Blank(ed) Canvas
Welcome to the 21st century Univershitty
I used to tell people how old I was by revealing that I started my PhD studies the same year (1994) that Netscape Navigator was released. It still works for folks of a certain age, I suppose, but for students, I’m just locating myself in the vaguely nebulous “Before Times,” alongside almost anything else from the 20th century.
I was thinking about this recently, because there’s another story that I used to tell about my approach to technology. I was really excited, when I left graduate school, to take a job at a university. I believed that my newfound status as a professor would include the opportunity to work with folks in the IT (Information Technology) unit, giving me access to all sorts of resources and expertise. On top of that, my first gig was at a school (Old Dominion) that had invested heavily in distance education; it had articulation agreements with community colleges throughout the state, whereby students could get their AA degrees locally, take courses from ODU which were broadcast to them, and then transfer to ODU to complete a BA. They also worked pretty extensively with the military—our courses were being broadcast to aircraft carriers, for instance. Needless to say, I didn’t think that television was a particularly effective medium for writing instruction, so I was eager to explore developing online tools for teaching writing in this context.
My meetings with folks from IT were frustrating, because we were only able to speak at cross purposes. I wanted them to show me what they were able to do, so that I could build my courses around those capabilities. They wanted me to tell them what I wanted to do, so that they could build their capabilities around my courses. As I would later figure out, I wanted social media tools that were still several years away from being developed and mainstreamed. I didn’t have strong points of reference to give them, because if I had, I would just have used those tools.
But there were issues from their end as well. For their part, they operated with the assumption that education was content delivery, and for them, anything that couldn’t be broadcast just didn’t belong. They had no frame of reference to understand writing instruction. Also, I didn’t understand this until much later, but their motives were different as well. They were far more interested in having me articulate an interface/system that they could use for other instructors (and presumably take credit for developing). To put it bluntly, they were more interested in the platform than the pedagogy1, because that’s where their incentives were. I didn’t realize it at the time, but this ended up being my introduction to platform dynamics (and extraction).
This particular trip down memory lane was prompted by the news last week of the ransomware hack on Canvas. Over the past 10-15 years, universities have outsourced a great deal of their classroom interaction to platforms, but Canvas is by far the largest of those (Syracuse uses Blackboard). CNN describes it as “an education platform used by universities and K-12 schools across the US,” but that doesn’t really capture the scope of the damage. According to Phil Hill (in 2024), 43% of the institutions in North America use Canvas, affecting roughly 50% of all students. The tally I’ve seen is that about 8800 schools, and more than 250 million data records, were affected. Not only did the group responsible threaten to release all of that data (including personal identifying information for faculty and students) if a ransom weren’t paid, but faculty, students, and administrators were locked out of the platform. Due to the timing of the attack, many schools had to postpone or cancel finals, had no access to courses, materials, grades, etc., right on the verge of graduation. It is perhaps needless to say that this was high-leverage timing, and the ransom was paid fairly quickly by Canvas’ parent company.
A couple of my earliest posts here on Substack were about how I began my career deeply invested in technology, but have since soured on teaching courses in digital writing. I described it at one point as a crisis of faith. But I’m not sure that fully captured the despair I felt watching my interests not only being crowded out of the university but poisoned in the process. It’s been a pyrrhic victory at the very best, watching technology enter and ultimately take over every last element of higher education. Ian Bogost put it well in his Atlantic piece on the attack: “people feel trapped by the tools we use, unable to interact in a human way by means of them—and forced to do so less efficiently besides.” Bogost’s account of the last days of his course, and all of the anxiety and uncertainty that the hack generated, is worth reading, because it’s worth multiplying those effects by millions of students and faculty.
But then, you should also multiply it by a couple of additional factors of 10. Canvas may be one of the most public-facing platforms that have infested higher education, but there are dozens of others than run through each individual university, each with its own interoperability limits, its own nomenclature, and its own third-party vendor, any of whom could be hacked the way that Instructure was. Those third-party “solutions” cut across every last function of the university, from admissions to advising, from library services to registrars, from budget management to assessment. (Just last week, I received notification of the launch of our all-new, 2.0 version of the surveillance platform that monitors student progress!)
