Tag: safeguarding

Phones: again?

I have recently been thinking about phones in schools again, and yes I know we should be over this topic by now however the issue at hand had me thinking a little different about the issue.  Basically, I missed an important call on my mobile due to having Do Not Disturb in place as it was later on in the day.   Now having missed the call it got me thinking there clearly must be a way to override do not disturb such that a few key people could call me, and where my phone would ring, even when do not disturb is on. 

For those who aren’t aware Do Not Disturb allows you to set your phone up such that your notifications, your alerts, your calls and messages are supressed during certain hours of the day, such as in the evening when you are trying to get some sleep.  And you can decide which apps or callers you will allow.

It turns out it is very easy to set overrides such that certain individuals can call you, or certain apps will notify you even when Do Not Disturb is on.   And as I dug a bit further I found that you can also trigger on other things rather than just time, so you can setup a work mode which triggers when you are near a particularly location such as your work.   So, this mode might be setup to stop notifications and calls during the work day.

All of the above is good, but this got me thinking about all the functionality which is now in the modern smartphone specifically to help us manage distractions and our time on our phones.    I for example track my screen time which current averages at around 2hr 48min.   But the issue will all of this is who is actually telling people about all of this functionality and how to use it?    In my case I had a need to use it, and knew it was likely there plus how to search for the relevant info to get it all setup.  But what of the student who doesn’t identify a problem with their screentime, distraction, etc despite high volumes of use or even addiction?    What if the student who knows they have a problem but doesn’t know there might be a solution or doesn’t know how to find it?  

I cant help but think the tech companies do a good job of adding this functionality, thereby showing their efforts to protect people and to empower them to make decisions as to their device use, etc, however I am also conscious of their need to please their shareholders and to make profit.   The cynical me wonders if the lack of press or training or awareness regarding all this good functionality, is simply the outcome of needing and wanting to keep peoples eyes glued to their devices, and to keep the money flowing in.

Aside from the above, maybe we also need to acknowledge the issue isn’t solely the tech companies issue and that we, the users actually have some agency here.  We can choose to look at our phones less, to explore the safeguarding and wellbeing functionality which is available and to turn it on where possible.    Sadly, I feel the effort of turning on the functionality which might help us, is often greater than the effort required to point at vendors, blame them and expect them to address the challenge.

So have you looked at the wellbeing controls on your device or on your kids device recently?   And if not, it might be worth doing so.

Tech vendors should do more?

There is a lot of discussion in relation to how tech vendors and particularly big tech vendors need to do better, whether this is in relation to data protection, online safety, addressing fake news and many other considerations.    A recent presentation by Laura Knight at FutureShots24 where she spoke of the finite and infinite games, and of Simon Sinek’s book, “The infinite game”, got me thinking about this again.

Tech vendors need to sort it

Firstly it is important to acknowledge the benefits of technology;   The tools we have and use are there as they are useful and the tech companies that continue to operate are there as we as users choose to use their solutions, but there are also challenges and drawbacks associated with most technologies.    It is pretty clear that tech vendors need to do more to address the various challenges and risks which come about as a result of their products.    They provide a tool, whether it be a productivity suite, a social media application or a generative AI tool, among many others, with many people using these tools appropriately and for good, however, there are also then those who use these tools for ill, for criminal, unethical and immoral purposes.    Now I have blogged on this before, how tools are neither good or bad, but it is their use which is good or bad, however, the challenge is that through technology the resulting impact is magnified.   I have talked of a hammer as a tool, and how it could be used for assault, but unlike a hammer, a maliciously used social media tool can impact hundreds or thousands of people at once; the potential impact of the tools is much broader.   So, from this, it seems clear that tech vendors need to consider this negative impact and seek to mitigate the risk in the design of their platforms and through their processes.

The key here is that we are not really looking at these tools, but at their impact on wider society.   Society will continue, for good or for ill long into the future.   It is an infinite game.    Long after I am worm food, society will continue.   Likely long after many of these tech platforms have been and gone (think MySpace, Friends Reunited and the likes) society will continue.

