Category: IT

Does anyone understand the T&C’s?

The Children’s Commissioner for England has released a report which identifies the fact that most students don’t understand the terms and conditions of the internet services they sign up for and use but this is just the tip of the iceberg.

The report as referenced in an article published by ITV identifies that students find terms and conditions of social media sites “impenetrable”.     Having myself looked at some site terms and conditions I find this far from surprising.   The terms and conditions are largely written from a legal perspective to cover the provider against litigation and therefore tend to be quite long in length, quite complex in language and also written for those with a legal background or approaching from a legal perspective as opposed to a lay person never mind a child.   The terms and conditions are written for their perceived user, being a lawyer hoping to sue or seek damages or a lawyer defending against such a suit.     They are not designed to be informative to the end user of the service in relation to informing them as to their rights and responsibilities, unless the end user has hired a lawyer and is pursuing a suit.

An article on the ISC website written by Caroline Dunn, a deputy head teacher, hits the nail on the head in stating that adults “do not necessarily have a greater understanding of emerging technologies” than the children referenced in the commissioner’s report.   The Children’s commissioner had focused on the fact that terms and conditions were not written with children in mind, yet children were using the services to which these terms relate.  For me, and for Mrs Dunn, the focus was too narrow as in reality the majority of adults are no better able to understand these terms and conditions.  If we consider that adults model behaviour which students will follow, it is concerning that adults often accept terms without reading them, plus also are unable to understand them even should they choose to read them.    I must include myself in the above.

The issue being discussed here is not related to the education of children to use the internet safely.     I do however acknowledge that for children this is even more important in relation to safeguarding.  It is regarding the need for any user, adult or child, to understand their rights and responsibilities with regards using a service.   Clearly the terms do not meet this need as they are aimed at those of a legal background.   The BBC reported on a government select committee back in 2014 identifying that terms where often too long and complex however the report from the Children’s commissioner seems to suggest that little or no progress has been made since then.    I believe this is due to the fact that services will always need to have some legal protection, in the form of terms and conditions, to protect them where someone seeks legal recourse against a service.

It also worries me the focus on a perceived issue in relation to children when in fact that issue is bigger in scale.   The issue includes adults as well who are no better at understanding a services terms.    We see a similar tendency in relation to online privacy and safety, with a focus on the dangers to children when in fact the issue is much bigger and impacts on adults as well.   It could be that the danger to children is perceived as larger hence the focus on children, however equally it could just be sensational reporting.    Also how can we address the dangers associated with internet use by children, if the adults, their parents, who are the ones present at home when children do the majority of their internet surfing don’t truly understand the technology or the terms and conditions.

In relation to the terms and conditions issue I wonder whether the answer is as simple as a rights and responsibilities statement for each service in addition to their legal terms and conditions.   This would be written in understandable language, accessible to the average person including children.   In relation to the wider issues with regards understanding the implications of using a particular service I don’t have an answer, as clearly there is a requirement either to change the internet, good luck with that, or to educate or train internet and service users in general, which is ambitious to say the least.    We continue to learn the good and bad of the internet through using it!

 

Sources:

Social Media told to simplify terms and conditions (Nov 2014), http://www.bbc.co.uk/news/technology-30234789

Children ‘left to fend for themselves’ against bullying and grooming online (Jan 2017),  http://www.itv.com/news/2017-01-05/children-left-to-fend-for-themselves-against-bullying-and-grooming-online/

The internet is not designed for children… or adults! (Jan 2017),  https://www.isc.co.uk/media-enquiries/isc-blogs/the-internet-is-not-designed-for-children-or-adults/

 

Coding and ethics.

I have considered the ethics associated with the use of IT systems in the past.  In a previous series of events in the UAE one of the discussion sections focused on Google and how they use data to help refine and personalize their service.   On one hand this seems like a good thing, however Googles motivation is not altogether altruistic.   Google like most companies are out to make a profit for their shareholders and it is the data that they gather on individuals which allows them to do this.   They use the data gathered on you to allow them to target advertising.   This advertising in turn is paid for by other companies leading to Googles profit.    So one viewpoint may be that Google gather data on you, with your permission, to provide you with a personalized service; this sounds reasonably ethical.    Another viewpoint, however, might be that Google gather data on you, where most people neither understand or appreciate the type and volume of data, for the purpose of selling advertising and making a profit; this doesn’t sound quite so ethical.   When I discussed this with teachers, I did so just to suggest they consider the services being provided and the implications, and that they discuss them with students.