From Problem to Solution to Problematic Solutionism
Here’s an example of what I’m talking about: when I was in graduate school, before these institutions had fully bought into the internet, applying for jobs involved sending hard copy to hiring institutions, and that included letters of recommendation. My first year on the market, I provided my letter writers with a stack of stamped, pre-addressed envelopes for them to send signed letters to all of the searches I was applying to. On top of that, I had to print out and mail letters, cv’s, portfolio materials to dozens of potential employers. By the time I arrived at Syracuse, the Career Center had taken over that clerical role for students—they could place all of their materials on file, and for a fee, the Center would ship those materials to any address you designated. Professors could also place their recommendation letters on file with them.
You may be wondering why the system still relied so heavily on postage, and that’s fair. This was a time when universities finally began accommodating digital submission of materials, and over the next few years, a national service emerged (Interfolio) that offered both to host student files, dossiers, and letters, and also to post job advertisements on behalf of institutions. This felt like a peak solution to me, the centralization (and simplification) of a dispersed and inconsistent process, ironing out the potential risks of trusting one’s career to the vagaries of the US Postal Service. It also had the virtue of distributing the costs of the process among all of its stakeholders, rather than heaping costs on the students, the least able to assume them.
At some point, though, this updated model for the job market fell apart, and I’ll confess that I’m not sure why or how it happened. Interfolio still exists, although it’s rife with stock photos and corporate buzzwords, which I find really off-putting2. They’ve largely turned away from their original purpose, as far as I can tell, and what’s emerged to fill that void are hundreds of poorly designed, one-off university application portals3. Rather than simply placing my letters of recommendation on file, I now have to generate temporary accounts and passwords for each of these sites, fill out meaningless data-greedy questionnaires (“How many years have you known the candidate?,” e.g.), and then finally upload individual copies of my letter to each university at which a student or colleague has applied. I don’t mind taking the time to write specific, personalized letters of recommendation, but I deeply resent the hours I need to spend every year navigating these shitty portals in order to share those letters that would otherwise take 10 seconds to attach to an email.
The early days of the internet introduced incremental improvements to this process, eliminating some of the costs and labor involved. Eventually, that progress slowed and ultimately reversed, to the point where the “new and improved” version is now more time and labor-intensive than the original (printing, signing, mailing). And on top of that, every university is paying an annual fee to third-party vendors to make it worse.
Management
That’s one tiny piece of a much larger puzzle that is now dominated by such portals; Canvas is simply one of the most visible (and presumably most profitable). They neither support faculty teaching nor facilitate student learning. They do have one important advantage, though, and that’s they make it easier to manage the institution. It’s in the description: Canvas is an LMS (learning management system). As Alan Jacobs explains, “the primary function of Canvas is to make it possible to manage, without administrative assistance, classes with fifty, a hundred, two hundred, three hundred students. Whatever Canvas costs, it doesn’t cost as much as several additional faculty and/or administrative employees would cost.” When COVID hit, and in-person learning was no longer possible, tools like these were a godsend for the folks who needed to be able to continue charging students tuition. The surveillance, the reduction of education to explicit metrics, and the easily portable and salable trove of millions of pages of student writing were all just fringe benefits (that have persisted past our collective return to the in-person classroom).
“The only real reason to have them,” Claire Potter writes, “are a series of financial incentives that benefit neither students nor faculty, whose data and labor is then returned to Big Tech as profit.” In order to pay for this outsourced educational management, schools have dragged their feet on replacing faculty (or outright eliminated positions), they’ve merged and minimized staff positions, and they’ve steadily drained local expertise, chipping away at the actual people that students might encounter and work with in the process of earning their degrees. In this sense, artificial intelligence4 on campus is merely an outgrowth of an administrative mindset that treats faculty, staff, and students primarily as cells in a spreadsheet to be optimized for wealth extraction. Education has gradually crept closer to AI-driven phone menus or web portals, a transformation that benefits no one on an actual campus.