And so, we look to rules and to laws to provide us with the frameworks and protections, where these rules and laws will exist long into the future, although they may evolve and be adjusted over time.    Sadly, though these laws and rules are designed for the long infinite game and therefore are slow to change, relying on established processes and methods not designed for the quick changing technological world we find ourselves in.  

With laws unable to keep up we find ourselves complaining that the tech vendors need to do more, and this is likely the case but the tech vendors know their time is limited as they may be dispatched to the bin should the next viral app come along, so they don’t want to expedite this through making a safer but less usable or less enjoyable or less attractive or addictive platform.   We have a problem!

But the tech companies are important

The tech companies are driven by profit as they are after all money-making companies with shareholders to answer to.   That said, many of the big tech companies do try to establish the moral and ethical principles by which they operate.    It is their drive for money which leads them to “move fast and break things”, to innovate and disrupt as they seek to find the next big thing and the corresponding profits which come with it.   And we need this innovation.   If we left innovation to governments, their processes, laws and rules would make the process of innovation so much slower than it is while it is in the hands of tech companies.  I suspect we would be still using 5 ¼” floppy discs at this point! 

The tech companies play the finite game, knowing that in this game there will be winners and losers so moving fast, disrupting and innovating is the only way to avoid being confined to the technology bin of history; think the polaroid camera, the mini-disc, and the platforms I mentioned earlier.    So, if the choice is spending longer to create a safer platform, but possibly being 2nd to the market with a product, or getting it out quickly and being 1st but then having to try and address issues later on, closing the gate after the horse has bolted, it seems pretty clear which the tech companies will choose.    Being 1st means survival while being 2nd might spell doom.

Solution?

I am not really sure that there is a solution here, or at least that there isn’t a perfect or near perfect solution.    Things will go wrong, and when they go wrong we will be able to highlight what could have or should have been done by tech vendors, governments or individuals to prevent the outcome.  But we have to remember we are dealing with technology tools operating at scale, and just take TikTok for example and its approx. 1 billion monthly users.    We haven’t yet banned cars but car accidents continue to happen!

Tech companies will continue to focus on the finite game and on maximising profit for their shareholders and on remaining viable, while politicians will also play the finite game, focussing on policies and proclamations which are more likely to be psotively received and to keep them in power, or help them to power.    But the world and society is an infinite game where what we do now may impact how things are for future generations.

I think we need to be pragmatic and I also think its about partnership and working together.  If governments, tech vendors and user groups can work together, discuss the benefits, the concerns and the issues, maybe we can make some progress.   Maybe we can find the best “reasonable” options and the “good enough”.     And I note, I feel some of this is already happening within some companies.     I suppose my one conclusion is simply that it isn’t for tech vendors to do more, it is for us all to do more, tech vendors, governments, schools, parents and adults more broadly, communities, and more.    And if we can do it, discuss and explore, find and test solutions together then maybe we can start to address some of the challenges.

KCSiE: Filtering and Monitoring

I was recently reviewing the new Keeping Children Safe in Education (KCSiE) update including the main changes which relate to filtering and monitoring.     I noted the specific reference to the need to “regularly review their effectiveness” and also the reference to the DfEs Digital Standards in relation to Filtering and Monitoring where it mentions “Checks should be undertaken from both a safeguarding and IT perspective.”   

The safeguarding perspective

From a safeguarding point of view I suspect the key consideration is whether filtering and monitoring, and the associated processes, keep students safe online.    So are the relevant websites or categories blocked and do relevant staff get alerts and reports which help in identifying unsafe online behaviours at an early stage, whether this is attempting to access blocked sites or in accessing sites which are accessible but considered a risk or indicator, and therefore specifically monitored and reported on.

