Edtech’s Blurred Lines Between Security, Surveillance and Privacy
https://www.edsurge.com/news/2019-03-05-edtech-s-blurred-lines-between-security-surveillance-and-privacy
Tony Wan, Bill Fitzgerald, Courtney Goodsell, Doug Levin, Stephanie Cerda
SXSW EDU https://schedule.sxswedu.com/
privacy advocates joined a school administrator and a school safety software product manager to offer their perspectives.
Navigating that fine line between ensuring security and privacy is especially tricky, as it concerns newer surveillance technologies available to schools. Last year, RealNetworks, a Seattle-based company, offered its facial recognition software to schools, and a few have pioneered the tool. https://blog.stcloudstate.edu/ims/2019/02/02/facial-recognition-technology-in-schools/
The increasing availability of these kinds of tools raise concerns and questions for Doug Levin, founder of EdTech Strategies.acial-recognition police tools have been decried as “staggeringly inaccurate.”
acial-recognition police tools have been decried as “staggeringly inaccurate.”School web filters can also impact low-income families inequitably, he adds, especially those that use school-issued devices at home. #equity.
Social-Emotional Learning: The New Surveillance?
Using data to profile students—even in attempts to reinforce positive behaviors—has Cerda concerned, especially in schools serving diverse demographics. #equity.
As in the insurance industry, much of the impetus (and sales pitches) in the school and online safety market can be driven by fear. But voicing such concerns and red flags can also steer the stakeholders toward dialogue and collaboration.
+++++++++++++
more in this IMS blog on
https://blog.stcloudstate.edu/ims?s=privacy
https://blog.stcloudstate.edu/ims?s=surveillance
https://blog.stcloudstate.edu/ims?s=security
Armored school doors, bulletproof whiteboards and secret snipers
Billions are being spent to protect children from school shootings. Does any of it work?
https://www.washingtonpost.com/graphics/2018/local/school-shootings-and-campus-safety-industry
John Woodrow Cox and Steven Richin Orlando Nov. 13, 2018
Although school security has grown into a $2.7 billion market — an estimate that does not account for the billions more spent on armed campus police officers — little research has been done on which safety measures do and do not protect students from gun violence. Earlier this fall, The Washington Post sent surveys to every school in its database that had endured a shooting of some kind since the 2012 killings of 20 first-graders in Newtown, Conn., which prompted a surge of security spending by districts across the country.
In 2016, Utah’s Union Middle School had a surveillance system, external doors that could be accessed only with IDs and an armed policewoman, known as a resource officer, when a 14-year-old boy shot another student twice in the head during a confrontation outside the building just after classes ended.
“Even if we would have had metal detectors, it would not have mattered,” wrote Jeffrey P. Haney, district spokesman. “If we would have had armed guards at the entrance of the school, it would not have mattered. If we would have required students to have see-through backpacks and bags, it would not have mattered.”
The survey responses are consistent with a federally funded 2016 study by Johns Hopkins University that concluded there was “limited and conflicting evidence in the literature on the short- and long-term effectiveness of school safety technology.”
Much of what can be done to prevent harm is beyond any school’s control because, in a country with more guns — nearly 400 million — than people, children are at risk of being shot no matter where they are. A 2016 study in the American Journal of Medicine found that, among high-income nations, 91 percent of children younger than 15 who were killed by gunfire lived in the United States.
The solution, Goudreau concluded, was to embed former Special Operations agents, posing as teachers, inside schools. He argued that the benefits over resource officers were obvious.
FBI Warns Educators and Parents About Edtech’s Cybersecurity Risks
https://www.edsurge.com/news/2018-09-14-fbi-warns-educators-and-parents-about-edtech-s-cybersecurity-risks
The FBI has released a public service announcement warning educators and parents that edtech can create cybersecurity risks for students.
In April 2017, security researchers found a flaw in Schoolzilla’s data configuration settings. And in May 2017, a hacker reportedly stole 77 million user accounts from Edmodo.
Amelia Vance, the director of the Education Privacy Project at the Future of Privacy Forum, writes in an email to EdSurge that the FBI likely wanted to make sure that as the new school year starts, parents and schools are aware of potential security risks. And while she thinks it’s “great” that the FBI is bringing more attention to this issue, she wishes the public service announcement had also addressed another crucial challenge.
