Web Quest Survey: Security, Ethic and Privacy Concerns of Web 2.0 Media

1. Identify the security concerns that you personally feel need to be addressed before using a web resource or service

a. How do you ensure your students are safe when using Web 2.0 resources and meet district technology guidelines?

When thinking about security concerns that I feel need to be addressed I can categorize a list of questions that falls into three general categories: Web Site Questions, Student Experiences Questions, and Teacher/School Site Questions. The following is a list of questions in each category and my accompanying justification for each.

Web Site Questions:

Is the site reputable? Is the site published by an individual or larger organization? Can the site be trusted as virus/malware free and as a factual source? Does the site contain any bias? Is the site currently banned by a school filter and why?

Justification:

Web resources must be evaluated with the same concerns and rigor that other media are held up to when ascertaining their legitimacy/validity. In fact one could argue that since web resources are becoming so increasingly accessible over other types of media that we must hold them up to an even higher standard. A lot of information can be ascertained by looking at a web site’s domain name and knowing who/what entity is responsible for it’s posting. Knowing who or what group published the site can at times tell you more that the web site itself about how far one can trust the specific site. Also, knowing if the site is currently allowed by a school’s/district’s current filtering protocols can give you some indication as what types of web sites may pose a threat to school-wide networks. Although, schools must often times use broad filtering criteria that unfortunately also blocks many potential useful and legitimate sites in addition to suspect ones.

Student Experiences Questions:

What past experiences have my students had with using Web 2.0 resources? How familiar are my students with Web 2.0 resources and which ones have they used most often? Have any of my students engaged in unsafe Internet practices in the past at school or at home? Have my students acquired any Internet safety information from past teachers or their parents?

Justification:

In all areas of a student’s education they need to be taught how to think critically and technological issues are no different. The above student experience questions are critical if we are to scaffold a student’s technological learning from the known to the unknown. One must know a student’s past experiences and familiarity with Web 2.0 resources to effectively teach them further. Given the vastness of Web 2.0 resources it is helpful to know what holes may exist in a student’s knowledge base. Knowing a student’s past history regarding Web 2.0 resources also helps in giving them specific knowledge to keep them and others safe while online. It can also be helpful to know what specific Internet safety classes/information a student may have received from past teachers or parents as this can vary widely given various teaching and parenting styles.

Teacher/School Site Questions:

Have specific and well-developed Internet safety policies been written, taught, and enforced among the student population? What protection measures have been tried in the past and are currently being applied? What type of security issues have been encountered at the school in the past and how have they been dealt with? What is the current administration’s/district’s philosophy regarding the balance of needed security measures with the need for student/staff productivity and ease of use? Do teachers/administrators generally feel that the student population can be trusted to make safe and wise decisions? Do all school site computer require at least one log-in username and password required from each student/staff? Are the school computers set up in such a way as to be easily monitored and physically secured? Does all staff understand the need to actively monitor any students engaged in online learning?

Justification:

In my mind these teacher/school site questions are among the most important school network security questions primarily because the school staff can profoundly impact them based on individual and collective staff choices. Today’s teachers must understand and effectively work with Generation Y students and younger who have never known a time without a vast array of easily accessible Web 2.0 resources. As one unidentified risk manager in Cara Garretson’s article (Facing Generation Y Security Issues) relates, “flexibility must be accompanied by well-defined policies and layers of security technology.” He goes on to further state, “you need to specifically define parameters for what is and is not allowed in your policies, and spell out what will be the result of any violations.” Having a well-developed Internet safety policy that are proactively communicated, taught, and enforced is a key first step security measure. The specifics of such a policy may vary in an effort to provide the least restrictive and most productive policies to different age groups and school user groups. The current best course of action regarding Internet security policies will depend greatly on the school’s past experience/approach and that of current administration.

A parallel issue is how much school staff trust their students to make generally safe and wise decisions. Ultimately, security issues are blend of social and technological solutions that allow us all to work together efficiently. As Tim Bray, director of Web technologies at Sun Microsystems Inc., states, (Keeping Secrets in a WikiBlogTubeSpace World, by Mary Brandel, Computerworld, March 2007) “If employees can’t be trusted, technology is the least of your problems.” If one replaces the word “employees” with “students” I believe the same sentiment applies.

In addition to a sound and proactively taught Internet safety policy some automatic measures can be taken. At the very least I would agree with “The Lawyer’s Guide to Mobile Computer Security,” in that “All computers should
require at least one password for login. Individual documents containing sensitive information that are shared electronically should be individually password-protected.” Login requirements and specific password protected documents can do much to thwart opportunistic infringements. Also, enabling login requirements greatly helps when tracking down who potential culprits might be.

