Article

Be careful what your students leave behind

isuue_53p18Be careful what your students leave behind
How anonymous are your students when they go online? How private is their activity and the information it generates? Can you ensure their personal data is free from unwanted surveillance? David Kinane explores the challenges of privacy.

As teachers, we have long been aware of the need to ensure that our students are kept safe online. With the growth in importance of Digital Citizenship, the single strand notion of cybersafety has matured into a whole-child approach whose aim is to ensure that our students become competent and confident life-long citizens of the digital realm. Digital Citizenship’s focus is very outward facing and the differing strands all combine to create a 360-degree shield of best practice, ranging from digital health and wellness to being safe online.

But is there a Trojan horse inside this protective shield? Are we missing – or even ignoring – a threat that’s hiding within seemingly harmless learning practices that are not just accepted but actively promoted.

The phone hacking scandal that the News International Corp in the UK has mired itself in over the last few years is one of many instances where it has become apparent that our privacy online is not very private – or what we hope is private is not difficult to reveal.

Responsibilities to students
Then there has been the ongoing flood of revelations at WikiLeaks and, in particular, the revelations made by Edward Snowden, the low-level US Government security contractor, that the NSA’s PRISM surveillance programme is a overt global eavesdropping operation. These revelations, amongst others, should make us as educators stop and think about our students’ rights to privacy and our responsibilities to them to ensure that they get it, within the Digital Citizenship framework.

Is what we’re assured as being anonymous that’s being collected about us by just about everyone – everything from sign-up data to communications to our online habits – actually unidentifiable? Or can it be easily reverse engineered and tabulated to the initial sign-up information we willingly surrender on our students’ behalf?

Since the tragic events of 9/11 the free love egalitarian ethos of the internet has been rapidly eroded into something more corporate, more governed and much more highly monitored. The perpetual war on terror orchestrated by the few has ensured that, for everyone, travel is hugely more inconvenient, for example, and the ‘free’ internet of the information age comes at a price: there is no such thing as privacy online.

As long as we understand privacy online is a myth and acknowledge the repercussions of this, then all is good. However, in our role as educators have we really thought about what that means for the way we use the plethora of free tools and services available to us via the internet to teach? What safeguards have we put in place to ensure that our students are not trading away their own privacy too early through our own lack of understanding?

The price for using the internet
In its bid to secure a free trade deal with the US, our own Government has made many concessions to American corporations. The copyright laws passed here and the powers of ISPs to shut down miscreants have no equal in any other jurisdiction globally. The recent fingerprint database sharing accord is touted as a bi-partisan agreement between two nations but it’s clear that the information sharing bias is very much in the US’s favour. Lastly, we’re part of the Five Ears Programme an eavesdropping information sharing programme that monitors and passes on intelligence and ‘red flagged’ conversations to all partners in the deal. For many of us, we take the view that with nothing to hide there’s nothing to worry about and passively accept that being monitored is part of the price for use of the internet. As educators, however, I think that this complacent approach must not be applied to the services we sign up our students to. We need to be more assertive in how we intend to use and manage these tools on their behalf.

Can all the above be written off as the paranoid views of a cynic? Moreover, perhaps the complacency paradigm can be invoked that there’s no correlation between the actions of students using tools for learning and the data monitoring activities of governments!

Nevertheless, monitoring is ubiquitous. Therefore if our students have an online presence, it is being noted and monitored somewhere. The saying goes that ‘knowledge is power’ and the internet is all about information and knowledge. Corporations have worked hard to gather information from all of us through the services they offer and now are working out how to piece that information together for commercial gain. Google’s mission statement was, after all, to ‘catalogue all human knowledge’.

Let’s face it, do we ever read the ‘Terms and Conditions’ for all the tools, services and products that we sign up to on the internet? The answer is an emphatic ‘no’. We just want the free stuff … and now. Indeed, the font style and the use of capital letters of the agreements are a deliberate choice, designed to encourage us not to read the terms and conditions; they’re hard on the eye.

Terms and conditions
In a newly released video, ‘Terms and Conditions May Apply’ (fizurl.com/terms), the filmmakers suggest that if we were to read the terms and conditions we sign up to and have to re-sign to every time there’s an update, it would take each of us a full week, every year. More worryingly, in the film they portray how the terms and conditions of the likes of Facebook, Google, Apple, Amazon, Instagram, Twitter, etc., have all subtly changed over time, especially in the aftermath of the Patriot Act.

