Appendix Informative companion TeacherAware sub-artifact · 2026-06-20

AI Cheating at a Glance

A tool-by-tool walk of the cheating-tool industry, and the layered defense architecture TeacherAware uses to close the attack surfaces. The "How it works" deep-mechanism section is at the end for readers who want it.

§1 What this appendix is

The main paper makes the architectural case for TeacherAware and walks a worked classroom example. This appendix sits next to it and answers the specific question every teacher will have read the Goldstein NYT article and asked: does this actually work against the specific tools the article said are impossible to defeat?

The structure: verdicts up top so you can read the at-a-glance answer in two minutes; tool-by-tool depth in the middle for the specific cheating products you've heard of; the broader concerns the article raises after that (cognitive offloading, the shame pattern, the pen-and-paper retreat); the America-market-gap observation as one paragraph; the "How it works" deep-mechanism section at the end for readers who want to know how the structural defense is actually built; the article summary as reference material at the very end so the original source is at hand without taking the lead position.


[this should probably be bullets?]

§2 AI Cheating at a Glance — the verdict table

The headline. Almost everything dies at Tier 0 [i mean... why are we even still talking about tier 0... this is a full thing] — the totally-free version of TeacherAware that requires no API key, no school account, and no recurring cost. The structural defenses (OS-hook injected-event flag, GitHub-routed submission channel, paste source signatures, USB device enumeration polling) handle the entire Goldstein-article roster locally on the teacher's and students' own machines. Tiers 1, 2, and 3 add AI verification and visual evidence that confirm what the structural layer already caught, and close the small residual cases (voice-via-earbud, external-tutor dictation). The free version is not a teaser; it's the load-bearing defense.

Cheating tool / classWhat it doesAt Tier 0 (free)Tier 1+ adds
Grubby AIHumanizer — rewrites AI text to evade classifier-based detectionDies. Architecture does not classify text.
DripwriterAutotyper — simulates human keystroke pacing, typos, fixesDies at OS hook layer. Injected keystrokes are OS-flagged structurally.Tier 2 webcam screenshot also shows no hands at keyboard.
Duey.aiEnd-to-end document generation marketed as "looks like you wrote it"Dies at GitHub channel. Output is external; paste flags as S-PASTED-EXTERNAL.Tier 1 screen screenshot can show source window if open.
TypefloAutotyper (defunct after NYT inquiry)Same as Dripwriter — dies at OS hook layer.Tier 2 webcam confirms.
Perplexity CometEnd-to-end agent — completes multi-page assignment from a promptSame as Duey. No commit credential to the student's signed branch.Tier 1 screen screenshot shows Comet window if open.
Grammarly authorshipOS-level "help" that drafts substantial passagesIn-app editor sandboxed against OS suggestion injection. Out-of-app paste flags.
GPTZero (detection side)Classifier service for finished textDifferent architecture; not in competition.
GPTZero (evasion side)Tools to bypass GPTZero detectionSame as Grubby — no classifier to bypass.
Hardware HID injectors (Rubber Ducky class)USB devices that present as keyboards and type pre-programmed contentUSB device enumeration polling flags structurally on new-device-appeared.Tier 2 webcam screenshot directly shows the plugged-in device + no hands typing.
External-tutor-with-AIParent or paid tutor runs Comet, hands result to studentTutor cannot push to branch. Student handoff via paste flags; copy-typing flags via IKI mismatch.Tier 2 webcam screenshot shows the tutor in frame or shows screen-share.
Voice-via-earbud + manual transcriptionStudent listens to AI via TTS, types what they hearTranscription-signature keystrokes + zero in-app AI events — surfaceable structurally but not blockable.Tier 3 audio-environment proctoring + continuous webcam closes it for high-stakes contexts.

The pattern. Eight of the eleven named attack classes die outright at Tier 0 — the free version — via two structural boundaries that need no AI: the OS-hook injected-event flag (catches every autotyper that uses documented OS input APIs) and the GitHub-routed submission channel (catches every tool that produces a finished document). The remaining three — hardware HID injectors, external-tutor-with-AI, voice-via-earbud transcription — are flagged structurally at Tier 0 but only fully closed at Tier 1+ where visual evidence and the AI verifier add direct confirmation. For routine K–12 writing assignments, Tier 0 alone is sufficient defense against the entire consumer-software cheating-tool industry the Goldstein article documents.

