Social Networking and Security for Kids

Do we worry too much about our kids in online spaces?

I work in a large school district where we invest a lot of energy in securing our technology environment.  We use strong passwords to protect data. Technical security protects the environment from multiple threats – the size of our network makes it a target.  The security of our students is paramount.  Their safety is a filter in all technology decisions.  I know our district is not unique in this approach.

How is this balanced with the goals of an open learning environment?  Can we deliver a safe and secure learning environment when we open our classrooms online to the world?  The Identity Theft Research Centre reported the education sector as responsible for 28% of the data losses in the United States in 2007.  Compare that to general businesses (remember the TJ Maxx scandal?) which held only 22%  of the losses.  And we consider that to be a heinous abuse.  So must we not also hold ourselves responsible?

News articles about loss of data such as this one from Consumer Affairs about post-secondary institutions puts the security of information squarely on the shoulders of the head of IT (that would be me).

I am constantly challenged by this notion of loose-tight control.  Keep portions of the environment very tightly controlled to meet the mandate of providing a reliable, scalable and sustainable environment.  Open up other portions of the environment so that learning may happen.  Keeping the controls tight to create reliability means the environment is not as open as all would like. 

I believe we need to provide models of appropriate use for our students.  We see and read items daily about teens becoming victims of identity theft in both the U.S. and Canada.  The Identity Theft Research Centre (ITRC) cites social networking sites as one of the ways that scams are perpetrated.  The organization’s site has materials targeted specifically to teens with support for teachers.  Worth checking out.

Advertisements

7 Responses

  1. I think there is a difference between “safety” and “literacy” – safety is an impossible pipe dream, and even if achieved it wouldn’t serve the students well. We don’t require 100% “safety” in other parts of their lives – they’re allowed to cross the street, ride in cars, work with chemicals in a lab, use scalpels in biology, etc… But we require 100% safety online. Why is that? How will they learn to cope without being protected?

    I say don’t worry as much about “safety” – even the most scary online predator is harmless as long as a student has a modicum of online literacy. Don’t give out your “real world” coordinates. Don’t use your real name. Don’t post photographs of yourself, your school, or your home/neighbourhood in public areas, etc…

    And identity theft is another thing that can’t be absolutely. Even if an individual has done everything they can to protect their private information, the majority of data used for identity theft comes from corporate breakins and leaks. Hard drives yanked from data centres. Backup tapes going missing. Old surplus equipment being sold without storage media being removed and destroyed.

    Safety is impossible. Literacy is more important.

    Learn to swim, don’t pour cement into the pool.

    http://davidwarlick.com/2cents/2006/11/28/fencing-in-the-learning/

  2. I think you hit the nail on the head: “we need to provide models of appropriate use for our students.” The best way to protect kids is to teach them to recognize the dangers and how to avoid them. If you keep them in a tight, secure environment, they’ll be easy targets when they do go out in the real world.
    Of course, you can’t let children have unrestricted access; it must be age appropriate. And a school network is similar to a work network in that they are not for personal use. Online safety and appropriate use should be taught at every school.
    Great post, very informative!

  3. My experience in technology is that we are way over protective. That’s not to say we not ought to be prudent and teach students ethics and privacy but typically our method of instruction has been to block and filter. These simply do nothing except to move the issue out of schools and into the homes and privacy of students where they are much more likely to make poor choices. The facts, even the ones you’ve cited are very minuscule in terms of the regularity of these occurrences. The other fact is that most kids are fairly careful online. We just hear about the ones that aren’t. Yet these conversations, teachings and understandings have to be part of their formal K-12 education.

    The new reality of our digital world will require new understandings and approaches. With that, I think we’ll have to get used to the fact that bad stuff will happen because in some ways, that’s the price of openness. My observations have been that most of the “closed” or wall garden approaches have been done to protect schools not kids.
    I agree that modeling is essential. Most teachers have no clue about how to live and interact in a digital world. They don’t produce content or share in social networking. Because they don’t participate, they have a hard time engaging in the important conversations about this and therefore often choose to opt for tightly controlled, closed environments.

  4. “Do we worry too much about our kids in online spaces?”

    The crux of the issue is “If it keeps just *one* kid safe …” It doesn’t matter how stupid, misguided, or shortsighted it is, nobody wants to argue against keeping that kid safe.

    Short answer:
    No. I think we worry too much about the school getting sued in the event that some parent discovers that their kid has been exposed to content they don’t approve of that we’re willing to accept that harming children is a valid cost in order to reduce the threat to the school. And we hide that by making believe that the things we do are to “protect kids.”

    Long answer:
    [rant] The technical constraints of business data security (and that includes student recordkeeping) should not be confused with what happens in educational spaces. You’re confounding the notions of having an open environment for students to learn in with a secure environment for safeguarding data assets. Two different issues. For security purposes, the student and teacher educational access networks should not be on the same infrastructure as business process management systems. Basic firewalling rules apply.

