Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Are Students Liable for School Insecurity?

Posted by Cliff on from the punishing-them-for-the-mistakes-of-others dept.

yamamushi asks: "Within the past few weeks, students across Boerne ISD were being called into offices to discuss the use of proxies to circumvent the schools websense system. The problem is that some of these students are being suspended from school for up to 3 months at a time. Shouldn't the school district be liable for their own insecurity? Why are they punishing so many students for something that should be handled from the district's end? I know at the time I was going to school there, I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. They refused to update any of the computers and as such I was using the same tactic till the day I graduated." While security breaches by students are something to take seriously, should school administrations continue with their knee-jerk mentality to something like this, especially at the times when its obvious that no malicious intent was involved?

24 of 480 comments (clear)

  1. DMCA-think by pclminion · · Score: 5, Insightful

    Why bother improving security when you can just pass a law enabling you to arrest or expel anybody who tries anything funny?

    After all, we all know that the most dangerous elements of our society are stopped by LAWS, right?

    1. Re:DMCA-think by TheRaven64 · · Score: 5, Insightful
      That's only half of the reason we have laws. The other half is to codify a set of behaviours that we, as a society, consider unacceptable. Killing people and taking their property, for example, are things most people consider unacceptable, and so we have laws against murder and theft. The problem is that a lot of new laws don't represent the collective ethic of the population, they represent the views of small special-interest groups.

      When this happens, it is very bad because it leads people to question all laws. If one law is unjust, why should the law have any special status if much of it doesn't reflect the will of the people? This starts to move the law from being something that we agree is fair, and will abide by because we want other people to abide by it, and turns it into something that is enforced from outside. There are only two outcomes from this point; a radical restructuring of the laws, or a police state.

      --
      I am TheRaven on Soylent News
  2. Of course they should. by Lord+Bitman · · Score: 5, Insightful

    You come into my house, I say "don't fuck with the computer."
    You fuck with the computer, I kick you out.

    If anything, a public resource should be more tightly controlled.
    Should they fix their security issues? Yes.
    Should they kick out people who exploit the fact that they don't? Hell yes.

    Malicious or no, you should not be touching the school computers anymore.

    --
    -- 'The' Lord and Master Bitman On High, Master Of All
    1. Re:Of course they should. by Nos. · · Score: 3, Insightful

      There's a policy in place, most like for good reason. These kids violated that policy, knowingly. Besides, what exactly was so clever about these kids using an anonymous proxy to bypass web filtering software?

    2. Re:Of course they should. by theStorminMormon · · Score: 4, Insightful

      I agree. What is this idea that unless someone prevents you from doing something, they are responsible for you doing it? That's like saying "sorry for raping your daughter, but it's your fault for not putting up an electric fence with guard dogs around your house."

      Yeah, I know, that's a really over-the-top example, but this blatant attempt to push off responsibility for your own actions infuriates me. It's true that the school should certainly work to solve some of their gaping security holes. But when I was in school I was usually one of the kids that worked for the labs and I know that the guys running campus security were frequently over-worked and underpaid. So give them a break. Their job is supposed to be keeping computers up and running for students to use to pursue their education, not preventing said students from circumventing security measures.

      More than anything else though, it's this infantile idea that you can hold someone else responsible for your actions because they didn't stop you. Grow up. If you graduated college with that mindset then that's just a disappointing commentary on your own moral development more than anything else.

      The colleges are responsible for not patching the security holes, but the students are responsible for exploiting them.

      --
      The Southern Baptist Convention has creationism. On Slashdot, we have porn.
    3. Re:Of course they should. by theStorminMormon · · Score: 4, Insightful

      Bah, that's crap. Kids who are smart enough to figure that stuff out need to be nurtured, not beat down. They displayed initiative, imagination, and creative problem solving, and they didn't cause any actual harm, just broke an arbitrary rule.

      This is a separate issue. Look, you've got one of three alternatives.

      1. It's a stupid rule because violating it doesn't necessarily result in harm. (See above.)
      2. It's a good rule, but the punishments are too harsh.
      3. It's a good rule, and the punishments are fine.

      What's not an option is any thing that includes "and the student is not responsible for breaking the rule because the school didn't prevent him." Any law with a punishment affixed is by definition not 100% preventative. If it was, you wouldn't need punishments. So the one thing that should not be up for debate is whether or not the student is responsible for the act of violating the policy. Whether that responsibility is good/bad/neutral etc. is debatable, but where that responsibility lies is not. That however, was the tone of the article, and that attempt to shift responsibility is what I and (I believe) GP are reacting against.

