Professional Documents
Culture Documents
Simon Spacey∗
Abstract
This paper examines the hypothesis that in a country where disclo-
sure of higher than average achievement can be considered an appropriate
justification for bullying, students are more likely to do badly in exams
and collude more in assessed course work to ensure that their grades do
not stand out. We examine this hypothesis by measuring how students
perform when their position in a class is reported with different levels
of perceived privacy. We start by defining what we mean by privacy in
rank reporting before discussing a novel rank reporting approach that has
higher privacy than traditional approaches. We then provide results for
case studies where a traditional and the new higher privacy rank report-
ing approaches are used with students at a New Zealand university. The
results indicate that over 70% of the students are concerned with the pri-
vacy of traditional rank reporting approaches and that average student
performance may be affected by almost 20% by these concerns.
1 Introduction
rab mentality is a behavioural characteristic wherein someone tries to pull
C down those who are performing better than them. The term comes from
watching crabs in a fisherman’s bucket. The fisherman can leave the bucket
without a lid secure in the knowledge that every time a crab makes progress
towards its escape, the others will go out of their way to pull it back into the
bucket.
Crab mentality can be seen as a type of envy or hating and is sometimes
referred to as tall poppy syndrome from the story of the Roman king Tarquin
who was said to have cut the heads off the tallest poppies in his garden as a sign
to his son that he should set about secretly assassinating those of achievement
around him to ensure his own success (Livius, 2010). But whatever you call the
phenomenon, the fact that it is well established and recognised (see for example
Comfort, 1995, p. 599) means that:
standing out through your achievements can cause you to be at-
tacked in some countries.
∗ S. Spacey is with the Computer Science Department of the University of Waikato in New
1
In modern day academia, secretly assassinating your peers is not necessarily
performed the same way it was in king Tarquin’s day. The growth in importance
of social media sites and the simplicity with which anyone can create an account
that is not associated with their real identity makes it easier for an attacker to
perform assassination through electronic rather than physical means. This form
of anonymous electronic assassination is called cyberbullying (Li, 2007; NetSafe,
n.d.) and like the assassinations of king Tarquin’s time, the harm caused by cy-
berbullying can include the death of young and old alike (e.g. Bailey, 2014;
“Charlotte Dawson’s death throws spotlight on cyber bullying”, 2014; NOBul-
lying.com, 2013) but does not need to actually kill for its perpetrators to gain
advantage in their peer groups as discussed in Vance (2012).
Cyberbullying is such a significant problem in some countries that govern-
ments are considering new laws to address it as discussed in “Internet trolls
face up to two years in jail under new laws” (2014) for the UK, in US Li-
brary of Congress (2013) for the US and in New Zealand, the Harmful Digital
Communications Bill (New Zealand Government, 2014) aims to make posting
communications with the intent to cause harm punishable by up to 3 months
in prison or a $2,000 fine and creates the new offence of “incitement to commit
suicide” punishable by up to 3 years in prison.
In this paper we seek to quantify the effect that crab mentality has on the
performance of modern students. The hypothesis we examine is that, in a coun-
try like New Zealand where crab mentality is an accepted norm (Dediu, 2015;
Kirkwood, 2007; Mouly & Sankaranb, 2000, 2002; Tapper, 2014) and even cel-
ebrated as a cultural achievement by some (see for example Young, 2009), the
addition of cyberbullying creates a perfect storm for underachievement where
it is logical for students to fear standing out as tall poppies in rankings and so
they will perform worse on average in exams and collude more in assessed course
work to increase the chance that their grades are close to others. We test this
hypothesis through the introduction of a novel rank reporting approach that
allows relative achievements to be published to motivate students and encour-
age confidence in the assessment process (Bamber, 2014; Lawrence, 2004) while
making it more difficult for others to determine the position of a particular stu-
dent in a ranking without their consent. The novel rank reporting approach is
introduced in Section 2 and analysed in Section 3 and we provide survey senti-
ment and performance impact results from two case studies where students use
a traditional and the new rank reporting approach at a New Zealand university
in Section 4. The paper concludes in Section 5 with a summary and areas for
future work.
2
Table 1: Utility and privacy features of different student ranking approaches.