Login requirements are akin to prudent physical measures such as locking computer lab doors when not use and proactively monitoring learners while they are engaged in online activities. We must not forget or take for granted the simplest of measures before we brainstorm more advanced ones.

Ultimately, security will be best found when using a multifaceted approach that includes policy and technology. As Mary Brandel points out in “Keeping Secrets in a WikiBlogTubeSpace World,” “a combination of antivirus software, URL filtering, application controls, Web reputation services and “safe search” tools” in addition to sound policies all contribute in creating a “secure Web gateway.”

Additional Sources:

1. Bill Helling (http://www.firstmonday.dk/issues/issue3_2/helling/) highlights the fact that many web-sites enable Cookies which “can store the collected information - usually unannounced - on the visitor's hard drive. In some cases, the server itself stores the data and gives the visitor a code instead. When the visitor returns later to the same site, the visitor's browser gives the cookie's information (or the code to access the information) back to the server, and the site can recognize the visitor, perhaps presenting a more personalized version of itself or specifically targeted advertisements.” While this can be helpful in many cases it also raises security and privacy issues especially when users operate on computers that are publicly accessed.

2. Furthermore, schools face legal implications for not having security measures in place. Schools and libraries in the state of Alaska must comply with (Children’s Internet Protection Act) CIPA requirements in order to receive funding for Internet access and connections. Examples of requirements include: blocking sites depicting child pornography or obscenity and providing a filtering mechanism. More information can be found at: http://www.library.state.ak.us/usf/cipa.cfm

2. Ethic concerns are subjective by the individual who uses the Internet.

a. After reviewing the provided articles, please discuss the ethic issues that concern you most when using this new media.

The issues that most concern me regarding ethics include confidentiality of sensitive information and copyright issues. Web 2.0 effectively opens the door for a plethora of opportunities that social networking sites provide ready access to. Issues of confidentiality and copyright are becoming increasingly more muddied. The old adage of “do no harm” commonly used in the health care arena now applies to that of technology (KnowledgeCenterSecurity).

Any business or educational institution needs to takes steps in order to protect consumers’ or students’ personal information, which is becoming increasingly more difficult. In the business world, both businesses and consumers hold responsibility for maintaining confidentiality. For example, a bank issues a debit card with a secure access code. It is the bank’s responsibility to take precautionary measures to protect access to the code, but it is also the consumer’s responsibility to keep both the card and the code in separate, secure locations. The same logic does not necessarily apply to educational institutions. School staff are responsible for the confidentiality of student information, from the teacher who neglects to log out of the computer at the end of the day to the janitor who looks at the computer screen with student information. Students are not expected to maintain their own confidential student records; it is the responsibility of school staff to do so.

In any school or business, it is becoming easy for information to be transmitted to parties not authorized to access information. All devices need protective measures taken to safeguard sensitive information, including iPods and thumb drives. Schools and companies need to develop security policies to cover all mobile devices, not simply limited to laptops and desktops. Treat a USB flash drive as one would an office key, keep it attached to keys and in a protected area. Protect documents so changes cannot be made by saving to PDF format. (Freedman, et al., 2007).

Copyright issues pose a concern as more information is becoming increasingly accessible online, both through legal and illegal means. In the area of education, this takes two main approaches. First, as educators, we need to do our part to attribute credit where it is due. The Creative Commons blog notes some measures such as resources that post a small icon or link to the credits. Displaying such information or taking a moment to acknowledge the artist or author provides a good role model for students. Educators also need to be aware of accessing information legally. According to the Copyright Term Extension Act (CTEA), works published prior to 1923 may be entered into public domain. Be aware of adaptations, make sure to use the original (Jassin, 2003) CopyLaw.com. The second approach is to teach students proper use of copyright as students use Internet resources for research and learning.

On the flip side, is the idea that educators have a legitimate right to use resources within the confines of education for “educational purposes only.” This point is argued by an anonymous blog entitled etc@bmc that can be found at: http://www.brynmawr.edu/etc/etcblog/2007/05/copy-protection-web-20-and-education.html. This site argues for educators to remind lawmakers of our legal right to use resources for education purposes, before this privilege is removed as well.

b. How do you teach your students to adhere to acceptable online ethics and copyright issues? This is a big one so please spend time discussing this.

