Security Risks in Social Media Technologies is relevant to the whole gamut of public service applications. This chapter investigates the security issues associated with a single public service application – K-12 (primary and secondary) schools, and the types of problems that might be encountered in a participation–collaboration pattern used in the school environment. It is particularly concerned with the use of social media in schools. The chapter covers the threats, security measures, and AUPs specific to these applications. Social networking sites could be used by students, teachers, school administrators, and parents. Teachers are aware of the benefits that could accrue but are concerned about potential problems. Social media offers distinct advantages to parents in liaising with a school. Traditionally information was conveyed from school to parent via a school website or by paper. If parental feedback was required it was obtained at an infrequent school meeting or a parent–teacher evening. Today social media can be used for communication between parents and teachers at any time.
Schools often use a virtual learning environment (VLE) to support teaching and learning. These are some examples:
Trust and privacy play important roles in pedagogies involving social networking sites, and incorporating social media into the school sector without understanding the potential threats and risks associated with it is foolhardy. Much research has been conducted into analyzing the malicious exploitation of social media, including detecting when it is taking place, identifying the different forms, predicting when it will take place, and preventing it. Nevertheless, it is difficult to deal with the challenges adequately. Extensive use of Web 2.0 by young minds, lacking proper supervision, can expose students to several threats, some of which were listed in Chapter 3:
new forms of bullying students – cyberbullying – using forums or social networking sites
posting “happy slapping” videos taken from mobile phones
being exposed to privacy and safety threats
sites pretending to be those of a teacher
Honjo et al. (2011) discuss cyberbullying. Users tend to publish more information than is necessary to maintain communication with other social media users. Others can copy and make use of this information, including photos, videos, and audio files. In view of the threats listed above, it is essential to set clear guidelines, have up-to-date policies, and train children, making them aware of the types of suspicious activities that could compromise their privacy and security.
Ning is a platform for creating social networking sites. For example, it was used to create GovLoop (http://www.govloop.com), the social network for US federal, state, and local government employees. In the past, the company had teamed up with Pearson to offer a version of its products, Ning Mini, free to eligible K-12 schools.
The school information systems and VLEs purchased by schools are touted as being secure online environments in which students are not exposed to the problems of the wider web.
These are some security controls relevant to the systems under discussion:
access control: limiting who can see, change, or add information
content moderation: active monitoring of changes and additions to content; approval may be required before changes can be made
controlled connections: setting up policies to decide who can interact with whom
language filters: to filter out foul language
acts: to protect children’s (and families’) rights, their internet usage experience, and their privacy; in the USA these are the Children’s Online Privacy Protection Act, the Children’s Internet Protection Act, and the Family Education Rights and Privacy Act.
Websites can acquire TRUSTe certification (http://www.truste.com/), but doubt has been cast on the veracity of some sites that claim to have it (Edelman, 2011).
Victoria’s Department of Education and Early Childhood Development launched the state-wide website Ultranet with the aim of sharing information with students, teachers, and parents and enabling them to collaborate. Users can use different types of “spaces.” A “Me space” is private to the user; a “We space” is a shared space accessible to those with permission to use it; and a “See space” can be seen by all.
Following are some of Ultranet’s security features (Dept of Education and Early Childhood Development, 2012):
To access the Ultranet, authorised users must log in with a secure, complex password.
There are rules on who can access what information, and the types of users who can access each type of “space” within the Ultranet.
No anonymous postings are possible in the Ultranet – all postings are logged and audited.
All learning communities on the Ultranet must be moderated by a teacher.
All users can report inappropriate content.
In addition to the filtered internet service available in each school, the Ultranet also contains filters for bad language.
Increasing parental participation benefits the educational system. Schools should “nudge” parents to participate or collaborate. They should choose appropriate security controls that do not deter parents from using the Web 2.0 application.
Where their activities are directly related to learning, parental participation in schooling has been shown to have a positive impact on student success. These are some ways in which they can participate:
by taking up invitations from teachers to participate in school activities or become volunteers
by reacting to information provided by teachers about their children, such as the homework that is assigned to them
by interacting with teachers and other parents to discuss school issues
by making contact with external organizations that might be of assistance to the school.