The utility feature columns describe whether an approach allows students to
know their own position (Know Pos.) and whether they can use the rankings to
show their position to others (Show Pos.). The privacy feature columns describe
whether the approach provides: immediate anonymity (Imm.) wherein third
parties need additional information to identify students, indirect anonymity
(Indr.) wherein a position can be confirmed without disclosing a student’s rank
on other work, correlation anonymity (Corr.) wherein student group informa-
tion can not be used to correlate IDs and plausible deniability (PD) wherein a
student can deny a rank position proposed for them by others.
Student Name X X ✗ ✗ ✗ ✗
Student ID X ✗ X ✗ ✗ ✗
No Rankings ✗ ✗ X X X X
Unique ID X ✗ X X X X
Course Hashes X X X X X X
the approach even where the rankings are only visible to their peers in class.
Because of the lack of privacy in Student Name rankings, most New Zealand
universities provide rankings using the Student ID approach today. The Stu-
dent ID ranking approach can be seen as a simple change to the Student Name
approach wherein student names are replaced by their student IDs. Student
ID rankings provide the benefit of immediate anonymity which ensures third
parties can not identify a student from a ranking without further information.
Unfortunately however, the approach has no indirect anonymity in that im-
mediate anonymity is permanently removed from future and past Student ID
ranking reports if a student demonstrates their position to others by, for exam-
ple, showing their student ID card or if a student’s position in one ranking is
disclosed through a class prize. Further, Student ID rankings are vulnerable to
correlation analysis attacks wherein project team members can identify the IDs
of other members in shared group results which make Student ID rankings, for
all intents and purposes, just another form of “Name and Shame” rankings for
modern courses with prizes and group work.
Of course the most secure ranking approach is one that does not exist or
is kept entirely private. Unfortunately, while being secure, the No Rankings
approach does not allow students to know their own position in a class which
could demotivate some students (Lawrence, 2004) and the approach does not
allow students to show their position to others which may be required to join
some companies (e.g. Goldman Sachs, n.d.; SaSe Business Solutions, n.d.).
A secure alternative to not providing public rankings is to provide rankings
with a unique ID for each course work item for each student. This approach
has the advantage of allowing the student to know their own position in the
class, provides immediate anonymity, correlation anonymity and also provides
indirect anonymity and plausible deniability where the unique IDs are randomly
3
assigned. However the approach has the disadvantage of requiring students
to manage multiple IDs and of not providing any way for a student to show
their position in a ranking to others without the university providing explicit
confirmation of a mapping.
The ranking approach used in this work is called Course Hashes. As Table 1
shows, Course Hashes provide a means to disclose rankings to students in a
way that is just as private as Unique ID rankings while allowing students to
show their position to a third party like the traditional Student Name ranking
approach as discussed next.
publicFunction(courseID, workItemID,
studentID, privateKey) (1)
and combines course, assessed work item and student ID information with a
private key to produce an ID of a specified length. The function needs to
produce a many-to-one mapping of its inputs to Course Hash IDs using a “one-
way function” such as a secure hash (e.g. NIST, 2012) or a cryptographic cypher
used in a hashing mode (e.g. NIST, 2001; Spacey, 2001).
The technical merits of one public function implementation choice over an-
other are not important for this work as all that we care about is that it is
reasonable to expect that our case study participants would have perceived that
rankings generated with the above equation will protect their identity more
than the traditional Student ID approach they were used to. To understand
why it is reasonable to expect that our second and third year students will have
perceived Course Hashes to be a more secure alternative than traditional rank-
ing approaches (and to supplement the student sentiment results of Section 4.3
which support this assertion in any case), the following sections explain how
equation (1) delivers the privacy features of Table 1 and provide some of the
theoretical consequences of the Course Hash approach from a student’s perspec-
tive.
4
3.1 Immediate Anonymity
The only information in equation (1) that connects a student to an ID is the
studentID. Thus as Student ID rankings provide immediate anonymity, and
equation (1) has no additional information to identify students, Course Hashes
must provide immediate anonymity.