Ultimately, protection of sensitive information and using copyright information ethically comes back to awareness and education. All the hardware and software precautions in the world such as firewalls, filters and anti-viruses cannot take the place of teaching students and others about their responsibility to use and distribute information in an ethical manner. This fact is highlighted by Rick Cook in an article entitled Protecting Yourself with Web 2.0 CRM (http://www.insidecrm.com/features/prtoecting-yourself-crm-031208/). In this article Rick states, “Although the details of some of threats, especially Web 2.0 attacks, can be extremely complex, the most important way to protect yourself, your company and your customers does not involve technology at all. It relies on good, old-fashioned awareness. Awareness and education are not substitutes for protective measures like firewalls and filters, but all firewalls, security software and gadgets are useless without them.”

We need to teach students responsible practices for use of resources found on the web. It used to be that we taught students not to copy more than 3 consecutive words from an encyclopedia while doing a report. The same set of rules, expanded to apply to online resources, needs to be explicitly taught to our current “cut and paste” generation of young persons. Information such as copyright laws that can be found at CopyLaw.com, need to be taught (Jassin, 2003) in order for educators to hold students accountable to them. Older students may understand the ethical dilemmas of students caught cheating on open-book tests which are described at: http://www.businesspundit.com/the-business-ethics-of-web-20-does-collaboration-and-open-source-blur-the-line-of-what-it-means-to-cheat/

Let students know that you will be checking up on them. Students tend to think they can access information via the Internet and tend to forget that teachers can too! Following a lecture on responsible use of Internet resources and copyright information, I would take any papers that did not sound like the student’s typical writing style and Google segments of their writing in looking for plagiarism. I then highlighted the plagiarized text and gave it back, letting them know this was a warning and they must redo their work. If I caught the same student plagiarizing a second time throughout the year I would assign them an automatic “F” for that assignment.

Cara Garretson writes in the article entitled “Facing Generation Y Security Issues” http://rhetorica.uaf.edu/moodle/mod/resource/view.php?id=69) that “If you make things too restrictive, younger employees may just pack up and go elsewhere.” This same principal may also apply to students who face too many restrictions. They may either ignore them entirely or refuse to complete the assignment. Need to balance rules with a reminder of why rules are in place, and keep rules simple.

Students need to have impressed to them that someday they will be responsible for the security of sensitive information with severe consequences applied for the distribution or security of such data. Resource for teaching students about intellectual property rights, aimed at teens, can be located at: http://www.mybytes.com/index.html
Under the “viewpoints” section, students may listen to artists’ opinions on Intellectual Property Rights and learn how and why adhering to such (word) is important. Listening to real-life artists may have a larger impact on their understanding than a lecture from their teacher.

Provide students with examples they can relate to. Teach students how commonly used applications use their personal information, for example MySpace, Flickr, Digg. As Wil Harris (http://www.bit-tech.net/columns/2006/06/03/web_2_privacy/1) suggests teens might find it interesting that these sites pour money into the sites, seemingly without making a profit. The profit comes from knowing information about you, based on your posts. Information that advertising agencies can target to you. Students need to be made aware of how their seemingly innocent actions may have longer-term consequence.

3. Privacy issues concern all users of the Internet from children sharing too much personal information and private information inappropriately used by others.

a. What controls would you put in place to safe guard your students?

I would advocate for the following safeguards and controls for students in my classroom and throughout my school.

1. A thorough Internet usage and Network policy that has been formulated by the school’s Technology team and is understood by all teaching staff. If necessary I would advocate for in-service time to educate teaching staff how to consistently implement the policies throughout the school.

2. I would advocate highly for a school’s administrators and Technology team to be forthright in impressing the importance of education as a means to prevent many potential student/staff infractions. The power of education also builds a common language and ethos in the building from which all students/staff can increasingly relate to as their technological experiences increase.

3. I would also remind staff that keeping our students safe online is everyone’s responsibility, much like we watch out for each other’s physical well being throughout the classrooms, halls, and recesses. This would include actively monitoring all student engaged in online learning. Keeping computer screens un-obscured and pointed towards common areas. Shutting doors and rooms when not in use and being mindful of suspicious activity.

4. I would advocate for personal log in requirements for each student/staff within the school. User access and privilege would then be set differently among different grade levels and user groups. For example, log-ins could be configured to allow K-3 students more elementary programs than their 4-6 grade counterparts.

5. I would advocate for a combination of antivirus software, URL filtering, application controls, Web reputation services and “safe search” tools.

6. I some known sites have proved to be particularly troublesome for some students I would advocate for blocking those sites entirely, to remove the temptation.