“Schools across the country lack funding to provide and maintain adequate security,” she writes. “Now that the FBI has focused attention on these concerns, policymakers must step up and fund impactful security programs.”
According to Vance, a better approach might involve encouraging parents to have conversations with their children’s’ school about how it keeps student data safe.
++++++++++
more on cybersecurity in this IMS blog
https://blog.stcloudstate.edu/ims?s=cybersecurity
Keynote: Cybersecurity Awareness Is Dead! Long Live Cybersecurity Awareness!
https://events.educause.edu/special-topic-events/webinar/2018/encore-selections-from-the-educause-security-professionals-conference-2018/agenda/keynote-cybersecurity-awareness-is-dead-long-live-cybersecurity-awareness#_zsJE1Le1_zlSvd65
Far too often, cybersecurity awareness-raising training fails to account for how people learn and proven ways to change behaviors. The cybersecurity community too easily falls into the trap of thinking that “humans are the weakest link.” In this talk, Dr. Jessica Barker will argue that, if humans are the weakest link, then they are our weakest link as an industry. With reference to sociology, psychology, and behavioral economics, as well as lessons from her professional experience, Jessica will discuss why a better understanding of human nature needs to be a greater priority for the cybersecurity community.
Outcomes: Explore how we can apply knowledge from other disciplines to improve cybersecurity awareness-raising training and communications * Understand where the cybersecurity industry can improve with regards to awareness, behavior, and culture * Develop ideas to improve how you communicate cybersecurity messages and conduct awareness-raising training
++++++++++++
more on cybersecurity in this IMS blog
https://blog.stcloudstate.edu/ims?s=cybersecurity
The top 5 cybersecurity threats for schools
BY EARL D. LAING November 29th, 2017
1. Link Security
From ransomware to phishing and other types of security breaches, direct contact is the number one way that you can create a vulnerability in your system. Those who commit these online crimes are finding smarter and sneakier ways to infiltrate your data every day. Sometimes the attack can even come as an email from a legitimate sender, or appear to be a perfectly normal message on social media. The goal is usually to get you to click on a link.
Solution: Make sure the security preferences for your email account(s) are set up to filter spamming, phishing and executable files that aren’t recognized.
2. Unknown Devices
Solution: Your IT system should include a solution that tracks all devices, including those not owned by your school, that enter the network.
3. Out of Date Technology
Contrary to popular misconception, user interaction isn’t always required for a cyber attack to be launched. The WannaCry attack targeted hundreds of computers all with the same security vulnerability on their Windows operating systems.
Solution: Again, an IT solution that tracks all devices is important, but one that can also check on software upgrades and block access to certain apps is ideal.
4. User Error
A data breach in Florida is just one example of the chaos user error can provoke. This issue didn’t begin with hackers at all. It began with carelessness that caused sensitive information to become public.
User error occurs regularly, and a common root of this is failing to restrict access to files or certain sites that may be compromised.
Solution: Restrict user access to sensitive documents only to those who absolutely need them, and make sure that your site architecture is set up to require a secure login for access. You may also want to create a white list of safe sites and applications and block the rest.
5. No Backup
As disheartening as it sounds, even when you take all the necessary precautions to protect your vital information, data breaches can still occur. When an attack happens, it’s often a major blow to productivity to try and get all the information back into a secure place. Worse, vital work can be lost for good.
Solution: Install a backup system on each school device that sends data to a remote server throughout the day (not just at night) to help make sure nothing is lost.
+++++++++++++++
more on cybersecurrity in this IMS blog
https://blog.stcloudstate.edu/ims?s=cybersecurity
Privacy & Security in Today’s Library by Amigos Library Services
From: Jodie Borgerding [mailto:Borgerding@amigos.org]
Sent: Wednesday, July 05, 2017 3:07 PM
To: Miltenoff, Plamen <pmiltenoff@stcloudstate.edu>
Cc: Nicole Walsh <WALSH@AMIGOS.ORG>
Subject: Proposal Submission for Privacy & Security Conference
Hi Plamen,
Thank you for your recent presentation proposal for the online conference, Privacy & Security in Today’s Library, presented by Amigos Library Services. Your proposal, The role of the library in teaching with technology unsupported by campus IT: the privacy and security issues of the “third-party,” has been accepted. I just wanted to confirm that you are still available to present on September 21, 2017 and if you have a time preference for your presentation (11 am, 12 pm, or 2 pm Central). If you are no longer able to participate, please let me know.