Wikipedia has a page entitled “Online communication between home and school,” which describes some of the issues (Wikipedia, n.d.).
General information can be conveyed from teachers to parents through the school website, and specific information is relayed by email, phone (fixed-line, mobile, or using computer software such as Skype), or text messaging. A more comprehensive approach to imparting information is to use a school information system such as the popular PowerSchool. Parents can use the parent portal to access schedules, grades, homework, attendance information, school bulletins, lunch menus, and personal messages from the teacher, and to email teachers. They cannot upload information.
VLEs often have a parent portal, which allows teachers to post information on the site for other parents to view and enables teachers to contact parents by email or phone. (Teachers can use a VLE to send a message to a parent’s email address or phone, or to access their class list in the VLE and send a message to multiple parents.) The portals often allow parents to send brief messages to the school but do not allow them to upload information. The ePals’ LearningSpace is an exception. It allows the setting up of online groups whose members can include parents, so, for example, one of the groups could be a parent–teacher association (PTA).
Forums such as blogs can be set up by parents or teachers, which enable them to discuss matters of interest, and provide links to media sharing sites such as YouTube and social networking sites such as Facebook. These are some examples of tools that could be used for parental participation:
Wiggio is a web application used for group working. A PTA could set itself up as a group.
Parentella and Parent Teacher Network are dedicated parent-teacher social networking sites.
Class Blogmeister is a blogging engine for classroom use. A teacher can write a class blog and parents can post comments.
The social networking site Edmodo was developed for teachers and students but has been extended to include parents.
Teachers may wish to use general tools to communicate with parents, either because their school does not have access to a proprietary system or because the system they have does not have the required functionality. Teachers may be reluctant to use general tools such as social networking sites because of privacy concerns. They are afraid that if they put personal student notes or grades online others may see them.
In addition to the products described above, there are others that claim to facilitate parental involvement and engagement, some of which are listed in Appendix 8. “Parental engagement” refers to parental engagement in learning, which is seen as being proactive. “Parental involvement” refers to involvement in schooling, which is seen as being reactive.
One threat is that a parent–teacher network may suffer from angry parents complaining about their child’s teacher(s).
These are some ways in which parents can be made more security aware when they use schools’ online media:
Create clear security guidelines for parents.
Use the guidelines to make parents aware of the importance of security and privacy. Inform them of the dangers of putting too much personal information online and warn them to keep passwords private.
Train parents to be wary of unusual web sessions and suspicious email messages and explain how malware can get onto their computers.
However, where a parent portal exists, few of these systems explain why their system is secure; ePals’ LearningSpace is an exception as it lists its security features.
Parents’ School Networks is a government-backed scheme that allows parents and teachers to chat to one another. It is implemented as part of the Netmums website. A webpage on the Netmums site gives some basic security tips for users (Netmums, n.d.).
Before considering possible research, let us take a brief look at research that has taken place. Romle and Singh (2011) looked at how to increase parental involvement in their children’s learning, and argued that collaboration of teachers with busy working parents should be independent of location and time. Bae et al. (2004), Huey and Maesako (2002), and Kong and Li (2009) have conducted research into the home–school connection using a range of communication technologies. Fred Davis and others developed the Technology Acceptance Model, “an information systems theory that models how users come to accept and use a technology” (Wikipedia, n.d.).
Research is needed on the following areas related to using Web 2.0 technologies in the school environment:
how Web 2.0 technologies enhance students’ learning by helping them be creative and gain competence
how Web 2.0 tools can be non-controversial in the school environment
whether the anytime availability of social networking sites is disruptive to learning as it distracts users
what the characteristics should be of an environment that promotes strong communication between students, teachers, and parents, so as to be informative, allow updates to be issued, and allow parents to check their child’s progress
what technical constraints there are on the design, deployment, and maintenance of a suitable hardware and software infrastructure for use in schools that wish to capitalize on Web 2.0.
The following research would be beneficial before usage of a Web 2.0 technology, using surveys and interviews:
Use questionnaires to elicit information related to the expected learning outcomes.
