Archives For Safety & Security

One of the industry rags I like to read is eWeek. It’s just the right size for casual consumption between meetings or, in my case, while waiting for the flight attendents to announce that I can take out my laptop. The October 22 issue has an article entitled “5 Steps To Better IT Job Security,” and it meshes nicely with my previous pos^H^H^Hrant about some IT directors.

The second step is “Lose control without losing”:

Gartner, in an Aug. 15 report titled “Anarchy Knocking at the Gates of IT Security,” rationalized that if “no” is the default response from the IT department, user populations will simply conspire against IT, creating an endless game of whack-a-mole.

“But you can’t just relax control,” Robin Simpson, Gartner analyst, wrote in the report’s summary. “You need to delineate between the business and personal computing worlds so they can work side-by-side and the boundary can be secured.”

IT professionals will make more meaningful relationships within their organizations by ceasing to say “no” by default, and instead asking, “How do we allow good things to happen safely?” Mann said.

“Move beyond ‘How do I control everything’ to ‘How do I keep things in order,'” Mann said. “Learn to lose control without losing control.”

Industry is realizing that they can’t completely control their employees’ technology use even if they wanted to. That’s why I favor an collaborative approach that engages with teachers and students to identify and implement innovative tech-rich teaching and learning strategies. I’m not smart enough to do it by myself.

Fellow ADE Rae Niles sent me a link to a short, online anti-cyberbullying video entitled “Let’s Fight It Together.” It’s nicely done and worth a look.

New iMac

We got our first family computer on Tuesday, and my boys are pretty excited. I’ve got a couple laptops, but they’re for work and I don’t let the kids use them. Now, though, we’re ready to roll. I’ve downloaded Scratch, Google Earth, and Sketchup, and I’m looking forward to working on them with my oldest who’s eight.

We’ll be using Safari for the boys with its parental controls that allow us to restrict their web surfing to certain pre-approved sites. What I don’t have is a good list of kid-friendly sites. I plan to check out Club Penguin, but I’d love to get some other suggestions.

Eben Moglen is a law professor at Columbia and Director of the Software Freedom Law Center. He is well-known in the free software world for his important work on the next generation of the GPL software license, the GPLv3.

Professor Moglen gave a talk last April at the MySQL Conference, and it’s worth a listen. Although online privacy seems like a quaint anachronism these days, Moglen paints an ornate picture of the inherent conflict between our desire for privacy and the appeal of an interconnected online world. Beyond the ideas he communicates, his 40-minute talk is a rhetorical work of art.

While the focus is on online privacy, Moglen got my attention when he took a short detour to comment on teenagers’ use of social networking sites:

I hear a lot of complaining from grownups, that is gray-haired altercockers like myself, about some supposed absence of concern for privacy among teenagers at MySpace and Facebook. This puzzles me very much. I hear complaints about teenage driving too, but complaints about teenage driving are always accompanied by a recognition that the kids are inexperienced and that as they grow up they should become better drivers. But the fact is that the adults I hear complaining about teenage disregard for privacy on MySpace and Facebook are the very people who are bringing about the primary privacy problem that I’m trying to talk about here. They’re not becoming better drivers. They’re just becoming better ignorers of the problem as time goes by. And as we begin longitudinally to study what young people do at MySpace and Facebook, it turns out they’re not all that unconscious about privacy after all. This may yet turn out to be primarily an old person’s problem.

This matches my experience. When I talk to young people about their online lives, they consistently express pretty sophisticated attitudes about online interactions. It will be interesting to see how the social networking debates change over time.

I’ve posted before about how teenagers may be tempted to share a little too openly on social networking sites like MySpace. Today’s St. Paul Pioneer Press provides a good example in an article headlined Teen in fatal crash shuns cops in favor of MySpace. The 18-year-old woman being investigated made comments on her MySpace page that the police are now hoping to use against her. An excerpt (from the Pioneer Press article—her MySpace has since been removed):

I just want to let everyone know August 19 2006 Joe Renner and Joe Shafer died and me and Samatha were hurt. I’m sure a lot of you really don’t give a (expletive) about me. Fine whatever you have your reasons I don’t blame you but really think about it. Both of them knew what they were getting in to. Yes it’s my fault because I was the driver but think about how many of you did what I did. … Now don’t get me wrong I take full responsability (sic) for everything that happened, but when you sit and say everything your (sic) saying think about what you probley (sic) did the day before that or maybe that night. You all take that risk. I never though it was gonna happen to me and it did. I learned from that I lost two very good friends of mine and a lot of people did.

Whether the D.A. can make her online “confession” stick is anybody’s guess. If you need a case study to use when talking with students about posting online, this may be one to include.

myspace, online privacy

Congress vs. MySpace

11 May 2006

The ed tech blogosphere is buzzing about this so I feel compelled to add my $0.02.