From safeguarding perspective it is very much about the processes and how we find our about students accessing content which may be of concern, or attempting to access blocked content.   From here it is about what happens next and whether the holistic process from identification via fileting and monitoring, through reporting to responding is effective.   Are our processes effective.

The IT perspective

From an IT perspective, in my view, it is simply a case of whether the filtering and monitoring works.   Now I note here that no filtering and monitoring solution is fool-proof, so I believe it is important to acknowledge that there are unknown risks including new technologies to bypass filtering, use of bring your own network (BYON), etc.    Who would have thought a year ago about the risk of AI solutions to create inappropriate content or to allow students to bypass filtering solutions?

Having acknowledged that no solution is perfect, we then get to testing if our solution works.  Now one tool I have used for this is the checking service from SWGfL which can be accessed here.   It checks against 4 basic areas to see if filtering is working as it should.    

I however wanted to go a little further.   To do this I gathered a list of sites which I deemed as appropriate for filtering, gathering sites for each of the various categories we had considered.   I then put together a simple Python script which would attempt to access each site in turn before outputting whether it was successful or not to a CSV file for review.   The idea was that this script could be executed for different users and on different devices;  E.g. on school classroom computers, on school mobile devices, for different student year groups, etc.     The resultant response, if it matches our expectations for what should be allowed or blocked, allows us to evidence checking of filtering from an IT perspective, plus allows us to identify where there might be any issues and seek to address them.     

You can see the simple script below where it tests for social media site access;  You can simply add further URLs to the list to test them:

import requests

website_url = [

              “https://www.facebook.com”,

              “https://www.twitter.com”,

              “https://www.linkedin.com”

]

f = open(“TestResults.csv”, “w”)

for url in website_url:

              try:

                           request_response = requests.head(url)

                           status_code = request_response.status_code

                           website_is_up = status_code == 200

                           print(website_is_up)

                           f.write(url + “,Accessible” + “\n”)

              except Exception:

                           print(url + ” – Site blocked!”)

                           f.write(url + “,Site blocked!” + “\n”)

f.close()

Now the above may need to be changed depending on how your filtering solution works.   I did consider looking at the URL for our blocked page however as the above worked I didn’t have to.  My approach focused on the return codes however if you do need to work with the an error page URL I suspect this article may be of some help.

Conclusion

Before I used the script for the first time I made sure the DSL was aware;  I didn’t want to cause panic in a test student account which seemed to be hitting lots of inappropriate content over a short period of time, and in sequential order.    The script then provided me with an easy way to check that what I thought was blocked, was being blocked as expected.  As it turned out there were a few anomalies, some relating to settings changes and others to changes to websites and mis-categorisation.    As such, the script proved to be a little more useful than I had initially expected as I had assumed that things worked as I believed they did.  

The script could also be used to test monitoring, by hitting monitored websites and checking to see if the relevant alerts or reported log records are created.  

Hopefully the above is helpful in providing some additional evidence from an IT perspective as to whether filtering and monitoring works as it should.

Internet Filtering

There was a time when safeguarding in relation to technology use was simple.    I remember when this was the case, when I was teaching IT in a secondary school as well as acting as the IT coordinator.   The only devices with internet access which the students had access to were in the school, the technologies to allow bypassing of filtering or which might make filtering difficult were few and far between, plus generally only for techie types rather than users in general.  Back then it was simple; Your internet filtering kept students from harmful content plus allowed you to monitor what students were doing online so you could tick the compliance box in relation to online safety.

The world isnt as simple anymore.

Although you still have your filtering in place you cannot consider this enough anymore.    Firstly students now are likely to have a mobile phone with data connectivity;   The filtering of internet access on your school network is of little use here whether students are using their connectivity for themselves or even sharing it as a wi-fi hotspot for their friends.  And in some schools students will even be bringing their own devices to school to actively use in lessons.