§3 The cheating tools, one by one

Each named product or class at medium depth — what it does, why the architecture answers it, what residual risk remains. The deep mechanism (how the OS hook actually works, what the USB polling looks like, how the IKI baseline is built) is in the "How it works" section at the end of this appendix.

Tool 1 — Grubby AI and the humanizer industry

Rewrite AI text to defeat classifier-based detection

What it does: takes ChatGPT or Claude output and rewrites it to evade GPTZero-style classifiers. The student generates an essay externally, runs it through Grubby, pastes the humanized result into the school's submission portal.
Why it dies here: TeacherAware does not classify text. The entire humanizer product category exists to defeat a problem the architecture does not have. The student would have to paste the humanized output, which registers as S-PASTED-EXTERNAL with a paste signature, and the certificate refuses to export.
Residual: none. The humanizer industry exists to defeat a paradigm TeacherAware does not participate in.
Tool 2 — Dripwriter, Typeflo, the autotyper industry

Drip-feed AI text into the editor with simulated human typing rhythm

What it does: takes finished AI output and "types" it into the document at human-like speeds with simulated typos and revisions. To a naive keystroke-pace classifier, the result looks like organic composition. This was the article's hard case.
Why it dies here: at the OS hook layer, injected keystrokes carry a flag that the OS itself sets. On Windows the low-level keyboard hook receives every event with LLKHF_INJECTED set on synthetic input from SendInput(). On macOS the event source is inspectable via Quartz Event Services. On Linux uinput-injected events appear on a distinct evdev device. TeacherAware installs the hook at first run (with admin permissions); every chain entry records whether the keystroke was OS-flagged as injected. The certificate refuses to export if any non-trivial percentage of keystrokes is flagged — not as a statistical judgment, but as a structural rail. See "How it works" §6.b for the platform-by-platform mechanism.
Residual: hardware HID attack (USB Rubber Ducky class) — the only software-defeat for OS-level injection-flag inspection. Handled separately as Tool 9 below.
Tool 3 — Perplexity Comet, Duey.ai, the end-to-end agent class

Generate a complete multi-page assignment from a single prompt

What it does: Comet completes a 5-page lab report from a prompt; Duey.ai is explicitly marketed as "the document looks like you wrote it." The output is a finished document including formatting and citations.
Why it dies here: the GitHub-routed submission channel is the only path to the teacher's grading view, and only the student's installed TeacherAware can push to their signed branch. Comet running in a browser has no commit credential. The student must either paste the document (flags as S-PASTED-EXTERNAL) or copy-type from Comet (produces an external-transcription keystroke pattern, missing the in-app AI events that would explain LLM-shaped prose).
Residual: voice-via-earbud manual transcription (Tool 11). Bounded; comparable to heavy tutoring.
Tool 4 — Grammarly authorship and the "help" suites

OS-level autocomplete and full-document generation marketed as legitimate assistance

What it does: Cusack's most-concerning case. The student writes a fragment; Grammarly completes the passage; the student takes credit. Marketed as help, not cheating — the framing normalizes ghostwriting.
Why it dies here: Grammarly runs at the OS suggestion layer (browser plugin, native macOS suggestion API, Windows IME). The TeacherAware editor is sandboxed against external write paths — it accepts keystrokes from the keyboard, paste events from the clipboard, and structured input from the in-app AI panel. The OS suggestion layer is explicitly rejected by the editor. Students who want help use the in-app AI, which logs every exchange to the chain. Cusack's "help" worry gets answered architecturally: TeacherAware brings the help inside the sanctioned surface and requires disclosure.
Residual: voice-input via real-time OS speech-to-text with AI improvement. Produces voice-typing keystroke patterns with statistical signatures distinguishable from manual typing.
Tools 5–6 — GPTZero, both sides

The brand selling detection and evasion under one roof

What it does: GPTZero claims 99 percent detection accuracy and also markets cheating-evasion tools. The article surfaces the brand-conflict without editorializing.
Why it dies here: the brand-conflict is market commentary, not an attack mode. It is evidence that the detection-vs-evasion race has produced perverse market structures where dominant vendors play both sides. TeacherAware's positioning starts from accepting that conclusion: we do not classify finished text. The brand-conflict problem is internal to the detection paradigm and does not project onto a different architecture.
None. This is positioning input, not an attack.
Tool 7 — External-tutor-with-AI