5
3.5 Consequences of Course Hashes
As discussed above, equation (1) provides plausible deniability by including
private keys in the public function’s inputs to theortically allow any student to
be mapped to any Course Hash ID with an appropriate key choice. This presents
a challenge for students – namely to find a key that maps them to a higher ID
in a Course Hash ranking. However, as Table 2 shows, the usage scenario of
the Course Hash function (being to compress private key and student dependent
information of fixed length to form a required code rather than, say, to provide a
hash to identify substitutions and changes in variable length plain text messages)
means that, it would take a considerable time or investment in high-performance
computing resources (perhaps using techniques such as Spacey, Luk, Kelly &
Kuhn, 2012; Spacey, Luk, Kuhn & Kelly, 2013; Spacey, Wiesemann, Kuhn &
Luk, 2012) for a student to find a key that maps them to a higher position in
even the 12 Base64 (Josefsson, 2006) character Course Hash IDs used in this
work.
Table 2: The repeating random key probability, number of tries and computa-
tion time in years before one student is expected to be able to claim the top
rank, find a higher rank or for a collision to be seen in the IDs produced using a
cryptographically secure Course Hash implementation with 12 character (72 bit)
IDs and private keys. The numeric columns assume a class size of 128 students
and a Course Hash ID space of 72 bits which are labeled n and N respectively in
the probability equations. The Years figure was calculated assuming a machine
capable of running a sustained 220 (1 048 576) full hash function calculations
and ID comparisons per second with the Course Hash Collision figure requiring
128 hash function generations per try. The figures are only slightly different for
non-repeating key tries as discussed in the footnote of Spacey (2014).
6
hash(courseID:workItem:studentID:key)
SaSeTM Hash
Course
Calculation
Web Form base64(SHA1(data)) Service
Student
(a) First case study’s (large class) technical architecture.
hash(courseID.workItem:studentID.key)
SaSeTM Hash
Calculation
base64(SHA1(data)) Service
Course
Web Page
get(courseID.workItem:courseHash)
Student
SaSeTM Data
rank
Service
Staff
4 Results
In this section we describe two case studies where Course Hashes were used
with students at a New Zealand university and examine the student view of the
increased privacy as well as the impact on their performance. In the first case
study students used a manual process to generate their Course Hash IDs from
their private keys and student information and in the second this process was
automated as discussed below. In both case studies a single private key was
provided for each student for all the work items of the course. The keys and
Course Hash IDs were twelve characters in the case studies to ensure signifi-
cant challenge to prevent students generating keys to map themselves to higher
rankings as discussed in Section 3.4 while remaining practical for students to
type by hand if they needed to.
7
4.1 First Case Study: Large Class
The first case study was with the compulsory second year Computer Systems
course at the University of Waikato which had 115 enrolled students of which
104 were male and 11 female and 99 were either Citizens or Permanent Res-
idents of New Zealand and 16 were international students. The course was
assessed with technical learning labs and a mid-semester test in the first half of
the course followed by project labs and a final exam in the second half. The
symmetry between the first (labs and a test) and second (labs and an exam) half
of the course allowed us to baseline student performance in the first half of the
course with students expecting Student ID rankings and then actually report
the fist half results using Course Hashes as a surprise to ensure the students
were familiar with the new high privacy reporting approach before they started
the second half of the course.
The technical architecture we used in our first case study is shown in Fig-
ure 1(a) and involved a three step usage scenario wherein:
1. a student manually gets their private key from Moodle,
2. uses a web form to generate their Course Hash ID and
3. manually looks-up the rank for their Course Hash ID in a published PDF
ranking for the work item
The students were divided on the usability of the three step process as explained
in Section 4.3 and so the implementation architecture was modified for our
second case study as discussed next.
8
database. It should be noted that the second architecture is just as secure as the
first because, while ranks are now available in an on-line database in addition
to a published PDF file, the database ranks like the PDF ranks are indexed by
Course Hash ID rather than by any personal student information such as their
student ID or e-mail address and the on-line rank update process illustrated on
the right hand side of Figure 1(b) is a secure process that only the lecturer can
use.
9
SA
SD SD SA SD SA
D A
SA SD
NAND D A
D A
NAND
D
A NAND
NAND
Valued Usable More Information More Keys
(a) Sentiment results for the first (large class) case study.
D SD D SD D SD SA A
NAND NAND NAND
SA
NAND SD
SA A SA
A
A D
(b) Sentiment results for the second (smaller class) case study.
