Protecting Exam Integrity And Privacy In Remote Learning Environments

Brief Abstract

Maintaining test-taker privacy is at the core of Proctorio’s Learning Integrity Platform, not an afterthought. How does Proctorio set itself apart from other remote proctoring solutions when it comes to protecting test-taker privacy and data security?

Extended Abstract

Maintaining test-taker privacy is at the core of Proctorio’s Learning Integrity Platform, not an afterthought. Since its inception in 2013, Proctorio has leveraged Zero-Knowledge Encryption to protect exam recordings. To date, Proctorio is the first and only remote proctoring solution to utilize Zero-Knowledge Encryption, making us an industry leader when it comes to privacy and data security.

Proctorio was created to securely expand high-quality learning opportunities to test takers everywhere and spur the development of human potential through innovations in technology. Proctorio has achieved this by providing a scalable, cost-effective, and sustainable online proctoring solution to over 2.5 million active weekly learners across the globe. With this many distance learners using Proctorio, protecting exam-related information and test-taker data is crucial. Proctorio was designed with test takers in mind and was created to provide a differentiated approach to remote proctoring that does not require test takers to share Personally Identifiable Information (PII) beyond what is already required by their assessment platform.

Proctorio’s key differentiator is our approach to privacy and security. We never require PII from a test taker to enter an exam and we limit decryption of exam images and recordings to institution-approved exam administrators and instructors. All collected test-taker data is secured with three levels of encryption:

• The Zero-Knowledge Encryption layer is secured using AES-GCM, using encryption keys never shared with Proctorio.
• Transmission into the datacenter is only over TLS 1.2 or 1.3 and, if the client supports it, we use Perfect Forward Secrecy (PFS).
• Data at rest within the data center is encrypted using AES-256 and is FIPS 140-2 compliant. All data centers are ISO 27001 certified, SOC 2 attested.

Proctorio is the first and only remote proctoring solution to utilize Zero-Knowledge Encryption. This unique design ensures that exam recordings do not leave the test taker’s device until they are encrypted and they remain encrypted and can only be unlocked by an authorized official at the institution.

Proctorio conducts nightly security testing and regularly partners with third-party organizations to audit our software. We have partnered with third-party organizations to test our vulnerability and penetrability, validate our Zero-Knowledge encryption methodology, and validate that our regional data centers are in compliance with data privacy laws like GDPR.

In January 2021, Proctorio launched our extension on the Microsoft Edge browser. This decision was made with the privacy of our users in mind, as Microsoft provides users with more control over their privacy settings when using the browser. Since 2013, Proctorio has been leveraging Microsoft Azure data centers around the world to secure exam related data, ensuring that no matter where the test taker is located or where the exam is created, all exam-related data is stored geographically in data centers near the institution. Join us for this session as we discuss the importance of data security and privacy in remote learning environments, Proctorio’s unique approaches to protecting privacy and security, and the roll-out of our partnership with Microsoft Edge.