By Frederick Lane ~ 20 January 2023

This C4E Digest is 1,834 words, or approximately an 8-minute read.

Sorry for the late post. This has been a busy week and the next couple of months will not be much slower. But the Cybertraps are endless, so I'll update as often as possible.

✈️ Above the Fold: Cybertraps Heads to Ghana

Thanks to a grant from the Fulbright Specialist Program, I'll be traveling to Ghana for the month of March 2023. While visiting sub-Saharan Africa, I will deliver a series of presentations on cybersafety to a variety of audiences at K-12 schools, universities, and government agencies.

  • The Fulbright Specialist program maintains a roster of people who have demonstrated expertise in one or more areas of specialization.
  • This is my second time on the roster as an expert in Computer Science and Information Technology and Law.
  • In 2018, I spent two weeks lecturing about social media and cybersafety at the Guangdong University of Foreign Studies (GDUFS) in Guangzhou, China.
  • Six years earlier, my wife Dr. Amy Werbel spent a year teaching at GDUFS as a Fulbright Scholar. Her book, Lessons from China, is a great recap of her time in China.

My main sponsor for my work in Ghana is Awo Aidam Amenyah, the Founder and Executive Director of Child Online Africa, a non-governmental organization that "undertakes policy advocacy and campaigns with focus areas with/for children to influence decisions in favour of the African Child to change practices which affect them negatively in the digital space."

The Nation of Ghana was recently recognized by The Christian Science Monitor for its adoption of "a national cybersecurity strategy able to track and respond to digital threats, including disinformation."

  • The Monitor said that Ghana's proactive steps on cybersecurity have caused it to "jump 40 places in the Global Cybersecurity Index in just three years, ahead of Ireland and New Zealand."

πŸ’‘
Cybertraps #150 β€” GALE Forces with Dr. Glenn Lipson

πŸ”“ 2. Florida Schools Fail Cybersecurity Audit

The Florida Auditor General recently wrapped up "an information technology operational audit" that ran from December 2021 to September 2022.

  • The audit evaluated the cybersecurity defenses against ransomware at four different school districts: Desoto, Escambia, Indian River and Pasco.
  • According to Verizon, "ransomware breaches increased 13 percent during the 2022 calendar year, which is greater than the combined increases over the past 5 years." -- Verizon, 2022 Data Breach Investigations Report
  • More than half of K12 districts surveyed by Sophos, a computer security software company, reported a ransomware attack in 2022. -- Sophos, The State of Ransomware

The operational audit concluded with two main findings, both of which are undoubtedly relevant to K12 school districts across the country.

  • Finding 1: "Security awareness training programs for the Desoto and Pasco County School Districts need improvement to reduce the risk for district data to be compromised. "
  • Finding 2: "Certain district IT security controls related to authentication, account management, data recovery, configuration management, vulnerability management, and data protection need improvement to ensure the confidentiality, integrity, and availability of district data and IT resources."
  • The report did not publicly disclose which security controls "need improvement," out of concern that doing so would reveal existing vulnerabilities that could be exploited.

Recommended improvements: 1) comprehensive, mandatory security awareness training and 2) improvement of applicable IT security controls.


πŸ’‘
Want to reduce the chances that your district or a member of the school community will show up in a future edition of The Cybertraps Newsletter? Schedule some timely, informative professional development by contacting me at FSLane3@Cybertraps.com

🏫 3. "Indoctrination" Battles in Oklahoma

Aaron Blake teaches social studies to high school students at Putnam City North High School. On January 11, 2023, he posted a Twitter thread in which he declared "I refuse to teach from a posture of fear."

Context: Baker is an outspoken critic of House Bill 1775, a statute adopted by the Oklahoma Legislature in 2022 that prohibits school employees from using certain concepts in the classroom.

  • Known colloquially as Oklahoma's "Anti-CRT" law, the legislation is similar to bills passed in a number of conservative states around the country.
  • House Bill 1775 does not specifically reference critical race theory, a concept used to analyze the presence and impact of systemic racism on social institutions in graduate degree programs.
  • Baker argues that "[t]he vagueness of the 'letter' of HB 1775 has given carte blanche permission for appointed government executives and state board members to invoke the 'spirit' of this law any time they dislike something about an Oklahoma teacher." -- The 'Spirit' of House Bill 1775, Oklahoma City Free Press, 22 September 2022.

Coverage: Following his Twitter rant, Baker made several appearances on Oklahoma local media. He made it clear that many of his comments are directed at Ryan Walters, the Superintendent of Public Instruction in Oklahoma.

  • Walters was elected Superintendent in November 2022.
  • Videos recorded in his car and posted to Twitter were a central feature of Walters's campaign.
  • He frequently weighed in on hot-button cultural issues, including critical race theory, former government scientist Dr. Anthony Fauci, and his enthusiasm for actions taken by Governor Ron DeSantis in Floriday. -- Bennet Brinkman, "As questions swirl, Ryan Walters focused on school choice, ideology," NonDoc, 28 December 2022.
  • Walters has already instructed his staff to open an investigation into two other Oklahoma teachers, Tyler Wrynn and Summer Boismier, who he alleges have violated Oklahoma law by "indoctrinating" students.

