Here’s an easy way to explain IoT hacks to students:
A hacker accesses a device, like a webcam, through its internet connection. Devices with weak security or easy-to-guess passwords make easy targets.
The hacker can then infect the device with malware, a type of computer virus that takes control of a device.
The hacker now has a number of options. He or she can use the device to spy, infect other devices or attack a target like the servers (centralized computers that store network data) targeted in the October 2016 attack.
Research the manufacturer. Are they reputable? Have they previously been hacked? Big, established companies based in developed countries are usually the safest.
Read up on security features. Is the device password-protected? Can you set your own password? If so, make it a strong password that uses numbers, letters and symbols — avoid common words or phrases.
Regularly check for updates. Good companies will regularly update the software on their devices to protect against vulnerabilities.
Ask yourself — do you need it? Make sure internet-connectivity is something you really need on the device you’re using. In many cases, internet-connectivity is not necessary for the device to function properly.
a few tips that students can use to protect their privacy while using smartphones:
Research apps before signing up for them. Is it from a reputable developer? Has it had security issues in the past? Use the same approach as when researching IoT devices.
Look over the terms of service. What information does it require? Does it track or store your data? Can the developer sell your information? All of these questions are important to consider.
Be careful when linking apps to your social media accounts. Giving apps access to your social media accounts makes them vulnerable to hacking. Is there a good reason for the accounts to be linked? Can you sign up without linking to a social media account?
Use two-factor authentication. Two-factor authentication requires authorization beyond a password when using unrecognized devices such as entering a code sent to your cellphone. As apps allow, be sure to use two-factor authentication which will make it more difficult for hackers to access the information stored in your apps.
over the last four years, 49 states and the District of Columbia have introduced 410 bills related to student data privacy, and 36 states have passed 85 new education data privacy laws. Also, since 2014, 19 states have passed laws that in some way address the work done by researchers.
researchers need to get better at communicating about their projects, especially with non-researchers.
One approach to follow in gaining trust “from parents, advocates and teachers” uses the acronym CUPS:
Collection: What data is collected by whom and from whom;
Use: How the data will be used and what the purpose of the research is;
Protection: What forms of data security protection are in place and how access will be limited; and
Sharing: How and with whom the results of the data work will be shared.
Second, researchers must pin down how to share data without making it vulnerable to theft.
Third, researchers should build partnerships of trust and “mutual interest” pertaining to their work with data. Those alliances may involve education technology developers, education agencies both local and state, and data privacy stakeholders.
The 27-unit course will use 2U’s online learning platform for live, weekly meetings. Between sessions, students will have access to interactive content designed by MICS faculty. Students will also have the opportunity to visit campus to meet faculty and classmates and attend lectures and workshops curated specifically for students in the program.
real-time impact on curriculum structure, instruction delivery and student learning, permitting change and improvement. It can also provide insight into important trends that affect present and future resource needs.
Big Data: Traditionally described as high-volume, high-velocity and high-variety information.
Learning or Data Analytics: The measurement, collection, analysis and reporting of data about learners and their contexts, for purposes of understanding and optimizing learning and the environments in which it occurs.
Educational Data Mining: The techniques, tools and research designed for automatically extracting meaning from large repositories of data generated by or related to people’s learning activities in educational settings.
Predictive Analytics: Algorithms that help analysts predict behavior or events based on data.
Predictive Modeling: The process of creating, testing and validating a model to best predict the probability of an outcome.
Data analytics, or the measurement, collection, analysis and reporting of data, is driving decisionmaking in many institutions. However, because of the unique nature of each district’s or college’s data needs, many are building their own solutions.