Figure 2: Pie charts corresponding to the survey results for the questions (from
left to right) of whether the students: valued the work to protect their ranking
privacy, were comfortable using the implementation, were interested in addi-
tional technical details and whether they would prefer individual work item
keys to a single key. The labels correspond to the classifications of: Strongly
Agree (SA), Agree (A), Neither Agree Nor Disagree (NAND), Disagree (D) and
Strongly Disagree (SD).
Looking at the response to the second survey question we see that after
the first case study, the students were divided on whether the Course Hash
implementation of Figure 1(a) was usable or not. An examination of the text
responses indicated that students were dissatisfied with the manual steps re-
quired in the process and so we automated the process for the second case
study as discussed in Section 4.2 which resulted in a dramatic increase in stu-
dent usability sentiment as shown in Figure 2(b), which, perhaps because of the
increased process encapsulation, was accompanied by an increase in the per-
centage of students wanting additional technical information about the Course
Hash approach.
The last survey question examined if the students would prefer one private
key/parameterised Course Hash url for all the assessed work items in a course or
a different key/url for each work item. The question explained that with a key
for each work item, the students would be able to demonstrate their position
to others on a per work item basis rather than disclosing rankings on an entire
class level. In both case studies, the students said they would prefer to keep the
single key/url per class they were given and it remains for future work to see if
a concrete alternate architecture can make a per work item key implementation
an attractive alternative for students.
10
Table 3: Impact of introducing additional privacy in class ranking reports on
average student test/exam and assessed course work grades. The δµ and δσ
columns show the arithmetic difference in average student grades and stan-
dard deviations after introducing the Course Hash ranking approach in the case
studies. The p-value columns show the significance of the results using a paired
and unpaired homoscedastic two tail t-test for the first and second case studies
respectively.
11
control group to assess the impact of Course Hashes with the same assessments
(albeit now with necessarily different students). Doing so reveals consistent re-
sults with a decrease in average performance for the second half labs of 6% and
an increase in the standard deviation of 7% with an unpaired homoscedastic
p-value of 3% (hetroscedastic 4%). For completeness, a comparison between
the first half lab results for the two years (when the students were expecting
Student ID rankings in both cases) reveals less than 1% average grade differ-
ence, 3% standard deviation difference (which when subtracted from the 7% for
the second half labs gives us our 4% again) and a p-value of 73% (homo- and
hetroscedastic) – all consistent with the hypothesis.
4.5 Discussion
While it may be tempting to extrapolate the results of this work to a wider
context, it should be noted that there are a number of difficulties in doing so.
First and foremost, it should be clear that this paper like many others is a step-
ping stone for future research. Our approach is a quantitative approach that
maintains the established benefits of public rankings (Bamber, 2014; Lawrence,
2004) while complementing the traditional qualitative approaches used by au-
thors like Tapper (2014) and Li (2007) and without using aspects from both
approaches it is difficult to both quantify and claim causality for effects which
is why we are careful to only claim support for our hypothesis in this paper
leaving universal results for future work.
Secondly, it should be noted the year of this study was the year of Charlotte
Dawson’s death which has been attributed to cyberbullying by New Zealan-
ders (“Charlotte Dawson’s death throws spotlight on cyber bullying”, 2014).
This and other events, while not discussed in class, may well have affected stu-
dent’s perceptions of privacy and the consideration of those effects, including
any permanence, remains a topic for future work.
Finally, there is the potential criticism that we used previous assessment
results as a baseline for some of our impact figures rather than dividing the
students. Unfortunately however, dividing the students would have brought its
own issues in:
1. reducing the significance of the survey results given the expected response
rates of Kaplowitz et al. (2012),
2. highlighting the possible comparisons to students some of whom (Li, 2007)
may have then been motivated to affect the study results and
3. potentially subjecting some students to a relative disadvantage
and while this criticism has already been addressed in Section 4.4 in a way that
avoids the above issues, the collection of additional results remains a topic for
future work with the knowledge that point 2 may be difficult to address given
the release of this paper and the recognised prevalence of crab mentality and
cyberbulliers in some cultures as highlighted by the references.