One of the key clauses that we have all signed up to in the user agreements says that we acknowledge that the service we are signing up to has the right to ‘prevent’ actions. In other words, they’re actively monitoring all that we do.

Nothing to hide, nothing to worry about, eh?

Surveillance is an expensive, time-consuming job for governments and the Patriot Act has outsourced surveillance to the large US corporations that we have all signed up to. The film portrays many incidents of innocuous statements on Twitter, Facebook, and so on, receiving over-the-top reactions from law enforcement officers based on the red flag algorithms of the monitoring programs used by the differing internet corporations. The red flags, of course, will have long-term repercussions; they do not get deleted. When amalgamated with other data, the red flags could have the function of predicting future statements of intent – are we looking at the first steps in the pre-crime predictions of Minority Report? From a student’s perspective, this might mean that minor indiscretions, inappropriate search terms, poor choice of words or even inaccurate interpretation of vernacular will be on their permanent internet record (if they can be personally identified).

Create a safe environment
The questions for us to all consider: how can we enable our students to become good digital citizens? How can we create an environment that enables them to make mistakes, to learn from those mistakes, in a safe environment, but not expose them to potential ‘red flag’ interference? We want to ensure that under our watch our students are not inadvertently over sharing information that they cannot shake off. When most of us sign up for these free services we want to use on the internet, we’re assiduously honest, filling out every field in the form accurately. We then ask: how does the company make any money from giving away free stuff?

The truth is, the information we have surrendered is the gold they’re after. Your information is used to market to you, to monitor your browsing habits, to correlate behaviours, and place appropriate adverts in front of you. Oh, and sell on your data to other organisations.

Google, in particular, wants to know who we are individually and is working hard for us to all sign up with a single log on – for our ease of use, naturally – it has our best interests at heart, after all. So, next time you sign up your students to services online, think about what information you’re willingly giving away on their behalf and consider whether you have the right to do so.

Preserving our students’ anonymity
I would encourage you all to protect the privacy of your students for as long as you can with your in-school online naming policies in place – no names, identifying photos, and so on. But crucially, I would also encourage everyone to use anonymous email addresses and account names for your students, so that you all know internally who ‘2014std001@myschool.school.nz’ is but the internet does not. Educational gaming service Tutpup (tutpup.com) got it right first time; students sign up with usernames like ‘greensnake3’.

Preserving our students’ anonymity for as long as possible online, whilst using all that’s good about the internet for e-learning, should be our mission statement as educators. We must not let the Trojan horse of the internet corporations’ insatiable desire to categorise, predict, market and monitor our students too early and, in so doing, provide a more pernicious back door surveillance opportunity to the paranoia of the Patriot Act.

David Kinane is a specialist ICT Education Consultant and writes for INTERFACE Magazine.

© INTERFACE February 2014

Comments;
David Kinane   Posted: 15/02/2014 5:53 PM
Just want to correct a mistake I made. The information sharing partnership is not called the Five Ears programme but the Five Eyes. You can read more about it here https://www.privacyinternational.org/blog/the-five-eyes-fact-sheet
Stu McGregor   Posted: 14/02/2014 5:06 PM
Well written David—though those who don’t want to hear will still shrug their shoulders and call us “the tin foil hat brigade”. One comment about the anonymous email address though. I think it really becomes irrelevant when within kid’s documents they are likely to use their full name (and address) at some point. it would only take a quick algorithm to work out that greensnake3 is actually Timmy Crawford from Mt Albert since out of his documents he has signed 70% with Timmy. It’s also been combined with Crawford 20% of the time, and he constantly talks about climbing Mt Albert with his brother Jake. Jake is on Facebook and while Jimmy doesn’t have a Facebook account, he has posted photos of climbing Mt Albert with his brother Jimmy. Match that info with Crawfords in your database and cross reference that with email information from IP addresses and WiFi databases (remember how google collected all that WiFi hotspot info from street view driving?), and bingo you’ve found them. To make it even easier our school kids are also geofenced inside a school domain so that significantly reduces the pool of data to analyse. BUT, I think the point of being aware of this is not to stop people using the tools, but to simply limit what stuff they’re prepared to put online. In my view I think we have been way to hasty and paid little attention to the “Flags” that will carry with us into the future. Being lackadaisical about THAT stuff as an ICT leader is approaching unethical behaviour. Again, great article!

Categories: Article, David Kinane, Issue 53