General Internet Safety
Today's Connected World
According the United Nations Human Rights Council, access to the Internet is now considered to be a worldwide basic human right. President Obama stated “today, high speed broadband is not a luxury, it’s a necessity.” Our children are growing up in a connected world, and preparing them for that world is an absolutely essential part of education.
The Internet is the largest distribution network for advertising and purchasing of products and services that are both physically and/or digitally delivered. The Internet contains roughly 50 Petabytes (50,000 Terabytes) of RAW UNFILTERED information.
Because of this Internet safety is a critical part of teaching students to use technology.
What does Washington County School District Do?
Washington County School District uses a layered approach to filtering that combines prevention with education and remediation. With prevention we use technology based filters and supervision to prevent students from accessing inappropriate content online. With education and remediation we teach students to use the Internet appropriately and responsibly. Internet safety and ethical use is an integrated part in classes taught throughout Washington County School District’s schools.
WHAT RESOURCES DOES THE DISTRICT PROVIDE CONCERNING EDUCATING STUDENTS ON SAFE INTERNET USE AND DIGITAL CITIZENSHIP?
These principles are instilled in our children starting at an early age in our elementary labs, where lab aides teach internet safety, privacy and security to all elementary students each year. Students continue through their internet safety education all the way into the graduation required Computer Technology course taught in our secondary schools. We know that teaching kids to use the internet appropriately and responsibly is a critical skill that they will need for the rest of their life.
Many resources to help teach these concepts can be found at http://www.netsafeutah.org/
We also provide extensive educational materials to teachers to be used throughout K-12 that educate students on digital citizenship. We encourage teachers to integrate these digital citizenship lessons into their regular routine as they use technology in the classroom.
In addition many of our schools also take advantage of White Ribbon Week and other digital citizenship programs.
Washington County School District acknowledges that technology based filters are not always effective at eliminating harmful content and due to this, Washington County School District uses a combination of technological means and supervisory means to protect students from harmful online content. To that end, Washington County School District has adopted the 70/30 Rule of Internet Content Filtering.
70/30 Rule of Internet Content Filtering
Washington County School District has adopted the 70/30 Rule of Internet Content Filtering. A concept originally developed by Jeremy Cox and presented at the 2015 SAINTCON (https://saintcon.org) Conference (https://youtu.be/32wsQ5VXwWo) by the UtahSAINT Organization (https://utahsaint.org).
The 70/30 Rule of Internet Content Filtering states that students are simply not safe online when only technology measures are used to prevent access to harmful content. This is due to the technical limitations of filtering. As the demand for more security and privacy on the Internet increases, the natural effect of the resulting technological changes directly impairs our ability to filter. The rule of thumb is that 70% of internet content filtering is supervision based, and 30% is technology based. By adhering to the 70/30 rule of internet content filtering the likelihood that a student will be exposed to harmful content is severely reduced.
The concept is simplified and explained in this video:
In order to provide a safe learning environment, WCSD provides supervision for Students when using district devices in the classroom, but must rely on parents to provide supervision for students when outside the classroom.
What filters are being used and how do they work?
Washington County School District currently uses iBoss Cybersecurity’s Secure Web Gateway product to prevent access to unauthorized and harmful content on the web. The iBoss solution was selected from a state wide RFP administered by UETN (Formally UEN). The solution’s subscription is paid state wide by funds administered by UETN. District’s are responsible only for the costs of the appliances.
WCSD currently uses multiple iBoss appliances that filter the outbound traffic leaving the school district's network. The appliances filter over 7Gbit/sec of internet bound traffic on the average school day. Due to WCSD’s continued commitment of the use of technology in the classroom, the requirements on our network for increased bandwidth grows every year.
WCSD takes the security and protection of our students very seriously, and blocks thousands of websites that host pornographic and other harmful material. The iBoss filtering solution sits on the network, in-line with the District’s outbound internet connection. It actively scans all traffic as it passes across the network, and constantly looks for traffic that is undesirable. When that traffic is detected, it immediately blocks that traffic from passing across the network.
