Friday 18 April - Session C - 2.00pm to 3.30pm
School connection and access use policy
http://somerset.qld.edu.au/billspages/stmichaels_paper.html
Abstract
Computer technology and usage is fast changing. What was a source of fear and hyperbole (usually a conversion of fear of the unknown and of change) boils off transiting through reasoned concern to tacit acknowledgment, the vapours of the furore dissipating into history. Policy needs to change to be relevant and needs to be relevant to be acceptable.
The paper presents an overview our system and instances of use and occasional abuse which have contributed to an information system usage policy. There are some "innovations" in our system which you may find rather unique.
Paper
Policy, who needs it?
The computer use policy has been developed a considerable time after the advent of computers at Somerset College. The need for the policy was not and is still not pressing and I am concerned that a particular policy for "computers" shifts focus from people and implies a special existence for computers different from other technologies such as video recorders and telephones. As computers become more integrated into the the typical tools used by staff, students and the community, the need for a special policy becomes less important and consistency with common sense use of school facilities in general becomes more relevant. In my experience, policy is devised to protect against liabilities, to set guidelines for acceptable and expedient use and to define abuse and consequent penalties.
Administration staff use computers in a typical business environment, users have their own or a preferred workplace and use programs in a repetitive way. There is limited tinkering with configuration, the staff have a form of ownership of their computers and software, there is an implicit "duty of care" and claim to unique usage. In laboratories, classrooms and, to a lesser extent the library, the situation does not resemble business style use. There is in general no ownership of a particular place or computer, users change often, levels of expertise and purposes for use vary with each person. There is no guarantee that the previous user has left the computer in a stable or familiar mode. Personalising a computer is fruitless as it may be undone by the next user and probably raise the ire of technical staff. In this environment, problems associated with the operation of the facilities are not owned by any user and quickly escalate as students are wont to tinker with configurations and experiment, this manifests itself as herds of would be hackers stampeding through the network, maddened by the latest fad or feature.
Anecdotal support for the difference in usage between administration and classroom comes from the ubiquitous look of perplexed terror on the faces of would be consultants whose business world view is suddenly cast into sharp relief as a serene eddy when confronted with the chaotic tides in which student users prowl. The latter environment is a learning environment and although sometimes the learning is more "self directed" than I would like, it is preferable that experimenting and tinkering be allowed, (yeh even unto the configuration of the operating system), than forbidden by technical guile or policy. There needs to be some element of self preservation and predictability for the hard pressed staff, but wherever practical users should be given a free reign.
To summarise: The reason for having a policy is to provide guidelines based on expediency and experience to provide a relatively stable and happy learning environment for users and administrators. Our policy should allow and suggest rather than forbid, and where it forbids, penalties and reasons should be given, the emphasis being self discipline. The policy should contain only what is necessary, as with any legal document, be reviewed frequently and made known to all concerned.
Description of our system
130 odd Macintosh, 50 odd Windows 3.11 and 95 workstations
3 AppleShare Servers 1 Netware 3.12 and 1 Netware 4 server all interconnected into a main 10 zone network with cd tower and assorted printers.
Separate Windows NT, Netware Lite, Pick and DG systems.
Internet: 2 web servers (one for development), two routers
Protocols on main network: TCP/IP,AppleTalk, IPX , NetBEUI. Web browser provides standard interface across platforms and from outside school
Dial in/out supporting TCP/IP via PPP (4 lines) and ARA via a separate line and permanent ISDN allows main network access to internet, client access to school intranet and Remote control of workstations and therefore networked resources.
Client access to the system
- Staff and students have internet and access to the internal network from on campus. Access from off campus is via AppleTalk Remote Access (ARA) and their own internet accounts with commercial providers. Remote control of workstations at school is available to all who register as users (this system is called "HomeLink").
- Additional staff facilities comprise access to administration via the local network and remote control. Free internet access via 4 dial in lines to school router, we provide connection kits for staff, members of school council and selected members of the school community.
- School community can access school network resources via registered user remote control of workstations ("HomeLink") and access to our web site for detailed current school news (e.g. Newsletter and calendar)
- Local public can access our website to find notice of activities at school typically published in the Newsletter but also special events such as plays, our annual literature festival and Science week and some community pages such a s the Gold Coast Chess Club. The web site presents an detailed, live look at who we are and what we do to our community.