Consider Facebook, I would suggest that new parents starting using Facebook some years ago failed to fully understand the implications of posting every milestone of the children to the world.      Recent articles from the BBC and The Guardian seem to confirm this.

An article shared by a colleague got me to take a different perspective on things.    Considering the Facebook issue my initial thinking had put the error on the end users.   These end users had started using the site without understanding the long term implications.    Looking at google, my discussion with teachers focused on the teacher and their students considering the implications as end users.    But what if the blame, if blame might exist, falls somewhere else?

In an article in The Business Insider it is suggested that programmers need to receive ethical training.   It is the programmers which make the sites and services and define the specific functionality and operation.      If programmers at Facebook had considered the ethics of posting and sharing of an individuals life maybe the security and privacy options would have been more mature at the outset or maybe some warnings may have been displayed in relation to posting photos of your children.

Maybe a better illustration of the issue can be found looking at autonomous cars, which as we know, Google and a number of other companies are working on developing.     Lets assume an autonomous car gets into an accident resulting in damage to someone else’s vehicle and to injury.   Who is at fault?      Would it be the owner of the vehicle who may not even have been in the vehicle?   Would it be the passenger in the vehicle despite the fact they aren’t driving; it is an autonomous car.    Would it be the manufacturer of the car?     Or might it be the programmer who wrote the subsystem which failed to avoid the crash?

In future I will be more aware of the limits of a one sided viewpoint focused on the users as the decision makers; either using the service appropriately, ethically and morally or not.   The fact that a system could be used in an inappropriate or unethical way may indicate a failure of the programmers to appreciate the implications of their code, either now or in the future, or worse that the capability was programmed in, in the first place.

I also wonder about, whether with all the focus on coding in our schools, we also need to spend at least some time discussing the ethical issues surrounding programming.

Sat Nav: Simply a tool or an extension of our being?

I should know better after reading The Glass Cage (N.Carr, 2014) however it would appear that I have learnt little. The other morning took me to Bristol for a seminar. I had been to Bristol before so roughly knew the way there although did not know the area around where I was going plus didn’t know where I was going to park. That said I still managed to get to my destination albeit a little late due to traffic. The outward journey was not the one which caused me issue, this was the inward journey.
Having returned to my car after the seminar I dutifully turned on my Sat Nav and set the destination as the school following the turn by turn directions of the soothing voice emanating from the little black device sat on the passenger seat (note to self: I really should get a proper mounting bracket for the Sat Nav).   After a good 20 minutes I came notice that the return route was steeply uphill and that the road was not generally wide enough for two vehicles to pass. This was certainly not the same route I had gone to Bristol on. I became a little worried at this point yet as I crossed more major roads I still ceded to the Sat Nav voice and continued following its direction as opposed to following sign posts that pointed in other directions.
I realized I had become a passenger in own car even although I was the one doing the steering. The outcome was the same, in that I reached my destination, however the tool, my Sat Nav, had changed both the process and the experience. I did not experience the drive home as the driver of my car, in the same way as I did the outward journey, taking in my surroundings, the road layouts, the signs and the millstones or other location markers. I experienced it as a passenger. I followed instructions from the little voice from the seat beside me. I relinquished responsibility and control to the technology.
The question is, was the purpose of my journey just to get to a given location or was the journey itself important?
This is a question we need to constantly ask in relation to technology use. How does the technology change the process, the experience and even us as users? As Nicholas Carr puts it in The Glass Cage, we suffer from a substitution bias in that we just belief Sat Nav for example is just a substitution for a paper map however this is not the case. If I had have been navigating via a map I would have never have relinquished responsibility to a piece of paper not matter how nice it looked. I wouldn’t have anyone to blame but myself so I would be motivated to avoid a recurrence through greater preparation or a test run to my destination, as opposed to being able to distance myself from fault by locating blame within a small black box. I would also have learned from the experience in terms of my ability to navigate the route in future, something that has certainly not happened during my return leg from Bristol.
As I reflect I realize that maybe my description of technology as a “tool” for teachers to use may under present the impact of technology or even of tools. Again, as Mr Carr describes, a tool is an extension of ourselves as human beings and in being an extension it changes us as individuals, the processes and tasks we undertake and our experience of these activities. Maybe this is a subject which all educators should consider and maybe even something we should discuss with our students.

eMail, not another email!!

We all love to use email as it allows for such easy communication.   I can communicate information to everyone in the school, or to a specific department or to an individual staff member at the touch of the Send button.   I can have a discussion with another member of staff without having to seek them out across campus and allowing for their timetable.   I can get a thought or question which arises in my mind down and fire it off for comment and the thoughts of others independent of time and the availability of the people I invite to comment.