Tools for maintaining user privacy have also changed significantly.  15 years ago, in the secondary school I taught in, students would attempt to bypass filtering using web proxies.  These were easy to identify and therefore easy to then block.   Students used these as it was easy for them to use, simply requiring only the web address of the proxy.    Today students have access to all manner of tools from VPNs, which are now advertised on TV in relation to personal data security, to the ability to setup a dark web site with only one or two clicks.    Some services even market the fact they don’t keep logs.   Disposable email and social media accounts can easily be created as and when needed, or maybe even spin up a virtual PC in the cloud, use it then destroy in when done, taking with it any evidence of what it was used for.    The tools schools have to keep students within a safe internet bubble havent changed much, but the user-friendly tools which students have access to in order to bypass any restrictions have grown significantly.

Next the increasing need for privacy and security online is moving all sites and services towards systems which are less easy to monitor.   First it was almost all sites moving from HTTP to HTTPS.   The next step seems to be a move to DNS over HTTPS.   Given DNS requests are a key feature of filtering solutions, the encryption of these requests will render filtering solutions unable to see which sites students are actually visiting.    A solution here is SSL decryption which would allow filtering solutions to decrypt and then re-encrypt DNS requests as well as data however this in itself has its implications;   Is it acceptable to break a fundamental security measure built into sites in the interests of safeguarding?     By breaking the fundamental security of website traffic could we put student data at risk as it traverses our filtering solutions, and if so, is this risk acceptable?    And, is all of this effort worth it if students can simply hop onto their 4G/5G signal and bypass all of these precautions at will?

For me, what was very much a simple compliance measure in the need for a filtering solution has now changed significantly.    We need to therefore stop looking at this issue in terms of simply having filtering/monitoring in place and consider it from a broader risk point of view.   What are the benefits of how we use technology in our school?   What are the risks?   How do we reduce/mitigate these risks?  Do any of our mitigation measures limit potential positive uses of technology and is this acceptable? 

For me it is all about a balance between an open network allowing students to explore the breadth of potential positive uses of technology, along with the corresponding risk, versus a closed environment where technology usage is limited in the name of safety but equally this limits potential beneficial uses of technology.     Each school needs to identify where it stands on this continuum, what it supports in terms of technology use and what mitigation measures will be put in place.   This then needs to be regularly reviewed in relation to new technologies and also new or changing uses of technology within school.

Safeguarding in relation to technology use is no longer simple;  It is no longer a simple compliance tick box, or simple internet filtering box but instead a larger conversation around the benefits and risks of technology use in school, by staff and by students.

Remote Learning TweetMeet

Last nights Microsoft TweetMeet focussed on Remote Learning.   It was certainly a busy session with my tweetdeck updating faster than I could think; it was a blur of activity.   Overall it was an excellent session and probably the best TweetMeet I have been involved in so far.   I therefore thought it might be useful to summarise the key messages I took away from the event:

  • We are all human

I think this is very important; to recognise that we, teachers, our students, their parents/guardians and the wider school community are all human.  This is a difficult time; unlike anything we have experienced before and for many the unfamiliar circumstances we find ourselves in can be very scary.  Add to that concerns relating to the health and wellbeing of loved ones, of family and of friends plus for some the actual loss of people close to them and we find ourselves significantly outside our comfort zones.  We need to recognise and accept this, and to ensure we consider it when interacting with others.   We need to ensure we provide space and time for these concerns to be shared and discussed and we need to support each other.   High expectations are great but may need to be considered carefully in the current context we find ourselves in.   As we seek to use remote learning to continue children’s education we must maintain our focus that the most important thing in times like this isn’t the curriculum, assessment, EdTech, etc, but is in fact our teachers, students, their parents, families, and the wider school community;  What matters most is people.