For example, in 2014 the nonprofit company inBloom, Inc., backed by $100 million from the Gates Foundation and the Carnegie Foundation for the Advancement of Teaching, closed its doors amid controversy regarding its plan to store, clean and aggregate a range of student information for states and districts and then make the data available to district-approved third parties to develop tools and dashboards so the data could be used by classroom educators.22
Tips for Student Data Privacy
Know the Laws and Regulations
There are many regulations on the books intended to protect student privacy and safety: the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Internet Protection Act (CIPA), the Children’s Online Privacy Protection Act (COPPA) and the Health Insurance Portability and Accountability Act (HIPAA)
— as well as state, district and community laws. Because technology changes so rapidly, it is unlikely laws and regulations will keep pace with new data protection needs. Establish a committee to ascertain your institution’s level of understanding of and compliance with these laws, along with additional safeguard measures.
Make a Checklist Your institution’s privacy policies should cover security, user safety, communications, social media, access, identification rules, and intrusion detection and prevention.
Include Experts
To nail down compliance and stave off liability issues, consider tapping those who protect privacy for a living, such as your school attorney, IT professionals and security assessment vendors. Let them review your campus or district technologies as well as devices brought to campus by students, staff and instructors. Finally, a review of your privacy and security policies, terms of use and contract language is a good idea.
Communicate, Communicate, Communicate
Students, staff, faculty and parents all need to know their rights and responsibilities regarding data privacy. Convey your technology plans, policies and requirements and then assess and re-communicate those throughout each year.
“Anything-as-a-Service” or “X-as-a-Service” solutions can help K-12 and higher education institutions cope with big data by offering storage, analytics capabilities and more. These include:
• Infrastructure-as-a-Service (IaaS): Providers offer cloud-based storage, similar to a campus storage area network (SAN)
• Platform-as-a-Service (PaaS): Opens up application platforms — as opposed to the applications themselves — so others can build their own applications
using underlying operating systems, data models and databases; pre-built application components and interfaces
• Software-as-a-Service (SaaS): The hosting of applications in the cloud
• Big-Data-as-a-Service (BDaaS): Mix all the above together, upscale the amount of data involved by an enormous amount and you’ve got BDaaS
Suggestions:
Use accurate data correctly
Define goals and develop metrics
Eliminate silos, integrate data
Remember, intelligence is the goal
Maintain a robust, supportive enterprise infrastructure.
Prioritize student privacy
Develop bullet-proof data governance guidelines
Create a culture of collaboration and sharing, not compliance.
Fragmentation of online identity means that we as online users are forced to struggle with proliferating accounts and passwords. And we are regularly required to reveal sensitive information about ourselves and repeatedly enter the same information to create accounts that establish new, disparate online identities.
Establishing a system for trust management requires a common infrastructure for specifying policies that can protect yet enable access to data and systems, representing identities and credentials, and evaluating and enforcing an organization’s policies — all while maintaining privacy.
Unlike many other major tech platforms based in the U.S., Zoom, which is headquartered in California, has not been blocked by the Chinese government. Zoom said in a blog post that it is “developing technology over the next several days that will enable us to remove or block at the participant level based on geography” which will allow the company to “to comply with requests from local authorities when they determine activity on our platform is illegal within their borders; however, we will also be able to protect these conversations for participants outside of those borders where the activity is allowed.”
Zoom’s interference with the Tiananmen gatherings and its suspension of user accounts raised alarm among many in higher education, which increasingly depends on Zoom to operate courses remotely — including for students located within China’s borders.
Multiple scholars took to Twitter to express their worries
PEN America, a group that advocates for free expression, condemned Zoom for shuttering the activist’s account.
This is not the first time Zoom’s links to China have come under scrutiny. In April, the company admitted that some of its user data were “mistakenly” routed through China; in response, the company announced that users of paid Zoom accounts could opt out of having their data routed through data centers in China.
An April 3 report by scholars at the University of Toronto’s Munk School of Global Affairs & Public Policy said Zoom’s research and development operations in China could make the company susceptible “to pressure from Chinese authorities.”
Zoom, whose Chinese-born CEO is a U.S. citizen, said in its latest annual report to the U.S. Securities and Exchange Commission that it had more than 700 employees at its research and development centers in China as of Jan. 31. The SEC filing notes that Zoom has a “high concentration of research and development personnel in China, which could expose us to market scrutiny regarding the integrity of our solution or data security features.”
