« Important Elements of an Acceptable Use Policy – Part 1
Using Discussion Groups To Extend A Lesson »

Important Elements of an Acceptable Use Policy – Part 2


In part two of a series of posts I will examine the elements that go into many (most?) school district acceptable use policies, sometimes also called an AUP. You can view part 1 here

To review, every school district should have an AUP which covers the terms of use for their computing resources.  This of course also should deal with the Internet access provided from their computing resources.  A proper AUP should spell out not only acceptable student use, but also that of the district’s staff members.  Why?  Because a good AUP can provide the basis for a legal defense in that it shows that the school district is being diligent in its duty to protect users entrusted to its care.

(Note: The legalities are also covered in more detail in this post :http://blog.connected.info/2009/03/21/legal-aspects-of-social-networking-in-a-school-community-part-1/)

Some common elements of an AUP include:

  • The Intended Purpose of Internet Access & the AUP
  • CIPA compliance issues – no inappropriate content
  • District’s right to monitor user activity
  • Activities which are not allowed
  • Security and Privacy
  • Copyright issues
  • Application licensing
  • Consequences of non-compliance with the AUP

(The wikipedia post on AUPs covers some of the same topics at a more general level here)

Activities which are not allowed

The AUP should spell out in some detail all the possible activities which are not allowed when using the school district’s resources.  It is wise not to assume too much in this section.  For example, the district should not assume that users will understand that using the resources of the district for illegal activities are not allowed.  There are a broad range of illegal activities that should be covered.  One which is not normally thought of is using the district’s resources as part of hacking into other systems.  Since the user at a school district may assume some degree of anonymity while using a school computer, they may view this as an advantage when trying to hack into another system.  This should, of course, apply also to hacking into the district’s administrative systems, particularly the one used to record grades.  The AUP should cover intentionally spreading viruses, creating bots to impact the performance of the systems on the network, and other such uses.

It is worth including some specific examples of other, non-computer based illegal activities in the AUP – drug sales, gang activity, bullying, etc.  The main purpose is that unless these items are listed, it will be more difficult to apply appropriate consequences to the actions taken by a user.

The AUP should cover a broad set of issues relating to “inappropriate language”.  This is the area of an AUP where care must be taken to spell out activities a user can engage in, which on the surface are protected by their right to free speech.  However, the choice to refrain from such actions when the action will result in the loss of a privilege, in this case the use of a school district’s computing resources, does not in itself represent a constraint upon free speech.  The district must not do anything to prevent a user from the free expression of an opinion, even when that expression contains profanity.  However, the use of a school district’s resources to express that opinion is not protected by the US Constitution.  The AUP can also spell out the responsibility a user has to report activities of another user when they violate the AUP.  Ironically, the broader the dissemination of a message across a community of users, the better the chance that someone will report bad behavior.  This is a part of our experience with Connected.info that surprised us. Essentially, we concluded that kids like to rat each other out, especially when they can do it anonymously.  Over time, the bad behavior disappeared.

Another area of illegal activities that should be included in an AUP are things like plagiarism and copyright infringement.  Here, the inclusion in the AUP protects the school district from being seen as supporting these activities and allows the district to be protected in the eyes of courts from being liable.  It is also wise to include in the AUP notice that if copyright violations are brought to the attention of the school district, the district is required to take down or remove the offending content as soon as reasonably possible.

Security and Privacy

The AUP should remind users to protect the privacy of their information by:

  • Not posting on any public medium any information which would personally identify themselves or provide information about their location such as address, phone number, birthdate, names of friends or siblings, etc.
  • Keep any passwords private and not share them with other users / students.
  • Report any suspicious or unauthorized activity in their account such as strange emails or chat requests, etc.

District staff and teachers need to be reminded in the AUP about the need to protect the confidentiality of student records information.  Any electronic communication of student information must include wording in the subject and body of the communication that the contents of the communication contain confidential information that is subject to federal and state law regarding the protection of such information.  The sharing of student information without parental consent is a violation of the FERPA law and can result in severe penalties to a school district including the loss of all federal funding.  Parental consent also applies to whether a student account can be created.

An interesting example of where it is not clear that parental consent is needed is the use by students of the free services provided by Google such as Google Docs.  When a school establishes a relationship with Google for the use of Google Doc in an educational setting, the creation of the required gmail account by a student is subject to the same requirement for parental approval. This is the case even though the service is provided by a commercial vendor other than the school if the school district or even an individual teacher requires the use of the Google tools.  Since Google does not require parental approval to create the gmail account, this is a violation of FERPA law.

A school district is also prohibited from entering into any relationship with a commercial vendor where the vendor intends to capture, analyze, and possibly sell data on student use of an application or website for the purpose of marketing or advertising.  Again, the use of Google doc would be a violation of this rule on the part of a school district.

For districts that intend to have students under the age of 13 use computing resources, special care must be taken to insure that student confidentiality is maintained as the COPPA law applies.  Other posts in our blog have covered a district’s responsibilities under COPPA, but the AUP must spell out what a district requires as well as the consequences for non-compliance on the part of district staff or teachers.

Copyright issues

The AUP should cover the copyright violations under the area of activities which are not allowed, but what about the copyrights and other intellectual property protections for original works created by students, teachers, and district personnel?  Inherent in any content created by a user using school district equipment is the question of intellectual property ownership.  When a student sends a paper in response to an assigned project, it should be pretty clear that the student has a copyright on the submitted work.  Thus, the AUP needs to acknowledge that the student has a copyright and that other users of district resources, for example, the teacher, must respect that copyright.  It would, for example, not be acceptable for a teacher to publish the student’s work on a 3rd party website without the student’s permission OR without including language to the effect that the student owned the copyright.  However, as we mentioned earlier, the teacher would not be able to include the student’s name in the copyright language without parental permission.  When one reflects on the number of times that this occurs on the Internet, it is clear that not many people are informed or doing what they are supposed to.

A second question that must be addressed by the district is that of ownership of content created by district employees and teachers.  Particularly in the case of teachers, this can be a touchy subject.  Many school districts have opted to use the Creative Commons license (http://creativecommons.org/) for content created by a teacher.  Other districts take the stand that since the content was created using school district equipment and resources that the district owns the rights to the content.  As more content is made available in on-line forms, this distinction can be the difference between revenue to the district and revenue to an individual teacher.  Whichever way a district decides to proceed, it is very important to include the position in the AUP so that everyone is informed.

To be continued…

Bookmark and Share

This entry was posted on Thursday, September 3rd, 2009, 8:00 am and is filed under Internet Education, US Education. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. No comments yet.
(will not be published)

Powered by WP Hashcash

  1. No trackbacks yet.