  • We are better together

Related to the above is the fact that as humans we are social animals.   We are designed to be at our best when working with others and in this time of isolation this is no different.  For me the TweeetMeet was a perfect example of this.  There were lots of people involved in the session each individually doing excellent things in relation to remote Learning but by coming together and sharing, discussing and exploring things together we are all the better.    At this time of isolation we need to ensure we build the opportunities to collaborate and to share experiences.   Where individually we identify things that work or don’t work, we should seek to share this.    It may be that ideas shared by others won’t work in your particular context, but by at least considering such ideas you will have gained some insight;  Think Edison and 1000 lightbulbs.    The more we share the better.   My favourite phrase in relation to this being “the smartest person in the room is the room”.   And thankfully we live in a time where we largely have the technology available to achieve this through blogs, vlogs, podcasts, video conferencing, webinars, etc.  The world is a pretty big room!

  • Technology is here to stay

For all the discussion about whether EdTech makes a difference or not, whether we should embrace technology in schools or ban it, we often miss an important fact.   Technology is here, and it is here to stay.   Social media, on-demand TV, sat nav, video conferencing, artificial intelligence, user tracking and many other technologies all exist now and they aren’t going to disappear, in fact they are likely only to continue to evolve and to take an ever greater place in our lives.   Given this world how can education avoid technology;  I don’t believe it can.    Technology provides us many tools which can allow us to do new and exciting things and we need to seek to use it.  Just think where we would be in this current crisis without technology.  How would learning work without it?    So, if technology can act as an enabler of learning in a sudden crisis like the one we find ourselves in now imagine what we might be able to achieve with a bit of time, planning and people working together.  This is what we need to consider in relation to life beyond Covid19.

  • The Digital divides will be our biggest challenge

I have written about this already and you can read my post here.   Our biggest challenge is likely to be the lack of parity which exists in relation to technology.   It isn’t just about access to devices such as laptops or tablets for use by students at home, or access to the internet at home.  We also need to consider the many other divides.   Parents at home may have differing abilities to support their children in using technology at home plus students themselves will have differing abilities.  Schools will have different amounts of IT support available to help out staff, students and parents with issues and problems.   Additionally, schools will have different amounts of professional learning and training resources again for use by staff, students and parents.    There will be different levels of IT equipment in schools with some schools having 1:1 devices while others might be limited to a single IT lab or less.   Experience with the pedagogical aspects of using technology to support learning will also differ across schools or even within schools across departments.  Confidence levels and motivation to experiment, plus the school culture with regards technology is another factor which is inconsistent.    If we are to achieve equal opportunities for all students in relation to the opportunities to use technology in learning, these and many other divides will need to be considered.

  • Safeguarding

The final point that stuck out for me from the TweetMeet related to safeguarding and the need to keep students and staff safe during this period of remote learning.    This is an issue which in my view is very complex and is for individual schools to reach a decision in relation to their own context.   That said I have a particular view on this and in particular on the use of video to allow students and teachers to interact.  I am aware some schools have disabled the ability for video calls to be used citing safeguarding concerns, with the view that by turning off video within the schools technology solution they are protecting their students.   If we accept that we are human and we are social animals, then students will seek personal contact independent of our actions, so by disabling video we force students to use other non-school platforms to achieve the personal contact they seek.   I believe this represents a risk.    I also think we need to consider the fact that learning is a social experience so the more social we make remote learning the more successful the learning will be.   Removing the use of video complete with the various visual cues it presents reduces the impact of learning.  I will acknowledge that there is a clear safeguarding risk where video is enabled, however life is never without risk.   For me, it is about engaging parents, students and staff about managing the risk as much as is reasonably possible while still enabling the best learning opportunities possible.

When I started writing this piece my plan was a short summary of the TweetMeet session;  Failed on that one as this isn’t exactly short.   I also must admit this post also only covers the highlights of the session as I saw it and most likely missed loads of other excellent points or discussion threads.   That said, and in acknowledging point 2, I thought I would share.  I hope the above is helpful and look forward to reading any thoughts or comments people may have.