Freddie DeBoer describes this vision of education in terms of what he calls the Library Card fallacy, “the mistaken notion that the purpose of education is to transfer information from teacher to student, and thus that schools and teachers are subject to disruption when any technology comes around that democratizes access to information.” We’ve spent the past twenty or so years both repeating that notion over and over (Google! Wikipedia! MOOCs!) but we’ve also gradually altered our institutions in ways that forestall any other vision. We’re gradually sawing off the branch that we’re sitting on, in the interests of making our “product” more manageable.
Hostage Negotiation
I spent the week reading through a spate of articles about the hack, and Claire Potter’s begins with an observation that triggered a memory for me. She writes that “College professors, high school teachers, and all of their students have been hostages to Canvas, other learning management systems (LMS’s), and technology more broadly, for over a decade.” It was that characterization buried in the middle of the sentence (“hostages”) that recalled for me an episode I posted a few years ago, about the parallels between Doctorow’s enshittification and the dynamics of ransomware attacks.
Higher education is experiencing an unprecedented period of vulnerability, and nearly all of that is self-generated. The Canvas hack is simply the most recent demonstration of this, one that was executed at scale, which faculty and students will be paying for over the next several years5. Our current regime’s war on research and science has debilitated university budgets across the country, even when it hasn’t been leveraged specifically to interfere with academic freedom and/or Constitutional rights. Decades of exploitation of student athletes led to the NIL debacle. Forty years of neoliberal economics have helped to load up students and their families with debilitating debt. And all the while, administrators are racing against one another to deliver the loudest pitch in favor of offloading as much of their curriculum as possible to Ai. We’re holding ourselves at ransom and handing the guns out to anyone who’ll train them on us.
The point that I wasn’t yet ready to make back when I wrote that original post about ransomware attacks is that, functionally, there’s very little to distinguish such attacks from run-of-the-mill platform capitalism. The one substantial difference between the annual fees that we dutifully submit to our platform overlords and the ransom demanded by ShinyHunters is that the latter are asking for that money in a lump sum. We are the ones who’ll pay for it, either way. Nowadays, we’re even offered the opportunity to pay those who’ll lecture us about how lucky we are to be treated this way.
I’ve got a couple of episodes on tap: a quick review of a book I zipped through a couple of weeks ago, which will bring me to a milestone that I’ll be writing about this week. I’m hoping to do a bit more writing this weekend, so it’s very possible that both will be appearing fairly soon. Until then…
I’m aware here that I’m casting myself as the hero of this story. I can’t really help it, even though I honestly feel that it’s true. At the time, I genuinely believed that they were there to support and collaborate with faculty, and I’ve spent the past 30 years listening to IT departments, tech companies, and now AI spokespeople spin those same justifications: it’ll make your job easier, you’ll be more productive, it’ll free you up to focus on the more rewarding parts of your life, etc. Exactly none of those promises has ever proven to be true. Not a single fucking one.
It may be a partial explanation that it’s now a subsidiary of Elsevier, one of a handful of profiteering oligopolists chiefly responsible for the enshittification of academic publishing.
Maybe this is unkind of me, but no two of these portals are alike, and most of them are designed with a sensibility that I remember from my own days in the late 1990s coding with HTML. They’re really junky, poorly thought through, and I’m sure that there’s a handful of third-party vendors out there celebrating the grift they’ve achieved.
Our IT people conduct workshops on how to train our “free” Claude installations on our own prose and emails so that we can use it to interact with colleagues and students and avoid the shame of having done so.
If you honestly believe that the “ransom,” much like a certain regime’s tariffs, won’t be passed along to those thousands of institutions (and millions of students) whose records and grades and course materials are dependent upon Canvas, then you haven’t been paying enough attention.