There was a time when safeguarding in relation to technology use was simple. I remember when this was the case, when I was teaching IT in a secondary school as well as acting as the IT coordinator. The only devices with internet access which the students had access to were in the school, the technologies to allow bypassing of filtering or which might make filtering difficult were few and far between, plus generally only for techie types rather than users in general. Back then it was simple; Your internet filtering kept students from harmful content plus allowed you to monitor what students were doing online so you could tick the compliance box in relation to online safety.
The world isnt as simple anymore.
Although you still have your filtering in place you cannot consider this enough anymore. Firstly students now are likely to have a mobile phone with data connectivity; The filtering of internet access on your school network is of little use here whether students are using their connectivity for themselves or even sharing it as a wi-fi hotspot for their friends. And in some schools students will even be bringing their own devices to school to actively use in lessons.
Tools for maintaining user privacy have also changed significantly. 15 years ago, in the secondary school I taught in, students would attempt to bypass filtering using web proxies. These were easy to identify and therefore easy to then block. Students used these as it was easy for them to use, simply requiring only the web address of the proxy. Today students have access to all manner of tools from VPNs, which are now advertised on TV in relation to personal data security, to the ability to setup a dark web site with only one or two clicks. Some services even market the fact they don’t keep logs. Disposable email and social media accounts can easily be created as and when needed, or maybe even spin up a virtual PC in the cloud, use it then destroy in when done, taking with it any evidence of what it was used for. The tools schools have to keep students within a safe internet bubble havent changed much, but the user-friendly tools which students have access to in order to bypass any restrictions have grown significantly.
Next the increasing need for privacy and security online is moving all sites and services towards systems which are less easy to monitor. First it was almost all sites moving from HTTP to HTTPS. The next step seems to be a move to DNS over HTTPS. Given DNS requests are a key feature of filtering solutions, the encryption of these requests will render filtering solutions unable to see which sites students are actually visiting. A solution here is SSL decryption which would allow filtering solutions to decrypt and then re-encrypt DNS requests as well as data however this in itself has its implications; Is it acceptable to break a fundamental security measure built into sites in the interests of safeguarding? By breaking the fundamental security of website traffic could we put student data at risk as it traverses our filtering solutions, and if so, is this risk acceptable? And, is all of this effort worth it if students can simply hop onto their 4G/5G signal and bypass all of these precautions at will?
For me, what was very much a simple compliance measure in the need for a filtering solution has now changed significantly. We need to therefore stop looking at this issue in terms of simply having filtering/monitoring in place and consider it from a broader risk point of view. What are the benefits of how we use technology in our school? What are the risks? How do we reduce/mitigate these risks? Do any of our mitigation measures limit potential positive uses of technology and is this acceptable?
For me it is all about a balance between an open network allowing students to explore the breadth of potential positive uses of technology, along with the corresponding risk, versus a closed environment where technology usage is limited in the name of safety but equally this limits potential beneficial uses of technology. Each school needs to identify where it stands on this continuum, what it supports in terms of technology use and what mitigation measures will be put in place. This then needs to be regularly reviewed in relation to new technologies and also new or changing uses of technology within school.
Safeguarding in relation to technology use is no longer simple; It is no longer a simple compliance tick box, or simple internet filtering box but instead a larger conversation around the benefits and risks of technology use in school, by staff and by students.