The current global Canvas hack has many critical ed tech people in my circle shouting “I told you so!”

For those who aren’t familiar, the Canvas “learning management” platform, owned by Instructure and used by almost 9000 schools and universities worldwide, was hacked about a week ago. The hackers have system data, including millions of students’ personal information, and are holding the company for ransom with the threat of leaking that information publicly. To avoid further risk (or, more specifically, to avoid students seeing more hacker graffiti) Canvas access is blocked by many schools, including three of the universities with which I am affiliated. It’s the end of semester and students can’t submit their final assessments, nor can teachers mark the ones that have been submitted.

So it’s all a bit awkward.

I’m not in platform studies. I’m not here to analyse the situation, or to jeer. My point is not “I told you so”. It’s just a reminder, and one I’ve had to repeat many times over my years of work in learning design:

The Canvas site is not the course.

Our students are still here, and our teachers are still here. They still have access to physical campuses, email, printers, messaging services, each other. Whatever is “in” Canvas is not necessary for education – that is, unless the teacher doesn’t know the subject they are supposedly teaching. In which case it wasn’t education before the hack, either.

In the face of this staggering breach of a single point of failure for education ministries worldwide, we are having a lot of frantic conversations about “platform governance”. What we should be talking about is this: education is us. It’s not in a computer system, however well or poorly managed. As Janine Arantes reminds us, this Canvas breach isn’t simply a “cybersecurity incident”. It highlights what we’ve all known for a long time, which is that “education systems” locate education outside of people.

I’ve said it before: care doesn’t scale. That’s because relationships don’t scale. And education is nothing less than the relationships that enable human knowledge to be shared and valued by humanity.

Software vendors can’t commoditise that; hackers can’t hack it. It’s not in the data. It’s not “in” anything. To borrow from Alex Hanna, it’s the sauce.

Stop mistaking data for knowledge.