      --
      The Southern Baptist Convention has creationism. On Slashdot, we have porn.
    4. Re:Of course they should. by ZombieWomble · · Score: 5, Insightful
      Each of your arguments I find quite baffling:

      With the whole "they're smarter than those who set up the system" argument - it may be possible, but we have no idea what sort of decisions went into choosing this system. It may have been simple ignorance of the level of security provided, but it may well have been details of cost, personnel and the like which prevented them from implementing a more comprehensive system. Moreover, it's quite likely that this system was never desired to provide absolute security, but rather to clearly mark out the section of the internet which is "bad", according to school policy, so pupils know full well that by going there they're breaking school rules and are liable to be punished, as these kids were.

      This leads into your second point - the punishment, and it's scope. The article is almost entirely empty of context about this, and the only information we have is that 1) Kids used proxies; 2) They were punished, to varying degrees. We have no idea about the context of what happened - What were the kids circumventing the proxies to look up? How long did this go on for? Did the kids have other records of offenses which added to the severity of their punishment? I suspect* people picking up 3 month suspensions may not have been otherwise immaculate students who simply accessed some really nifty site on Newton's Laws (blocked by the evil, evil content filter denying them information) through a proxy as a proof of concept.

      And then there's the last, really baffling point - You're suggesting that if you provide a service conditional on some rules being followed, you have to accept that people will break these rules? That's just a ludicrous assertion, as shown by this very story - someone broke the rules, they were punished, and are at present denied access to the system. Seems to me that one doesn't have to sit idly by after all.

      * - I say "I suspect", because that is how many of these stories go when one digs a little deeper. If there's anyone with some more details on this who is able to correct me, feel free.

  3. Check the acceptable use policy by 0racle · · Score: 4, Insightful

    Check what the kids and their parents agreed to before complaining. Most I've seen explicitly state that using external proxies is against the rules.

    --
    "I use a Mac because I'm just better than you are."
  4. "Malicious" by Applekid · · Score: 4, Insightful

    It is malicious intent. If you are using the internet in an environment were you're blocked from visiting certain sites, then they don't want you visiting them on their network.

    If you turn around and sneak through their system and do it anyway, that seems pretty bad faith to me.

    If they locked up the computer lab after hours and because you are smart/skilled enough to get in anyway because you can pick locks, you're still doing something that you're not supposed to be doing.

    To paraphrase Dragnet: "if you don't like the law you can try to get that law changed that doesn't give you the right to break it." The school network isn't "law", no, but they can still cause trouble for you if you go against it.

    --
    More Twoson than Cupertino
  5. Personal responsibility by Scutter · · Score: 4, Insightful

    Just because the door is unlocked does not necessarily mean it's not breaking and entering. The students know the rules. If they choose to break them, they should suffer the consequences. The technological measures that may or may not be in place are irrelevent.

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  6. No different from other crimes by honkycat · · Score: 4, Insightful

    This isn't really any different from other "crimes" (or violations of school policy). The school's rule is simply that you are not allowed to do certain things on the computers. Some of these things are restricted by their security systems, others are not. Just because you *can* do it, doesn't mean it's within the rules they've established. The students are responsible for their behavior -- it's not the responsibility of the admins to make it impossible for the rules to be violated.

    I don't see any problem with punishing students for misuse of its resources, as long as they were given fair warning of those rules (and as long as those rules are consistent with the school's educational mission). A teacher can't prevent students from cheating on exams, but they'll still be punished when they're caught breaking that rule. Why should this be treated differently?

  7. Seriously, get Serious. by rueger · · Score: 5, Insightful

    The school has rules. You break the rules, they toss you out.

    Adding a computer into the mix doesn't change that equation.

    There is no law that says "Oh, the rule that you broke involved the Internet! Well, that's an entirely different case!"

    --
    Three Squirrels
  8. Similarly... by metamatic · · Score: 3, Insightful

    Why are students punished for stealing school supplies? Surely it's the school's fault for not keeping everything locked up well enough?

    --
    GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
  9. About Teaching Appropriate Behavior by queenb**ch · · Score: 5, Insightful

    I'd say that I'm sorry that the kids are being punished, but I'm not. This isn't about the school district doing anything inappropriate. It's about kids doing something that they knew was inappropriate and being punished appropriately. I fail to see why anyone is upset by this. Part of the function of education is to teach children how to behave and what their boundaries are.

    If they're told that these are rules, but you don't *really* have to obey them, what other rules will they choose to ignore? Will they ignore the rules about bringing weapons to school? Will they ignore the rules about bringing drugs to school? Will they chose to ignore the rules about cheating on tests?

