Pondering the state of K12 web filtering/monitoring (or as called by some districts: “security”). Stipulated: CIPA exists (for better or worse). Stipulated: on district hardware and networks, obligation exists to filter per CIPA. I don’t agree with this, but I confirm it exists.
But on the home device front, the assertion that CIPA applies to browsing done when logged into a district Google account may or may not be valid, but even if it is only two states of filtering exist: full view or none.
If the filtering is happening, then it has to see all HTTP requests, send somewhere and make an assessment of the CIPA-ness of the page request. This means that whatever system/service is used can see/track all browsing from those devices. The other state of filtering is none
The idea that there is a Google-account based filter that doesn’t intercept requests except via the signed-in Google Apps account means that either they aren’t seeing any actual HTTP requests (and therefore what is the use of mandating it is installed and ask for your money back)
or it means that they are actually filtering at the browser level and not being clear about it. Either way, the question of “what problem are you trying to solve with this implementation” is juxtaposed with “why is install on personal hardware mandatory?”
CIPA doesn’t have jurisdiction in our homes, and on personal tech, E-Rate discount is not at risk because no district resources are being used to browse. Filter at the mail server, sure, but what’s the Google Apps account got to do with CIPA?
Solution 1: ask district to issue hardware for each child to limit cross exposure of cookies, browser history and other collection by filter.
Solution 2: for households that wish to use district filtering to limit child’s access, allow for opt-in to service from off campus, but make it an explicit decision to do so and advise of risks of cross-pollination of data.
Across all solutions: inform parents about what exactly is being collected about their children in clear terms, both by the district and by the monitoring (filtering) service. Also lists of who it is shared with. Offer parents control over deletion and ancillary/aggregate uses.
Also, fully vet the companies in use and make sure their privacy policies are equally transparent and not vague. Most K12 services/suppliers have great examples of privacy policies that allows them everything and tells parents nothing.
Districts: in communications to parents about these technologies, take the high road and be crystal clear about how you have vetted the suppliers for security and privacy, and what pull you are letting them do with your students’ data.
And please use your community if you don’t have security/privacy experts on staff. We will gladly help because it’s good for our children and our community. Transparency builds trust, trust builds community; self-applause does not.
Our laws don’t protect our children adequately on privacy or info security fronts, so let’s commit to doing more than is required to look out for these kids and their futures in data collection. There’s more to true protection than visitor badges.
You can follow @buddhake.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more