Parent or paid tutor runs Comet, hands the student a finished document

What it does: not in the article but the natural extension. The student does not run the cheating tool themselves; an adult does and provides the result. Plausible deniability about AI use.
Why it dies here: only the student's installed TeacherAware can push to the signed branch. The tutor cannot commit. The tutor can hand the student a document — which means paste (flags) or copy-typing (external-transcription signature, no in-app AI events to explain LLM-shape). The tutor can sit beside the student and dictate — which still produces a chain showing the keystrokes plus no AI-proxy conversation, raising the explanation burden on the student.
Live dictation by a real human tutor is irreducible — it's the same residual case as voice-via-earbud (Tool 11). It is also the historic heavy-tutoring case schools have always dealt with.
Tool 8 — The "edit my essay" outsource case

Student writes 70 percent, pays someone to "edit" the rest

What it does: a softer variant of Tool 7. The student composes some real material and outsources the rest as "editing." Common in writing-marketplace platforms.
Why it dies here: partial. Edits done outside TeacherAware that come back as pasted text flag normally. Edits done inside TeacherAware that originate from a different person physically typing during the session would require the student's installed app on the editor's machine, which means the edits would appear as the student's own work. The chain is correct only if the student's identity is correctly bound to their app instance. This is the case where school-issued device + login session matters most.
Real case. The student-identity binding is the boundary; if it's loose, the architecture is loose. School-issued devices with managed sign-in close it.
Tool 9 — Hardware HID injectors (Rubber Ducky class)

A USB device that presents as a keyboard and types pre-programmed content

What it does: Hak5 Rubber Ducky ($50, programmable, presents to the OS as a generic USB keyboard) is the canonical consumer version. Plugged in, it types whatever script is on it. To the OS this is a real keyboard; no injection flag is set because at the OS level, no software injection happened.
Why it does not fully die here: this is the only software-defeat for the OS-hook injection-flag defense. Four layers stack against it:
  • USB device enumeration polling. TeacherAware polls connected USB HID devices on a regular cycle (every 10 minutes during composition; on each focus change; on each new keystroke source). A new HID device appearing mid-essay flags structurally.
  • Webcam tier trigger. "Unexpected USB HID device appeared" can be configured as a webcam-recording trigger. The student sees the trigger fire; the teacher sees a brief recording showing whether a device was plugged in.
  • MDM USB whitelisting for managed deployments. Districts that take this seriously deploy policies restricting which HID devices the student's machine accepts. Standard school-IT practice; not a new ask.
  • Cost-of-attack curve. A Rubber Ducky costs $50 and requires programming. Not a realistic threat model for routine 9th-grade English. The proctored tier addresses it for high-stakes assessments (board exams, college admissions essays).
Real residual for high-stakes contexts; addressed by proctored tier + MDM. For routine work, the cost-of-attack curve is the actual defense.
Tool 10 — Kernel driver / Secure Boot disabled attack

The motivated attacker case

What it does: a kernel-level keystroke synthesizer that runs below the OS hook layer, generating events the hook cannot see as injected. Requires loading a kernel driver, which on a Windows machine requires either disabled Secure Boot or a stolen signed driver.
Why it largely dies here: not a realistic threat model for student cheating. Loading a kernel driver requires admin privileges the student doesn't typically have on a managed device, and Secure Boot is on by default. On unmanaged personal devices, this is theoretically possible but operationally far above the consumer-software threshold the article documents.
Nation-state-level adversary. Not a student-cheating threat model. Named here for completeness only.
Tool 11 — Voice-via-earbud + manual transcription

The irreducible residual case

What it does: the student wears earbuds, listens to ChatGPT speak the essay via text-to-speech, types what they hear. Defeats keystroke-pattern detection (it's real human typing) and webcam gaze tracking (eyes on screen). The hardest pure-software case to detect.
Why it partly dies here: manual transcription still produces a chain that does not match an authentic composition pattern. Voice-typed text has characteristic statistical signatures (sentence-by-sentence keystroke clusters separated by listening pauses; no within-sentence revision; vocabulary that exceeds the student's IKI-baseline-correlated style). The chain shows AI-shaped prose with zero in-app AI conversation, raising the explanation burden on the student. Audio-environment proctoring at the proctored tier addresses it directly for high-stakes cases.
Acceptable residual. Comparable to historic heavy-tutoring patterns; bounded; flagged structurally; addressable via proctored tier when policy requires.