- Global public: Access to web site, international representation of the school, emphasis on living information rather than trite market hype or static official pronouncements
Specific Considerations in System and Policy Development
- Security
- Modification: The integrity of the system can be compromised by tinkering. Expediency of maintenance of viability and familiarity for other users indicates that modification of configuration without consultation should be subject to granting of specific permission.
- Access to sensitive material. There must restrictions on access to the administration system, because it contains private information regarding clients and staff of the college. Access should be limited to registered users and logged in the case of external access to the system.
- personal documents: Respect of others is a fundamental ethic: The real possibility that personal communications and documents can be accessed must be made apparent to people.
- Compliance with licensing and copyright. There is an ethical contrivance for copyright applicable to those who would, for whatever reason, use rather than create: no cost implies no value. Where copying is easy, potential legal redress applies the tension equivalent to cost, this should be made clear to users.
- Integrity of information
- information content including currency. Information on a web site has a use by date unless it is included in an archive associated with current information. Statements about being nice to kids and upholding of virtues attributable to the favour of one God or another, interlaced with photos of perfectly attired and ecstatic long graduated students are all very well but are do not constitute the kind of information that "bytes". Worse is the detritus of outdated initiatives left exposed, a policy on decent burial is essential.
- information publication, personnel and procedures
To facilitate currency, web publishing should not require redundant effort or complex processes. Automation means that delegation is possible, although the automating process, entailing computer and training programs is initially very time consuming.
- Expectations of users
- Reliability of access: If you charge then you must deliver, hence costs and effort will escalate. We provide free access for staff but they must provide their own hardware and install connection software themselves. We encourage students to get their own accounts for home and provide free access from within school.
- Limits of liability: Free service is not a guaranteed service and providing access to information does not imply responsibility for the content
- Costs of access:
There are costs in providing access: servers, routers ISDN and phone lines, maintenance of web site, email accounts hardware, upgrading of facilities to meet demand, training and time, some of these are eventual benefits.
- User responsibilities:
Probably where policy has a benefit: Guidelines for use which hopefully give users ideas as well as warning against pitfalls
- Ethics: Filtering is arguably unethical. Freedom of speech and by implication freedom to hear that speech is a fundamental dual right (There is however no right to be taken seriously). A qualification to this global right is restriction to protect minors. So as not to limit the fundamental right by the specific one "carbon filtering" rather than silicon is recommended: self discipline is meaningless in the absence of temptation. Although we have a duty to protect children we also have a fundamental duty to educate them and more so, total protection is just as undesirable as totally guided education (aka indoctrination) and education is ineffective without exposure to experience.
- Guidelines for use of service should be a positive statement: For example, "The service may be used for research and communication for work and recreation. There are however a few restrictions" (with reasons)
- The system should not be used for games because these are often displacement activities of little mental merit and can easily generate a non learning atmosphere.
- The system should not be used for inappropriate content: for example Naked placental mammals are okay sometimes e.g. if required to study anatomy but pictures from penthouse, although generally anatomically correct, allude to practical considerations considered outside the terms of reference of any school assignment. Users should avoid material which is potentially offensive to other users, may expose the school to legal liability and disrepute or create a non learning atmosphere.
- User Contract I have considered a user contract, it should really contain a phrase such as "..I agree to abide by any future changes.." a condition I would not myself sign to. We do not insist of specific signatures for other school policies so I do not agree that this is a warranted. To my mind it is basically a device to attract attention to the policy, and is in this sense overkill, it makes this policy "special" as if there is some special cogent need to seek agreement on this issue where we do not in others. Publishing of the policy in the handbook, on the web and perhaps the weekly newsletter is in my view sufficient.
The above not withstanding here is a draft contract we have considered using:
STUDENT USER CONTRACT
Please return this form to your house tutor
I understand and will abide by the above Conditions, Rules and Acceptable Use Policy.
I further understand that any violation of the above Conditions, Rules, and Acceptable
Use Policy is unethical and may constitute a criminal offence. Should I commit any
violation, my access privileges may be revoked, and disciplinary and/or legal action
may be taken.
Date: _________________
User:__________________
Signature: ______________
Parent Or Guardian: If you are under the age of 18, a parent or guardian must read
and sign this agreement.) As the parent or guardian of this student, I have read
the acceptable use policy. I understand that this access is intended exclusively
for education purposes. I also recognise that it is impossible to restrict access to all controversial
materials. I hereby give permission for my child to be given access to electronic
communication networks including the internet.
Date: ________________
Parent Or Guardian: ________________
Signature: ________________
or the Somerset College Home Page