Chinese cyberspace is one of the most surveilled and censored in the world. That includes WeChat. Owned by Tencent, one of China’s biggest companies, the chat-meets-payment app has more than 1 billion monthly users in China and now serves users outside the country, too, although it does not divulge how many. Researchers say its use abroad has extended the global reach of China’s surveillance and censorship methods.
“The intention of keeping people safe by building these systems goes out the window the moment you don’t secure them at all,” says Victor Gevers, co-founder of the nonprofit GDI Foundation, an open-source data security collective.
Every day, Gevers scans the Internet for vulnerabilities to find unsecured databases, and he has exposed a large number of them, particularly linked to China.
As Norwegian Refugee Council research found, 70 percent of Syrian refugees lack basic identification and documents showing ownership of property.
The global passport
Host nations certainly has a share in the damage, as they face problems concerning the accessibility of vital information about the newcomers — dealing with the undocumented refugee, the immigration service can’t gain the information about his/her health status, family ties or criminal record, or verify any other vital data that helps them make a decision. Needless to say, this may lead to the designation of refugee status being exploited by economic migrants, fugitives or even the war criminals that caused the mass displacement to begin with.
Another important issue is data security. Refugees’ personal identities are carefully re-established with the support of clever biometric systems set up by the U.N. Agency for Refugees (UNHCR). UNHCR registers millions of refugees and maintains those records in a database. But the evidence suggests that centralized systems like this could be prone to attacks. As a report on UNCHR’s site notes, Aadhaar — India’s massive biometric database and the largest national database of people in the world — has suffered serious breaches, and last year, allegations were made that access was for sale on the internet for as little as $8
Finland, a country with a population of 5.5 million, cannot boast huge numbers of refugees. For 2018, it set a quota of 750 people, mainly flying from Syria and the Democratic Republic of Congo. That’s way less than neighboring Sweden, which promised to take in 3,400. Nevertheless, the country sets a global example of the use of effective technology in immigration policy: It’s using blockchain to help the newcomers get on their feet faster.
The system, developed by the Helsinki-based startup MONI, maintains a full analogue of a bank account for every one of its participants.
Speaking at the World Economic Forum in Davos in January 2018, the billionaire investor and philanthropist George Soros revealed that his structures already use a blockchain in immigration policies
In 2017, Accenture and Microsoft Corp. teamed up to build a digital ID network using blockchain technology, as part of a U.N.-supported project to provide legal identification to 1.1 billion people worldwide with no official documents.
a Memorandum of Understanding (MOU) with blockchain platform IOTA to explore how the technology could increase efficiency.
Augmented reality can be described as experiencing the real world with an overlay of additional computer generated content. In contrast, virtual reality immerses a user in an entirely simulated environment, while mixed or merged reality blends real and virtual worlds in ways through which the physical and the digital can interact. AR, VR, and MR offer new opportunities to create a psychological sense of immersive presence in an environment that feels real enough to be viewed, experienced, explored, and manipulated. These technologies have the potential to democratize learning by giving everyone access to immersive experiences that were once restricted to relatively few learners.
In Grinnell College’s Immersive Experiences Lab http://gciel.sites.grinnell.edu/, teams of faculty, staff, and students collaborate on research projects, then use 3D, VR, and MR technologies as a platform to synthesize and present their findings.
In terms of equity, AR, VR, and MR have the potential to democratize learning by giving all learners access to immersive experiences
downsides :
relatively little research about the most effective ways to use these technologies as instructional tools. Combined, these factors can be disincentives for institutions to invest in the equipment, facilities, and staffing that can be required to support these systems. AR, VR, and MR technologies raise concerns about personal privacy and data security. Further, at least some of these tools and applications currently fail to meet accessibility standards. The user experience in some AR, VR, and MR applications can be intensely emotional and even disturbing (my note: but can be also used for empathy literacy),
immersing users in recreated, remote, or even hypothetical environments as small as a molecule or as large as a universe, allowing learners to experience “reality” from multiple perspectives.