§4 The broader concerns the article raises

The article surfaces several concerns that are not attack modes per se but are part of the landscape that determines whether teachers can adopt the product. Each one is a place where the architecture has a specific answer.

Concern A — Cognitive offloading

"People who rely on A.I. can experience cognitive offloading, a process in which they fail to build new skills, or their existing skills degrade."

Orthogonal to cheating — the worry is that even honest, disclosed AI use erodes the cognitive habits writing instruction is supposed to build.

The rubric distinguishes S-AI-RESEARCH (cognitive engagement — the student asked, learned, then composed) from S-AI-DRAFT (cognitive offload — the AI produced text the student edited). The dashboard shows per-student trend across the semester. A student trending heavy on S-AI-DRAFT flags structurally, which lets the teacher intervene before a habit ossifies.

Pedagogically: assignment specifications can require minimum percentages by tag — "this essay must be at least 70 percent S-ORIG with no S-AI-DRAFT paragraphs" is an enforceable rule because the certificate-export rail can refuse violations. The offloading concern becomes a tunable design parameter rather than a vague worry.

Honest framing: this surfaces and bounds the risk; it does not eliminate it. Teachers choose policies that match their pedagogical goals, and the system enforces them structurally instead of leaving them to honor-code wishful thinking.

Concern B — The "level of shame" pattern

Jenny Ng, Harvard sophomore: "AI use is ubiquitous at Harvard. There is a level of shame about using it."

Everyone does it; nobody admits it; integrity becomes performative — the worst possible equilibrium.

The shame stems from a binary frame ("did you cheat or didn't you?") with AI use treated as cheating-by-default. The rubric replaces the binary with structured disclosure: what kind of AI use, to what extent, with what attestation. Diego the ELL student using AI as a translation partner is not confessing — he is describing what happened, and the rubric supports the use case. Honest answers stop being shameful because the framework makes appropriate use first-class.

Concern C — Harvard's pen-and-paper retreat

Harvard professors responded by weighting oral and pen-and-paper exams more heavily.

The cautious move. Sacrifices take-home writing pedagogy for the integrity gains of in-class assessment.

TeacherAware preserves take-home writing as viable. The teacher does not have to give up the take-home essay to keep integrity intact, because the chain provides the integrity rail the format historically lacked. Pen-and-paper stays available for what warrants it; take-home writing comes back as a legitimate vehicle for the multi-day iterative work that builds composition skill.

The product framing line: TeacherAware exists so you don't have to choose.

Concern D — Maxwell's partnership framing

"Future writing will be a partnership between artificial intelligence and human discernment."

Maxwell is right in principle. The question is whether anyone is building the surface that operationalizes it.

TeacherAware is that surface. The in-app AI is the partner; the editor is where human discernment composes; the rubric is the legibility layer between them; the certificate is the structured artifact of the partnership. The major-vendor education head and TeacherAware agree on the destination; the architecture is what ships.

Concern E — Cusack's "help-vs-cheat-marketed" distinction

"I find the apps explicitly marketed as cheating less problematic than the ones marketed as 'help.'"

At least the cheat-marketed apps make the use case clear. The help-marketed ones normalize ghostwriting under a friendly label.

TeacherAware's positioning is congruent. The product is marketed as "make your AI use legible," not "make your AI use invisible." The framing is the architecture. The only ethical product position in this category is one that requires disclosure as a feature, not as a marketing afterthought.

Concern F — "Withholding A.I. entirely was educational malpractice"

Maxwell's strong claim.

Agreed and operationalized. Bans force students into dishonesty; structural disclosure invites them into legitimate use. TeacherAware enables responsible inclusion, not exclusion. The pedagogical claim for the paper: responsible inclusion is the only ethical option in 2026, and structural infrastructure is what makes it work in practice.