7. I would encourage teachers/students to use kid safe Internet search engines such as http://www.askkids.com/, http://kids.yahoo.com/, http://www.rcls.org/ksearch.htm, or http://www.ivyjoy.com/rayne/kidssearch.html.

8. With specific students or issues I might advocate for student computer contracts to be agreed upon and followed to insure greater accountability.

9. I would make sure that all wireless networks within the school are password protected to discourage unauthorized users from siphoning precious bandwidth or attempting access confidential school data.

10. I would advocate that all students receive some basic and appropriate Internet safety information that is taught in collaboration with a technology or media specialist within the school.

11. I would advocate that parent information be prepared for dissemination at a school event, in which parents were free to see and use some suggested Online resources along side a technology or media specialist within the school.

b. How do you control your personal information on the web?

I tend to be fairly brief and non-descript when describing my self on-line. I maintain a family blog site that open to the public however fairly hard to find in my opinion by the average search query. The URL is fairly obscure and I have not been able to find my own blog when doing elementary searches for it. The blog site contains little information about who exactly is maintaining the blog and where I am living. I do this intentionally as I primarily use the blog site to give updated news regarding our daughter to friends and family. I would prefer that only people I know view my blog site and periodically send invitations to view updates to friends and family.

I also recently began a Facebook.com profile in which I rather deliberately refrained from adding to much descriptive information until I grow more comfortable with the social networking concept. I like the idea that only my approved “friends” are able to access my full profile and am very judicious about who I approve as friends. If I have never met the person I refrain from adding them as friends as well and that includes friends of my friends.

I approach many of the free Web 2.0 registration and profile requests with some wariness because I know that this information is being mined and sorted in a myriad of ways in order to market and sell various products. According to Wil Harris in the article entitled Why Web 2.0 Will End Your Privacy (http://www.bit-tech.net/columns/2006/06/03/web_2_privacy/1) “Our social networks, searching habits, visual identifiers and personal preferences will be mercilessly sold to anyone who wants to get their hands on our particular demographic.” I would suppose that a digital native would view this personal data tracking/mining on the same level as other older forms of market data such as credit card statements or merchant’s that offer savings by becoming a member. I however, cannot help but be somewhat suspect that the wonderful Web 2.0 applications and toys are costing me more than their often “free” label suggests. In fact cannot help but wonder how access to my interests and consumer habits might at some point cost me something further along down the road.

4. Please critically evaluate how to utilize the Web 2.0 benefits over security, ethic and privacy concerns.

In many areas of life it is helpful to live by some basic ground rules and an overall sense of balance. This applies when using Web 2.0 technologies as well when thinking about security, ethics, and privacy concerns.

Although, the wide world of Web 2.0 technologies is ever increasing in the applications and entertainment it may provide us, we must ask ourselves if the benefits are worth the potential risks. Certainly, a list of standard ground rules would could be prudently applied to a variety of Web 2.0 resources. As Wired.com’s Parenting Online handout illustrates, many ground rules that apply in the physical world can be adapted to the virtual world as well. For example, “Don’t talk to or accept anything from strangers” can be adapted to include not trusting anyone online unless they have physically met them at some point. Another common rule such as “come straight home after school” could be translated to mean that unlimited and aimless time spent surfing online is not allowed. More examples of translatable ground rules can be found at the “Parenting Online Booklet” available at: http://www.wiredsafety.org/

An overall sense of balance is also needed when considering Web 2.0 benefits over security, ethic and privacy concerns. As Internet based scams, frauds, and even legitimate accumulation of user market data increase, a healthy dose of skepticism when dealing with some Web 2.0 resources does much in providing a safety net.

In a school setting we must consider the collective good over the interests/preferences of the individual. Since so many functions and person daily depend on a functioning school network, we must base our decisions on what allows the school to collectively provide the best learning environment possible. As networked environments increase our world becomes more connected to places and persons we would not otherwise be connected to. The questions of what it means to have private and public ethics blur as the world becomes increasingly networked. Suspect online practices such participating in peer to peer file sharing applications may be deemed safe by certain high risk users, but vehemently opposed by others such as network administrators. The NEEDS of all users must take precedent over the PREFERENCES of others if there is going to be a sustainable, safe, and protected network. In cases where user ethics seem to differ one must at times take what is recommended by field experts while continuing a dialogue if the issue remains important to students and staff.

On the other hand, privacy issues seem much more “cut and dry” and are often dictated by Federal, State, and School Board policy rather than individual choice.