    I've seen people walked off jobs for less. If there's a proxy, it's there for a reason. If the rules say that you have to use the proxy or you can't see that site, surf it from home. I would much rather see them punished now, while the only thing they get dinged for is some time out of school, extra curricular activities, etc. instead of waiting until they're grown-ups with a car payment, a mortgage, some credit cards, and a couple of kids who get fired for doing the same thing at work.

    2 cents,

    Queen B.

    --
    HDGary secures my bank :/
    1. Re:About Teaching Appropriate Behavior by iamacat · · Score: 3, Insightful

      When did breaking simple rules become the authorities fault?

      Why, of course - when authorities started passing ridiculous, unnecessary rules and imposing excessive punishments for minor infractions.

    2. Re:About Teaching Appropriate Behavior by iamacat · · Score: 3, Insightful

      How so? The students are using school computers to access content not owned by the school and generally available to public on Internet. This is done without permanently altering hardware or software of computers in question, hacking school servers or accessing/altering any confidential information. The damage to the school is limited to the trivial cost of bandwidth, which is paid for by parent's taxes. How does this justify a suspension? Make them wash the floor for a day or something.

    3. Re:About Teaching Appropriate Behavior by biffnix · · Score: 5, Insightful

      How so? I'll tell you - it's because the students are violating the Acceptable Use Policy that all students sign and agree to. If they disagree, then can use their parents' computers to accomplish those things that are explicitly forbidden at school (and that they are required to enforce by law - the CIPA, in fact), or find other public use computers that do not have those restrictions.

      I'm not sure why folks don't understand this - it doesn't MATTER if you, or anyone else thinks that having an Acceptable Use Policy is a good idea or not. What does matter is that they agreed to it, then violated that agreement. That means they will face a consequence for that violation.

      That's like getting a library card - you agree to borrow a book, and return it. If you think that because you're impoverished, or need the money to buy medicine for chemotheraphy for your sainted mother, and so sell the book and fail to return it, that you WON'T be prosecuted for violating the law, then you're delusional.

      The school enforces policy that the local school board approved. The parents elect the school board, and so they delegate the responsibility to the board to come up with school policies. We DO still live in a representative democracy, after all. Sheesh.

      I agree with an earlier post - it's far better to teach our youth that there are consequences for our actions, and that THEY are responsible for their own actions. Get this hard lesson learned when the only consequence is missing Grad Night at Disneyland or a big school dance, and not getting fired for violating the company AUP when your wife is pregnant, the car needs new tires, and your doctor says you need an operation.

      Sometimes those consequences are things that we disagree with. Great. Go out, fight the good fight, and get those policies changed. Run for school board. Get petitions signed. Make REAL change. And find out that it's hard, thankless work.

      But for pete's sake, stop with the whining!

      Joe G.
      Mono County Office of Education
      Mammoth Lakes, CA

      --
      Don't Die Wondering
    4. Re:About Teaching Appropriate Behavior by mythar · · Score: 3, Insightful

      How so? I'll tell you - it's because the students are violating the Acceptable Use Policy that all students sign and agree to. If they disagree, then can use their parents' computers to accomplish those things that are explicitly forbidden at school (and that they are required to enforce by law - the CIPA, in fact), or find other public use computers that do not have those restrictions. actually, in this case, if they disagree, then they can spend 3 months at home. does that seem like a fair and appropriate punishment to you?

      That's like getting a library card - you agree to borrow a book, and return it. If you think that because you're impoverished, or need the money to buy medicine for chemotheraphy for your sainted mother, and so sell the book and fail to return it, that you WON'T be prosecuted for violating the law, then you're delusional. if i thought that, i wouldn't be delusional; i'd be right. because, failing to return a book to the library will get me fined by the library, not prosecuted by the courts.

      there's been a lot of talk about whether students should follow the rules or not, but i think the real issue here is the severity of the punishments handed out. at most, these students should have had their school computer access permanently revoked, and either given some other tasks, or the burden of having to finish their computer-related assignments away from school. there is no reason for school officials to compare these offenses to far more serious crimes, or to hand out punishments far out of proportion to the offenses committed.

  10. Middle ground by benhocking · · Score: 3, Insightful

    As far as rule breaking, it's too close to a thought crime for me to agree with it. Either throttle it down intelligently, or accept that people will find things you may find objectionable.

    I agree that the 3 month suspension punishment was over the top. But to argue (as you did earlier) that kids should be encouraged for this creative behavior, I vehemently disagree. If they did not get a warning (including a school-wide warning, as long as it was focused on the proxy issue and not generic), then I think that a warning would have been the appropriate response. If they did get a warning, then a 1-day in-school suspension (or detention) would probably have been a reasonable response.