12
5 Conclusion
In this paper we examined the hypothesis that in a country where crab mental-
ity is an accepted norm and where cyberbullying is a recognised social problem,
students may perform worse on average in exams and collude more in assessed
course work when there is a chance that their relative achievements can be dis-
covered by others through “Name and Shame” rankings. To test this hypothesis
we had to compare how students performed when they were expecting their re-
sults to be reported in a traditional “Name and Shame” ranking format and
how they performed when they were expecting results reported in a ranking
format that they thought other people could not determine their position from.
This meant that we needed to detail how people could determine the position of
others from traditional rankings which we did in Section 2 and propose a more
secure alternate rank reporting approach which we did in Section 3 where we
discussed Course Hashes.
In Section 4 we provided results comparing student performance when they
expected a traditional rank report and when they expected the new higher
privacy report. The results were for two case studies with a total of 131 second
and third year students at the University of Waikato in New Zealand. In both
case studies over 70% of respondents said they valued our efforts to provide
increased rank reporting privacy. This figure is perhaps all the more staggering
when you understand that the ranking privacy the students were comparing
our increase to was that provided by Student ID rankings and the fact that
university’s around the world are blindly using Student ID rankings today with
the apparent view that the approach provides a satisfactory level of privacy for
their students.
In Section 4.4 the impact on student performance of increasing rank re-
porting privacy was provided. The results were all statistically significant and
showed up to 18% increase in average student test/exam performance with a,
surprisingly consistent, 4% increase in course work standard deviation indicating
students trying harder and working more independently in response to increased
ranking privacy.
While the sentiment surveys and performance impact results of this pa-
per support the hypothesis and are consistent with other work (Dediu, 2015;
Feather, 1989; Kaplowitz et al., 2012; Kirkwood, 2007; Li, 2007; Tapper, 2014),
the difficulty in obtaining universal results has to be recognised as discussed
in Section 4.5. Additionally, it should be understood that the case studies
were both performed with technically focused students and that crab mentality
and the public cyberbullying of students, teachers and others are such estab-
lished cultural norms in New Zealand (see for example Bailey, 2014; “Charlotte
Dawson’s death throws spotlight on cyber bullying”, 2014; New Zealand Gov-
ernment, 2014; Tapper, 2014; Vance, 2012; Young, 2009) that some educational
institutions and unions may even act to prevent investigation into cyberbullying
cases when they perceive a cultural justification through crab mentality (Bing,
2014; Dougan, 2015 and see also Mouly & Sankaranb, 2002). Thus it remains
for future work to assess if the sentiment and performance impact results pre-
sented in this work cross student discipline, geographic and other boundaries in
addition to examining the relative merits of alternate technical implementations.
13
Acknowledgment
The feedback on earlier working versions of this paper provided by anonymous
reviewers is greatly appreciated.
References
Bailey, A. (2014, 24th February). Cyber-bullying blamed for death. The New
Zealand Herald .
Bamber, M. (2014). The impact on stakeholder confidence of increased trans-
parency in the examination assessment process. Assessment & Evaluation
in Higher Education, 40 (4), 471–487.
Biemer, P. (2010). Total Survey Error: Design, implementation, and evaluation.
Public Opinion Quarterly, 74 (5), 817–848.
Bing, D. (2014, 19th August). Waikato branch newsletter #9. New Zealand’s
Tertiary Education Union (TEU).
Charlotte Dawson’s death throws spotlight on cyber bullying. (2014, 23rd Febru-
ary). ONE News.
Comfort, N. (1995). Brewer’s politics: a phrase and fable dictionary. Cassell.
Dediu, A. (2015). Tall Poppy Syndrome and its effect on work performance
(Masters thesis). University of Canterbury, New Zealand.
Dougan, P. (2015, 2nd June). Uni lecturer to challenge employer over cyber-
bullying. The New Zealand Herald .
Feather, N. (1989). Attitudes towards the high achiever: The fall of the tall
poppy. Australian Journal of Psychology, 41 (3), 239–267.
Goldman Sachs. (n.d.). Summer analyst internship: Who can apply. Retrieved
30 January 2015, from http://goo.gl/SHVSX8
Internet trolls face up to two years in jail under new laws. (2014, 19th October).
BBC News.
Josefsson, S. (Ed.). (2006). The Base16, Base32, and Base64 Data Encodings
(Standard No. RFC 4648). Internet Engineering Task Force (IETF).
