“The personal information of thousands of California children and their teachers was open to public view when the school districts issued a generic password to teachers using the system. Until the teacher used the system and changed the generic password to a unique password, anyone was able to type in a teacher’s user name and generic password to gain access. Administrators shut down access to the service after a reporter phoned in to let them know that she had been able to access student information for all the children in two middle-school classes where the teachers had not yet changed their passwords.” From the article: “‘I’m fuming mad,’ said Sarah Gadye, the San Francisco middle school teacher who discovered the problem Thursday — three years after the district purchased the service for elementary and middle school teachers. ‘My own child could go into this, figure it out and get all this data on all these students. It’s mind-boggling.’
Aside from the low regard Ms Gadye has for her own child, the thing that bothers me about this article is that it implies that for three years, the teachers didn’t learn enough about the system they were using to know to change their password.
This isn’t wholly a failure with the teachers; the failure lies with the school district and the management of the school. The job of the software development company is to create the tool; the job of the teacher is to use it where appropriate. At some point in the middle there has got to be a layer of education – the teachers need to be trained in using it. Ideally that should come as part of the package the school board bought, but sometimes extra training is required. You need to have lessons before you drive a car, and by the same token you should have lessons before you start using a system that has the potential to reveal sensitive information about children.
The opposite is also true. I would argue (and I know others feel the same) that before someone starts using any web-based learning system, Elgg included, the students need some kind of training on basic Internet practice as well as the day-to-day use of the application in question. Every student should know not to give out their personal contact details, for example, and where the security risks lie. Even if schools don’t have web-based e-learning systems, I would think they should provide it; we’re at a point where more students in some areas will have Internet than not. This should be on the curriculum alongside “don’t talk to strangers”. Outside the classroom it could be argued that it’s more of a parental issue (although parents need education too); inside the classroom, teachers need to know what to look out for, where problems may arise, and in my experience they often don’t.
Similarly, while they often cannot provide it themselves, software producers need to be opaque about the need for education. I would be deeply unhappy if I knew someone was taking a basic Elgg installation and giving it to children without any supervision or education about the dangers, even though as an open source project we don’t have the resources to provide that training ourselves.
What I do have the resources to do, and maybe others might want to join in, is to provide materials for teachers about Internet safety, that anyone can download and use in a class. Perhaps such a thing already exists, in which case it needs to be promoted and brought to the attention of every teacher about to use connected software in a classroom setting.