Rep. Michael Fitzpatrick (R. of PA) has introduced legislation called the Deleting Online Predators Act (DOPA). I saw the news first in an article at News.com entitled Congress targets social network sites. (You’ll find the actual bill online in PDF form here.)

I won’t summarize the entire article here since you can read the News.com site and the bill itself for the details. The purpose of the bill is to protect students by forcing schools and libraries that receive federal funding to block access to commercial social networking Websites or chatrooms where students may encounter online predators. Who wouldn’t support legislation like that? Obviously, supporters of the bill think that their suburban constituents would appreciate the extra protection at their childrens’ schools. (I am trying so hard not to be sarcastic here.)

I should say first that this legislation would have little or no immediate impact on instruction in my school district. We don’t have teachers using these sites with their students. And, frankly, it’s probably not a good idea for schools to use 3rd-party sites like MySpace et al. for official purposes anyway since all kinds of liability issues pop up immediately. My preference has always been to run the software on our own server so that we can provide proper supervision.

That said, Rep. Fitzpatrick clearly doesn’t get it. Let me count the ways.

  1. The law is simply unenforceable. Students will find open proxies for bypassing content filters faster than they can be blocked. (See Google search results for a quick list of anonymizing proxies.)
  2. The bill is way too broad. It defines “commerical social networking Website” as any site that “allows users to create web pages or profiles that provide information about themselves and are available to other users; and offers a mechanism for communication with other users, such as a forum, chat room, email, or instant messenger.” That definition covers too much ground.
  3. The very technologies that this bill would prohibit are the future of the online world. I suspect that Rep. Fitzpatrick is under the impression that having students use Microsoft PowerPoint to do presentations is an example of cutting-edge educational technology.
  4. The bill would allow a school or library to disable the filtering during adult supervision or for educational use. That’s an exemption that isn’t really an exemption. How would that process be managed in a busy school? It wouldn’t happen. The filters would never get disabled.
  5. If students are at risk from online predators, it’s not typically during school hours. I understand that Congress can’t legislate how parents supervise their childrens’ computer use, but this seems like a solution pointed in the wrong direction.
  6. The social networking phenomenon is too new to know how it’s going to play out in the culture. This law seems like half-cocked response targeted for short-term political gain. That’s a bad way to legislate regardless of the issue.
  7. Blocking sites like these only serves to convince students that what they do in school isn’t “real life.” Isn’t it hard enough already to keep students engaged?

It will be interesting to see how all this shakes out.

dopa, myspace, online predators, legislation

2nd VPN experiment

10 Dec 2005

I posted recently about using HotSpotVPN to secure my wireless Internet connection while traveling. Once I had the VPN configured I started up Ethernal to see if my traffic really was encrypted. I was disappointed to find that some of my network traffic, including my .Mac email password, was still visible. I’m not sure if I misconfigured something, but clearly that’s not going to do the job.

I did some more digging and signed up for a month-long trial with PublicVPN. This service differs significantly from HotSpotVPN in that it utilizes standard VPN protocols instead of tunneling over SSL. As a result, access to the PublicVPN service may be blocked by hotel or coffee shop firewalls just when you need it most. (SSL VPNs are almost never blocked because doing so would prevent Web surfers from using secure sites for shopping, email, banking, etc.) PublicVPN works flawlessly with OS X and Windows using the built-in VPN clients. I did some more packet sniffing and all passwords appear to be encrypted. Another plus is that the PublicVPN service is cheaper at $5.95/month or $59.95/year.

OS X Internet Connect screenshot

Technorati Tags: , , , ,

I’m in Rochester, MN for a couple days this week working as a mentor at an ISTE Institute. After listening to the latest Security Now! podcast with Steve Gibson where he talked about VPNs, I decided that I should probably get my act together and get set up with a secure connection.

If you ever use a laptop in an untrusted environment you should be using a VPN. By “untrusted” I mean a setting where you’re not sure who might be eavesdropping on your communications. Coffee shops, hotel rooms, and even remote offices on wired connections are good examples. Many people these days are used to using SSL-encrypted Web access for banking or online commerce (the “https” sites), but it’s less obvious that many email connections are unencrypted. In other words, unless you take steps to avoid it, the default behavior is usually to send your email password flying across the network in plain text where it can be intercepted by someone running a packet sniffer.

After doing a bit of research online, I signed up for a month of HotSpotVPN service. After a relatively straightforward install (it’s easier on a PC), I was connected to their service and all of my Internet traffic is now running through an encrypted “tunnel” and immune from inquiring packet sniffers. The service is about $10/month and I consider it a bargain for frequent travelers or anyone who uses wifi connections in public places.