Tuesday, December 30, 2008

Kentucky K-12 and Internet 'filtering' (Part 2)

Years ago, Microsoft Proxy 2.0 was the state standard product purchased to comply with Senate Bill 230. It was really known more for its ability to cache content, which was a definite requirement at the time due to the slow WAN links we had at the time (many 56Kb point-to-point and/or similar speed frame-relay links). As far as blocking inappropriate content, the solution was to add pages to a black-list. This is how the ISA product functions today. Third-party add-ons were available then (and are today) that categorize web sites in popular categories and allowed for easier blocking and reporting, particularly related to sexually explicit content, which was certainly the focus at the time.

Some districts in this area were using a product called i-Gear. This was third-party software that was installed on each of the proxy servers in the schools. It did a good job of allowing districts to block various categories. There was a separate browser-type window that remained open on each desktop that let users know they were logged in to the i-Gear solution. This window included a button to log out. One of the primary features I remember districts liking was that window, which was an easy way of knowing whether your browsing session was still logged in. Operating systems at the time were Netware or perhaps Windows NT 4.0 and the concept of a single domain for an entire school district had not become uniform.

I don’t even recall what caused the original concerns with i-Gear. Personally, I think it was a combination of factors: Proxy servers were getting older, there were more and more Internet sites being created, i-Gear subscription costs were increasing and there was some change in this particular market sector. I-Gear was manufactured by URLabs, which was purchased by Symantec in 1999. I'm not sure if Symantec even offers a specific Internet filtering solution today. Their focus seems to be on antivirus, email filtering and endpoint security.

IPrism is a product manufactured by St. Bernard. It’s a hardware-based web filter that nearly all of our area school districts purchased in late 2003 or early 2004. Districts combined node counts and were given a discount on their subscription pricing. Most seem to be happy with the product. Several districts upgraded their iPrism hardware after moving to a high-speed (10Mb or 100Mb) connection to the Internet.

Monday, December 22, 2008

Kentucky K-12 and Internet 'filtering' (maybe Part 1 of...?)

I thought I’d take a few minutes to discuss Internet filtering. In actuality, this will likely result in several posts. Right now, I’m thinking I’ll split it into “why we do it”, “what we do” and “what do I think of it?”

With that in mind, I'll start with the "why". In Kentucky K-12, the first mention of Internet “filtering” usually results in a response involving Senate Bill 230. What is that? This was a state law passed in 1998 that was focused on the prevention of sexually explicit material being transmitted to school districts.

As an aside, it’s worth noting how the legal process works in a case like this. The legislature passes the law – this is a Kentucky Revised Statute. The “law” surrounding “Senate Bill 230” is actually KRS 156.675, which is the Kentucky Revised Statute. For those who recall past debates with Jeff Nelson over the “at no cost” phrase for a solution, this is where you’ll find it.

The law tasks the state’s Board of Education with the creation of administrative regulations to enforce the law. This led to 701 KAR 5:120 (KAR being the acronym for Kentucky Administrative Regulation). This regulation led to several things, including mandatory acceptable use policies and standards for filtering technology (ours was originally Microsoft Proxy 2.0).

As a Kentucky school district, which do I have to follow? I’ve been asked this before and you could ask the same thing about other topics such as adherence to the KETS Master Plan. The state Board of Education is one of the entities given the authority to promulgate (basically ‘proclaim’ or put a law into action) administrative regulations. You see references to the authority given in the first lines of the regulation. Once the regulation is adopted, it (the KAR) essentially becomes the law.

There’s the “state law” lesson for the day. There’s also the federal Children’s Internet Protection Act that’s often referenced when discussing Internet filtering. Most of the federal requirements are encompassed in our state’s legal requirements.

We have a page on the KDE web site that discusses our implementation of Senate Bill 230. It provides some of the links noted above as well. In future posts, maybe I can explore some of the specific language and the challenges it brings as technology has changed during the past ten years...

Friday, December 19, 2008

Merry Christmas!

I want to take a moment to wish any readers a Merry Christmas. I was asked a favor by a former co-worker who recently gave birth. She noted that she didn't have enough Christmas cards to send to all of the districts I work with and wanted me to share a Christmas card. I'll try to remember to bring it to our next regular meeting, but I couldn't resist scanning in a couple of images for those who want to see the recent arrival:


Thursday, December 18, 2008

Permissions: NTFS, share, etc.

I'll post a few links, but I'm wondering aloud if all of our school districts use best practices when creating folder/file structures and assigning permissions. I know of issues with web sites being hacked, with our previous SIS package 'requiring' too many privileges to critical files and situations where a user claims that another user deleted content from their folder.

There are some good articles that explain the various permission settings that are available. This article gives an overview of share, NTFS folder and special permissions with some screen shots. An MCSE prep site gives some similar examples. I also found some tips and best practices.

If you're struggling with this, I would advise searching on terms related to the problem and to K-12 as well. A search like this led me to a good message board post where a district was setting up a homework folder for students to turn in their homework assignments.

Tuesday, December 16, 2008

Sylvia Charp award

ISTE and T.H.E. Journal have an award they give each year to a school district "...that has shown effectiveness and innovation in the application of technology district-wide." The winner is presented at NECC and is given some funding toward the trip. Click for details on how to nominate...