Nicole will be touch with you shortly with additional details and a speaker’s agreement.
Please let me know if you have any questions.
Thanks!
___________________
Jodie Borgerding Consulting & Education Services Manager Amigos Library Services 1190 Meramec Station Road, Suite 207 | Ballwin, MO 63021-6902 800-843-8482 x2897 | 972-340-2897(direct) http://www.amigos.org | borgerding@amigos.org
+++++++++++++++++
Bio
Dr. Plamen Miltenoff is an Information Specialist and Professor at St. Cloud State University. His education includes several graduate degrees in history and Library and Information Science and terminal degrees in education and psychology.
His professional interests encompass social media, multimedia, Web development and design, gaming and gamification, and learning environments (LEs).
Dr. Miltenoff organized and taught classes such as LIB 290 “Social Media in Global Context” (http://web.stcloudstate.edu/pmiltenoff/lib290/) and LIB 490/590 “Digital Storytelling” (http://web.stcloudstate.edu/pmiltenoff/lib490/) where issues of privacy and security are discussed.
Twitter handle @SCSUtechinstruc
Facebook page: https://www.facebook.com/InforMediaServices/
The virtuality of privacy and security on the modern campus:
The role of the library in teaching with technology unsupported by campus IT: the privacy and security issues of the “third-party software” teaching and learning
Abstract/Summary of Your Proposed Session
The virtualization reality changes rapidly all aspects of learning and teaching: from equipment to methodology, just when faculty have finalized their syllabus, they have to start a new, if they want to keep abreast with content changes and upgrades and engagement of a very different student fabric – Millennials.
Mainframes are replaced by microcomputers, microcomputers by smart phones and tablets, hard drives by cloud storage and wearables by IoT. The pace of hardware, software and application upgrade is becoming unbearable for students and faculty. Content creation and methodology becomes useless by the speed of becoming obsolete. In such environment, faculty students and IT staff barely can devote time and energy to deal with the rapidly increasing vulnerability connected with privacy and security.
In an effort to streamline ever-becoming-scarce resources, campus IT “standardizes” campus use of applications. Those are the applications, which IT chooses to troubleshoot campus-wide. Those are the applications recommended to faculty and students to use.
In an unprecedented burgeoning amount of applications, specifically for mobile devices, it is difficult to constraint faculty and students to use campus IT sanctioned applications, especially considering the rapid pace of such applications becoming obsolete. Faculty and students often “stray” away and go with their own choice. Such decision exposes faculty and students, personally, and the campus, institutionally, at risk. In a recent post by THE Journal, attention on campuses is drown to the fact that cyberattacks shift now from mobile devices to IoT and campus often are struggling even with their capability to guarantee cybersecurity of mobile devices on campus. Further, the use of third-party application might be in conflict with the FERPA campus-mandated policies. Such policies are lengthy and complex to absorb, both by faculty and students and often are excessively restrictive in terms of innovative ways to improve methodology and pedagogy of teaching and learning. The current procedure of faculty and students proposing new applications is a lengthy and cumbersome bureaucratic process, which often render the end-users’ proposals obsolete by the time the process is vetted.
Where/what is the balance between safeguarding privacy on campus and fostering security without stifling innovation and creativity? Can the library be the campus hub for education about privacy and security, the sandbox for testing and innovation and the body to expedite decision-making?
Abstract
The pace of changes in teaching and learning is becoming impossible to sustain: equipment evolves in accelerated pace, the methodology of teaching and learning cannot catch up with the equipment changes and atop, there are constant content updates. In an even-shrinking budget, faculty, students and IT staff barely can address the issues above, less time and energy left to address the increasing concerns about privacy and security.