    To argue for no response whatsoever, however, seems irresponsible.

    --
    Ben Hocking
    Need a professional organizer?
  11. Re:Three months? For proxies? by Sancho · · Score: 5, Insightful
    Let's look at it this way. If there was a rule that you weren't supposed to go to pornographic websites on school property, but there was no software in place that censored or prevented this behavior, would you expect someone who intentionally went to a porn site to be punished? Most people would say yes. There was a rule in place, they broke the rule, they get punished.

    I was shocked reading the content of the slashdot posting!

    I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. Read that again. This person is blaming the administration for allowing him to do something that was against the rules. Perhaps he would like to be chained to his desk so that he cannot get up, move about, disturb the class, and get in trouble with the teacher?

    It's so absolutely outrageous that I don't know where to begin discussing how terrible it is. He's asking for a nanny state (most Slashdotters seem to think that a nanny state is bad). He's asking for stronger censorship on the part of the school (blocking access to proxies). He's asking for the admins to change the computer security settings so that he isn't capable of doing something that he knows will get him into trouble. It's truly insane, and honestly, it sounds like someone managed to troll Slashdot into fighting for these absurd things by appealing to the "OMG, highschool kids have no rights!" crowd.
  12. Re:Three months? For proxies? by sumdumass · · Score: 3, Insightful

    This is about school admins being lazy and wanting to make examples out of kids for doing something which is more or less innocent on the basis of them being "hackers."
    I have been responsible for at least two people losing their jobs for surfing areas outside the proxy and one of them caused enough damage in configuration that I needed to visit the workstation itself to get back on the network which ended up coming out of his past paycheck.

    The thing is, In real life, the employer makes rules, if you don't follow them, you can lose your job. If something gets damaged in the process, you can have to pay for it. It doesn't matter how stupid the sys admin or the rule is or how lazy for that matter, it is their property you are using. And If I had to constantly check and change stuff to make sure your not going somewhere your not supposed to be on the company network, Guess what, you don't have access anymore and you will be lucky to have a job. You are costing the company money they shouldn't have to pay. Plain and simple.

    Employers and schools aren't like your parents were they have an obligation to keep you around. If you want to violate the rules and treat someone like shit, stay home and live off your parents. Cause you will get fired or suspended anywhere else. And in some cases, you could be out some money with lots of bad credit following you around.

    I don't think anyone who isn't related to the owners of a business or fucking one of the owners can seriously say they have some right to poke around where the company says they don't (this include bypassing a proxy or Internet restrictions). And IF you seriously think your too important to get fired, Keep it up, they just haven't found your replacement yet. But as soon as you start costing them money, you can bet they will look even harder.
  13. Re:Three months? For proxies? by k12linux · · Score: 5, Insightful
    I have to agree with you. As a district admin, I have something to say to those who feel that because a proxy was available it's the school's fault students used it.

    Bull! Before someone claims that schools should block 100% of the "bad sites" out there and that not doing so gives students the right to use them, try this:

    1. Go get set up a SquiGuard filtering server or buy an expensive commercial filter or find one you can get a "demo" for 30 days.
    2. Set up some PCs behind the filter.
    3. Block MySpace.com
    4. Spend some time finding all of the proxy servers you can and add them to the block list.
    5. Now find 6 teens who are comfortable using Google and computers in general (so basically any 6 teens.)
    6. *important* - Provide free Pizza it's a good motivator
    7. Have three just browse the Internet for stuff they are interested in.
    8. Challenge the other three to get around the filters and get to MySpace.com
    9. Tell the kids to switch PCs every 5-10 minutes.
    10. Go to another room so you can't see who is at which PC
    11. Using only the logs and reports from your filter software, figure out when someone accesses MySpace.com through a proxy.
    12. Confirm that the site really is a proxy site and not just a single page on a big hosting server.
    13. Add the new site/page to the block list
    14. Repeat 11-14 until you are pretty certain you have every proxy blocked.
    15. Check with the teens and find out you are wrong. Go back to 11.

    Now ask yourself... how much time did you just spend doing nothing but blocking proxy sites? Do you think it would be easier/harder if you had 1200 kids who might or might not be trying to find proxy sites instead of 6? Would you be willing to spend that much time every day? (New proxies appear constantly you know.)

    And in the end is it which important? That you stop every kid who wants to break the rules and an agreement *that they signed*? Or that your firewall is set up right, the servers work, all 600-1000 PCs are up and running, Windows is patched, networking is Ok, Internet access is working, the servers hard drives aren't filling up, etc.?

