Securing High-Tech Classrooms


Editor's note: Politics, beyond funding, normally is not a major topic for T.H.E. Journal. But increasingly, politics is affecting technology and education. A case in point is the politics of security as exemplified by the Supreme Court decision of June 29, striking down the Child Online Protection Act (COPA). Your vote in the future can affect not only security-related issues such as COPA, but also other technology and education concerns. Future issues of T.H.E. Journal will include information to help you think about the upcoming election, as well as how it will affect technology and education in both K-12 and higher education.

Security is defined as "the state or feeling of being free from fear, care, danger, etc.; safety or a sense of safety." As a technology user and bureaucrat responsible for instructional technology policy and practices at a state department of education in the early 1990s, I had a very simplistic view of security: Don't leave your password where others may find it, and be careful with any equipment that you take with you to presentations to ensure it isn't stolen. If I did those things, I felt free from fear, care and danger, technologically speaking.

Then I was asked to take on responsibility of the department's information systems, and my view of security changed. Over 1,000 computers, an internal network, wiring closets, servers, a mainframe, a growing wide area network, a student information system with more than 3 million students on over 6,000 campuses in 1,100 districts were involved. We also were responsible for creating, maintaining and implementing a disaster-recovery plan. I never felt free from fear, care and danger, technologically speaking, during my time in that position. Those of you in charge of technology systems of any size on any campus, university or district must feel a constant state of anxiety, as the threats to security have continued to grow exponentially over the last decade.

There is a variety of approaches to security in educational institutions. A typical approach is to identify a problem, such as viruses, and then attack it or shield the institution from the problem. As technological infrastructures have grown in a piecemeal fashion, managed by overworked CIOs and staff, sometimes this seems to be the only way to address the problem(s). This practical, specific approach is illustrated by özkan and Günay in the article "Minimizing Security Vulnerabilities in High-Tech Classrooms". They provide specific ideas and software that they've used in addressing security concerns.

A more holistic approach, and one we were required to use in creating a disaster-recovery plan, is asset-based. This is the approach advocated by the Consortium for School Networking (CoSN) in a monograph titled "Cyber Security: Protecting Your District's Mission and Assets" ( This approach is very different in that it focuses on the assets of the educational institution first, along with an analysis of the assets' vulnerabilities. The focus on assets rather than threats helps to ensure that the most important assets get attention first. The process still allows for less important assets to be addressed, especially if the solution is easy and/or inexpensive. Mixed into this process is a careful consideration of laws, budget, technical staff, as well as a thorough evaluation of threats.

An analysis of threats can be overwhelming. Looking at the sources of threats from inside the institution versus outside the institution can assist in getting a grip on the problems, while also providing at least some sense of control. Sources of threats from inside the system theoretically have more opportunities to be affected, either with policies, tools or, more generally, by trying to affect the culture of the institution. Ribble and Bailey take a look at the notion of "digital citizenship" in their article "Monitoring Technology Misuse and Abuse". They provide a simple survey regarding common security problems, as well as advocate for an equal focus on effective and appropriate uses of technology.

The Politics of Security

Congress has been trying to protect children from online pornography for almost a decade. In February 1996, Congress enacted the Communications Decency Act (CDA) as a part of the Telecommunications Act of 1996. CDA was trying to protect minors from harmful material online by going after the Internet transmission of indecent materials to children. CDA was ruled an unconstitutional intrusion on the Internet by a unanimous ruling from the Supreme Court in 1997. In this ruling, the Internet was called a "unique and wholly new medium of worldwide human communication" that deserved First Amendment protection.

Congress tried again to provide security in October 1998 when it passed, and former President Clinton signed, COPA, which provides criminal penalties for any commercial distribution of material harmful to minors. COPA has never been enforced due to a series of court cases culminating in a Supreme Court decision on June 29. In a 5-4 decision, the Supreme Court ruled that COPA, which was supported by the Bush administration, was too broad and probably violates the First Amendment. In the majority opinion, Associate Justice Anthony Kennedy wrote, "There is a potential for extraordinary harm and a serious chill upon protected speech" if the law took effect. The majority also felt that there have been important technological advances since COPA was first blocked in February 1999 by a federal judge in Philadelphia. The case will now be sent back to a lower court for a new trial. This will allow for a discussion of, among other issues, what technology may protect children, while still allowing adults to view and purchase material that is legal for them.

We all know from Civics 101 that all of the House of Representatives, a third of the Senate and the president will be elected this November. Let us not forget that the president appoints — with the advice and consent of the Senate — the members of the Supreme Court. And it is likely that the next president will appoint at least two, and possibly up to four, members of the Supreme Court. These people will be making decisions about your students, your access to information and your Internet. Don't let it be without your vote.

This article originally appeared in the 08/01/2004 issue of THE Journal.