In an unprecedented burgeoning amount of applications, specifically for mobile devices, it is difficult to constraint faculty and students to use campus IT sanctioned applications, especially considering the rapid pace of such applications becoming obsolete. Faculty and students often “stray” away and go with their own choice. Such decision exposes faculty and students, personally, and the campus, institutionally, at risk. In a recent post by THE Journal (https://blog.stcloudstate.edu/ims/2017/06/06/cybersecurity-and-students/), attention on campuses is drawn to the fact of cyberattacks shifting from mobile devices to IoT but campus still struggling to guarantee cybersecurity of mobile devices on campus. Further, the use of third-party applications might be in conflict with the FERPA campus-mandated policies. Such policies are lengthy and complex to absorb, both by faculty and students and often are excessively restrictive in terms of innovative ways to improve methodology and pedagogy of teaching and learning. The current procedure of faculty and students proposing new applications is a lengthy and cumbersome bureaucratic process, which often render the end-users’ proposals obsolete by the time the process is vetted.
Where/what is the balance between safeguarding privacy on campus and fostering security without stifling innovation and creativity? Can the library be the campus hub for education about privacy and security, the sandbox for testing and innovation and the body to expedite decision-making?
https://blog.stcloudstate.edu/ims/2017/06/06/cybersecurity-and-students/
Anything else you would like to add
3 take-aways from this session:
- Discuss and form an opinion about the education-pertinent issues of privacy and security from the broad campus perspective, versus the narrow library one
- Discuss and form an opinion about the role of the library on campus in terms of the greater issues of privacy and security
Re-examine the thin red line of the balance between standardization and innovation; between the need for security and privacy protection a
++++++++++++++
presentation:
https://www.slideshare.net/aidemoreto/the-virtuality-of-privacy-and-security-on-the
chat – slide 4, privacy. please take 2 min and share your definition of privacy on campus. Does it differ between faculty and students? what are the main characteristics to determine privacy
chat – slide 5, security. please take 2 min and share your definition of security on campus regarding electronic activities. Who’s responsibility is security? IT issue [only]?
poles: slide 6, technology unsupported by campus IT, is it worth considering? 1. i am a great believer in my freedom of choice 2. I firmly follow rules and this applies to the use of computer tools and applications 3. Whatever…
chat – slide 6, why third party applications? pros and cons. E.g. pros – familiarity with third party versus campus-required
pole, slide 6, appsmashing. App smashing is the ability to combine mobile apps in your teaching process. How do you feel about it? 1. The force is with us 2. Nonsense…
pole slide 7 third party apps and the comfort of faculty. How do you see the freedom of using third party apps? 1. All I want, thank you 2. I would rather follow the rules 3. Indifference is my middle name
pole slide 8 Technology standardization? 1. yes, 2. no, 3. indifferent
chat slide 9 if the two major issues colliding in this instance are: standardization versus third party and they have impact on privacy and security, how would you argue for the one or the other?
++++++++++++++++
notes from the conference
Speaker: Dr. Steve Albrecht – drsteve@drstevealbrecht.com
Follow @DrSteveAlbrecht
Dr. Steve Albrecht, author of Library Security: Better Communication, Safer Facilities, manages a training, coaching, and management consulting firm, using a dedicated and experienced team of subcontractor specialists. He is internationally known for his consulting and training work in workplace violence prevention training programs, school violence prevention, and high-risk human resources. Dr. Albrecht provides HR consulting, site security assessments, coaching, and training workshops in supervisory improvement, workplace violence prevention, harassment prevention, drug and alcohol awareness, team building, and more. He holds a B.A. in English, B.S. in Psychology, M.A. in Security Management, and a doctoral degree in Business Administration (D.B.A.). He has been a trainer for over 26 years and is a certified Professional in Human Resources (PHR), a Certified Protection Professional (CPP), a Board Certified Coach (BCC), and a Certified Threat Manager (CTM).
Session Description: Libraries don’t always need to hire a consultant to review the level of facility security. Using a structured assessment process, librarians can create a report that will help to make their building, staff, and patrons safer.
Chris Markman, MSLIS, MSIT Public Services Librarian Worcester Public Library
https://mycourses.amigos.org/mod/url/view.php?id=19623
Measuring Library Vendor Cyber Security: Seven Easy Questions Every Librarian Can Ask
http://journal.code4lib.org/articles/11413
Bill Walker: http://www.amigos.org/innovating_metadata
+++++++++++++++
more on security in education in this IMS blog
https://blog.stcloudstate.edu/ims?s=security
more on privacy in education in this IMS blog
https://blog.stcloudstate.edu/ims?s=privacy