Web 2.0 in under 5 minutes

This is a video created by Michael Wesch, an anthropology professor at Kansas State University. It does a good job of explaining some of the concepts of Web 2.0:

Friday, December 12, 2008

Various links from December TIS newsletter

Here are several links in the monthly TIS newsletter that Earlene puts together for the integration specialists:

Classroom Resources

National Library of Virtual Manipulatives - math instruction resource
8 ways of checking information on web sites

Film Education Resources
Creative Rights and Digital Responsibilities

Internet Safety Resources

CyberSmart! Curriculum
NetSmartz
i-SAFE

The newsletter also touched on Picasa, which is used to organize, edit and share photos. There's also at least one wiki that discusses the use of Picasa in education.

i-Jam: MySpace & Facebook session

Just now getting around to posting some items from my notes on the MySpace and Facebook session at the recent i-Jam conference:

* MySpace is owned by Fox Interactive Media, and 1/4 of Americans are on MySpace
* 20 million images and 105,000 videos are posted daily to MySpace, all of which are viewed before uploading
* There is a MySpace guide for parents and teachers, and I'll hyperlink one site that has it uploaded
* The session mentioned ikeepsafe.org, which includes (among other things) software that is supposed to assist parents in seeing what their kids are doing
* Facebook noted that their response time on reported violations is within 24 hours on nudity, pornography and harassing messages
* Facebook also noted that 100% of the emails sent to the 'abuse' reporting mailbox are reviewed within 72 hours

Tuesday, December 9, 2008

Microsoft: Teacher Tech Tuesday webcasts

I wasn't aware of these, but Microsoft apparently has webcasts every Tuesday at 3PM CT. These are focused on using Microsoft products and tools in the classroom.

The next two look interesting. Today's focuses on the WorldWide Telescope, and next week's is an introduction to PhotoSynth. Register for either of these at the original webcast link above.

Monday, December 1, 2008

i-Jam recap: Notes from Cybercrime session

Here are several points brought out in the recent Cybercrime session at the i-Jam event in Lexington. I'm not sure if all of these will be of interest, but they were interesting enough to me (at the time, anyway) to write down:

* Louisville is labeled as the "most obscene city" in the U.S. based on analysis of several inappropriate terms searched for in metropolitan areas. These were terms such as George Carlin's seven words you can't say on television, as well as really disturbing phrases that I refuse to type here involving nudity or sexual relations with animals, the deceased, etc. Apparently the Lousville area ranked highly in the number of times these sorts of things were searched for...

* Project Safe Childhood is an initiative started by the U.S. Department of Justice to help combat sexual exploitation crimes against children. As I mentioned in an earlier post, you can get info and free public service announcements there.

* Online gaming is an emerging area of concern. Predators tend to engage children in the gaming 'world' and encourage them to drop offline and meet them in other chat areas that may not be monitored.

* There was discussion about the "cool" girl in school being the most provocative girl. Recent stories about revealing Halloween costumes came to my mind.

* This led to the issue of kids self-producing content that can be labeled as child pornography. It was carefully pointed out that they weren't talking about the "slumber party kids-in-PJs" example, but they cited an example of an underage couple that thought it would be a good idea to video themselves having some type of sexual relations. The video got posted somewhere and the authorities have tracked its retrieval hundreds of times around the world during various apprehensions of criminals with child pornography in their possession.

* A couple of points from that discussion: Kids don't realize that this content, once posted, is out there FOREVER. These kids may not realize that, once created, they themselves are in possession of child pornography and the 'friend' that gets the content and shares it with his/her buddies is guilty of distributing child pornography.

* When it is argued that their MySpace/Facebook profiles are set to private, kids need to be reminded that easy searches can be done for ways to hack these accounts and gather information, view friends and pictures, etc. NOTE: Be careful if you think you'll try to prove this point firsthand, as many of these advertised 'hacks' have spyware and trojan horse applications embedded.

* One criminal highlighed had used trojan horse software to blackmail children into unfortunate activity. He befriended the children online in a chat room and perhaps sent an innocent picture or attachment with an embedded trojan horse. Once he convinced the victim to open the file, he had access to the user's computer. This led to the capture of all sorts of information such as credit card info, bank account numbers and passwords, etc. From there, the criminal made the victim aware and threatened to bankrupt them or other things unless they complied with his demands... From the young victim's perspective, they were probably scared to tell their parents for fear of getting in trouble for chatting with a stranger in the first place. It's an unfortunate story and I share it because I hadn't really thought of things like this that were outside the realm of the stereotypical stories I had heard.

* An attendee questioned about the psychological issues these criminals had and the need to rehabilitate them. One speaker rhetorically asked us this: "How much therapy would it take to convince you to change your sexual preference?"

* One last note - in cases where state boundaries are crossed, the jurisdiction is in the state where the "bad guy" lives. That's the state where the case will be prosecuted. This 'standard' is in place to help the authorities avoid stepping on each other's toes, questioning authority or jurisdiction and to avoid duplicating investigative efforts.

It was an interesting session, albeit depressing.