The UK Government, in its infinite widsom, has decided that the risk of the nations children becoming "groomed" and "radicalised" via the internet while in school is in fact so great, that they are going to start making formal requirements that schools are to use 'online filters and monitoring' to definitely ensure that this can absolutely never happen. This is following one incident in London, that the school in question maintain likely had nothing to do with them anyway. *sigh*. It's another strand of the Governments 'Prevent' strategy, which in my humble opinion is one of the more insane, ridiculous and divisive ideas they've had recently - producing such gems as a 14 year old being questioned by school officials for using the term “L’ecoterrorisme” in a French discussion, parents being warned that their children may in fact be "extremists" if they dare to question Government or the media and a young child being referred to the authorities after making reference to the "history of the Caliphate" in a presentation on British foreign policy amongst others.
Now, parts of these requirements are actually reasonably sane. It's perfectly reasonable (and in fact already expected) for schools to keep an eye on what their students are doing online, just as they should keep an eye on what happens in the playground and in the classroom. It's also perfectly reasonable to expect schools to work to keep their students free from bullying, safe from adults who may pose a risk to them and to help them avoid accidentally falling over material that they might lack the maturity or emotional capacity to properly process yet. All good so far.
However, just as in the case of the 'Investigatory Powers Bill' that UK.Gov is desperately trying to push through (again), the technical measures that they want implemented in order to "keep us safe" are deeply misguided, ill thought through, a massive invasion of an individuals privacy and quite simply won't work - all at the same time. Basically, the Government has no clue whatsoever on anything technical but won't let a thing like that stop it making all kinds of insane technical demands.
History Time
Internet filtering in UK schools is nothing new. It all started back in the 90s when articles about this new fangled thing called 'The Internet' started becoming more common, some people even got 'The Internet' at home and schools started to take small steps to do likewise. Unfortunately, a lot of these articles people were reading often touched on the dangers of pornography and other adult content, so it was necessary for the Government, local authorities and schools to "do something" to stop this awful stuff making its way into our schools when they "Got The Internets". Doing this wasn't really all that difficult - the Internet was many orders of magnitude smaller, the only bit of it anyone was really concerned about was the World Wide Web and this itself was almost entirely unencrypted, very simple and mostly just pages of static content. Commercial vendors could, with relative ease, categorise the majority of the web pages on the Internet and the people that provided Internet access to schools could use that database alongside caching proxies to return error pages to users instead of "bad stuff" if it was requested. Even back then of course it was trivial to bypass this filtering (I still remember a few of the ways that worked for me when I was of school age!) and there were of course errors and omissions from the filtering databases - but access to the internet was far less critical back in the late 90s than it is now, was typically available on a small number of desktop computers in a school and I don't think it was really enough of a big deal for people to get too worked up about.The Modern Classroom
These days of course, things have moved on massively. The internet is everywhere and used for everything, all of the time and schools are no exception to this. Schools often have many hundreds (if not thousands) of internet connected devices from traditional desktop computers, to laptops, to racks of tablets, big screens and projectors everywhere, online applications and storage and of course, major WiFi deployments that Students and Staff alike can connect their own equipment to and get online anywhere they happen to be. "The Internet" is no longer just the WWW either and all kinds of proprietary "apps" exist and interconnect to meet demand for just about anything that involves communication. The infrastructure behind this has naturally become more complex and is often delivered in far more layers of abstraction than it used to be. Network connectivity is critical these days, just as in most work places and not only do people jump and shout if it's unavailable for 10 minutes - they jump and shout if one particular service, like YouTube or Google Image search, isn't available for 10 minutes. In amongst all of this however, the internet filtering thing from the 90s still hangs on in very much the same form. It does however, have very different effects on things. For a start, it's simply not possible anymore for anyone, even a commercial entity with massive resources, to categorise the entire internet. Despite what many people who work in edu assume, the "science" behind web filtering is just still human beings, looking at websites and deciding what categories they fall into at the time they happen to have looked at them. The database of websites that results from this manual categorisation is then the one that is used as the decision maker by commercial web filtering products. Unfortunately for the users of these products though, to take just one example, it's estimated that 300 hours of video are added to YouTube every minute alone, so expecting a machine to somehow "know" if each one of those videos are "good" or "bad" is simply impossible - so schools are left with only an elephant-gun approach of "YouTube Ok" or "YouTube BAD" (because it might have a tiny proportion of content that some might consider 'not ok'). Personally, i'm of the opinion that restricting access to platforms like this, that provide access to an unlimited, never ending and freely available supply of amazing resources and ways of learning