The filter has the capability to block traffic based on the following criteria:
UETN Network Engineering Study, Sanity Solutions,
http://www.uen.org/digital-learning/downloads/UETN_Engineering_Study_Final_Report.pdf
In addition, WCSD utilizes 25 dedicated iBoss Cloud appliances to provide filtering for Chromebooks. This is done by tunneling all internet traffic for each Chromebook through one of the cloud appliances. When the traffic passes through each appliance it is filtered using the same criteria mentioned above. This allows WCSD Chromebooks to be filtered offsite, and support virtual and at home learning with approved programs.
Best Practices and Technological Limitations on Filtering
Unfortunately the mass migration for total encryption on the internet is impairing our ability to filter all harmful content on the network.
“In today's internet environment, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption, SSL's replacement, are preventing SWG solutions from identifying traffic content beyond the domain and IP address of its origination. SSL decryption technologies can mitigate some of these issues and allow the SWG solutions to continue performing keyword and individual page filtering. Enabling this feature breaks many applications and services that utilize SSL pinning, it often also requires additional hardware to handle the increased load. As more applications adopt SSL pinning, this option becomes less and less viable. Because of this, few customers are implementing this technology.”
UETN Network Engineering Study, Sanity Solutions,
http://www.uen.org/digital-learning/downloads/UETN_Engineering_Study_Final_Report.pdf
WCSD uses a great deal of services for teaching in the classroom that utilize TLS encryption and SSL pinning. Because of this, we have come to two major realizations:
- It has become unfeasible to decrypt traffic on the network. (and because of this)
- The filter alone is inadequate
To help compensate for this loss, WCSD has adopted the 70 / 30 Rule of Internet Filtering. You can read more about this concept in the section above.
Are there different settings used for different grades and school levels?
Since every teacher and school uses available resources on the internet differently, we have deployed tools within the schools to give the schools greater control of available resources as they deem fit for the students within their school.
HOW DOES THE DISTRICT FILTER INTERNET SEARCH ENGINES and OTHER ONLINE MEDIA?
Because most internet search engines and other online media utilize encryption, WCSD's filters are unable to view and filter searches on those sites. Because of this, WCSD takes advantage of any services that offered by the individual sites. For example, WCSD uses Google's Enforced Safe Search, Youtube for Schools, and Microsoft's Bing in the Classroom. These services, albeit fully encrypted give WCSD some ability to control the content that is delivered through them. Google's Enforced Safe Search and Microsoft's Bing in the Classroom give WCSD the ability to toggle a Safe Search flag. In that particular case, WCSD is unable to determine what content is appropriate, and has to rely fully on Google and Microsoft to make those determinations. Youtube for Schools allows us some additional controls, in which we can add to the acceptable list, but the default list is not modifiable by WCSD. Because these services use TLS Encryption and the Google Chromebooks and other Chrome browsers are Pinned to Google's master certificate, we are unable to provide any more extensive filtering than what is provided through these methods.
WCSD is unable to provide any safe access whatsoever on other encrypted search engines. For this reason, WCSD blocks Yahoo.com, Ask.com, Aol.com, DuckDuckGo.com and other search engines that utilize encryption but do not offer controls to provide some level of safety for our students.
Are there management systems available?
The District utilizes Impero, Google Chromebook Management, and Lightspeed to manage devices and control their access to the Internet. Impero provides granular local control of internet access on devices and allows teachers and local administration to monitor use in real time and review incidents of students attempting to access inappropriate content. In addition, WCSD uses Bark to monitor student's communication online through the District's G Suite system used for Google E-Mail, Google Hangouts, and Google Drive to identify additional issues.
What is the protocol for students when inappropriate content is accessed?
Each school has been encouraged to develop a Response to Intervention Plan, that identifies the process by which they handle incidents where students use technology inappropriately. The plan creates standards for handing these issues and helps the school provide remediation for the student in a fair and consistent way. Plans are intended to educate students, give them a chance to change and to escalate as incidents become more sever or repetitive.