Category Archives: web 2.0

Do we *REALLY* know how much is spent on IT?

A tweet was posted by @MSETCHELL yesterday (mattianuk on EduGeek) about being asked to work out the cost of the entire network.

This didn’t strike me as a strange request to be honest. It just seemed to be a standard pain-in-the-backside, paper-generating, unread-report-producing exercise … probably needed because of some arcane bid proposal which schools sometimes get involved in to try to squeeze money out of any available pot or group. It is worth saying the businesses do the same thing when applying for EU funds, regeneration funding, moving locations, etc … so it happens all over the place.

I replied that

I thought that would be fairly easy to generate? Have asset library with original costs, calculate depreciation, etc

But Matt said he had a full inventory but not purchase costs.

It struck me about this being another example of where silos exist in schools, this time between departments of support / admin staff rather than between curriculum departments.

It also made me wonder what do people record in their asset library? How do them maintain it? Who is the ultimate owner?

At Learning Possibilities, we work based on ISO27001 : 2013 (part of our standard of working for a variety of contracts, as well as best practice) and knowing your assets is vital, whether they are physical, intangible or information assets. Whilst the standard is over the top for most schools it does clearly align with standards such as the Framework for ICT Technical Support (A school friendly Service Management IT Management regime based on ITIL v2 and v3, with elements of other good practices from areas such as PRINCE2 and LEAN).

An asset library should not just be about the make, model, serial number and location of a physical piece of kit; it should include other relevant information too. When you install a network in a school you spend a certain amount on cabling … this is also an asset that is often missed. Is the cabling infrastructure in your school suitable for the next 5 years? Are you expected to go Gig to the desktop? PoE?

I’ll be posting a thread on EduGeek to discuss this in more detail about what could and should be recorded but I thought I would set out the basic principles here.

  1. All assets have an initial value (on purchase), a replacement value (how it would cost to replace it based on whether you do like for like replacement or old for new) and a depreciated value (how much they are worth now with their value going down due to an agreed method … and there are a variety of methods).
  2. All assets have a set period of useful life. This might be set out when you purchase the device and be based on a variety of factors. Usually these will be the warranty and support periods for the product, how frequently it receives updates, an estimate on how long you think the functionality will fit your needs and so on.
  3. All assets should be associated with a purchase order, when a direct purchase was made.
  4. All assets should have an ‘owner’. This is the person who is responsible for them to the institute and not necessarily the person who manages them on a day to day basis. An example would be the MIS hold information about timetabling, personnel, students, etc but the SIRO is ultimately responsible. In the same way the iMacs being used in Music are ‘owned’ by the Network Manager, not the Head of Music.
  5. Assets have to be written off at some point in their life. This can only be done by an authorised member of staff.

There are probably more I could add, but this is a starting point for most people.

Some of the above information might be able to be held in the software you use for asset management. Some might already be held in other systems, such as the finance systems.

It will be up to each school whether there is any replication / duplication of the information held … and who updates the relevant asset libraries too.

From the above this should be enough so that the Head and BM can easily see what the value of the network is (in financial terms) and what the total direction is over a period of time, see what is about to be at end of supported life and what they need to replace like for like (in general terms).

Not only does this allow for SLT to plan, it helps them decide on whether maintaining a status quo with regards to IT is affordable or whether changes need to be considered on financial grounds. Changes on curriculum, or leadership grounds are a separate discussion, and that has a slightly different set of criteria and measurement.

There are plenty of ways you can check whether others you work with, as partners or suppliers, are following similar models … a basic tool for IT management. For us it is our work on ISO27001: 2013, but for others it could be ITIL v3 certification of staff, FITS certification,  ISO/EIC 20000 certification. At Learning Possibilities we ask it of some of our partners and are happily reassured.

Have a chat with your own school to see who manages what areas of assets, how the Facilities Management team monitor and write things off, how the Business Manager controls what is put down as needing covering for insurance? See what standards they look at when working with others?

 

Opening up your options…

In these days of strain budgets, restricted investment and and tough decisions we have a bit of a bidding war to get the attention of schools. With Google Apps for Education being heavily pushed through grass roots and national projects we now see some of the counter-blow from Microsoft.

It was interesting to see today the report on the Microsoft UK Schools Blog, about the announcement from Kirk Koenigsbauer – Microsoft Office Division, which looks at changes to the price plan and offerings with Office365. In the UK we tend to still view it as Live@Edu  as the changes to Office365 had not really hit us here. The price plans have been a concern to some schools in various countries, especially when they start comparing them to other offerings out there which come out as no licence / subscription cost. It appears that Microsoft have listened to this.

The previous price plan meant there a was some cost for staff and if you wanted the extra tools then there was a cost for staff and students. Now, the A2 plan is free. This gives you the email and calendars, online storage, online share point, online web apps, IM and presence … and with it you now get Lync for video conferencing. Yes, there are still other add-ons which will have a cost, such as integration with your PBX, voicemail and so on.

This now puts it back into real contention with schools and I can even see a variety of specialists now offering to help deliver this into schools in a similar manner you get certified teachers / trainers with Google. Add branding, integration with your school Directory Services, pre-designed SharePoint templates … all of which you can do yourself, of course … and it becomes an interesting prospect.

So, what could be the downside. There are still questions about integration with your AD, as there is a cost for FIM I believe, and from a DM I had on twitter I am not sure about where it fits with EES. For many schools these will be moot points, but it could be a swing factor for a small number.

Overall … a good thing, but be prepared for fans of both Office365 and Google Apps to swing into action with why their preferred solution is the best thing. The key is to look at the differences and see which is most important to you.

My issues with BYOD

Firstly, let me state that I am an advocate for BYOD and anything else which gets more technology into the hands of learners so that it can be used *where appropriate* and that will also include some work to help SLT, Teachers and learners understand when it can be appropriate. As part of that I love to see the blog posts, articles, videos from folk at Microsoft, Google, Apple, Learning Without Frontiers and many, many more.

My first issue is around the shiny tech syndrome … the same issue that cropped up with IWBs and many other fantastic tools. You hear (or experience) a school saying “School A is using technology X and has fantastic results and we sort of understand why so *we* have to use it to!” and yes, I know this is a bit of a generalisation but we can all understand how it happens, the hard work folk involved have to put in to make it work as a result and that by some more careful thought it can be the success we all know it should be. This applies to so many different things in schools (and other sectors) so it is not just a technology thing. Having to think and plan about something can be mundane and boring but it can be, for your school, the thing that makes the difference. It is worth saying that not all schools need to plan as much as others … some schools have a culture of adaptability and innovation … and so can pick things up that bit quicker … going from a trial to full implementation with far less work, less planning, more trust between people involved (an important factor) and get wonderful outcomes. When trying to think of something to equate it to I tend to think how would a school deal with having to teach every lesson in song. If you think your school could adapt and change, very little training, understand the benefits … then this could be a sign you could go to BYOD with little educational pain.

And this gets to my second issue. BYOD and consumerisation of IT is wonderful. It puts good kit and tools in the hands of people who will make good use of it. There are barriers to this and some are practical, some are educational, some are technical and some are legal. This is where those schools who spend more time planing might be better off.

Let us deal with legal in this post … and this will not be a comprehensive list, will not form any sort of legal advice and should not be considered as a reason to go for BYOD or not to go for BYOD … merely a pointer for starting conversations with the relevant professionals who you would normally go to for advice and instruction (hopefully that covers my backside!) … so please take it as such. There are lengthy eSafety Law in Education discussions which can be had around the use of technology, online tools, walled gardens, etc and these should be considered. I cannot find a comprehensive list of what this involves other than schools should apply with the laws with regarding safeguarding … but I know that it will cover (and not a full list) The Education Act 1996, H&S legislation, Safeguarding Vulnerable Groups Act 2006, Common Duty of Care … as well as other legislation in place to deal with bullying, physical and mental harm.

And then you get onto what some regard as the mundane aspects of legislation … and whilst we have mentioned H&S already we do have to come back to that when we consider the problems some schools used to have with trailing wires in the early 1:1 laptop schemes … not so much of a problem now with mobile / handheld devices but not everyone will be bringing in iPads / Android tablets … there will be laptops, netbooks, ultrabooks … and devices will also need some charging during the day as learners forget to bring them in fully charged or as the battery slowly burns out. This also steps into the practical aspect so we can leave it there for the moment. The next bit is about security. As much as we might not like the idea, we have a responsibility to ensure that all the data, the personal information, the work created by staff and learners, the services that are provided in the school, the machines we work on each day and the devices we connect on the network are safe, secure and there will be no loss or damage.

When any device connects to a system there are both legal requirements and usually terms and conditions for that connection. With your phone it is the contract you sign and the law of the land. You are not allowed to disrupt communications, misuse data, use communications maliciously, etc as points of law. You then also agree a contract to say you will follow the rules of who you connect to … which includes the above laws (and more) and also things like the amount of data you can download / upload, damaging the name of the firm, etc … and in schools the contract *has* to be signed by the parent as a minor, as has been pointed out to me a few times recently, holds no or minimal legal power. To some extent this is similar to school rules though … but this means that you *have* to consider the damage which could be done. You might not allow some children to connect devices to the school systems due to previous actions in the same way you might not allow some children to use sharp knives in DT lessons due to the previous damage they had caused (which, technically, would be criminal damage and that is something you can hold against some children as a criminal offence … but how many schools do prosecute!)

So, we have covered the idea of a contract and that there are legal requirements for a safe system. This includes protection of data loss / damage, viruses, use of the school systems to launch attacks against other networks. As much as we might want to think that these should just be covered by who ever does your tech support … the buck stops with the Head and Chair of Governors. When schools have lost data and had to sign Undertakings with the ICO it is the head and Chair of Governors who have to do it … and it is their neck on the line for the fine and even jail.

I recently asked a group of schools about what laws they have to follow to run a school network, what standards are out there for this and who would they go to for advice. Majority of SLT put the onus on their IT Support (either in house or contracted) and even those who accepted that they could not devolve the responsibility (it is only ever shared) they had to accept the limitations of what they could reasonably manage to cover themselves.

Personally I would love to see a legal review of what it takes to run tech, including BYOD, in schools. It is worth saying that none of the above should put anyone off … just show them the areas that need dealing with and I hope to cover a few more areas (technical / practical) in the next posts.

A summary then. No matter how much we all want to focus on the inspirational benefits that BYOD brings, we also have to fact a few realities that it is like any other change a school faces. It has to be done for a good reason, has to be planned and has to take into consideration legal boundaries, operational requirements and a lot of the other boring stuff. Educational benefit is not a magic want that will sort or over-ride the other stuff … just a really good reason for putting the effort in to sort it in the first place.

So, what would folk like to see next?

A breakdown of managed wireless?

Dealing with proxies?

Day to day operation in schools?

I am open to ideas and information … I don’t have the answers and I am always looking for others to share what they have done so far and the lessons they have learnt.

Google Teacher Academy UK 2012

“I would like to thank my wife, my parents, my teachers, the cat from 2 doors down who walks across the roof at 2 am in the morning, the excitable children who need to be spoken to when trying to lift their friends up by their ears … ”

Ok, so it is not really an acceptance speech and that is partly because I wasn’t successful in my application. It is more a thank you to everyone else who has applied and shared their ideas and passion.

For those who are not aware of what Google Teacher Academy is …. it follows on from the brilliant practices of Apple Teacher Institute / Apple Distinguished Educator, Microsoft Partners In Learning / Innovative Teachers Program, EduGeek Conferences, BOF sessions at trade shows … and is a chance to have an intense day of training on tools from Google, sharing it with some of the most exciting educators (not all of them teachers).

And watching yesterday and today’s twitter stream (especially the hash tag #gtauk) it was fun to see others being as excited about I am … if not more so! Watching the stream did raise another interest thing … I was now seeing another bunch of people to connect with, and since my application was based on collaboration, so it made sense to create a twitter list … because even if only a few of them made it through I would want to connect with all of them and keep a track of what they are doing. I do hope that Google release a list of all those who applied because it would be wonderful to connect with them all … and in the meanwhile I will continue to update my twitter list.

Below is my video … it is very tongue in cheek and yes, you can take a variety of technologies and put them in there as collaboration does not rely on a single technology from a single company and is it is more about a willingness to connect with others.

GTAUK application

And so we get back to my acceptance speech … thank you to those who applied and shared … you have been gems, stars, providers of treasure (and hours of laughter). I know a number of people were surprised that I, and many others, didn’t make it … but have you seen the calibre of those who did? All I can say is “WOW”!

I’m really looking forward to the twitter stream of those who are going … You just know it is going to be exciting and full of gems.

SharePoint Saturday UK

It is lovely to be around folk who see the benefit of spending a bit of their own time being part of something larger, and SharePoint Saturday is a perfect example of this.

For those who have never been to this sort of user event before it generally consists of a combination of noted speakers for the beginning and end of the event, with a number of sessions from respected peers sharing their knowledge and ideas with delegates. And Saturday was no exception … This is a short summary and I will try to give a longer post when slide decks are available.

Starting of with a session from the excellent Todd Klindt talking about why IT Pros and Developers need to learn from one another, and swap skills … but the important thing was to try stepping out of your comfort zone. As an IT Pro he has a a fantastic podcast (which actually covers a good amount of his keynote) so I would heartily recommend you have a listen.

There were many streams I could have gone to, but I opted some more familiar things (in spite of what Todd suggested). As a Business User (my predominant role around SharePoint now) I am always interested in ways to encourage adoption. Kanwal Khipple gave a grounded session on how to drive up adoption of your SharePoint platform, ranging from ensuring project sponsors do more than just sign off the money through to using Sharepoint Heroes to be your evangelists on the ground.

Next was a visit to Alex Pearce‘s session about how to introduce Power Users to SharePoint. A whislte-stop tour around making the most of a SharePoint site around a particular function (in this case around managing invoices) it showed using creating lists, views, the importance of data in content types, using lists to fill in documents … and the best bit was making use of QuickParts in Word for filling in information into a document template.

After a short break I was in with Matt Hughes (the instigator of SP365.co.uk) where he talked about SharePoint branding and some of the tips and tricks around modifying your own master pages, what you should and shouldn’t touch (especially since some of the master pages will get replaced on patching / applying service packs … but those SysAdmins who have had to compile drivers themselves know of that problem anyway!) and where to find some good, free SharePoint Master Pages … including those from Kanwal Khipple from the earlier session.

After lunch (where there was a better chance to chat with some of the exhibitors / sponsors … many of which were a bit bemused about why a Business User / Power User would be interested in talking to them … especially one without a budget!) I opted to sit out the sessions for a chance to chat with a few of the other delegates … and some of the conversations where enlightening … whether they were around controlled assessment, the missing EduGeek site through to a good, long catch up with some friends.

A good portion of the afternoon was spent talking with Richard Willis of SalamaderSoft (aka @rpwillis), Sam Dolan (aka @pinkpetrol) and Alex Pearce (aka @alex_pearce) about developments in education, sharing war stories, etc …

Ok … it was a chance to just relax and chat, but you still pick up a heck of a lot in these conversations, from barriers to adoption or integration with other services, how to manage relationships with users and clients, changing trends or simply good, old-fashioned ways of making things work.

I did miss out on having a proper catch up with Dave Coleman (@davecoleman146) and Alan Richards (@arichards_saruk) and missed their sessions (which clashed as well …) but their blogs will have their slide decks shortly (if not up already) and they both regularly speak on webinars as well. For those in schools I would heartily recommend listening to Alan talk about the cost savings made through the strategic choices and use of technology. Those who have already read Dr Don Passey’s report on the Evaluation of the Implementation of the Learning Platform LP+ Across Wolverhampton will see many similar points. They’ll both be at BETT in January 2012 if people want to talk with them about many of the items in their blogs, or simply drop them a line if there is something you want to ask them.

Steve Fox’s session at the end looked at Windows Azure, integration with Sharepoint 2010 and some Windows Phone stuff … a fair bit around Business Intelligence really and showing how SharePoint Online is quite a powerful option … if you read some blogs about the session (or some of the tweets) you can see a number of folk questioning why people would use Google with this amount of options to hand.

Having started to come down with the lurgy, I decided to miss out on the SharePint and head home …

A fantastic day, well worth the early start and looking forward to watching some of the webinars which are coming up soon.

Well done to all involved with the organisation, the exhibitors / sponsors and to all those who presented.

Have really asked all the questions you need to about online storage?

File System by iBjorn

Because I have a background of being involved in discussions around data protection I sometimes get a prod about online storage and web 2.0 tools. Over the last 6 months I have had quite a few over online storage options, but I have never really stuck down on (electronic) paper what my concerns are and why I have them.
There are a few concerns I have, some centre around ownership of files and data, some around data protection and some around management of the tools.

Online storage often comes under attack over IPR of images, concerns about control, heated rants about how company x is making use of *our* files / photos to generate revenue on a free service, etc … and we only have ourselves to blame for not reading the T&Cs fully, for not keeping abreast of changes to the T&Cs (though some companies make life extremely difficult to find the changes or contribute to those changes) and for not accepting that if we take part in a free service then there are likely to be limitations and issues. We take on that risk ourselves and we need to accept some responsibility for that. Whether we are talking about LinkedIn using profile photos of members in their marketing by default, changes to FaceBook privacy options, changes in security / ownership when companies merge products … there have been so many times when the masses rise up indignantly to protest and then rush around making changes and, in the worse cases, swap services … and yes, I have been there, expressing my frustration too.

This is increasingly important if we are asking children to make use of these tools as we are being trusted in our judgement and selection of these tools … after all not all children, across the broad age range we have using these tools, are emotionally, intellectually or perhaps even legally in a position to make some of these choices on their own … but that is a discussion for another time probably.

But discussions today centred around online storage, and in particular the growing use of DropBox to remove the need for USB memory devices. For those who have not come across DropBox.com, it is a an online storage system which will synchronise selected folders from one or multiple devices to an online repository. Folders or sub-folders can be shared for automated synching with other users, making it a fantastic tool for collaborative sharing of files and materials. There are a number of other tools like this ranging from Microsoft’s SkyDrive, shared document libraries in Sharepoint, Moxy, Box.net, ADrive and many more. DropBox and SkyDrive are both free so that is why you will see them in heavy use … especially in education. Free comes with limits though and sometimes that can be the amount of space, sometimes the SLA doesn’t really exist and sometimes there is a lack of control over certain aspects of functionality or how it changes.

When it comes to DropBox though, my main concern is that users are significantly at risk of breaching the Data Protection Act and they don’t even know it. This is especially important right now as it is being recommended to NQTs who might not know any better … let’s face it, there is not that much about Copyright law, Data Protection and IPR within teacher training and, from what I have seen and been told, there is a presumption that this is covered within schools by school policies … and we all know how wonderful many schools are for having decent Data Protection policies and explaining them to *all* staff.

I know that my blog is read by a wide range of people so I just need to go back a little to cover an aspect or two of the Data Protection Act. The DPA has 8 principles, which are pretty self explanatory and the 2 most important principles to look at for this conversation are 7 & 8.

If we start with DPA Principle 8 first … this about where data can be stored, moved through, processed, accessed, etc. And this is the first place we fall down with DrpoBox. There is an ongoing query that has never been fully answered about whether DropBox.com is compliant with this.

Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Now, what this means is that if you use your online storage and sharing to move about or access anything that can be deemed ‘personal data’ (which for teachers can range from pictures of children, their personal details, information about their progress, medical information and so on) then you have to do it within the European Economic Area or other countries where we have set agreements. With the US this is called the U.S. – EU Safe Harbor and there is a list of companies who have been certified with this and across what aspects. It is important to remember that being certified is only part of this … the specifics of what has been agreed is equally as important and that will differ from company to company. I have previously commented about iCloud and Apple before to reflect this.

When you look at the list you will spot that DropBox.com is not there. When you dig through the T&Cs for DropBox you will find that they use Amazon for their storage facilities … which is good … Amazon *are* on the Safe Harbor list so that seems to tick the boxes … apart from they don’t say that they will only ever use Amazon and they don’t say how they use them, and what agreements they have in place. Ah … so we are back to square one then.

I have asked the question twice now of DropBox.com and not even had tickets opened. There is a discussion at the moment about this on the forums and still no definitive answer.

To deal with this I know some users of DropBox will make use of other security solutions to bolster how they deal with DropBox. This involves using an encryption tool to create a secure folder / file which is then synchronised via the only service. A common tool for this is TrueCrypt and that works fine at a technical level … meeting the criteria of DPA Principle 7, where you are taking suitable technical measures to ensure the security of data … but the principles are not pic and mix … you have to meet them all. Right now I use an encrypted folder on Dropbox for my non-sensitive files (so only I and others I trust can access them) and do not use it at all for sensitive items.

For sharing pictures for stimulus with others (teachers / children), for sharing videos, etc, especially cross-platform and when using apps on mobile devices, then I can see that it will be fine for use in UK schools … but for staff to share in general … no … not yet.

SkyDrive does meet the criteria as the data centre used is in Ireland, but it is still worth thinking carefully about what you are sharing with others and how.

Article published on EduGeek.net and copyright to EduGeek.net and Tony Sheppard

Image : File System by iBjorn (CC BY-SA 2.0)

Can you ever have too much of a good thing?

Well, it looks like you can.

I’ve recently been tracking down a number of web 2.0 tools to ensure I register / protect my online identity. I am known as Tony Sheppard and as GrumbleDook with such equality online that it is hard to separate the two. However, since there is a rather good Jazz musician called Tony Sheppard I have opted to protect my identity as GrumbleDook.

IMG_0934

Most people recognise my avatar or variations of it and I am always looking for ways to tweak it a little, make it more interesting or relevant, but without losing the importance of this being my online representation.

However (and there is always a however), I am not the only GrumbleDook out there … and I was recently castigated via email for some comments which had been made by someone else. At this point I had to spend some time explaining that I am not an online poker player, I am not an urban photographer / artist, I am not American, I do not live in Brighton / Watford / Washington / Phoenix / Sydney / Hong Kong, and I have never played in a brass band.

The fact that all of the above can be found to be linked to 7 separate individuals and I am not any of them made me wonder that because I do have a goodly number of the related domain names, I have registered accounts for a large number of web 1.0/2.0 accounts under the name of GrumbleDook and I am more often than not the person who appears in searches for GrumbleDook in the search engine of your choices … it is not surprising that someone might presume that all GrumbleDooks are actually me … especially as some are pretty techie related too!

I have spoken with people before about protecting your online identity (having had a student in an earlier school once register an account with an online service as they knew my online nickname … and having to deal with the fall out) and I still believe that it is important. The idea of a person as a brand has been spoken about by people far more knowledgeable and eloquent than me … but if I ever want to operate as a business, or ensure that anything I publish to the ‘net is recognisable as mine then it is something I have to keep up with.

I have come to the conclusion that although we may put a lot of time and effort in establishing our presence online, there are limited ways you can do this and there will always be confusion. I would also recommend that, where possible, you identify where the other people are who may share some aspects of your identity and if you can come to some sort of arrangement then it makes it better.

Will the world end if I don’t manage to ensure that *I* am GrumbleDook on particular services? No … I missed out on Facebook, there are many forums out there with GrumbleDooks on, I don’t have all the domains registered … yet … and I also have to remember that I have taken the name based on a character in a popular comedy (though not many people like the first series … some the joke is lost on many) … and so I do not have an exclusive right to the use of it.

There are examples of parents trying to do similar as I have done from when their children are born … and whilst I can understand this, I also have to point out that part of establishing an online presence is also about the social aspect of life. Many people will grow and change over the years … a number of friends and colleagues have changed their online presence over the years, rebuilding their identity. For me, I would find this difficult as my personal and professional identities are closely linked. I also believe that trying to change a personal identity is difficult but can understand the need at times to do so.

Where does this leave me now? I have a number of business tools I am starting to evaluate (including Office365 and Google Apps), and for me to continue with the professional brand of GrumbleDook, then I have to ensure that I get in there first with such tools. The grey areas come when we look at Social Networking tools … as I would consider many of these as professional tools, but others might consider them as personal tools.

Over the coming weeks I am going to be updating part of my blog to incorporate other tools I am trying to I will start using my ‘About’ page to say what is me … and even create a page to say when it is not me.

I would be interested in how others have approached some of these issues (even from fellow GrumbleDooks), with both the good and the bad in life.

With Great Power Comes Great Responsibility

After a wonderful day before half-term, running the Safeguarding Through Technology day for NetworkNorthants, I am brought home to the reality that there are many risks out their for people on the Internet, never mind children.

With the high profile news of Mac malware in the wild including variants coming in, that rely on users agree to stuff being installed (well, Macs are impervious to viruses, aren’t they?), more conversations about schools wanted raw Internet feeds because they don’t want to be dictated to about filtering policy by the LA (even though the provided solution *can* do what they want, they are happy to pay out for a perceived sense of control), lengthy discussions on online groups about legal liabilities … And believe me when I say that the idea of risk management around this can be a minefield!

But there is light at the end of the tunnel for people. With the right combination of tools you *can* make things more flexible and allow it to work for the school. Now, please note that I am not saying that by choosing certain products you can legally protect yourself about everything or that certain products are better than others but let us just run through some basic concepts and you can ask yourself what tools will fit you best.

And let us also not forget the NEN eSafety matrix to help you too .. And the CEOP resources … And Digizens … And ChildNet.

So … Ready to start?

Ok … Let us look at the safest option. No Internet at all! Well… it is the safest option … or you could say it is safest for the school. For this you are looking at a system which is, by default, set to only allow authenticating staff onto the internet. Some schools do have this and find it acceptable. Not many and it is as bad as the idea that by having a posy of flowers under your nose you will not get the plague when you step outside! Some schools can work like this though, with all interaction with the internet through staff accounts, on staff controlled devices and staff clicking the buttons. It’s doesn’t help that children that much when out in the real world, but is an approach which, educationally and technically, can be made to work. This all tends to be done using filtering technology, so that when the internet feed comes into a school it will have already gone through a filter which restricts things or a filter sat inside the school

Then you have the limited access options. First you can go down whitelists, having set of known, good websites. This can be delivered though filtering products or many of the classroom management tools. A teacher can set internet access only to particular sites and the client on the workstation will block everything else, or the filter will. The classroom tool is handier for the teacher, but the filter solution is less prone to errors.

Then you start into the controlled access options. The first one we can look at is the application of filtering solutions. This can be based on particular devices (classroom machines get one set of filters but staff laptops get another), it can be based on blocks of users (all year 5 pupils get one type of filtering but year 10 get something different), it can be based on individual users when they log in (so that two year 10 children can get slightly different access as one studies Art and needs access to some images of nudes yet the other doesn’t but studies Computing so needs access to sites containing scripting codes).

Some filtering options can have combinations of all of the above. Some solutions allow for control by time (give more access to online games during lunch), some can tie in with particular systems … such as groups within the Active Directory (whilst a child is in the ‘Art’ OU they get particular settings) … and some can be controlled by the choice of a teacher / administrator at a give time.

Then we can look at monitoring and reactive solutions. Some desktop solutions will monitor keywords and respond accordingly. They might take a screenshot and block access, they might send an alert to a member of staff, they might simply log what has gone of for review later. You can then take a more ‘classroom management’ approach.

Classroom management is always going to be the most effective way to ensure learning is taking place, as well as ensuring the safe use of computers. A member of staff with access to see and share the desktop of their pupils and students gives so much more control to the teacher. However, the most common use of this is to see if children are off task. This is a poor use of these tools. Sharing desktops, passing control around the class so that they can provide support to each other, demonstrating learning to their peers … these tools can do so much more that police the network!

And in reality, a combination of filtering and carefully chosen classroom management tools works best. For some schools you are looking for stuff that logs activity to deal with specific problems (bullying, abusive language, etc) and in others you are looking for tools to share and control desktops. Combined with flexible filtering solutions which can be targeted to support where needed, then you have a well covered school, which is managing the computer and internet usage by staff and students.

And this is before you get to some of the other benefits. Some classroom tools can support the management and maintenance of your computers. Rolling out software and patches. Monitoring your inventory. Deploying system changes. Print management. File management. Some of these you might already have, but look at all the functionality. It might be better to have the functions over a number of solutions, or it may be best to consolidate it all in one pot.

There is never going to be a single right or wrong answer. A school will have to look at the options and pick what works best for them. It has to be based on what provides the legally required protection of children, it has to provide a solution which is economically viable to produce and support, and it has to help children learn their boundaries, to give them the skills to look after themselves in the outside world.

The Perils & Pitfalls of Mobile Tech in Schools

I do have the occasional rant about things. Most of the time it is down to having passion about things I believe in or it is intend to grab the attention of others to make them think. Last night at TeachMeet Midlands 2011 it was a bit of both.

I recently spent a good 30 minutes breaking down what is wrong with trying to use mobile tech in schools, the naivety of some folk, the plain stupidity of others and the frustration of having to deal with people who are just blockers, have personal ethos issue which blind them to people using particular tech or who are just plainly wasting money! The other day, when chatting with Shaun Garriock (one of the Directors of EduGeek.net) on Skype, I ran through some of these to break it down into smaller chunks.

Since I now like to give people a chance to see what I present at TeachMeets I videoed myself doing this ‘slightly longer than the official 7 minutes’ rant and intended to just play it at the TeachMeet … but as people who were there, or who watched it online, there was a tech fail. Apparently videos using Quicktime was not expected, nor using a site which needed the QT plug-in. Normally I would just upload it to Vimeo but I didn’t want to risk a problem accessing it so stuck it on my own webspace. This did play to my advantage though … as it showed haw tech can sometimes just not work. I was happy to just pick up the mic and speak … and rant … and whilst I did not get all of what I wanted to say out I tried to cover the key areas on personal devices, relying on 3G, trying to manage apps, problems with charging devices, issues with proxies, using a managed wireless network …

Below is the planned presentation (now hosted on Vimeo) and I give a solemn promise to spend some time to put together the full 30+ minutes … and I will try to break it down into small chunks to make more sense. If anyone has good examples of where things just have not worked as expected, where they are doing things which take far more time than planned, where they have had to come up with workarounds … then please email them to me via grumbledook@edugeek.net and I will try and incorporate them over time. The first thing I will talk about it proxies and wireless networks so get those stories and ideas coming forward. I hope you enjoy the video below.

TeachMeet Midlands 2011 – The Perils & Pitfalls of Mobile Tech in Schools from Tony Sheppard on Vimeo.

Red Tape or Legal Backing

I know I’ve been a bit quiet recently. This is mainly down to workload (lots of meetings), a lot if DIY (converting part of the house/garage into a home office) and bouts of Man-Flu. However, I have been inspired a bit with a new group I have been involved in over on LinkedIn.

There is a new group, for those looking at the legal position on eSafety when it comes to areas such as monitoring, logging and accessing what children are doing with computers in schools. The group was formed by a Brian Bandey, Doctor of Law specialising in international IP, IT, Cloud, Internet and eSafety Law, and he started the ball rolling with the following breakdown. It is a part of a longer report which I think will make interesting reading.

The Legality of a School Technologically ‘reading’ a Pupil’s web activity

or

“Interception of Pupil Web-Browsing”

Introduction

The question being posed is, in a sense: “What are the law-based issues over Pupil Internet-Browsing Activities being captured by desktop monitoring services.” There’s a reasonably complex network of different Laws from different spheres active over this area and they don’t apply in equal measure to pupils vs. staff. However – although the action of the Law can be summarised, it needs to be understood that a considerable amount of detail is being lost.

Interception and Monitoring

The two main pieces of legislation in the UK with regard to interception of communications (which includes monitoring)are: The Regulation of Investigatory Powers Act 2000 (‘RIPA’) and The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (‘the Lawful Business Regulations’).

In essence RIPA provides that:

–           to intentionally and without lawful authority;

–           intercept a communication on a private system in the course of its transmission;

–        unless it is done or authorised by someone with the right of control e.g. the headmaster or his IT manager acting on his authority;

–           …. is a criminal offence.

Interception is defined widely in RIPA and includes making some or all of the contents of the communication available, to someone other than the sender or intended recipient. It is thought that transmission may also cover access to both read and unread messages e.g. on a academy/school central server.

How does the School have a Legal Right to Intercept?

An obvious route for the School is to secure good evidence of Parental Consent in the case of Pupils and Employees consent in the case of Staff. For ‘belt and braces’ – one needs to ensure that authority is given by the person (internally) who has “the right to control”.

So the Law is that Lawful authority is required to intercept:

–        If there is no lawful authority then consent of the sender and receiver of the communication is needed;

–        RIPA allows some limited interception by the controller of the system without the consent of the sender or the recipient;

–           RIPA sets out the conditions under which third parties such as the police may intercept.

–        The Lawful Business Regulations are the main source of lawful authority for the controller of the system to intercept and monitor. They permit the monitoring or keeping a record of communications for purposes such as standards, national security, prevention and detection of crime, investigating unauthorized use, and ensuring effective system operation.

–        The interception must also be relevant to the business of the system controller. (NB: This is the clinching argument for Educational Establishments – since there can be no argument that Interception and Monitoring of Pupils Web-Browsing is entirely relevant to the School’s activities)

–           Every effort must have been made to tell users that interception may take place.

–        Communication which has been intercepted and contains personal data is subject to the Data Protection Act 1998. (I’ll return to this subject)

Thus, it begins to become obvious that the Interception and Monitoring by Schools of Pupils (and Staff) Web-Browsing (and E-Mails for that matter) is perfectly lawful if carried out sensibly with reference to RIPA and the Lawful Business Regulations.

The Obligation to Monitor and Intercept

This is a serious and complex subject but I must touch on the School’s obligations to actively monitor Pupil-Pupil E-Communication (I talk of E-Communication since Pupils often shuttle communications through FaceBook or BeBo which aren’t e-mails per se).

The School must simply not ignore its Common Law Obligations (the Law of Negligence) and its Statutory Obligations (the Health and Safety Acts and the Education Act 2002) to keep Pupils Safe.

Educational Institutions have a duty to ensure the safety of their students and to protect them from any reasonably foreseeable harm. Liability arises for psychiatric conditions caused by repeated exposure to obscene or offensive material when using the institution’s IT facilities.

It is also now well-established that psychiatric conditions arise for the victims of Cyberbullying.

Finally, It is also now well-established that such psychiatric conditions which arise for the victims of Cyberbullying can lead to suicide.

Data Protection Law

This is a simple issue. Schools collect a very great deal of “Personal Data “ (a term defined under the Data Protection Act) on their Pupils. E-Mails can be Personal Data and the School simply needs to treat this data like any other – that is in accordance with the Data Protection Principles.

Human Rights and Privacy Law

The Law has always recognised that Students when at School or some other Educational Establishment have only limited rights to Privacy.

Consider:-

A Teacher sees John whispering to Jane in the Class. She moves forward (unnoticed) to overhear the conversation and overhears John’s whispered (bullying) threats.

Are we really saying here that John had his Right to Privacy under the UN Convention on the Rights of the Child (to which the UK is a signatory) and the Human Rights Act 1998
(Article 8 of the Human Rights Act 1998 is the Right to Respect for Privacy and Family Life) contravened?

The answer is a resounding “NO”. So it is with any pupil communication

It should be noted that in the famous case of Copland v. United Kingdom the Court considered that the collection and storage of personal information relating to the applicant through her use of the telephone, e-mail and internet interfered with her right to respect for her private life and correspondence. While the Court accepted that it might sometimes have been legitimate for an employer to monitor and control an employee’s use of telephone and internet – the need for informed consent was paramount.

But, as a matter of Law, Children cannot give informed consent.

So we return to the overarching need for the School seeking appropriate consents from parents.

Dr Brian Badey

www.drbandey.com

It really does cover so much, but it needs a bit more teasing out for me. When thinking about the barriers to adoption and acceptance of AUPs in schools it would be helpful to identify the areas which are covered under legal grounds for children, for introducing children into what they are likely to find or have to deal with as adults and which sections are there as moral/ethical agreements between the school, the children and the parents.

I’ll try and keep things up to date on here as interesting comments are made by various people. It is also worth pointing out the use of words such as Negligence, Law, Consent as these are specific to how these words are used within law (hence why they are capitalised), yet there are many times other with reference these words with using them solely with respect to the legal meaning, but as part of context from other Acts of Law, reports, government advisories, notices of Statutory Requirements and so on.

The group is gaining a broad range of members, but it could do with a few more specialists … perhaps an expert in Child Law, those involved in safeguarding investigations and those involved with unions (to work out the impact on staff, who are being monitored by the same systems).

(Edit – I’ve updated the post with the full statement from Brian).