Basic Tech Safety

In developing a series of sessions on digital literacy I thought a good place to start would be that of basic computer safety including password management.    Ahead of this is an initial discussion with students in terms of identifying what the risks and implications of using technology where no consideration has been given for computer safety and security.

The areas which I consider to represent the basic elements of safety are:

  1. Password and account management
  2. Risk associated with website access
  3. Social media dangers
  4. The danger of the ubiquitous use of email
  5. Data loss from mobile devices, portable storage or storage failure.

In discussing each I use the CIA acronym as a structure for examining the risks and safety measures.    CIA refers to Confidentiality, Integrity and Accessibility.     In discussing password management confidentiality may lead us to consider how we keep usernames and password confidential such that our files remain confidential.   It may also leads us to discuss accessibility in that as users we want easy access to our data and therefore shorter easier to remember usernames and passwords seem preferable yet this run contrary to the need for confidentiality.    This conflict may leads to examine how password managers might assist in achieving both confidentiality and accessibility.

The main aim of the first session will be to get students to consider their technological safety in greater detail and depth than they may have done previously.     It is also hoped that this first session will allow for in group discussion and debate, which will set the tone for the discussion and debate which will be needed on some of the more moral or ethically related discussions in later sessions.

You can access the basic PowerPoint (yes, I know, a PowerPoint!   Have just used it to create a basic framework only and have no intention of death by PowerPoint) related to session one here.

I would welcome any thoughts or comments.

 

 

A digital literacy programme

I am currently in the process of preparing a programme of lessons for 6th form students focusing on preparing to live in an increasingly digital and technological world.     The first part of my planning is to decide on the specific topic areas which merit discussion.    Currently my thinking is to include the below:

Basic internet safety

The basics of internet safety including passwords, phishing, etc.

Cyber security and internet safety

Examination of some of the more technical aspects of cyber security including the devices we use at home and the increasing prevalence of the Internet of Things (IoT).

Privacy and public safety

Discussion of the paradox of privacy and online security versus public safety.

Digital Profiles

Why establishing an online profile might be important and things to consider in developing an online presence.

Disconnecting and the risks of addiction

Managing our technology so it doesn’t become additive and understanding how our technology use might shape our behaviours and habits.

Managing our data

Understanding our data and how it may be stored and used by others and the resulting implications.   Also consideration of machine learning and how it can impact on individuals.

Social Media as a collaboration tool

Discussion of how social media can be used for much more than sharing funny cat videos

Googling It

Discussion of the benefits of google as a source of info along with potential risks.

The Internet of Things

Examination of the internet of things, the potential benefits and risk

Other emerging technologies

Discussion of emerging technologies such as VR and AR

 

Now the above are just my initial rough ideas for topic areas.    Over the coming weeks I hope to flesh them out a little bit further and add some skin to the bones however in the meantime I would appreciate any thoughts or comments on the areas which you think need including.

GP consultations in an app: what next??

Part of being digitally literate is the need to cope with the pros and cons of emerging services online.    I was sat watching the TV the other day and an advert popped up for Push Doctor an app which apparently allows you to access a doctor online rather than visiting a GPs practice.    I smiled as the advert came on as I have found myself complaining about the difficulty of getting access to a GP on a number of occasions since having returned to the UK.    You can only get an appointment by phoning up first thing in the morning as an emergency and hoping for an available slot or by booking weeks if not months in advance.   As such the idea of an on demand doctor via an app on my smartphone sounds like a good idea, however is it?

An online doctor can take all of the personal history and also ask the same diagnostic questions as a GP may be able to do however they don’t have the physical access to you.    They don’t have the ability to carry out a physical examination and to take diagnostic readings as to your blood pressure, heart rate, etc.     They also don’t have the same relationship which may exist with a long standing family GP, for those lucky enough to have one.    Without the physical access I am not sure I would feel comfortable with an online doctor prescribing me medication.