§5 The America observation — the market gap, in one paragraph

America has built a cheating-evasion industry; nobody has built a cheating-prevention industry that doesn't lose the arms race. Grubby, Dripwriter, Duey, Typeflo, Comet, Grammarly's authorship tool, GPTZero's evasion side — well-funded, slickly marketed, distributed through TikTok influencers including Harvard sophomores. The detection side is GPTZero and a few competitors, all stuck in the losing race the article documents. The structural alternative — source-constraint via sanctioned environment — does not exist as a commercial product. The gap exists because the obvious move requires giving up on the classify-finished-text paradigm, and that is a bigger psychological pivot than most ed-tech vendors will make. Detection vendors built the business; the business prevents them from seeing the architectural alternative even when their own market analysis says it is required. The teacher in the trenches today does not care about market analysis; the principal, curriculum coordinator, district CTO, and bar-association attorneys reviewing the school's AI policy do. Naming the gap gives them the frame they need to defend deploying TeacherAware against the obvious "have you considered detection-vendor-X?" pushback.

§6 How it works — the layered defense architecture

Everything above is the verdict. Everything in this section is the mechanism — for readers who want to understand exactly why the verdicts are correct, and for the principal-CTO-attorney audience that will need to read it before signing a contract.

§6.a The four defense layers, from weakest to strongest

The defense is layered, and the layers are not equal. The weakest layer is the one the previous version of this analysis led with (statistical signal); the strongest is the one the architecture actually depends on (OS-enforced injection-flag inspection). Honest framing matters here because the layered structure is what makes the defense robust against attacker creativity.

LayerWhat it catchesDefense type
Application event handler onlyNaive autotypers via IKI / semantic-pause / revision-pattern statisticsStatistical — degrees, not absolutes
OS keyboard hook with injected-event flagEvery software autotyper that uses documented OS input APIs (SendInput, CGEventPost, uinput) — Dripwriter, Typeflo, AutoHotkey, Puppeteer, SeleniumStructural — binary, OS-enforced
USB device enumeration polling + co-event consistencyHardware HID injectors (Rubber Ducky class); headless automation; missing co-events (mouse, scroll, focus)Structural — direct observation
Webcam tier trigger + MDM USB whitelistingHardware HID attacks at the policy layer; voice-via-earbud at the proctored tierPolicy + proctoring

The crucial thing about this table: the structural layers (2, 3, 4) do not depend on statistical confidence. An autotyper either has the OS-injection flag set on its keystrokes or it doesn't. A USB device either appears in the device-enumeration log or it doesn't. The webcam trigger either fires or it doesn't. The statistical layer (1) is the secondary catch for cases where structural layers miss; it is not the primary defense.

§6.b The OS hook layer — the load-bearing defense

Every major desktop OS has a privileged hook layer above the application event queue. This is the layer at which anti-cheat systems for online games operate (BattlEye, EasyAntiCheat, Vanguard), password managers store and inject credentials, and accessibility tools mediate input for assistive technology. TeacherAware installs a keyboard hook at this layer at first run, requesting admin permissions if not already running as administrator. The hook captures every keystroke before it reaches any application, including the TeacherAware editor itself.

At this layer, the OS itself tells us whether an event came from a real keyboard or from a software API. The flag is not app-settable; it cannot be spoofed from user-space.

Windows

SetWindowsHookEx(WH_KEYBOARD_LL) installs a low-level keyboard hook. Each event carries a KBDLLHOOKSTRUCT with flags including LLKHF_INJECTED (set by the OS on synthetic events) and LLKHF_LOWER_IL_INJECTED (set when the injection came from a lower-integrity-level process). Both flags are set by the kernel; user-space cannot clear them. SendInput()-injected events from AutoHotkey, Dripwriter, Puppeteer, and similar all leave these flags set.

macOS

Quartz Event Services exposes the event source via CGEventGetIntegerValueField with kCGEventSourceUserData and kCGEventSourceUnixProcessID. A process with Accessibility permission can see which process emitted each synthetic event. CGEventPost calls leave a process trace. The Accessibility permission is the gate; managed deployments grant it via MDM profile.

Linux

Software-injected events arrive on a uinput-backed virtual evdev device, distinct from the real keyboard's evdev device. Monitoring at the evdev layer distinguishes them trivially. Less commonly the threat model for student devices but identical mechanism.

The chain records, per keystroke, whether the OS flagged it as injected. The certificate refuses to export if any non-trivial percentage of keystrokes (default threshold: above 1 percent) is flagged. The teacher dashboard shows the row with an "injection detected" status. There is no statistical inference here — it is a direct readout of the OS's own injection flag.

