In this series of posts I will examine the elements that go into many (most?) school district acceptable use policies, sometimes also called an AUP. First of all, every school district should have an AUP which covers the terms of use for their computing resources. This of course also should deal with the Internet access provided from their computing resources. A proper AUP should spell out not only acceptable student use, but also that of the district’s staff members. Why? Because a good AUP can provide the basis for a legal defense in that it shows that the school district is being diligent in its duty to protect users entrusted to its care.
(Note: The legalities are also covered in more detail in this post : http://blog.connected.info/2009/03/21/legal-aspects-of-social-networking-in-a-school-community-part-1/)
Some common elements of an AUP include:
- The Intended Purpose of Internet Access & the AUP
- CIPA compliance issues – no inappropriate content
- District’s right to monitor user activity
- Activities which are not allowed
- Security and Privacy
- Copyright issues
- Application licensing
- Consequences of non-compliance with the AUP
(The wikipedia post on AUPs covers some of the same topics at a more general level here)
Intended Purpose:
There are many possible reasons for a school district to offer Internet access, but the primary reason is to further the learning process. Spelling out the reasons that Internet access is present often makes the explanation of other decisions easier for the user base to understand. For example, blocking access to Amazon.com during regular school hours to save bandwidth may be an appropriate decision for a district. Users who wish to order books during the day may be more understanding of the decision if it is spelled out in the AUP.
Secondarily, there are boundaries to set in the document so that users understand the difference between using the Internet from their home and from school. One example is that it is appropriate for a school district to restrict access to certain information and content on the Internet when it interferes with the tasks involved in the educational process. Some users, particularly teen-age children may view this as an unacceptable attack on their rights to free speech. If the AUP spells out the role of the Internet in the educational process, it will be clear that free speech and restricted access are not incompatible concepts.
However, it is incumbent on the district to insure that a user’s right to freely express their opinion only on the basis of differing perspectives. For example, blocking access to a neo-nazi web site because its views are objectionable may be considered an inappropriate restriction on a student’s right to free speech. However, blocking the same site because it contains inappropriate content (nudity, etc.) is a good decision because the educational purpose of a school district includes the responsibility to protect underage users from being exposed to inappropriate content.
CIPA compliance
Since Internet access at schools is covered by the federal Children’s Internet Protection Act or CIPA, the AUP should spell out how the district intends to comply with the law. Since non-compliance with CIPA can affect a district’s ability to received federal funds that can be used to provide Internet access, the consequences are primarily financial. Being in non-compliance can be grounds for a claim of negligence on the part of parents and as such would open up the district to civil lawsuits. The district’s AUP should spell out the reasons for compliance or non-compliance with the CIPA act as well as which actions (blocking sites, etc.) will be taken by the district.
Since many of the sites being blocked by a district are ones which some students will find very attractive, it is wise to anticipate in an AUP that students will actively engage in activities designed to circumvent what a district has put in place. The AUP should speak to the consequences of such activities and assume that they will take place.
District’s right to monitor usage
Related to CIPA compliance is the concept of monitoring the use of the Internet by students. The CIPA act speaks to monitoring as if monitoring is recommended, but not required on the part of a district. Much of this is owing to the need on the part of legislators to not place too much of an undue burden on school officials. However, monitoring is something that is technically more feasible now than in past years and a school district may choose to employ it. Modern tools can capture keystrokes, websites visited, and many other activities on the part of any user. Monitoring has been a defacto tactic employed by many commercial enterprises to insure both proper levels of productivity and that corporate computing resources are not being misused in a way which places the corporation at risk. Misuse can possibly include civil as well as criminal misbehavior. School districts have an equal, if not greater responsibility to insure that their computing resources are not being misused.
Monitoring can also take the form of just querying logs from the proxy server to tell how often an attempt to access sites with objectionable content are taking place vs. actually identifying which users made the attempt. The AUP should clearly spell out what will be monitored and what the information collected will be used for. Monitoring can be very controversial and while both legal and proper, can have negative ramifications within the community. Thus, the decision to monitor needs to be well communicated (thus its inclusion in the AUP) and reviewed with the superintendent and possibly the school board.
…. to be continued.