Kaplowitz, M., Lupi, F., Couper, M. & Thorp, L. (2012). The effect of invitation
design on web survey response rates. Social Science Computer Review ,
30 (3), 339–349.
Kirkwood, J. (2007). Tall Poppy Syndrome: implications for entrepreneurship
in New Zealand. Journal of Management & Organization, 13 , 366–382.
Lawrence, R. (2004). Teaching data structures using competitive games. IEEE
Transactions on Education, 47 (4), 459–466.
Li, Q. (2007). Bullying in the new playground: Research into cyberbullying
and cyber victimisation. Australasian Journal of Educational Technology,
23 (4), 435–454.
Livius, T. (2010). The history of rome. In 1.54. Digireads.com Publishing.
Mouly, V. & Sankaranb, J. (2000). The tall poppy syndrome in New Zealand: An
exploratory investigation. Transcending boundaries: Integrating people,
processes and systems, 285–289.
Mouly, V. & Sankaranb, J. (2002). The enactment of envy within organiza-
tions: Insights from a New Zealand academic department. The Journal
of Applied Behavioural Science, 36–56.
14
NetSafe. (n.d.). Cyberbullying information and advice for teachers and princi-
pals. New Zealand Ministry of Education Sponsored White Paper.
New Zealand Government. (2014). Harmful Digital Communications Bill.
NIST (National Institute of Standards and Technology). (2001). Advanced
Encryption Standard (AES) (Standard No. FIPS PUB 197). Gaithersburg,
MD.
NIST (National Institute of Standards and Technology). (2012). Secure Hash
Standard (SHS) (Standard No. FIPS PUB 180-4). Gaithersburg, MD.
NOBullying.com. (2013, 23rd April). Six unforgettable cyberbullying cases.
Rogaway, P. & Shrimpton, T. (2004). Cryptographic hash-function basics:
Definitions, implications, and separations for preimage resistance, second-
preimage resistance and collision resistance. In Proc. fast software encryp-
tion (FSE) (Vol. 3017, pp. 371–388).
SaSe Business Solutions. (n.d.). General questions. Retrieved 8 August 2014,
from http://www.sase.biz/faq.html
SaSe Business Solutions. (2012). SaSe Server Pages (SSP) [Product Information
Sheet].
Schneier, B. (1996). Applied Cryptography: Protocols, Algorithms, and Source
Code in C. Wiley.
Shannon, C. (2001). A mathematical theory of communication. SIGMOBILE
Mob. Comput. Commun. Rev., 5 (1), 3–55.
Spacey, S. (2001). The Spacey Cypher (UK Patent 2379587B).
Spacey, S. (2014). Selectively anonymous rankings: Design, analysis and impact
on computer science students. In Proc. of the IEEE international confer-
ence on teaching, assessment, and learning for engineering (TALE).
Spacey, S., Luk, W., Kelly, P. & Kuhn, D. (2012). Improving communica-
tion latency with the Write-Only Architecture. Journal of Parallel and
Distributed Computing, 72 (12), 1617–1627.
Spacey, S., Luk, W., Kuhn, D. & Kelly, P. (2013). Parallel partitioning for
distributed systems using sequential assignment. Journal of Parallel and
Distributed Computing, 73 (2), 207-219.
Spacey, S., Wiesemann, W., Kuhn, D. & Luk, W. (2012). Robust software par-
titioning with multiple instantiation. INFORMS Journal on Computing,
24 (3), 500–515.
SurveyMonkey. (n.d.). Home page. Retrieved 30 January 2015, from http://
www.surveymonkey.com
Tapper, L. (2014). ‘Being in the World of School’. A Phenomenological Explo-
ration of Experiences for Gifted and Talented Adolescents (PhD thesis).
University of Canterbury, New Zealand.
US Library of Congress. (2013). Tyler Clementi higher education anti-
harassment act.
Vance, A. (2012, 15th August). Proposed laws target cyber-bullying.
Stuff.co.nz .
Wang, X., Yin, Y. & Yu, H. (2005). Finding collisions in the full SHA-1. In
Proc. advances in cryptology (Crypto) (pp. 17–36).
Young, B. (2009, 11th November). Tall Poppy Syndrome – our best invention?
The New Zealand Herald .
15