§6.c USB device enumeration polling — the hardware HID defense

The OS-hook layer cannot distinguish a USB HID device pretending to be a keyboard (Rubber Ducky class) from a real keyboard, because at the OS level it is a real keyboard. The defense moves to enumerating connected HID devices.

For managed school deployments, the MDM layer above this is the institutional defense — district IT pushes a policy that whitelists which USB HID devices the student's machine accepts. This is standard practice for school-issued Chromebooks and laptops; not a new ask.

§6.d The admin permissions question

The OS-hook layer requires elevated permissions to install. This is the cost of the defense, and it has two paths depending on the deployment context.

The admin-permission requirement is the same boundary that legitimate anti-cheat systems, password managers, and accessibility tools cross. It is a known consumer software pattern, not a novel ask. The privacy implication — TeacherAware can see every keystroke while the hook is installed — is bounded by the app's explicit policy: keystrokes are recorded only into the chain for the active TeacherAware writing session; nothing is logged when TeacherAware is not the active writing surface, and nothing is transmitted off-device beyond what gets sealed into the certificate.

§6.e The GitHub-routed submission channel

The other structural defense, separate from the OS-hook layer: the teacher receives student input only via the student's signed branch in the teacher's class repo. There is no other submission path.

The repo-as-inbox model is also the reason the teacher does not need to babysit the LMS during the school day. When she opens her dashboard, it pulls from every student branch and reconciles. No real-time anything. The git architecture handles distributed-update reconciliation as a native primitive.

§6.f The application event-layer statistics (the confirming-signal layer)

For completeness: the statistical signals at the application event layer remain useful as confirmation, even though they are not the primary defense.

These signals confirm what the OS-hook layer already caught. If the layers ever disagree — OS hook says "no injection" but statistics say "suspicious pattern" — the disagreement itself is informative. The teacher reviews; the system does not adjudicate.

§7 The Goldstein article — source summary

Dana Goldstein, The New York Times, 2026-06-18. Title: Student Cheating Is Becoming Impossible to Detect in an A.I. Era — Big tech companies and small start-ups are using social media to hype new tools that allow students to trick teachers and A.I. detectors.

What the article documents. By mid-2026, the student AI-cheating ecosystem has matured into a distinct consumer-software category. TikTok and YouTube tutorials promote a class of "humanizers" (rewrite AI text to evade detection) and "autotypers" (drip-feed AI text into documents with simulated typos and pauses). Roughly two-thirds of American students use AI regularly for schoolwork; about 9 percent admit outright cheating in surveys; three-quarters of College-Board-surveyed professors report student AI use, with more than 90 percent expressing plagiarism concern.

The named products. Grubby AI, Dripwriter, Duey.ai, Typeflo (deleted after NYT inquiry), Perplexity's Comet, Grammarly's authorship tool, GPTZero (which claims 99 percent detection accuracy and also markets cheating-evasion under the same brand).

The named voices.

The cognitive-offloading concern appears late in the article and is framed as orthogonal to cheating-detection: "Several studies have shown that people who rely on A.I. can experience cognitive offloading, a process in which they fail to build new skills, or their existing skills degrade."

What the article does not propose is a structural alternative. It documents the detection race as failing, names a few mitigations (heavier in-class assessment, partner-not-replace framing) and stops. The space where TeacherAware speaks is exactly the structural alternative the article gestures at but does not fill in.

Authored:
2026-06-20 worker-spawn from master 81c8c3ae (TeacherAware article-coverage thread)
Artifact type:
Informative companion appendix to teacheraware-2026 (parent paper)
Sibling artifacts:
teacheraware-build-plan-2026 · teacheraware/notes/teacheraware-product-scope.md (internal scoping)
Source article:
Goldstein, Student Cheating Is Becoming Impossible to Detect in an A.I. Era, NYT, 2026-06-18 — worked from verbatim excerpts in the briefing; full article not separately fetched.
Status:
v2 (restructured to "AI Cheating at a Glance"; OS-hook layer + USB polling as primary defense; statistical signals demoted to confirming-signal-only role)
Relationship to main paper:
Hyperlinked both directions via metadata (x-parent, x-relation, x-artifact-type) and visible callouts; intended to surface in the Workbench artifact picker as a related sub-artifact of the parent paper.