Elearning is booming and many schools are investigating the advantages and opportunities afforded by using the WWW to enhance participation in learning activities and add value to the courses they offer. The following guide is intended to help schools and teachers avoid some of the risks involved in encouraging or requiring learners of all ages to participate in activities on the WWW.
“Learners’ personal privacy and data security are our responsibility if we require them to use web services.”
What do we mean by require?
Even if we don’t explicitly or intentionally state that teachers and learners must use a particular website, we can, in effect, do this implicitly and unintentionally. If teachers and learners cannot participate fully in a course without using a specific website or service, or may be at a disadvantage if they choose not to use it, then we are, in effect, requiring them to use it. For example, conducting discussions or posting course materials on 3rd party websites or services, or teachers and learners themselves may create their own groups on 3rd party sites if we don’t provide them with more private alternatives.
Why is it important?
Teachers’ and learners’ personal privacy is our responsibility if we require them to use websites and web services. It’s a legal requirement in most countries under “duty of care” (tort law) and in some cases civil law, e.g. the European Union Directive on Privacy and Electronic Communications, to learn about privacy on the web and take those responsibilities seriously because failing to do so can result in issues such as:
- Complaints from teachers, learners and/or guardians which can damage teacher and school reputations
- Personally Identifiable Information (PII) leaks
- Profiling of teachers and learners without their consent or knowledge
- Loss of control of teachers’ and learners’ personal information and subsequent “permanence” making it difficult or impossible to remove
- Cyber-crime and identity theft
- Cyber-bullying, i.e. suppressing learners’ rights and freedom of expression
- Grooming, i.e. predatory abuse of children
- Invasions by spammers and marketing of products and services that learners may be uncomfortable with or even find offensive
- Unmanageable offensive behavior by uninvited 3rd parties
- In rare cases, legal action
Fortunately, there are measures that we can take to minimize these risks easily and effectively. The coauthors of this article have developed this guide to help raise awareness of the issues and provide practical advice.
Website Safety Guidelines
Raise awareness on the issues with teachers and learners
The first step is to acknowledge that the issues exist and ensure that teachers and learners are adequately informed and understand them. If we fail in this task, we expose ourselves to liabilities both legally and ethically. Fortunately, there are easy ways to raise awareness from short introductory seminars or presentations that highlight the issues, to web safety guidelines, to installing software and putting safety checks in place. So called Digital Citizenship programmes are becoming increasingly popular and participants are often grateful to have been made aware of these important issues and how to deal with them in everyday life on the WWW.
Instead of relying on school network filters, we can also look for other solutions for better protection and education. At the end of this article we list some useful plugins for Firefox and Internet Explorer that not only block the majority of internet surveillance but also help to raise awareness of how pervasive it has become.
Important questions to ask:
- What are you doing to adequately inform teachers and learners of the risks?
- What support and tools are you offering in order to help them make well-informed decisions?
- What tools and resources are you informing teachers and learners about so that they can use the WWW and avoid internet surveillance?
- Do you require teachers and learners to agree to a clear, concise statement of limit of liabilities for 3rd party sites before participating in online activities?
Minimize teachers’ and learners’ digital footprints
A learners’ or teachers’ digital footprint is the information they leave about themselves on the WWW. It can be innocuous information such as what they had for lunch or it can be an email, phone number, address or date of birth, otherwise known as personally identifiable information (PII). If PII falls into the wrong hands, it can be used for fraud, identity theft or to target teachers and learners with unsolicited marketing campaigns or divulge private personal information without their permission. The maximum information that we require from teachers and learners should be their names and avatars/photos: Just enough so teachers and learners can recognize and identify each other quickly and easily. In some cases, email addresses* may also be required so learners and teachers can be notified of updates to collaborative activities, assessment and/or announcements from teachers or the school. Any more information is more than likely unnecessary for online learning activities. Geographical location, Social Security numbers, addresses, age or date of birth, even gender shouldn’t be stored online unless we have a very good reason to do so and substantial security to prevent access to the data by 3rd parties is in place.
Websites’ privacy policies are probably your best guide to understanding what information they collect and what they do with it. For example, compare the privacy policies of two sites; Google and the Electronic Frontier Foundation and note the differences. Which one do you think is more open and transparent? Which one is more forthcoming with specific details?