 

EdTech Summit, Brighton

I had the opportunity to present at the Brighton ISC Digital EdTech summit during the week.  My talk, “Common Sense Safeguarding” focussed on the need for schools to take a broad and more risk based view of online safety as opposed to the previous more compliance driven approach.    Given the number and range of technologies students have access to and also the tools available to bypass protective measures put in place by a school, or even the ability to negate them totally through using 4G, online safety is no longer as simple as it once was.    This therefore needs a broader view to be taken.

In addition, I identified that in our dealing with Online Safety we are not yet effectively addressing the issues which are growing with our increasing use of digital resources and services.    Cyber security, big data, profiling, artificial intelligence and bias, ethics of IT systems and similar broad topics don’t yet have a key place in the general curriculum albeit opportunities exist across different subjects.    We need to ensure these issues are discussed with all students.   It was to that end that I proposed a cross school discussion group focussed on Digital Citizenship.

Overall my view is one that we need to be more aware of the limitation of preventative measures such as web filtering plus need to focus more on user awareness and having discussions with students regarding the wider implications of staying safe and being successful in a digital world.

If you are interested in being part of a group of schools discussing Digital Citizenship please fill out this Microsoft Form and to access my slides from the EdTech Summit please click here.

Digital Citizenship Questions

I think it is so important that schools ensure that discussions in relation to living in the digital world are encouraged throughout the school.   It is only through discussing the positives and negatives of the increasing digital lives we live that we can prepare our students for the world they live in and the world yet to come.

To that end I recently started creating some slides with questions to be used as a stimulus in discussing digital citizenship.

Here is my first set of slides:  Some digital citizenship questions.  I do hope you find them useful and please do let me know your thoughts and any suggestions as to how I can build on or improve them.

 

Safeguarding: A need for a broader focus

Cyber security has very much adopted a “not if, but when” mentality to signify the need for a risk management approach in relation to cyber security risks as opposed to the older compliance driven approach.    It is my belief that we also need to take a similar approach when it comes to online safeguarding of students.

There was a time when having internet filtering on school computers and an acceptable usage policy was enough to check the safeguarding compliance boxes and be satisfied that a schools had sufficiently met its safeguarding needs.   I remember these days when I would check the schools net history on a weekly basis to adjust the filtering and restrict student access to game sites in particular.

Today we find students have phones and other mobile devices which they bring to school, some due to a school BYOD policy and some due simply to the fact that having a smart phone is now part of normal everyday life.   These devices all come complete with internet access, including access to social media.   Where a school might employ monitoring technologies students can make use of proxy servers, VPNs or an onion browser among other methods to attempt to bypass such technologies.   I recently came across a site which would allow anonymous hosting via the Tor network with little to no technical knowledge required.   Student might even simply revert to 4G or even 5G to totally circumvent the schools network and any precautions which may the school may have put in place.     In the near future, DNS over HTTPS may become the norm which would further make it difficult to block and filter.

In this world we need to accept that no matter what technical measures a school puts in place, students will be able to find a way around such measures.    The resultant cat and mouse game between staff and students, with students finding work arounds and then staff seeking to negate them serves no-one, only consuming time and energy on both sides.   It is also unlikely to be successful, so we need to accept that in attempting to safeguard students, preventing their access to certain sites and services is likely to be ineffective.   Given this the safeguarding focus needs to significantly shift towards awareness and education.      We need to seriously look at the discussions in relation to safeguarding which are happening in schools.   The opportunities already exist in various subject areas to discuss the implications of big data, cyber security, artificial intelligence, fake news and data profiling to name but a few.    We need to ensure that such opportunities are taken and that all schools are confident that they have addressed safeguarding and that thorough discussion with students has taken place.   The current political campaigning for example represents a great opportunity to discuss how social media may both report the news but also shape and create it, even influencing peoples decision making.

Online safeguarding used to be a more simplistic compliance exercise, and to some extent these requirements still exist (and the safeguarding guidance certainly still points towards this approach), however we need to take a more holistic view and broader focus.   Simply filtering or monitoring specific keywords or categories or banning devices is not enough.