Tag: esafety

Online Safety: Another challenge

Keeping students safe in a world of technology, and where students are spending increasing time engaging with technology, and even learning via technology, is very important.    As I have written in the past, this is also becoming increasingly difficult.   Back in March 2021 I wrote about how internet filtering, something that was easy when I started out on my teaching career, is now far from easy and verging on no longer possible (Internet Filtering, March 2021).    As such, I suggested that internet filtering can now no longer be considered as a distinct action schools should take in terms of safeguarding, instead needing to be treated as one part of a larger process encompassing a number of stakeholders and actions, all taking within a risk management, rather than compliance framework.

In June I re-emphasised the above in my post, Keeping students safe in a digital world.   This time my focus was on Virtual Private Networks (VPNs) and the implication of students being exposed to TV marketing on the use of VPNs to maintain privacy.  My concern was that this would drive some students to using free VPNs where the safety and security of data may not be as certain as the apps suggest.  It would also serve to make it more difficult for schools to monitor student online activity in the interests of safeguarding.

Since the above June post Apple have held their Developer Conference.   Apple, like a number of other device or software vendors are being very “privacy” focussed following recent high publicised incidents around the privacy of user data and some very well known services.   With this, Apple decided to announce iCloud+ and their Private Relay functionality built into the iOS and providing VPN like functionality when browsing within Safari.    This means “baked in” VPN functionality provided at the operating system level, on Apple Devices such as the iPad which are widely used in schools.   Yet another challenge for online safety. Private Relay, a great facility for privacy but yet another blow for school IT and safeguarding teams seeking to keep students safe online.   Now my hope is that there will be some ability to control this functionality using a Mobile Device Management (MDM) solution however for now this isnt possible, and I suspect it may only be possible on “supervised” devices rather than on Bring Your Own Device (BYOD) Apple devices.   Only time will tell.

I often refer to a continuum, when speaking to sixth form students, existing between individual privacy on one side and public good and safeguarding as items on the other side.    So for schools this is the privacy of the individual student versus the schools responsibility to keep students safe, and therefore to monitor and filter online activity.  Currently the pendulum continues to move further towards the individual privacy side.    I wonder if this will continue or if we will eventually see some balance restored.   I also wonder whether, given the increasing ineffectiveness of the technical measures schools can put in place, do the guidelines in relation to safeguarding students online need to be re-examined.

EdTech Summit, Brighton

I had the opportunity to present at the Brighton ISC Digital EdTech summit during the week.  My talk, “Common Sense Safeguarding” focussed on the need for schools to take a broad and more risk based view of online safety as opposed to the previous more compliance driven approach.    Given the number and range of technologies students have access to and also the tools available to bypass protective measures put in place by a school, or even the ability to negate them totally through using 4G, online safety is no longer as simple as it once was.    This therefore needs a broader view to be taken.

In addition, I identified that in our dealing with Online Safety we are not yet effectively addressing the issues which are growing with our increasing use of digital resources and services.    Cyber security, big data, profiling, artificial intelligence and bias, ethics of IT systems and similar broad topics don’t yet have a key place in the general curriculum albeit opportunities exist across different subjects.    We need to ensure these issues are discussed with all students.   It was to that end that I proposed a cross school discussion group focussed on Digital Citizenship.

Overall my view is one that we need to be more aware of the limitation of preventative measures such as web filtering plus need to focus more on user awareness and having discussions with students regarding the wider implications of staying safe and being successful in a digital world.

If you are interested in being part of a group of schools discussing Digital Citizenship please fill out this Microsoft Form and to access my slides from the EdTech Summit please click here.

Keeping students safe when the dark web is so easily accessible.

I just heard about software to allow the easy setup of a website on the Dark Web with little technical knowledge required and no costs other than the requirement of an internet connection.  Simple, easy and instantly anonymous.

Maintaining the safety of students online is a key part of a school’s overall efforts to safeguard students.   When I first entered teaching, this was relatively straight forward.   Students only access to devices in schools was likely to be the PCs in the computer suites where they had limited ability to make changes due to not having administrative access.   In addition, the school would have internet filtering in place to protect the students, where the students main tendency was to seek out games as opposed to any other inappropriate content.   I remember as the ICT teacher in one school, regularly having a look at the schools internet statistics and reviewing the most commonly hit sites for signs of games or other inappropriate content.   It was normally games I would find and therefore games I would block.    For those students who decided they wanted to bypass the schools restrictions the tools available were limited and the required knowledge to make them work was often greater than that which the majority of students possessed.

Fast forward around 15 years, to today, and the students are more aware of the content which is available on the internet, plus the search tools are better.  As such I suspect it is no longer games which are the most prevalent inappropriate website category in schools.     In addition, in many schools, students now come to school with their own device, either a device required by the school or a mobile phone.   The tools available to bypass school restrictions are now easily accessible, numerous and also easy to use.   These tools often aimed at supporting the right to privacy can easily be used for other purposes such as hiding malicious or inappropriate online activity.   I note for example how VPN providers can now be seen advertising their products on TV or heard on the radio.    In the last couple of days, as mentioned at the start of this post, I have also heard of the easy availability of software aimed at allowing individuals to setup websites on the dark web to anonymously share content without fear of it being traced back.

