[2024] UKUT 00142 (IAC)

Christopher Stanbury’s specialist field is Computing, and in particular, Database programming, Web Site development and search engine marketing. His expertise in those areas is not challenged. In his report dated 2 November 2023, in summary, Mr Stanbury concludes that there are a number of ways in which a candidate might falsify their own test results without the assistance of a test centre:

Mr Stanbury also identifies a number of ways in which a test centre can manipulate the test results:

As to the types of fraud perpetrated, he states:

“6.1.31

With regard to the "types of fraud", much is speculation given that evidence has long since been lost and information from ETS has been disappointingly sparse. The only three types of fraud of which we have good evidence are the direct replacement depicted in the episode of Panorama where pilots replace candidates in the test room, the use of TeamViewer and the "hidden room" as evidenced in the Project Facade reports for Birmingham and Queensway. I have discussed other possible methods elsewhere in this report but in my opinion there is little compelling evidence for them.

6.1.32

Any explanations of what might have happened at test centres have been limited to speculation by the experts involved or by ETS auditing staff (employed to check the test centres were complying with ETS rules). I have examined a statement made by Richard Shury …and by Michael Isaac Kossew … (ETS trainer and auditor), they believed, as I do, that some form of automated cloning system would have been possible. Richard Shury's later statement …confirms that remote control was definitely being carried out. Richard believed that a candidate would be aware "that his computer was being accessed remotely". I agree that this would likely be the case if remote control software were in use but would definitely not be the case if the hidden room was a separate facility and the candidate's results were being ignored. This would have meant that the candidate might have been unaware that their results were being tampered with by the test centre staff…”

Mr Stanbury has for some time held a belief that a ‘hidden room’ method was adopted on a blanket basis so that TCA’s were able to substitute test results from a ‘hidden room’ in place of those from the room in which the candidates were sitting. Following a meeting of experts on 27 July 2016, Mr Stanbury and Professor Peter Sommer agreed that it would be possible to run a simultaneous testing session using proxies that could be in a room anywhere in the world, as a variant of the ‘remote control software’ hypothesis, without the need to use remote control software. Mr Stanbury refers to:

Mr Stanbury states:

“6.2.12

I believe it is possible a test centre could have, for example, a test room upstairs and a test room downstairs that worked in parallel (note - technically, the second test room could be in a different building or even country). The proxy (pilot) test takers all sat in the hidden (upstairs) room whilst a mix of the genuine and non-genuine (cheating) test takers sat in the downstairs room. In this scenario, the genuine test takers would have thought they were taking the test but, in fact, their answers were potentially being discarded and the answers of the proxy test takers used instead.”

In cross-examination Mr Stanbury said that he has seen evidence that supports his view that it is possible that a system could be operated where genuine test takers would have thought they were taking the test. Mr Stanbury referred to an assessment of the security of the TOEIC ‘speaking and writing’ test through the YBM platform completed in October 2013. There were several incidents of ‘remote testing’. Two particular scenarios are identified:

“A.

Real test takers were pretending to answer the questions while the real testing was done by proxy test takers in the same building, this was possibly done through sharing the monitor, the technique used was not revealed to us.

B.

The admin will start the test in the real test room, shortly after the test is started in a proxy room and the same test takers details are entered, in the real room the test takers are answering the test so for the outside observer the test seems to be running according to procedures, however at the end the proxy tests are uploaded instead.

During the exam the Manager PC in the real room appeared to be offline, and the manager PC for the proxy room was online, both had the same proctor password displayed, no traces of this malpractice on the YBM back office system can be seen. We have tried to mimic the B scenario in our office, we discovered that the manager PC could be run on more than one PC, we ran it on three PCs using the same code, however each generated a different proctor password which was not the case on scenario B, in our testing we were able to see that there were more than one PC on the YBM back office system and by looking at the Cleanup date field we could see which test manager PC the test was uploaded from.”

This, Mr Stanbury claims, demonstrates that it was feasible to have a hidden room, and that, if used in the way described in the report, then it would be an all or nothing approach. That is, the test centre would have to use either all the results from the hidden room, or all the results from the real room. Mr Stanbury believes that it might be technically possible to mix the results but that would require a lot more technical awareness and would be fraught with danger. It is, he claims, entirely plausible that some of the candidates might be completely unaware that their answers are being ignored. Furthermore, auditors visiting the college would be completely unaware that the hidden room was being used. There would be no tell-tale signs of remote testing (as there would be with TeamViewer). The main test room was essentially irrelevant apart from being a good cover for the fraud.

Mr Stanbury believes that although it may be possible to find out a candidate's registration number, it is more likely that the administration staff would take the easieroption of replacing ALL the candidate's results with those of proxy test takers on the basis that, if desired, all the candidates would pass the test regardless of whether they were paying extra or not. This would be easier and less prone to error than selectively replacing files for those candidates prepared to pay extra to cheat. This would explain why innocent candidates were caught up in the fraud unwittingly.

Mr Stanbury also referred to an email sent by Riaz Ashfaq to Richard Shury on 16 July 2023.The email refers to a college in Walthamstow, Queensway College’. The author of that email provided the following information:

“They keep all the students on the 2nd Floor and the helper (they call Pilot) sit in the other floor, which is other side of the college ( can be called 1 and half floor)…

Both the students and the Pilot log in to system simultaneously. The students are instructed to do everything as if they are doing test. At the same time the Pilots do the same test. They have developed a system in such a way that in the server you can just see one log in. When the exam is finished, they upload and submit the exam given by the Pilots.

They have been doing it even in presence of the person sent by ETS. The system they have setup is so well designed that no body will understand it even if the ETS representative upload and submit the exam.”

Finally, Mr Stanbury refers to an email sent by Ahmad Bdour to a number of people at ETS Global including Richard Shury concerning the security of the testing platform on 23 January 2014 after concerns were raised about the possibility of remote access and the use of ‘multiple manager PC’s’. Ahmad Bdour said:

“Multiple Manager PC’s

we also discussed the issue with the ability of tests running on more than one manager PC using the same test code and in the end uploading only one (which is an issue we came across) and which for us leaves no traces of malpractice on the admin platform, Sanghwan was not able to explain this and requested to have more information, I would like to provide them with:

-

Test center name and test date of when we were sure this has happened, Queensway, 3 test dates before our last audit..

-

3 test centers we have doubts about for close observation by YBM”

…”

In his evidence Mr Stanbury accepts that the ‘parallel testing (cloned manager PC)’ method would require careful planning by the test centre staff, at least some of whom would need to be acting dishonestly. Although he claims it would not be hugely difficult to set up from a technical point of view, he accepted in cross-examination that it would not be difficult for someone who has experience of setting up network computers and technical expertise. However, once set up, it would be easy to manage. He maintained that a recording of the candidate’s test could be substituted with the ‘proxy test taker’s’ test, without the candidate’s knowledge. He states in his report that if the test recordings were uploaded immediately, there would need to be a ‘mirror PC’ being used to answer the questions with the candidate's "Unique ID". The ‘mirror PC’ would be connected to the internet and the genuine candidate’s computer would not. In cross-examination, he accepted that he said that he has a ‘reasonable idea’ of what was going on, but he has not spoken to anyone directly about what was actually going on.