Isnt email wonderful?

Email is convenient but with convenience comes a problem.   It is easy to send an email and consider the information communicated however it would be fairer to consider the information as just “sent”.    I tracked a recent global i sent including a newsletter to see how many people clicked the link within the email.   It turned out that only around 10% of people to which the email was sent actually went on to follow the link.    On a similar but more important email this number increased to around 20% however that still represents a minority response.

It is also convenient to send emails at all times including weekends and evenings however does this come with the expectation that the person will read and action at midnight on a Friday?    Would we pick up the phone in the absence of email at midnight on a Friday to convey the same information?

Convenience also steps in with regards who we send our emails to.   We wouldn’t stand up and announce some information at school briefing or via the PA system however due to the convenience of distribution groups we feel it is acceptable to send via email to everyone.   We also adopt a just in case mentality so rather than sending to the department and a couple of other users we might send to the whole school as it may be useful to everyone.

Email is also a one way communication system however it is often treated as two way in the same way as a phone call.   The difference is that in a phone call you can stop someone mid way and ask for clarification.   You can question what a person means.   In an email the person reading the email has to interpret the content with no additional guidance from the sender.  Even if they send an email back to ask for clarification the originator of the message has to interpret the clarification request.   As such email chains are so very open to misunderstanding and in some occasions to fiery exchanges.   I have noted a number of instances in email table tennis during my career and am ashamed to admit that I have on a small number of occasions been party to the exchanges.

Email like most technologies has its advantages however we live in a world of balance and therefore there are also some drawbacks.  Users need to be aware of these drawbacks and conscious of their use of the technology and its implications.

My main tips for email would be:

  • Consider is email correct:  Consider what you want to communicate and if there will be any need for discussion.  If discussion is needed then maybe its time to pick up the phone or arrange a meeting.
  • Consider email info as sent but not communicated:   Realize that not every email is actually read and therefore if the info is critical some sort of checking or follow up will be required.
  • Use delayed send:   In outlook you can set when you want an email to be sent at some point in the future so you can write your email now or at midnight however schedule it to send on Monday morning at a more reasonable hour.
  • Consider who you need to send to:  Avoid using the whole school global distribution group unless it is an emergency.   Try to send to the smallest group possible rather than using the scatter gun approach, and create your own groups in Outlook in order to help you manage this.

I don’t see email going anywhere however we need to manage its use better.   To do this it is about every individual thinking more about the cost of their convenience.

 

 

 

IT Security in schools

Have been considering IT security within schools recently and in particular password security.   Schools have a number of different systems each requiring users to have login credentials in order to access them.    This includes the schools Management Information System (MIS), computer login or Active Directory credentials, Parents evening booking systems and a multitude of other possible systems.

The ideal setup has always been to have an integrated environment  meaning that login credentials were synchronized across different services.   This would mean that users only have a single password which they need to remember, which would therefore allow for users to be encouraged to use a more complex and secure password.   A systems Admin could even set policy to require a certain level of password complexity.      I am no longer as convinced as to the merits of this approach.

As we look to make use of more systems within schools we engage more companies as the providers of the services we need.    Each new service increases our digital footprint in terms of the risk to which we are exposed.   We may have a reasonably high level of confidence as to Microsoft or Googles security, however can we say we have the same level of confidence with regards the provider of our SMS system, room booking system and school app?      Just consider the number of services impacted upon by Heartbleed.    If we have lesser confidence in the security of these service providers,  we are accepting they are of a higher risk yet we are entrusting them with the synchronized user credentials for all services.    Should these services become compromised then Microsofts, Googles and all other services, no matter how good their security is, are also compromised as the hackers have the appropriate login credentials.    An integrated environment is therefore not as secure as we believe.

I do not have an answer for the above issue however the approach I am currently examining is the use of password managers such as LastPass and 1Password.   They allow the user to have a single master password however this then manages a whole set of passwords which are different for each service being used.    Should a less secure service become compromised this would not impact on other services.   There is still the risk of the master password becoming compromised however you would hope that the service providers providing password managers are significantly more focused and capable on security than the provider of a schools library or similar systems.  This leaves the users selection of their password and it I think that’s an important point to finish on.

Ultimately the weakest link in the security chain is that of the users themselves.    The above may help in addressing security however the most important issue in IT security is and continues to be educating users to be aware and vigilant plus and to select passwords which are suitably secure.