Ask Slashdot: Explaining Cloud Privacy Risks To K-12 Teachers? 168
hyperorbiter writes "With the advent of Google Apps for Education, there has been a massive uptake by the K12 schools I deal with on signing students up with their own Google powered email address under the school domain. In addition, the students' work when using Google Apps is stored offshore and out of our control — with no explicit comeback if TOS are breached by Google. It seems to me that the school cannot with integrity maintain it has control over the data and its use. I have expressed a concern that it is unethical to use these services without informing the students' parents of what is at stake e.g. the students are getting a digital footprint from the age of seven and are unaware of the implications this may have later in life. The response has often been that I'm over-reacting and that the benefits of the services far outweigh the concerns, so rather than risk knee jerk reactions by parents (a valid concern) and thereby hampering 'education', it's better to not bring this stuff up. My immediate issue isn't so much about the use of the cloud services now, but the ethics over lack of disclosure in the parental consent process. Does anyone have ideas about defining the parameters of 'informed consent' where we inform of risks without bringing about paranoia? (Google Apps is just an example here, I think it applies to many cloud services.)"
What *are* the implications? (Score:5, Interesting)
This question needs a bit more detail. What *are* the implications of using these Google services? Is Google using the same boilerplate contract? Does it sweep emails for words and phrases to show advertising? Is it collecting anonymous data?
I think you probably need some school-specific clauses to address the particular privacy and safeguards but you haven't articulated any specific examples of areas where you think Google is falling short or why this might become a problem. Kids are going to have digital footprints as children. I might not like that very much, and as a parent I may try to limit it, but you can't stop it.
HOW do you teach the implications? (Score:4, Interesting)
Obviously there are valid issues. The question is not IF we should teach them, but HOW.
Right now there are few ways to articulate the risk. There is the vague handwaving education of "bad guys will steal it".
Even when doing this professionally it is difficult to fully understand what the risks are, who exactly the "bad guys" includes, the kind of stuff they want to take, and the reasons they want it. The bad guys may include governments, vandals, corporate espionage, advertisers, news agencies, and more. The stuff they want may include not just credit card numbers, but also patterns of what you like, where you go, and who you are with. That stupid-looking photo may be cute today, but it may destroy your bid for public office two decades later. The fact that your facebook friends have some overlap with a suspected terrorist may put you on a watch list. Knowing the bad guys, and knowing the data they are looking for, is hard.
Then you have the difficulty of explaining it clearly. It is hard enough to explain to a teenager that their quick goofy photos (or much worse, sexting) might, twenty years from now, prevent them from getting their dreams fulfilled. Sometimes it is easier to point out that public stupidity can prevent them from getting a job in three years, but even that seems difficult to teach.
Since that wasn't quite asked, here's the evolved question:
HOW do you teach K12 students about the risks in the digital world?
Express your specific concerns in writing... (Score:5, Interesting)
It is an interesting point...
Sugget you do some research, (look into the big G's T&Cs), and write down exactly what you think the issue may be.
Try and be balanced, then fire it off to yor boss.
Your duty is then done, and your ass covered.
Paranoia is a problem? Why? (Score:4, Interesting)
Why is "bringing about paranoia" a problem? Where security is concerned, I generally consider paranoia to be a good default reaction to any situation until I understand it well enough to relax.
Explain the situation well and allow the parents and others to be as paranoid as they consider prudent. Don't try to manipulate them into being more or less paranoid just because you or the system think they should adopt a different mindset. You provide facts then it's their choice to make.
If, OTOH, you're excessively concerned about and wish to avoid creating paranoia you'll hamstring your efforts to be intellectually honest and technically accurate when you "define the parameters of informed consent."
Easy to explain: (Score:4, Interesting)
It's easy to explain cloud privacy issues. We'll do it in terms of purses and wallets as those are common items of value that people understand can contain very private information:
Someone is doing the digital equivalent of asking you to keep your purse (or wallet) securely and have it available at all times for you. They won't try to steal the money or credit cards, etc in it (or whatever else of value if you choose to store it). Yes, there may be a security breach, but it's less likely than you dropping or forgetting your purse or wallet.
On the other hand, it means that if you put them in your purse (or wallet) they know how many birth control pills or condoms you kept in it and by when you used them what part of your menstrual cycle you're on or when you had a hot date that turned into an all night.
Now, extend that to your son or daughter that will have records on them from the time they enter grade school until, well... forever.
(In some ways it's not a big deal, but in some ways it is, and that rather graphic example gets across the level of info that can be mined from long term records.)
Comment removed (Score:5, Interesting)