    But when it comes to keeping students safe … The problem is that too many people are of the mindset that “if it keeps just *one* student safe, then it’s worth the cost.”

    It’s ok to hamstring a generation of learners by cutting them off from the resources they need because there’s a probability — however small — that one might be “harmed.”

    But if we *really* believe in keeping kids safe, then we need to get them away from their families. Millions of children are abused every year, not by strangers, but by their families. If the rationale of “if it keeps just *one* kid safe …” is carried to the logical conclusion, then we have to stop leaving kids with parents. For every kid who’s been harmed online by a stranger, hundreds more have been harmed by a parent or sibling. Why is THIS ok?

    And the media attention is now on cyberbullying, so we need to take steps to shut that down, too. And while dozens of kids might be bullied online on any given day, hundreds – if not thousands – are bullied in classrooms, playgrounds, busses, lunchrooms, and streets on their way to and from school everyday. School is a terribly dangerous place, so if we really believe that the cost of protection cannot be too high, we have no real recourse but to stop this school business before another child gets beaten up for his/her lunch money. So why is it ok to allow this to happen in the real world, but online we have to take extreme measures to make sure that it doesn’t happen there? Even at the expense of education?

    Yes, I’m being a bit extreme, but we need to be careful when we start following a path that we have some idea of where it’s going. It’s this kind of dangerously short sighted thinking that guarantees that students have free rein in MySpace — completely relieved of the concern that anybody from the school might be looking at what they’re doing there — because the school district blocks access from school property — not just for students but for everybody.

    There’s something wrong with a society that believes that ignorant children grow up to make informed decisions. Instead of locking up a generation, why aren’t we teaching them how to survive?

    Because in the process of teaching them, they may see something that a parent will sue the school over. Because in the process of helping them make good decisions, they’ll make some bad ones, and the district, the school, and the teacher will be held liable. Because the reality is that nothing that any of these laws, rules, filters, or lockouts accomplish has anything to do with protecting kids. It’s all about protecting the institution.
    [/rant]

    “Do we worry too much about kids in online spaces?”

    Maybe, but my real concern is that we are completely incapable of any rational assessment of risk in our decision making and *that* is the danger.

    Because after all, if it keeps just *one* kid safe …

  5. There is no question we worry far too much about students’ online security; if only the institutional paranoia stopped at K-12. Was shocked to hear from a prof at the U of A two weeks ago that he couldn’t access youtube from U of A system – his department is English and Film Studies!

    If educational institutions continue to turn a blind eye to the very places where culture is actually being created and transmitted they will make themselves irrelevant.

    However, much of the *security* rationale in my experience is really a cover for administrators “of a certain age” hoping to see their careers out without ever having to learn anything substantial about new technology.

    We all know dozens of people like them – they learned email because they had to, that’s as far as they went, and now they clog up their workplace email servers with attachments of their grandchildren’s birthday videos attached and are usually the same damn fools that click on suspect attachments, too.

    When people like these get to set online policy for others they make a hash of it every time – I have to believe that the educators in their 20s and 30s who have grown up with an online environment will serve us all better when they assume senior positions in a decade or so.

  6. Just a couple of comments from me. “safety” is a pretty abstract concept, so it’s difficult to work with unless you look in to definitions a bit more closely. In the UK, I work with a model of e-safety which covers content, contact and commerce – so one that identifies online risks as including data protection, phishing, spam etc as well as inappropriate contact of all kinds including cyberbullying. In that sense digital literacy is extreemly important – it’s the key to being able to identify, manage and respond to risks appropriately.

    Finkelhor’s recent research suggests that many young people taking part in high risk activities (meeting up with strangers online and entering into relationships with them) have previously been abused in some way, and so are already vulnerable, suffering from low self esteem, lack of personal boundaries etc etc. For this group of people digital literacy is not going to be enough to support them to make positive life choices. I’d very much like to see a much closer alignment of how we conseptualise and address child sexual abuse in particular both off line and online.

  7. Since a lot of your concerns voiced here are based on the threat of identity theft, perhaps it’s worth noting that very few of the cases cited in the ITRC report have to do with network access. Stolen laptops, harddrives, backups, etc simply do not have any relevance to the question “Do we worry too much about our kids in online spaces?” While the theft of physical devices is certainly an issue — especially when those devices contain sensitive personal information — I fail to see the connection between this and, say, blocking MySpace or Blogspot at the school district level.

    I agree that your concern over teens exposing themselves to identity theft is a serious problem. I also submit that nothing that school districts are doing relative to network/computer policy (i.e. filtering, blocking, and otherwise restricting access to “social networking” sites from on-campus) is helping to solve the problem. I maintain that it actually helps expose teens to danger by obstructing oversight and actually contributes to the problem by preventing on-campus education and practice.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: