Tag Archives: esafety

With Great Power Comes Great Responsibility

After a wonderful day before half-term, running the Safeguarding Through Technology day for NetworkNorthants, I am brought home to the reality that there are many risks out their for people on the Internet, never mind children.

With the high profile news of Mac malware in the wild including variants coming in, that rely on users agree to stuff being installed (well, Macs are impervious to viruses, aren’t they?), more conversations about schools wanted raw Internet feeds because they don’t want to be dictated to about filtering policy by the LA (even though the provided solution *can* do what they want, they are happy to pay out for a perceived sense of control), lengthy discussions on online groups about legal liabilities … And believe me when I say that the idea of risk management around this can be a minefield!

But there is light at the end of the tunnel for people. With the right combination of tools you *can* make things more flexible and allow it to work for the school. Now, please note that I am not saying that by choosing certain products you can legally protect yourself about everything or that certain products are better than others but let us just run through some basic concepts and you can ask yourself what tools will fit you best.

And let us also not forget the NEN eSafety matrix to help you too .. And the CEOP resources … And Digizens … And ChildNet.

So … Ready to start?

Ok … Let us look at the safest option. No Internet at all! Well… it is the safest option … or you could say it is safest for the school. For this you are looking at a system which is, by default, set to only allow authenticating staff onto the internet. Some schools do have this and find it acceptable. Not many and it is as bad as the idea that by having a posy of flowers under your nose you will not get the plague when you step outside! Some schools can work like this though, with all interaction with the internet through staff accounts, on staff controlled devices and staff clicking the buttons. It’s doesn’t help that children that much when out in the real world, but is an approach which, educationally and technically, can be made to work. This all tends to be done using filtering technology, so that when the internet feed comes into a school it will have already gone through a filter which restricts things or a filter sat inside the school

Then you have the limited access options. First you can go down whitelists, having set of known, good websites. This can be delivered though filtering products or many of the classroom management tools. A teacher can set internet access only to particular sites and the client on the workstation will block everything else, or the filter will. The classroom tool is handier for the teacher, but the filter solution is less prone to errors.

Then you start into the controlled access options. The first one we can look at is the application of filtering solutions. This can be based on particular devices (classroom machines get one set of filters but staff laptops get another), it can be based on blocks of users (all year 5 pupils get one type of filtering but year 10 get something different), it can be based on individual users when they log in (so that two year 10 children can get slightly different access as one studies Art and needs access to some images of nudes yet the other doesn’t but studies Computing so needs access to sites containing scripting codes).

Some filtering options can have combinations of all of the above. Some solutions allow for control by time (give more access to online games during lunch), some can tie in with particular systems … such as groups within the Active Directory (whilst a child is in the ‘Art’ OU they get particular settings) … and some can be controlled by the choice of a teacher / administrator at a give time.

Then we can look at monitoring and reactive solutions. Some desktop solutions will monitor keywords and respond accordingly. They might take a screenshot and block access, they might send an alert to a member of staff, they might simply log what has gone of for review later. You can then take a more ‘classroom management’ approach.

Classroom management is always going to be the most effective way to ensure learning is taking place, as well as ensuring the safe use of computers. A member of staff with access to see and share the desktop of their pupils and students gives so much more control to the teacher. However, the most common use of this is to see if children are off task. This is a poor use of these tools. Sharing desktops, passing control around the class so that they can provide support to each other, demonstrating learning to their peers … these tools can do so much more that police the network!

And in reality, a combination of filtering and carefully chosen classroom management tools works best. For some schools you are looking for stuff that logs activity to deal with specific problems (bullying, abusive language, etc) and in others you are looking for tools to share and control desktops. Combined with flexible filtering solutions which can be targeted to support where needed, then you have a well covered school, which is managing the computer and internet usage by staff and students.

And this is before you get to some of the other benefits. Some classroom tools can support the management and maintenance of your computers. Rolling out software and patches. Monitoring your inventory. Deploying system changes. Print management. File management. Some of these you might already have, but look at all the functionality. It might be better to have the functions over a number of solutions, or it may be best to consolidate it all in one pot.

There is never going to be a single right or wrong answer. A school will have to look at the options and pick what works best for them. It has to be based on what provides the legally required protection of children, it has to provide a solution which is economically viable to produce and support, and it has to help children learn their boundaries, to give them the skills to look after themselves in the outside world.

The Perils & Pitfalls of Mobile Tech in Schools

I do have the occasional rant about things. Most of the time it is down to having passion about things I believe in or it is intend to grab the attention of others to make them think. Last night at TeachMeet Midlands 2011 it was a bit of both.

I recently spent a good 30 minutes breaking down what is wrong with trying to use mobile tech in schools, the naivety of some folk, the plain stupidity of others and the frustration of having to deal with people who are just blockers, have personal ethos issue which blind them to people using particular tech or who are just plainly wasting money! The other day, when chatting with Shaun Garriock (one of the Directors of EduGeek.net) on Skype, I ran through some of these to break it down into smaller chunks.

Since I now like to give people a chance to see what I present at TeachMeets I videoed myself doing this ‘slightly longer than the official 7 minutes’ rant and intended to just play it at the TeachMeet … but as people who were there, or who watched it online, there was a tech fail. Apparently videos using Quicktime was not expected, nor using a site which needed the QT plug-in. Normally I would just upload it to Vimeo but I didn’t want to risk a problem accessing it so stuck it on my own webspace. This did play to my advantage though … as it showed haw tech can sometimes just not work. I was happy to just pick up the mic and speak … and rant … and whilst I did not get all of what I wanted to say out I tried to cover the key areas on personal devices, relying on 3G, trying to manage apps, problems with charging devices, issues with proxies, using a managed wireless network …

Below is the planned presentation (now hosted on Vimeo) and I give a solemn promise to spend some time to put together the full 30+ minutes … and I will try to break it down into small chunks to make more sense. If anyone has good examples of where things just have not worked as expected, where they are doing things which take far more time than planned, where they have had to come up with workarounds … then please email them to me via grumbledook@edugeek.net and I will try and incorporate them over time. The first thing I will talk about it proxies and wireless networks so get those stories and ideas coming forward. I hope you enjoy the video below.

TeachMeet Midlands 2011 – The Perils & Pitfalls of Mobile Tech in Schools from Tony Sheppard on Vimeo.

Red Tape or Legal Backing

I know I’ve been a bit quiet recently. This is mainly down to workload (lots of meetings), a lot if DIY (converting part of the house/garage into a home office) and bouts of Man-Flu. However, I have been inspired a bit with a new group I have been involved in over on LinkedIn.

There is a new group, for those looking at the legal position on eSafety when it comes to areas such as monitoring, logging and accessing what children are doing with computers in schools. The group was formed by a Brian Bandey, Doctor of Law specialising in international IP, IT, Cloud, Internet and eSafety Law, and he started the ball rolling with the following breakdown. It is a part of a longer report which I think will make interesting reading.

The Legality of a School Technologically ‘reading’ a Pupil’s web activity

or

“Interception of Pupil Web-Browsing”

Introduction

The question being posed is, in a sense: “What are the law-based issues over Pupil Internet-Browsing Activities being captured by desktop monitoring services.” There’s a reasonably complex network of different Laws from different spheres active over this area and they don’t apply in equal measure to pupils vs. staff. However – although the action of the Law can be summarised, it needs to be understood that a considerable amount of detail is being lost.

Interception and Monitoring

The two main pieces of legislation in the UK with regard to interception of communications (which includes monitoring)are: The Regulation of Investigatory Powers Act 2000 (‘RIPA’) and The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (‘the Lawful Business Regulations’).

In essence RIPA provides that:

–           to intentionally and without lawful authority;

–           intercept a communication on a private system in the course of its transmission;

–        unless it is done or authorised by someone with the right of control e.g. the headmaster or his IT manager acting on his authority;

–           …. is a criminal offence.

Interception is defined widely in RIPA and includes making some or all of the contents of the communication available, to someone other than the sender or intended recipient. It is thought that transmission may also cover access to both read and unread messages e.g. on a academy/school central server.

How does the School have a Legal Right to Intercept?

An obvious route for the School is to secure good evidence of Parental Consent in the case of Pupils and Employees consent in the case of Staff. For ‘belt and braces’ – one needs to ensure that authority is given by the person (internally) who has “the right to control”.

So the Law is that Lawful authority is required to intercept:

–        If there is no lawful authority then consent of the sender and receiver of the communication is needed;

–        RIPA allows some limited interception by the controller of the system without the consent of the sender or the recipient;

–           RIPA sets out the conditions under which third parties such as the police may intercept.

–        The Lawful Business Regulations are the main source of lawful authority for the controller of the system to intercept and monitor. They permit the monitoring or keeping a record of communications for purposes such as standards, national security, prevention and detection of crime, investigating unauthorized use, and ensuring effective system operation.

–        The interception must also be relevant to the business of the system controller. (NB: This is the clinching argument for Educational Establishments – since there can be no argument that Interception and Monitoring of Pupils Web-Browsing is entirely relevant to the School’s activities)

–           Every effort must have been made to tell users that interception may take place.

–        Communication which has been intercepted and contains personal data is subject to the Data Protection Act 1998. (I’ll return to this subject)

Thus, it begins to become obvious that the Interception and Monitoring by Schools of Pupils (and Staff) Web-Browsing (and E-Mails for that matter) is perfectly lawful if carried out sensibly with reference to RIPA and the Lawful Business Regulations.

The Obligation to Monitor and Intercept

This is a serious and complex subject but I must touch on the School’s obligations to actively monitor Pupil-Pupil E-Communication (I talk of E-Communication since Pupils often shuttle communications through FaceBook or BeBo which aren’t e-mails per se).

The School must simply not ignore its Common Law Obligations (the Law of Negligence) and its Statutory Obligations (the Health and Safety Acts and the Education Act 2002) to keep Pupils Safe.

Educational Institutions have a duty to ensure the safety of their students and to protect them from any reasonably foreseeable harm. Liability arises for psychiatric conditions caused by repeated exposure to obscene or offensive material when using the institution’s IT facilities.

It is also now well-established that psychiatric conditions arise for the victims of Cyberbullying.

Finally, It is also now well-established that such psychiatric conditions which arise for the victims of Cyberbullying can lead to suicide.

Data Protection Law

This is a simple issue. Schools collect a very great deal of “Personal Data “ (a term defined under the Data Protection Act) on their Pupils. E-Mails can be Personal Data and the School simply needs to treat this data like any other – that is in accordance with the Data Protection Principles.

Human Rights and Privacy Law

The Law has always recognised that Students when at School or some other Educational Establishment have only limited rights to Privacy.

Consider:-

A Teacher sees John whispering to Jane in the Class. She moves forward (unnoticed) to overhear the conversation and overhears John’s whispered (bullying) threats.

Are we really saying here that John had his Right to Privacy under the UN Convention on the Rights of the Child (to which the UK is a signatory) and the Human Rights Act 1998
(Article 8 of the Human Rights Act 1998 is the Right to Respect for Privacy and Family Life) contravened?

The answer is a resounding “NO”. So it is with any pupil communication

It should be noted that in the famous case of Copland v. United Kingdom the Court considered that the collection and storage of personal information relating to the applicant through her use of the telephone, e-mail and internet interfered with her right to respect for her private life and correspondence. While the Court accepted that it might sometimes have been legitimate for an employer to monitor and control an employee’s use of telephone and internet – the need for informed consent was paramount.

But, as a matter of Law, Children cannot give informed consent.

So we return to the overarching need for the School seeking appropriate consents from parents.

Dr Brian Badey

www.drbandey.com

It really does cover so much, but it needs a bit more teasing out for me. When thinking about the barriers to adoption and acceptance of AUPs in schools it would be helpful to identify the areas which are covered under legal grounds for children, for introducing children into what they are likely to find or have to deal with as adults and which sections are there as moral/ethical agreements between the school, the children and the parents.

I’ll try and keep things up to date on here as interesting comments are made by various people. It is also worth pointing out the use of words such as Negligence, Law, Consent as these are specific to how these words are used within law (hence why they are capitalised), yet there are many times other with reference these words with using them solely with respect to the legal meaning, but as part of context from other Acts of Law, reports, government advisories, notices of Statutory Requirements and so on.

The group is gaining a broad range of members, but it could do with a few more specialists … perhaps an expert in Child Law, those involved in safeguarding investigations and those involved with unions (to work out the impact on staff, who are being monitored by the same systems).

(Edit – I’ve updated the post with the full statement from Brian).

The Promised Post – how to annoy teachers, techies, LAs and RBCs in one go!

I’ll be honest and say that there will be something in this post for everyone … something positive and something that will knock you down so that it makes you re-examine a few of your preconceptions and practices! I make no apologies for this and have done it purely to get people to think all that more carefully about how they approach each other’s views and make the common mistake that others are incompetent, inflexible or just doing things ‘wrong’. They may be thinking the same of you.

Why am I making this post? It all stems from a number of conversations about eSafety, the roles of different staff in educational institutes and the ongoing battle of reliance of technology to solve problems.

Let us fade back a few years to when I was a lowly mouse-cleaner support technician who decided to write an Acceptable Use Policy. I actually wrote 3 sections and it was done with the help and support of a few friends who worked in the ISP sector. It was based around a very precise T&Cs document, with an accompanying more readable description of the services the school ran with the boundaries about how users could use those services and finally an agreement statement that was a basic summary. Since I was a lowly techie it was passed through the chain, adapted and the T&Cs were dropped (not surprised to be honest … even *I* was a bit wary of the legalese in it). The students sign the agreement and the AUP Terms were posted in each IT room. Hmm … not really a rigorous plan for eSafety and still centred around the teacher telling the student off for doing general naughty things and the IT team telling them off for messing about on the computers (searching for stupid stuff on the web, trying to play games, etc). As much as I enjoyed the feeling of control and even felt that by making the students ‘fear’ me it would allow the teachers to get on with the job. However, as I started to become more interested in the application of IT in schools I rethought a number of my ideas around this.

Introducing a 3 strikes policy went some way to trying to push some sense of responsibility onto the students but it still separated the school discipline and the IT discipline. A new Vice-Principal meant that some of this was taken out of our control and I was not happy about some of that … the lack of understanding how filtering worked and how the IT could be abused by senior staff at the school left me feeling powerless as others took more control and made (in my opinion) wrong decisions. Oh how we learn and grow though.

Moving on to another school as a Network Manager I knew that this had to change and the move was made to trying to ensure the responsibility was with the teacher and form tutor for the discipline, but the IT Team would gather evidence … but is that just a case of passing the buck? So, we had filtering in place to make life as easy as possible for the teachers to understand why things worked the way they did. Teachers and students, generally, had the same access and this caused problems. Sites that disrupted lessons where blocked, but then the students used email to ‘chat’ during lessons. We couldn’t block them from that because it was then needed by other subjects … Getting promoted to the Senior Leadership of the school helped to work with staff so they understood the boundaries and having an ICT working group helped feedback into defining those boundaries. They were adapted so that staff could access things like youtube and facebook, and students could use blogger where needed. There is so much more needed but the staff were not ready for it. Things are still moving at the school and it looks as if they are now ready to take more ownership too.

My side line has been with a support community for IT Professionals in education. The IT Managers, Network Managers, System Admins, IT Technicians … a variety of titles and a variety of job roles but generally with the remit of setting up and looking after the IT in a school or schools. This takes me back to my power hungry days of control and there is the idea that because we understand the technology best that we should make the choices about it. Whilst still at the above school I also started working with the LA on a number of projects including working with the local RBC so I had an inside view to their view of the technology as well.

It ended up with me coming to the LA for 12 months to work on a variety of projects, working with some brilliant colleagues and over the last 10 years from starting in the education sector to now I have come across a wide range of technologies and approaches to eSafety and education. The conversations, discussions and heated debates will go on and on, and recently there was one about the use of tinyurl that made me re evaluate a few things and stick things down on paper. Eventually I have come to the following conclusions. Look away now if you are easily offended but stick with it if you want to see my reasoning.

1 – People sometimes are too blinkered to try and understand why technology can be bad, and feel that their small bit (that is affected by larger choices) is being targeted.

2 – Technology is not the answer. Relying on it and relying on the people that control it is not only bad but it is short-sighted.

3 – Disregarding the people who understand the technology is just as short-sighted, nay, even stupid.

4 – Do people really understand the technology involved? Heck, I don’t know everything and if you think you actually do then you are being short-sighted and fooling no-one but yourself.

5 – Top-down decisions are often stupid, and so are bottom-up decisions. Let’s face it … you can’t trust those people in the middle either! Don’t trust the techies, the teachers the LA or the RBC to get it right!

hmmm … there … I think that pretty much covers how people feel about it all. Doesn’t it sound stupid when you see it all together.

Ok, let’s look at the Tinyurl incident first. That will cover the RBC side of things. Tinyurl.com is a fantastic way of shortening really long URLs so that it doesn’t break apart the format or flow of documents, can be customised to make it easy to remember and for things like twitter or IM it keeps messages short. So, what is so wrong with it then? Well, the way the site works is that it wraps the header of the target website as it passes through filters. What that means is that I can create a link for the playboy site and for some filters it will not get automatically get blocked. This works for a variety of sites and I will actually be spending some time of the coming weeks to look at it in more depth, examining the actually technical process of how the website passes through the filter and seeing how things can or can’t be tweak. The main product I will be looking at for this is NetSweeper as this is what my local RBC use. How do you get around this problem? Simple … you block tinyurl.com. There, problem solved. But what about those people who use it and have it in their presentations or on websites? Heck, I have seen it in white papers, research studies and used by those working in government agencies or projects? Oops.

Well, in a number of places schools can actually take control of the filters supplied by the RBC and change the settings to allow tinyurl.com through. Erm … but doesn’t this then allow people to use it to bypass filters? Why yes … it does. Ah …

Ok, then this brings onto the idea of who controls filters. The number of teachers I hear moan (and I do really mean moan) about that fact that they cannot just change something when they need or want it, or that it shouldn’t be locked down in the first place … if I have a penny for each time I could definitely have a decent curry at least, with starter, poppadoms and peshwari nan. The number of techies who moan that teachers constantly demand unfiltered access with no concept of the nastiness that is out there or, when given extra access on their school ‘teacher-only’ laptop, let students go on it (on the teacher’s account) to search the internet … well, that would pay for the train ticket to London for me to go to the nice Indian restaurant not far from Olympia that I usually visit when at BETT. Add the number of techies and teachers who moan about the restrictions put in place by the LA / RBC … I could fly out to Mumbai to have the flamin’ meal! Who’s right and who’s wrong? They all are!

Again, based around the RBC and schools in my LA I will put forward how the technology works. Most large filters / proxies do so by checking the URL / IP of the website against a known database of dodgy sites. There is an official list put out by the Internet Watch Foundation that contains the sites you do not want to visit … ever! On top of this there are various categories such as porn, profanity, weapons, web email, web chat, drug use, gambling, match making, etc …. most filters are pretty extensive and some websites fit into more than one category. If a site is not in the list then the servers do a bit of intelligence gathering and look at the content. This will then plonk the site into a holding place whilst it gets reviewed. You still see the site but it will shortly be sorted.

Some filters operated at school level will look at the content of the page each and every time you view a site. This is costly and requires some hefty computers and interesting software. It can seriously slow internet access down if there is a lot of content checking to be done.

To get around the issue some schools will use a white list, a list of sites it knows are ok. The only problem is that access to adding sites is restricted otherwise all sorts of things can be added. And we come onto the first battle between school and LA / RBC, or the first battle between techie and teacher. Present policies in schools operate around the idea of block first and release later, and this applies to everyone. A lot of teachers don’t understand about the change control needed so that should something get through that shouldn’t, then we know who made the change. Since eSafety is ultimately in the hands of the Head and Chair of Governors then *they* are often the people that don’t want it to be too easy for anything to get through! I can’t blame them for that.

So, we then get some schools that leave things too loose so that it removes potential conflict between teachers and techies, or it is seriously loose (at the RBC / LA filter level) because the school is running software / filters in house to make it more flexible. Again, the battle between teacher and techie happens. See my comments about power and control earlier and note that this is often done for the best intentions.

So, we are left with filters that are too harsh because they block things like tinyurl.com or too loose because you can access all but the nastier things that the IWF want blocked. Oh … I haven’t really mentioned students yet either! You know … those funny things that can sometimes smell and tend to create a lot of noise? If we are talking about secondary (my main experience) then we are talking about 1/2 to 2/3 of them are actively trying to bypass whatever security s on the computers and get round the filters to listen to the radio, look at animé or play games, usually instead of getting on with the work they are meant to be doing.

We get to the stage where teacher A asks you to block the internet for student z because they are always on email or playing online flash games instead of doing their work … and teacher B says they can’t be blocked because student z needs access tot he internet for research and to complete work. Hmm … a chance to annoy those teachers reading perhaps? Classroom management! DO NOT RELY ON TECHNOLOGY!!!!!!

Ok, a bit harsh perhaps but try not to segregate abuse of resources and classroom management and discipline. It is a mistake I have made in the past and have tried to point out the flaws about it to people ever since. Technology takes you so far, but you need to do some work too.

However, technology can help and obnoxious techies (their turn now) who are not helpful and look down at you because you don’t have access to the technology (you may understand it, you might never get the chance to find out though) and will take control! Well, that needs to be more relaxed and there are ways of doing this.

The RBC and LA will always go for the highest common restrictions but they can have some darned good advice actually, but be wary that you will have to translate and adapt things for your school!

Ok … John Sutton made a post about AUPs the other day and I posted a response to it based around how I felt that they needed to grow within a school. http://bit.ly/11A1qu for the original post but here is my comment.

I consider AUPs to be a four step process.

1 – get the staff to understand the use and abuse of technology (AUP is not just about ‘Net access!) and why technology is a tool, kids are entitled to use whatever tools are available and why the first thing they should consider is the school discipline model and their own classroom management. Often greeted with disbelief that technology will not fix all their problems (and then onto heated discussions about filters, why staff are better than students and should be completely unfiltered and who are these IWF folk anyway!)

2 – Foster an environment of understanding and boundaries with the students and their parents. There are limits, the same way that life is full of limits. Learning about the responsibilty that students have in the worl is important and within the school access to resources is one of these areas, whether it is to PE equipment (wow … that discus really hurts when flung at someone’s head, and no … you shouldn’t intentionally hit the cricket ball at the windows!) or technology. If we don’t show trust to start with, it is nothing personal but it is about expanding your limits at a safe rate.

3 – Ok … if you really want to have a finite set of rules then here you go. A technical and legal-ish defined set outline the services available, how they can be used, their limits and the processes centred around their development, growth and how changes are made.

4 – Agreement. The AUP is implicit as it is part of the school ethos. The same way you agree to wear a particular uniform, to take part in certain activities, to be a constructive member of the school community then you also know there are limits (expandable depending on your growth) that you have to operate in. This applies to staff and students. Some schools opt to have the same set of limits for both … it’s a school by school thing and is based on whether you are happy that use of technology is embedded in the school. The agreement is a conscious move by the school, the staff, the students and the parents to affirm that the understand this. If they refuse to sign then the school must question whether the family truly understands what the school does with regards to technology as part of the curriculum and ethos of the school. If, after discussion with the family (or teacher) there is still a refusal to sign then the school repeats that they are the limits that the school applies. Lack of affirmation to follow them does not mean opt out. It means that you are still in but if you complain when your son / daughter (or you as a teacher) gets hauled up about breaches of the AUP then you cannot use refusal to sign as an excuse!

A number of groups (including rehab groups, church groups, sporting societies, etc) will affirm their stance in agreement with their group on a regular basis. refusal to do so does not mean they are not part of that group, but it is a positive thing that should be embraced. If someone does not take part in it then it is a chance for other members to take the person to one side and find out what the issue is. It can be something minor … a few tiny bits of phrasing that is difficult to publicly say … or disillusionment with the group or a felling that they need additional support.

So .. it is not just about AUPs and technology. It is about affirmation and being positive about your role and the limits you operate in, help define and help grow.

So, there you have it. In spite of doing my best to annoy pretty much everyone, most of the above is based around compromise and a common understanding.

Ok, group hug is over and done with, and normal service now being resumed.

If you want to take more control and ownership as a school, as a teacher or as a techie then I will highlight a number of things for you to look at and investigate. I am not saying that these are right or wrong, but most have sufficient background behind them to show good practice. Also remember that I am basing some of my comments about how filter systems operate on my local RBC. Your Mileage May Vary and access to this level of control may be different from LA to LA, even within the same RBC.

1 – RBC filters are granular. It is common to set a site default level. This means that should people just go onto any old machine and try to access the ‘Net then they get a predetermined level of filtering. Set this as high as possible so people will not just go straight in and browse when bored. For us we can also set it so that when users log into the RBC portal they get a filter level as defined by the school. This means that should the site level be 4 (the most restrictive) and a student logs in then he/she could pick up level 3 or 2. This not only gives you the option to be more flexible, but to also allow you to audit when and what students are doing. You might want to set staff at level 1, the most relaxed, and give them access to tinyurl and youtube. Remember that if you do this then when they are logged in and have their computer hooked up to the projector, should then click on a wrong link then it could take them somewhere very embarrasing, and there is also the temptation for staff to allow students to use their computers / accounts! Data Protection stuff is for another day!

2 – If you want more control then yeah, run your own filtering, but be careful! There are a number of products out there that will do what you want, can sit inside your school and can give you even more granularity. They can tie into your school network so you don’t have to log in to anything, it automagically picks up who you are and what you are entitled to. Access to this sort of control can be delegated to staff (ie temporary blocking of ‘Net access for a specific student) but remember that this is admin work … something that Unions get a tad unhappy with if they find out that teachers are doing it. Also, one teacher may block, another unblock the student and it becomes political. You need to have some sort of change management in there … and this is more paperwork (electronic or paper-based). And this doesn’t get around the fact that you are still not allowing teachers to unblock specific websites. This level of control gets a little scary, but what it does mean is that you can have more control about what each specific group can and cannot use! This harks back to allowing the boundaries / limits that we put on our students to grow.

3 – This is still bypassing a chunk of the classroom management that I made a fuss of earlier. There are a number of tools that can help with this, some automated and some they truly do put power in the hands of the teacher again. If we take the automated tools first, there are the keyloggers and screen grabbers. If they see something going on (eg typing a bullying email) then key words will be recognised and a screenshot taken, a nominated person emailed with the screen shot (sometimes a techie, sometimes a head of year) and it is dealt with under the school’s discipline code. This works in two ways, it creates the environment of controlled watching (ie big brother) whilst forcing students to take responsibility for their actions. The down side is that it is too police like and open to abuse by pupils using other pupils’ accounts. The other option is to use active monitoring tools such as AB Tutor Control or SynchronEyes. Tools that allow a teacher to view each workstation in real time, lock out browser access if required, share a desktop with a student to support them and other tools that each piece of software gives you (eg SynchronEyes gives a virtual interactive whiteboard for the class to use). Again, this fits into the growth of boundaries as you will spend less and less time monitoring as students show responsibility.

So, we have a range of tools, with a range of people having ownership. There should be enough there for everyone really.

Your discipline policy will vary from school to school, but I would recommend that there should not be a difference in the status of teachers and support staff in it, unless it is a defined role (eg behaviour management tutor, dedicated pastoral specialists, etc). This helps to break down the barrier of them and us (from both sides).

Work with your LA to understand the limits of the technological solutions available and rather than have a go for it not being flexible enough have a look at whether you need to employ alternatives to fill gaps or give you room for expansion and growth.

Remember that as a teacher or techie, the responsibility does not ultimately fall with you, but your head. If he/she needs educating as to the possibilities available for using sites that are typically blocked then you need to show you still have some safeguards … an audit trail … and ensure that this is based on a whole school process, not just something for you as a techie or an ICT evangelist!

Finally, you may have realised that I haven’t actually been that offensive to anyone, just making use of stereotyped view points to show how little communication there may be within a school, between schools and LAs / RBCs and between society in general.

This is not a perfect blog entry, far from it. It has a number of holes that need patching over the next year and is based on a considerable amount of common sense. It has been aided and abetted by the AUP produced by an LA colleague, but conversations with frustrated ICT evangelists, conversations with Techies, with LA staff, with RBC staff and with providers of tools for schools.

It has also been aided by chatting with students, who are the first to admit that they want to push the boundaries they have been given, but they want something to push against otherwise how do they know they are growing? But the second thing they usually admit is that given a choice between work and play … it takes a good teacher to make them want to work and it take a good IT system to allow them to do it!

*Edit – decided to remove the password protection from this as I am pretty sure that I have covered everything I need to and no-one I have showed it to yet has threatened me with castration!*