just because someone found something nasty is cutting your (educational) nose off to spite your face - but it's something that I know a good number of schools do - and the same is true of a colossal number of other amazing internet resources. Similarly, whilst the school I work in does employ this same 90s-style web filtering still, I try to err on the side of not crippling huge swathes of the internet 'just in case' and the benefit we see from not doing that is immediately obvious.On a technical level though, even if we did decide that the risk was just "too great" and that we wanted to cripple our tech in the name of safety, the technical challenges of "restricting" the internet in 2016 are, as in many ways they should be, a law of ever diminishing returns. More and more of the internet is now encrypted and delivered securely over SSL. This is a "good thing" for the Internet and its users as it means that peoples communications are better protected from hackers, fraudsters and nefarious Governments across the world. It also means however, short of using some highly dubious methods that dramatically weaken the security of peoples communications over our network even when they are technically feasible (they aren't when people are using their own devices), it's no longer possible for those web filtering boxes to take a peek at the content you're accessing anymore. Therefore, unless I want to act like King Kanute and try to hold back the tide of technology by insisting that users don't use their own devices on my network, by breaking huge parts of the Internet and by taking some very ethically dubious steps to break into my users encrypted communications, it is in fact exceptionally difficult for me to, at a technical level, perform the necessary snooping to meet these ridiculous requirements. And even if I do try and act like King Kanute and do all of these things that will undermine the trust of my students and staff and make life generally a lot harder for them, and even if the "magic technology" manages to filter all of the "bad stuff" (which it can't), anyone can of course bypass all of it anyway with a few seconds help from Google, or by just turning on their 3G service or using a computer at home, or WiFi in a coffee shop, thus rendering the whole effort pointless.
Taking things a stage further solutions are available that, for the small price of a hefty license fee, signing your soul over the devil and installing a load of software with potentially highly dubious security practices of its own will turn your IT infrastructure into some kind of Orwellian nightmare where oodles of screenshots of every swear word, policy violation or in fact a hint of anyone mentioning the names of various political activists are immediately dispatched for analysis. This is not only sending the clear message that we simply don't trust our young people to start making their own decisions, but it's also trying to find a technical solution to what is in fact a social problem.
What should be done?
This brings me to what the 'common sense' solution to this might be. Students at my school enjoy a relative amount of freedom with technology. They use this to hunt out solutions to their school problems that other people have made help videos about, they make use of Twitter, they e-mail each other and their teachers. Our desktop computers are not locked down to within an inch of existence so they can write code, write scripts, take to Linux in their own virtualised environment, poke around the internals of operating systems without worrying they're about to be hauled over the coals for it and can generally geek-out with relative freedom. We have students who are highly technically competent and help me and the IT technicians out imaging computers, replacing hardware and the physical parts of refreshes - which benefits both them and us. The result of all this is a very low level of "malicious" behavioural problems when it comes to IT. When it comes to the other kinds of behaviour incidents that can result from computer use and Internet access, these are treated like any other behavioural matter. We do employ web filtering for certain categories of content and we do maintain a certain amount of logging data, but the expectation is that these technical measures are there to make the jobs of teachers easier and help them keep their classes on track, rather than "do their jobs for them" and mean they somehow don't have to worry about what students are doing online. I will of course always help where I can when incidents do occur (which is thankfully rare), but the IT Office is not the place you run to because someone typed something a little risque into Google, just as presumably the librarian would not be the person a member of staff ran to because someone brought a dirty magazine into school either. Ultimately, student conduct is not a problem looking for a technical solution - it's a social problem. I'm very lucky that this is an ethos that my SLT understand and also that the overwhelming majority of our students respond very well to being given a little more personal responsibility for their behaviour almost all of the time as well.When incidents of concern do occur, as of course they do from time to time, my school has a very well defined behaviour policy and protocols and staff who will discuss the issue with the child, attempt to work out what went wrong and how mistakes can be learned from. To my mind this seems far more likely to provide learning and development opportunities, encourage young people to have a clearer understanding of right from wrong and how to keep themselves safer, instead of crippling the technology in some massive pretence that we can somehow control this massive online world and shouting at those young people who demonstrate what a farce it all is? Is this "education" not after all kind of the reason schools exist in the first place and not far more likely to help "Prevent" radicalisation from toxic ideologies than faceless monitoring and an assumption that trying to hide information will make it go away?
I knew I should have just ranted about group policy, roaming profiles and sandwiches shoved inside CD trays.
First!
ReplyDelete