Ask parents whether they are concerned that Web 2.0 might affect their child’s learning ability, using hypothetical scenarios.
Ask questions relating to limitations on the use of the tools in the school environment by students, teachers, and parents.
The precise questions of questionnaires are far better for research purposes than unstructured responses. A well-designed questionnaire can help reveal the information that is being sought.
Social networking sites are a prime example of the participation–collaboration pattern. The participants in the school environment are schools, parents, and students. Research is needed to find out how best to use social networking sites securely, and at the same time exploit their potential for educational benefit. Security threats need to be identified and the risks mitigated.
Following is a brief plan for a research exercise. It would be useful to study the use of social networking sites by participants to develop a model that shows the risks and threats of these sites and how they interrelate, and to form hypotheses between them. For example, how does perceived threat relate to perceived adherence to the AUP? It would be necessary to provide evidence showing whether there is data to support each hypothesis. One source of data could be the usage patterns and privacy settings of participants on the social networking sites they use. A survey could be conducted using questionnaires to gather information, looking at how the sites are used, whether users are aware of threats, and the extent to which they trust fellow users and comply with privacy policies. Those who do not use social networking sites could be asked whether they intend to use a social networking site at some time in the future, and all respondents could be asked to express their privacy concerns.
This data would provide a valuable insight into how aware the respondents are of the threats of using social networking sites, and would help determine the factors to be considered to ensure safe use of social networking sites. The outcome of the research would be a model, probably revised from that hypothesized at the outset, showing the relationships between the relevant factors. A more immediately practical outcome could be the development of AUPs specifically designed for the secure use of social networking sites in schools.
These are some of the research questions applicable to this type of research:
How are parents, teachers, and students using social networking sites?
What is the current level of knowledge of these stakeholders about security threats?
What threats are specific to the use of a social networking site in the school environment?
Suitable objectives for this type of research could include to:
Bae, Y. K., Lim, J. S., Shin, S. -B., Lee, T. -W. A Web-based Discussion Learning System Focusing on Teacher-Parent Feedback, 2004. [paper given at IEEE International Conference on Advanced Learning Technologies].
Dept of Education and Early Childhood Development Privacy and Security. Department of Education and Early Childhood Development, Victoria, 2012. available at. http://www. education. vic. gov. au/about/programs/learningdev/Pages/ultranetprivacy. aspx
Edelman, B. Adverse Selection in Online ‘Trust’ Certifications and Search Results. Electronic Commerce Research and Applications. 2011; 10(1):17–25.
Honjo, M., Hasegawa, T., Hasegawa, T., Mishima, K., Suda, T., Yoshida, T. A Framework to Identify Relationships among Students in School Bullying Using Digital Communication Media, 2011. [paper given at IEEE International Conference on Privacy, Security, Risk, and Trust, and IEEE International Conference on Social Computing. ].
Huey, W. T., Maesako, T. Development of a Dynamic Web-based Information System for Parents and Pupils to Enhance Decision-Making by School Personnel, 2002. [A Case Study of Jurong Primary School, Singapore, IEEE International Conference on Computers in Education. ].
Klein, N. Citizen Co-Production of Government Services, summer internship paper, 2010. [Department of Economics, Andrew Young School of Policy Studies, Georgia State University. ].
Kong, S. C., Li, K. M. Collaboration between School and Parents to Foster Information Literacy: Learning in the Information Society. Computers and Education. 2009; 52(2):275–282.
Netmums (n. d. ). Internet Safety for Children. available at: http://www. netmums. com/your-child/tweens-teens-secondary-schools/safe-surfing-on-the-internet.
Romle, A. A., Singh, D. Integrated Parent Information System (SMIB) to Increase Parental Involvement in Children’s Learning Process in Malaysian Primary School, 2011. [paper given at the IEEE International Conference on Electrical Engineering and Informatics. ].
Wikipedia (n. d. ). Online Communication Between School and Home. available at: http://en. wikipedia. org/wiki/Online_communication_between_school_and_home.
Wikipedia (n. d. ). Technology Acceptance Model. available at: http://en. wikipedia. org/wiki/Technology_acceptance_model.
3.142.156.235