Important questions to ask:
- What Personally Identifiable Information are teachers and learners required to give?
- Why is it required?
- How frequently are the privacy policies and end user licence agreement (EULA) on the website updated?
- What measures are in place for detecting and dealing with abuse such as acquiring other users’ PII and other forms of internet surveillance?
- Does the website take steps to educate about and/or prevent users from entering too much PII?
*Some schools do not store learners’ email addresses. In this instance, we should look for websites which provide us with tools to create and manage teacher and learner accounts.
Don’t sell out teachers and learners
Almost all websites have surveillance software in place, otherwise known as analytics, that gathers user data, i.e. users’ IP addresses, operating system and browser details, cookies from previously visited sites, navigation and mouse movements, etc., which can be aggregated to compile comprehensive profiles on individual users. What websites do with this data is of paramount importance to teachers’ and learners’ personal privacy. We should insist on using websites whose revenue strategies are transparent and aligned with our policies and mission statement.
Additionally, we should also ensure that sites do not contain any 3rd party “share” or “rate this” buttons or embedded apps that may contain user surveillance software. The surveillance of internet users has become a widespread phenomenon and we have a responsibility to reduce teachers’ and learners’ exposure in educational settings whenever possible (for much more on this see “Press articles on internet surveillance issues” at the bottom of this post).
Important questions to ask:
- How is the website funded? Who or where do its revenues come from?
- Can marketers and salespeople easily enter the site and promote products and services?
- Does it support targeted advertising and sponsorship?
- How easy is it for teachers and learners to shut down and delete their accounts?
- How easy is their end user licence agreement and privacy statement to read and understand? Do they change often? Does it appear as if they are trying to obscure something?
- Who does user generated content belong to and what do they do with it? Who has access to it?
- Do they have software in place to analyze teachers’ and learners’ browsing habits?
- Do they have business relationships with any non-educational entities? What are they?
- What messages do they send to users? Why?
Don’t subject teachers and learners to trolls, spammers, child groomers or offensive behavior
Websites want to make it as easy as possible for you to join. “Join now!” “Signing up is free and easy!” In all but exceptional cases, we should consider websites with instant membership for anyone and everyone as unsuitable for educational purposes.
However, some sites also allow members to form virtual groups and create a protected environment or ‘walled garden’ within the site, i.e. uninvited 3rd parties and marketers cannot intrude on the groups. This may be acceptable if the tools are robust and we can manage them effectively. Often the most appropriate choice is for specialist education websites that are entirely ‘walled gardens’ with a rigorous vetting system in place where only specific people can join through a verification process.
Important questions to ask:
- Who can become a member?
- How easy is it to create accounts using false information?
- If they ask us for our date of birth, address, school, etc., how do they verify that we are telling the truth and what sanctions do they impose on us for providing false information?
- Once inside, are there effective tools or procedures to protect your environment from inappropriate behavior?
- Are there privacy settings, and if so, are they clear, consistent, understandable and won’t change without warning?
Monitor and arbitrate teachers’ and learners’ online behavior
We are responsible for cultivating a productive learning environment that is safe for teachers and learners to use. Sites may include teacher and learner generated content in the form of online chats, discussions, projects and other collaborative tasks and we should ensure that we can meet our responsibilities effectively.
Most social networks enable and encourage users to contact each other privately. In a classroom setting there are risks of inappropriate teacher-to-learner and learner-to-learner behaviors. In the same way that we usually have policies in place that prohibit teachers being alone with a learner at any time in school, the same should be true online.
Also as teachers are required to be present during classes, it’s a good idea to require teachers to have some kind of presence in online learning groups. This is not only appropriate for detecting inappropriate behavior, it’s also a means to provide effective support and motivation to learners. Additionally, the option to automatically filter user-generated content, for example, blank out any email addresses, birthdays, phone numbers, offensive language, etc. that they might try to post, may be useful for some situations.
Important questions to ask:
- Are all teacher and learner generated content and messages permanently recorded?
- Can we access communications between all our teachers and learners?
- Can we perform group-wide and/or site-wide searches for inappropriate behavior?
- Can we suspend the accounts of teachers and learners who behave inappropriately until an issue is resolved?
- Does the site provide automatic filtering options to detect inappropriate words or links?