I also wonder about the credibility of an online doctor.    My GP has been installed in a health practice and therefore will have been vetted by the practice for suitability, experience and skill.   They also are tangible in my ability to actually meet with them, see them in the local area, etc.   They have a physicality which an online doctor doesn’t have.   They can’t just disappear by disabling an online account in the same way that on online doctor may be able to do.

I think the idea of an online doctor is an excellent one especially when the NHS is as stretched as it is often reported to be.     That said I still think there is some work to be done in winning people over and encouraging people, including myself, to make use of such a service.

Thinking a bit further ahead I wonder if the solution to the diagnostic readings side of things might be the increasing number of us wearing fitness devices.  Through these devices our online doctor might be able to gather rudimentary, and possibly in the future more diagnostic, data such as heart rate, exercise habits, etc.    In doing so they might be better able to diagnose and given the constant monitoring of such devices they may prove to be better able to diagnose than the currently conventional GP.

The online doctor is but one of a number of emerging services which technology is facilitating, however are we ready to accept and use such new services?

GDPR and third party sites

The new GDPR regulations coming into force in May 2018 mean that the potential fines associated with data breaches or other leaks will be greater than those that exist under the current data protection act.

The new regulations also finally make third party vendors liable where their action or inaction result in the release or leak of data which they are processing on your behalf.   This seems like a good thing in that if you use a third party and through no error of your own their use leads to the leak of data, they will be held responsible.

The issue here though is that the above is only part of the story.     Although the third party vendor may be responsible for the breach it would have been your responsibility to confirm their compliance with GDPR and their security and other measures in relation to data prior to commissioning them to handle your data.       Even although the breach or leak may have been due to the action or inaction of a third party you are going to have to prove that you showed due diligence in checking out the third party and its operations prior to signing them up to process, store or otherwise use your data.   If you didn’t then you too may be found to be liable and therefore receive what could be a significant fine.

As schools a large number of third party sites are used in the delivery of the educational experience we provide the students under our care.    This might be specific maths or science websites with sample questions or learning materials, or it might be more generic services such as Showbie or G-suite.   In each case you will be providing personal info on your students, with some sites requiring more data than others.    In each case you will need to prove that you undertake at least a basic review of the provision offered in relation to data safety and security by each site or service.

With this in mind the key questions I see the need to ask a third party are:

  • Do you share my data or allow others to access my data?  If so, with who and why?
  • What security do you have in place (physical and logical) to protect my data?
  • What disaster recovery and backup process do you have in place?
  • How long do you retain data and what happens to data should I quit your service?
  • Do I have the right to audit or request the audit of your data security provision?

As we approach the May implementation date for GDPR we need to ensure we have a better handle of where school data, that of students, staff, parents, visitors and other stakeholders, is stored.    Part of this will involve identifying all third party vendors and asking them regarding their preparedness for GDPR.

 

My data?

pacemaker-1943662_640A recent BBC News article highlighted a US judges decision to allow data gathered from a defendants pacemaker to be admissible in court (You can read the article here).    The data in question was used by an expert witness to cast doubt on the defendants explanation as to the events surrounding the case in hand.   The issue here is the gathering of data for one purpose, to measure the defendants vital conditions in order to aid medical treatment and diagnosis, versus the eventual use of the data to prove what he was doing during a specific period in time in relation to criminal prosecution.   Surely data gathered from a device in my body would consistent “my data” and therefore be for me to decide or approve its use.

This incident seems to go against the basic rules of the data protection act and also the upcoming general data protection regulations due to come into effect in May 2018 in that the eventual usage of data did not relate to its original purpose.    The required permission for storage and usage of the data would have been limited to this purpose.    Now there are exceptions for law enforcement in relation to protecting society which may have come into play, plus the incident happened in the US and I don’t have any experience as the equivalent of the data protection act in the US however I would assume the similarities likely far outweigh the differences.

This case seems to suggest that it may be possible for data gathered to be used for purposes other than that for which it is intended or for which permission was obtained.     All that is required is some justification of need.    This seems vague and particularly concerning.