The technical solutions of the past, filtering and monitoring, are no longer sufficient as simply put, monitoring and filtering doesn’t work.    This isn’t just a school problem, this is a societal issue.   The societal issue is beyond the scope of this post however within schools we cannot sit idly by, we need to take action.   We need to take a wide view of online safety which with the removal of the ICT curriculum, somewhere these issues were often discussed and explored with students, has become increasingly difficult.   Time needs to be found to explore the issues around living in a digital world, to explore online safety, ethics, privacy, security, etc however sadly for now I am not sure where there is space for this in the already packed curriculum.    Given this, for me, all schools need to ask themselves what they do in relation to online safety, and what more could they do?   This is a question that should be asked at a senior level.   It is also important that schools get together, not just to share good practice but to collectively work together to ensure we strike a balance between preparing students for the technological world and keeping them safe.  We are all in the same boat and therefore maybe we need to find a collective approach to a collective problem.

 

 

Some thoughts on web filtering

Have been given school based web filtering some thought recently with a particular focus on how lots of things in life are part of a continuum, where the polar opposite extremes are often viewed as what we want to achieve, or not achieve, yet are impossible to actually get to.   We tend to end up achieving a position somewhere in the middle.

Take web filtering, which is all about safeguarding;   we clearly want to achieve total safety for our students online, one extreme, and want to avoid putting them in a situation where they a presented with everything inappropriate, and potentially damaging, the internet has to offer, the other extreme.  I don’t expect anyone to be able to argue with, or to want to argue with, the above.   Why wouldn’t we want to achieve safety online for our students?

The issue is this isn’t possible without preventing them from having any access to technology and the internet, and we want to provide students access to tech to help in preparing them for the world we all now live in, a world filled with tech.   Now I know some schools ban devices however I believe this simply shifts the problem in that students either will do their experimentation at home or will do it in the next phase of their education or life, in Further education, Higher education or in the working lives.   We therefore won’t have prepared them or equipped them with the skills to remain safe, which I think is a key element of safeguarding.    We won’t have prepared them for the future and in fact we may be setting them up for problems when they suddenly find themselves outside the insulating bubble of the school, and having to deal with technology, social media, etc, all on their own.

Let’s assume that we have decided that preparing students for a technological world is important and therefore we allow them ready access to mobile devices, computer labs, etc, around school.   Now how do we approach the filtering situation?

One approach might be to have aggressive filtering and monitoring with a view that this will make students safer.   Sadly, this isn’t as easy as it once was.    Technology designed to support privacy of data including HTTPS and VPNs, to name but two, make it increasingly more difficult to monitor activity.    It is now more difficult to argue with students as to why they shouldn’t be using a VPN when VPNs are now routinely advertised on TV and radio as a measure to protect personal data.   This issue is even more evident where devices belong to the students and the organisational control which can be exercised on school owned devices either cannot be applied or can be easily removed by students.   We also have the challenge of student mobile phones which can be used as a personal hot spot for internet access via the phone service provider thereby bypassing the school network and its protective measures.   There is also the potential issue of devices, such as iPads, with 4G capability in addition to normal Wi-Fi and with the introduction of 5G this is also on likely to become more common.

The other concern I have with filtering is that it might be viewed as a compliance issue and therefore once set up some may consider the issue of online safety addressed.  Internet filtering is however never perfect, plus some of the tools available which are generally positive, can be misused leading to negative outcomes.  There is also the issue that the internet services which are available are constantly changing.   This therefore requires ongoing review along with a more holistic view of how online internet safety is managed including awareness, support for students and support for, and engagement with, parents.

The need to keep students safe online is clear and something few can disagree with.   The challenge is how we actually implement this safety.   This is not so simple.    It isn’t a simple compliance matter of blocking certain categories or sites.   We want to provide students access to the internet and its services so they can learn the skills they will need for the future, so we can’t block everything, yet we want to block as much inappropriate content as is possible, in a world where monitoring and blocking is becoming increasing difficult and/or ineffective.

For me, it is up to schools to decide the best approach for their own setup, their own infrastructure, students and culture.   It is also key that schools continuously review their approach to assume it keeps pace with changes in student habits and in the technologies available.   Although there isn’t one single solution for all schools, for each school there is a solution.

Big brother?

Big brother is truly watching us.     This week already I have read two articles in relation to devices we are now bringing into our homes to make life easier, however where there are other considerations which may be overlooked.

The first of the two article related to the Amazon Echo device (Amazon hands over Echo ‘murder’ data, BBC).   The Echo is one of a couple of voice activated devices which is designed to make life at home easier.     The idea is that you can control home internet enabled devices via voice commands and the Echo.     The recent adverts for the Echo include people using voice commands the help locate their mobile phone which has been humorously swallowed by the users dog, to turn on the lights at home and to change the volume on music which is being played as just some examples.    Google offer a similar device called the Google Home.