- Are the provided monitoring tools easy to use and effective?
Schools have always had the responsibility of keeping learners safe. While the current surge of interest in elearning has presented new challenges to these responsibilities, being vigilant and following these safety guidelines can help ensure that all participants are safer and more aware of the various risks.
Useful anti-surveillance tools
Here are some useful plugins for web browsers that monitor and block internet surveillance.
- Ghostery (Firefox) sees the “invisible” web, detecting companies interested in your activity.
- Targeted Advertising Cookie Opt-out (TACO) (Firefox) automatically blocks 100’s of tracking technologies that advertisers and others use to track you.
- NoScript (Firefox) is a more advanced approach with a variety of benefits.
- Tracking protection list plugins (Internet Explorer 9).
- EFF Surveillance Self-Defense guide to reducing the risks of all online activities.
- IXQuick alternative search engine to Google that doesn’t profile you by recording your searches or your IP address. How to make IXQuick your default search provider.
- TOR Browser – Encrypts your communications, data, searches, etc., and hides your IP address, rendering you unidentifiable. Used by law enforcement, military, journalists, businesses, political groups and people under oppressive regimes and extreme censorship around the world. If you use this, you’ll notice that very little of what Google and Facebook provides is actually “free” and many of their services are unavailable without surveillance and your personal data.
Press articles on internet surveillance issues
We’ve compiled a list of relevant news items. Please note that this is by no means exhaustive and that internet searches for news items on the topics mentioned in this article will return many hundreds of results. They are in no particular order.
- Facebook must destroy facial recognition data – or get users’ approval, Germany decides
- Google hit with record fine
- The Terrifying Ways Google Is Destroying Your Privacy
- Cory Doctorow describes Facebook as a Skinner box that trains you to under-value your privacy: how do we make kids care about online privacy? (Youtube.com)
- Teachers, students shouldn’t be Facebook friends
- Will Missouri ‘Facebook Law’ spook teachers away from social media?
- Kids Face Intensive Tracking on Web
- Are You Being Tracked? 8 Ways Your Privacy Is Being Eroded Online and Off
- Personal Details Exposed Via Biggest Websites
- Untangling the web: privacy
- Social Networking: Keeping It Clean
- How To Force a Friendship on Facebook in Three Easy Steps
- The Web’s New Gold Mine: Your Secrets
- Senate Probes Privacy Practices of Google and Apple
- How Facebook Betrayed Users and Undermined Online Privacy
- Facebook’s Arrogance
- Why Privacy on Facebook Is ‘Virtually Impossible’
- Facebook ‘close to settlement’ with FTC over privacy failings
- Web 3.0 and Privacy Issues – Concern Grows
- Facebook could face €100,000 fine for holding data that users have deleted
- Facebook investigates pornography deluge after users’ complaints
- School apologises for Facebook message calling pupils ‘inbred’
- Alarm over secret Facebook accounts that allow children to slip safety net
- Facebook refuses to take down rape joke pages
- Facebook to be investigated over privacy concerns
- Google+ forces us to question who owns our digital identity
- Google investigated over household data privacy breaches
- Privacy group demands apology from Google
- How Do Social Networks Make Money? [In Case You Were Wondering]
- Google Agonizes Over Privacy
- Facebook in Privacy Breach
- Your Apps Are Watching You
- There are no free lunches on the internet
- Cloud-based educational technology and privacy: a Canadian perspective
- Google vs. Facebook on Privacy and Security
- Privacy Policies Best Understood By College Grads, Senate Investigates
- Privacy, Privacy, Where for Art Thou Privacy?
- Why Web 2.0 will end your privacy
- Creepy or Convenient? Apps for Tracking, Keeping Tabs
- Facebook Squashes New ‘Stalker’ App
- Social Networking Privacy
- Commerce Department Releases Important Report Urging Comprehensive Privacy Protections
- Spokeo is the leading people search engine
- On Facebook, You Are Who You Know
- 1.5 Million Stolen Facebook IDs up for Sale
About the authors
Matt Bury is a freelance elearning consultant, EFL/ESL teacher, blogger, and Flash and Moodle developer. He created, developed and maintains two plugin modules for Moodle, and a suite of software applications and resources for second language learning. His clients include agencies of the European Commission, universities, schools and colleges in the public and private sectors.