So what about the Amazon echo sitting in the front room recording every comment, discussion and noise occurring in my house?    What about the camera in a Smart TV equipped with gesture control or the Kinetic device attached to my sons Xbox One?      What about the engine management unit or GPS unit in my car, the data my smart watch gathers or info from my FitBit or other fitness tracking device?     We may be happy about these devices gathering data for their intended purposes but what about the purposes to which the data could be used, where we as yet can predict this?    I am sure the bloke with the pacemaker couldn’t have predicted he might be convicted based on data his pacemaker gathered.    How might a hacker or someone else with malicious intent use the data which available?

As we work with students to build them into digitally or technologically literate individuals we need to discuss the above.

Are we happy with so much data being gathered, stored and processed on is by third parties?   Do we truly understand how the data is or can be used?  

 

Photos and privacy: Say cheese!!

I was sat reading my book in a roof top bar in London.   The evening was drawing in and it had been a long day in travelling down to London, walking for around an hour from the train station to the hotel in which I was to be staying, and then getting checked in and settled.

As I sat there reading my book I saw a flash out of the side of my eye, from the phone in the hands of the gentleman sat to my right.    Had he just taken a photo?    Was his phone camera directed at me?  If so why?

As we use our devices more and more, including using them in public, there is an increasing chance of accidentally invading someone else’s privacy, of taking a picture of someone without their permission.   This photo may then go on to be shared on social media.

When I used to work out in the UAE I would often spend holiday periods sat by the beach in Abu Dhabi, and like my incident in London, would quite often feature in the holiday snaps of other people visiting the beach.     These holiday snaps would most likely then get uploaded to Facebook or other social media sites where facial recognition might attempt to tag me in photos that I was otherwise unaware that I was in.   There now was a public record of my holiday activities yet I hadn’t created it and may not even be aware of its existence.

Looking at the above incidents from the viewpoint of the person taking the photo there comes a point where we need to ask permission or to warn people before we take a photo.    This wasn’t the case when our photos had to be developed from film and when sharing was limited to showing friends and relatives the photo album you have gathered.   Now photos are digital and can easily be shared online, copied and even amended and adjusted this has become more important.   The question though is when is it acceptable to capture people in a photo by accident and when should we be asking permission?

From the point of view of the person ending up in a photo we have to ask whether we are happy to end up in someone else’s photo that may be shared.    As professionals would we be happy for photos of birthday party antics being online for people to find?    This leads to the difficult situation of having to speak to people taking photos to question their motives and intended use of images.   This does not generally come naturally to us as it often involves addressing strangers.

The increasingly common use of photography due to the ease of use brought about by high definition cameras built into our mobile phones presents a challenge.    The benefits of taking more photos, more photographic records of events, which are then shared versus the risk to personal privacy.

Do you tend towards the need for privacy or the benefits of taking lots of photos?

As facial recognition, big data and AI improve does this become more of an issue?

Technology Consumer or Technology User?

A student makes use of his iPad to access his email and to view the internet.  He uses it to access his social media accounts and to post updates.    He uses productivity apps to take notes in lessons and to create pieces of coursework which he then sends via email or shares via a cloud storage solution with his teachers.   You might describe the above as the student as a consumer use of technology.  Its consumer electronics much in the same way that we consume TV sets or satellite/cable boxes.   We purchase them, use them and replace them all for specific purposes.

Now lets consider the same student however this time before accessing his email he considers the security of his email account and the strength of his password.   He considers if email is the best method of communicating given its lack of security.      When looking at his social media accounts he considers the long term implications of posting comments.    He considers how the information might be used by for potentially malicious purposes and he considers his current privacy settings.      He considers how his posting could be combined with other data to form big data and the implications in relation to the use of this data for profiling.    He considers the security of the device he is creating documents on, including if encryption is enabled and also the strength of his passcode.    He considers how he shares his documents in terms of whether they are accessible by public URL link or just accessible via logged in users.     This student is a user of technology, in that he considers the implications of use.   He doesn’t just consume.

Are your students consumers or users?

Do you agree with the suggested distinction between consumers and users?   Maybe you would use a different term; digitally literate?