Disciplinary action? Can Baker be punished for his online comments or his t-shirt sales?

Probably not. It's all pretty classic First Amendment stuff. If his comments lessened his ability to be an effective educator, however, or caused significant disruption in the classroom, then the school district (or Walters?) might be able to take action.

It seems more likely that Baker is probably on a fairly short list at the Oklahoma State Department of Education. It will be interesting to see if anything further develops.


πŸ’°πŸ’° 4. EdTech Gets an "F" in Data Privacy

Internet Safety Labs, a "nonprofit 501(c)(3) product safety testing and research organization," recently released Part 1 of its K12 EdTech Safety Benchmark: National Findings. The results are, to put it mildly, not encouraging.

  • Four key findings:
    ** 96% of ALL edtech apps share personally identifying information (PII) with third parties. 76% share such data with advertising and monetization businesses.
    ** Roughly a quarter of the apps used in schools are non-education specific (i.e., New York Times, Spotify, etc.) and thus have no child-specific protections.
    ** Students are exposed to digital ads in approximately 23% of all school apps and roughly half of those use retargeting ads, which increase the amount of PPI collected and shared.
    ** The world's largest advertiser, Google, is also the largest supplier of edtech hardware and software. This increases the risk of PII exposure for students.

Myriad dangers. The promiscuous sharing of student PII raises several serious issues that administrators, teachers, and parents should consider.

  • Access to student PII enables businesses and advertisers to serve up highly-targeted ads to students.
  • Possible misuse to deliver ads or content that lead to "emotional trauma, aberrant seduction or even physical danger with location information."
  • Possible long-term consequences from the retention and use of years-old data that may no longer reflect an individual's current circumstances.

No specific recommendations (yet). Since this ISL report is just the first of four, there aren't any suggestions for what schools and parents can do to minimize the potential risks of privacy invasions by edtech apps. Presumably, future reports will offer some guidance.

Let's be careful out there. "While this K12 Edtech Safety Benchmark report and the research data we have compiled may seem discouraging, it is our hope that it will stir a broader awakening to the real safety risks present in the internet and the technology we use with it."


πŸͺ© 5. Student Lounge Act Raises Hackles

Cameras and social media are everywhere. In November 2022, teachers in the Rochester Community Schools organized a field trip for Hart Middle School band and orchestra students to attend a matinΓ©e performance of the Detroit Symphony Orchestra.

  • The performance ended in late afternoon. Knowing the kids would be hungry, the teachers had arranged an early dinner at Niki's Pizza on Beaubien Boulevard.
  • There was just one small problem. Niki's Pizza did not have the capacity to handle one hundred and forty hungry tweens and twenty-nine teachers and chaperones.
  • Fortunately(?), there was plenty of space available in Niki's Lounge, an attached nightclub operated by the same company. The lounge was empty at the time.

A couple of minor issues (or issues for minors?): The lounge is equipped with a well-stocked bar and in front of several of the tables along the wall are carpeted risers equipped with what can only be described as dancer poles. In a completely foreseeable set of circumstances, students began swinging around the poles and a photo was posted to social media.

  • Social media presents serious challenges for school districts and administrators.
  • The lounge visit was initially reported by Andrew Weaver, who publishes a blog on Facebook (a Flog?) called Finding the Right Answer. Weaver is also a member of the Board of Trustees for the Rochester Community Schools.
  • His post was rebroadcast by Libs of TikTok, a far-right Twitter account run by former real estate agent Chaya Raichik.
  • The following day, the Rochester Community Schools Twitter account blocked the Libs of TikTok account.

Let's talk Cybertraps. While fairly humorous, this is a valuable object lesson for educators, administrators, and districts as a whole.

  • What we had here was a failure to communicate. A lot of finger-pointing arose about whether or not Niki's Pizza told teachers that the kids would need to use the lounge to eat their pizza. If the teachers were told, it's pretty clear they didn't pass that slice of info on to district leaders.
  • Everyone has a camera. Repeat after me: everyone has a camera.
  • Rochester Community Schools does not appear to have been particularly forthcoming about the circumstances of the trip or the administrative response.
  • The decision to block Libs of TikTok is at the very least a Bad Look. It's petty and doesn't really accomplish anything.

Classic overreaction. If parents (or Libs of TikTok) think that middle school students don't know about night clubs and stripper poles, they are kidding themselves.

At the end of the day, a bunch of kids heard lovely music, ate some pizza, and burned off some energy. Tomorrow, the sun will rise in the East.


πŸ“§ Have a great weekend, everyone. If you have questions, story ideas, or other suggestions, please email me: FSLane3@Cybertraps.com.