The issue here relates to privacy in that these devices are always listening with at least some of the data uploaded to a cloud server somewhere.    The purpose of gathering the data is to help in generating better and more accurate understanding of natural language so that the software within the devices can more accurately respond to human instructions and queries however the issue is not in the intended use, but in other possible uses.

An article on the BBC website refers to a murder case where the accused has consented to allow data gathered from an Echo device to be used in the case.    This clearly wasn’t the intended use of the data gathered by Echo.     In this case the outcome should hopefully be positive in helping to prove either guilt or innocence but other uses may be less than positive.      Would we be happy about the government, spy services, police, etc. spying on us using this data?    Would it be acceptable for this data to be used in user or home profiling by marketing companies?     Would it be acceptable to use this data in relation to identifying peoples political allegiances in the approach to an election?      These are just a couple of possible uses where the ethics are a little questionable.   There are likely to be many more possible uses with new uses continuing to emerge with new technologies.      Is the benefit of the device comparable to the risk or sacrifice?   Also, surely this data constitutes personal data so how is its sharing and processing controlled in relation to Data Protection and the soon to be implemented General Data Protection Regulations (GDPR)?  Is the info in relation to this buried in difficult to understand and seldom read terms and conditions statements?

The second article related to the CIA and the recent leak of hacking tools which they had including tools designed to compromise Smart TVs (WikiLeaks says the CIA can use your TV to spy on you, Guardian).    Similar to the issue around the Echo, again we have an always listening device however in this case it is also always watching too, as it searches for gestures as part of its gesture control functionality.     Here the benefits are never losing your remote control down the side of the sofa, however the drawbacks seem to include the CIA being able to hack your system and watch what you are doing.     This also goes to show that although the purpose for the data was clear an outside actor, in this case the CIA, found a way to gain access and make use of it.   If they can do it, and given it is now public knowledge that it possible, it is highly likely others can or will also achieved this.   Again another internet enabled device brought into the home however again a risk.   Is the benefit of the device comparable to the risk or sacrifice?

The world loves its gadgets with people quickly adopting the next thing.    Vendors such as Google, Amazon and Samsung play to this while constantly striving to make their devices as secure and safe for their user base as possible.    The issue is that these vendors also want these devices to be easily installed and configurable by end users with limited IT abilities which limits the security options available.   It also tends to mean that a system of simplistic defaults is used meanwhile we have hackers and government sponsored agencies trying to compromise these devices.

I wonder whether as the Internet of things continues to take off we will see a growth in home infrastructure security devices.   I also wonder whether there is now a greater need to have discussions with students in schools in relation to these issues, including discussing specific incidents like the ones above.    We need the adults of the future to be able to judge and balance benefits against risks, in order to make informed decisions about the increasing number of internet enabled devices making their way into our homes.    We also need them, as they become the government officials of tomorrow, to understand the implications of technology.

 

Online safety and home infrastructure

Technology has become an important part of the life we now lead.    Social media, games consoles, smart phones and voice recognition systems like Amazon’s Echo are now all part of normal life.    This technological change has brought many benefits however there are already some indications of the implications of technology use.

We have already seen discussions about technology addiction.    We have also seen discussions around unforeseen implications arising from technology use, such as the impact of parents posting their children’s every move on social media; How do they feel when adult photos of their every childish endeavour and mishap are easily found on Facebook?

Then we have the issue around cyber or online safety.   This is an issue that I find of particular interest.  There has been a particular focus around being careful in relation to passwords in particular, and to the information shared on social media, however this seems to take for granted that the infrastructure we are using our technology to access is secure.

In the home will have a Wi-Fi network connected to which there may be a wireless printer, a laptop, a couple of phones and maybe some other internet connected devices.    But have sufficient security precautions been taken?

Maybe the Wi-Fi network was setup straight from the box it was supplied in, with little adjustment of its configuration.    As such the default Wi-Fi SSID may give away the make of the router which would help anyone wishing to compromise the network.    Has the default admin password for the router been changed and has Wi-Fi access to the administrative interface been disabled?    If not then malicious access is all the easier.      Has WPS been disabled and has the appropriate security features such as WPA rather than WEP been enabled?

The games console has fathers credit card details entered in it for purchasing and downloading games, however the password is shared with his Gmail account, Facebook account and a couple of other services.       As such should any service be compromised then all services are likely to be compromised given the common email address and password used across accounts.

A new wireless printer has been set up, but again has been left configured as it was in the box it arrived in.   As such the admin password is set as the default.    Should someone gain access to the network they can therefore easily use this device to gain a permanent foothold within the network.

The laptop doesn’t have any anti-virus software on it and the windows firewall is turned off.  Also windows updates haven’t been carried out in over a year leaving the operating system seriously out of date.

The growth of technology in modern life is very much related to its ease of use, however the technology itself is far from simple.    Although the default configurations and setups get things going, they are generally not the best solution in terms of safety and security yet the majority of users neither have the understanding or the skills necessary to make the required changes.   With this in mind I think it is important to not only teach our students about safety in relation to end client devices and apps, but also about the safety aspects of setting up and maintaining your home infrastructure.