest of online search companies have a hard time keeping up. Faced with a beast of this power and magnitude, we recommend that clients not only institute routine web patrol into their test security strategies and remove content where possible, but create an environment of both diligence and innovation that extends the useable life of their exam, both online and in the real world.