    I could probably do a fair job of blocking almost every proxy out there if only I spent 1/2 of my day every day working at it. But why? When did "You didn't stop me" become the same as "I'm allowed to"?

    What if life was like that? Someone stole your bike? Sorry, we can't punish them. You may have had a lock and chain on it, but the chain wasn't resistant to acetylene torches. You didn't take full precautions.

    Someone broke into your house and stole your computer? Yeah, we caught them but had to let them go. Why? They said that your doors and windows were locked but that they smashed your bedroom window with a rock. A rock they found in your yard. You should have either used break-proof glass or removed every rock from the yard. Your security was too flawed so we had to let them go and keep the PC too.

  14. Re:Three months? For proxies? by zCyl · · Score: 4, Insightful

    I cannot possibly close every last security hole in the over 600 computers I am ultimately responsible for.

    Viruses infest systems because of security holes. Students do not access proxies because of security holes, students access proxies because of information censorship which they disapprove of. The proxies are external information portals, and are not under your control. They simply route information from one place to another, providing a different means of accessing information. Therefore an attempt to block access to proxies is NOT a security issue and is ONLY a censorship issue.

    We need to be more judicious in the language we use to discuss these issues so that it is more clear what we're really talking about.

    In relation to this article, students should not be punished as if they committed a security violation, because they did not. They at worst violated a censorship policy by viewing information that violates school policy.
  15. Re:Three months? For proxies? by k12linux · · Score: 3, Insightful
    I know this is probably feeding the trolls but...

    get a clue and stop trying to CONTROL CHILDREN by using CENSORSHIP

    I know it's in vogue to claim that schools just want to control kids and stick them in little boxes. I'll admit that sometimes colossally bad decisions are made at a school or some seemingly arbitrary new school rule is added. But the truth is that there may be more behind what is done than you realize. Still, it's a fact that school and district admins are just people and sometimes people make mistakes even with the best intentions.

    To be perfectly honest I would love to do away with filtering. I have things to deal with besides whether Johnny has the ability to see a nipple on images.google.com or if Cindy is sending emails to her new Lesbian girlfriend she met online who lives in another state. There are four things that stop me from yanking the filters and giving everyone unrestricted access:

    1. http://goat.cx/ - No six year old should stumble upon the nastier version of that site. Heck I'm not a prude but I wish I'd never stumbled upon it. Think a 3rd grader doing a report on beavers (the kind that make dams) won't accidentally see something they are too young to understand?
    2. Parents - After some kid spends four hours trying to bypass filters and manages to see a breast then they (or the kid sitting next to them) quickly goes home to tell mom and dad how they saw someone having sex on the school computers. Some parents are shocked that their "innocent" child was exposed to something like that and will call all of their neighbors to warn them. At least we can tell the angry mob that shows up that we are making an honest effort to block access to that stuff. Then usually they put down the pitchforks.
    3. Federal/State laws - While we can't be hauled in to jail for not filtering we can have money withheld. If you think your school is doing a poor job then how good do you think it would be if they had 1/2 of the budget to pay for things like teachers, books or electricity?
    4. PC Access - We had MUCH looser filters a few years ago. Then the lab assistants called to let us know that regularly every computer in the lab was in use by someone using chat or web-based email often for the entire hour.

    Since I've been asked this offline I'll assume someone is going to ask here... "What's wrong with #4? Their parent's taxes pay for the computers, Internet access and even your salary!"

    True, but so do the parents of all of the kids who can't get time on a computer to work on actual homework. I bet the parents of the kid chatting away every one of his study periods expects that their tax money is going to educate their children... not to let them search for Britney Spears look-alikes naked.

    Censorship is never an appropriate solution to anything,

    Nobody is shutting down web sites. Nobody is telling you that you can't watch videos of some chick getting it on with a horse. Nobody is censoring anything. You are free to view/read what you want online in your own home with your own computer using Internet access that you or your parents pay for. We're just saying, "No, not here, not with things funded by the public for the purpose of education." Schools aren't (and shouldn't be) your private ISP.

    children should be guided and educated rather than controlled or restricted.

    A great altruistic ideal and goal. But the truth is that a fair amount of time is spent educating students in our district about not only what they should and shouldn't do online but why. Things are taught like how it might affect their future career if they view porn at work, etc.. I believe that with a large percentage of students that is enough and they won't intentionally go to sites they shouldn't.

    But if you take 1200 kids in one school and just say "shame on you. It's naughty for you to do that and here is why..." then there will still be enough wasting computer time to keep those who want to learn and do their homework off of the PCs.