Slashdot Mirror
Why Are Students Liable for School Insecurity?
yamamushi asks: "Within the past few weeks, students across Boerne ISD were being called into offices to discuss the use of proxies to circumvent the schools websense system. The problem is that some of these students are being suspended from school for up to 3 months at a time. Shouldn't the school district be liable for their own insecurity? Why are they punishing so many students for something that should be handled from the district's end? I know at the time I was going to school there, I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. They refused to update any of the computers and as such I was using the same tactic till the day I graduated." While security breaches by students are something to take seriously, should school administrations continue with their knee-jerk mentality to something like this, especially at the times when its obvious that no malicious intent was involved?
Why bother improving security when you can just pass a law enabling you to arrest or expel anybody who tries anything funny?
After all, we all know that the most dangerous elements of our society are stopped by LAWS, right?
You come into my house, I say "don't fuck with the computer."
You fuck with the computer, I kick you out.
If anything, a public resource should be more tightly controlled.
Should they fix their security issues? Yes.
Should they kick out people who exploit the fact that they don't? Hell yes.
Malicious or no, you should not be touching the school computers anymore.
-- 'The' Lord and Master Bitman On High, Master Of All
Check what the kids and their parents agreed to before complaining. Most I've seen explicitly state that using external proxies is against the rules.
"I use a Mac because I'm just better than you are."
It is malicious intent. If you are using the internet in an environment were you're blocked from visiting certain sites, then they don't want you visiting them on their network.
If you turn around and sneak through their system and do it anyway, that seems pretty bad faith to me.
If they locked up the computer lab after hours and because you are smart/skilled enough to get in anyway because you can pick locks, you're still doing something that you're not supposed to be doing.
To paraphrase Dragnet: "if you don't like the law you can try to get that law changed that doesn't give you the right to break it." The school network isn't "law", no, but they can still cause trouble for you if you go against it.
More Twoson than Cupertino
Just because the door is unlocked does not necessarily mean it's not breaking and entering. The students know the rules. If they choose to break them, they should suffer the consequences. The technological measures that may or may not be in place are irrelevent.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
"Within the past few weeks, students across Boerne ISD were being called into offices to discuss the use of proxies to circumvent the schools websense system. The problem is that some of these students are being suspended from school for up to 3 months at a time. Shouldn't the school district be liable for their own insecurity?
No.The school apparently has a policy in place to forbid students from going to various sites. They use appropriate tools (like websense) to enforce that policy. Simply because there are ways around the tools, doesn't mean its okay to do so. There code of conduct talks about an agreement signed by the students. If they violate this agreement they should be punished.
This isn't really any different from other "crimes" (or violations of school policy). The school's rule is simply that you are not allowed to do certain things on the computers. Some of these things are restricted by their security systems, others are not. Just because you *can* do it, doesn't mean it's within the rules they've established. The students are responsible for their behavior -- it's not the responsibility of the admins to make it impossible for the rules to be violated.
I don't see any problem with punishing students for misuse of its resources, as long as they were given fair warning of those rules (and as long as those rules are consistent with the school's educational mission). A teacher can't prevent students from cheating on exams, but they'll still be punished when they're caught breaking that rule. Why should this be treated differently?
It has nothing to do with malicious intent and more to do with liability. I'd bet that the school has to protect its pupils from the darker side of the internet (p0rn, 4chan, RMS's latest rant about how it should be GNU/Linux etc.) And I'd also hope that before using the PCs you had to agree to a terms of conduct. I've had this discussion before with someone I know in the UK who got slapped for trying to bypass his school's filters, and he tried the "malicious intent" argument. It doesn't wash, simply because the computers you are using are not yours, nor should you treat them as such. I'm sure you felt very 3l1t3 with your boot CD, but the fact remains those are your PCs and it was right you were punished for continuing to do something you were told not to do.
A thief who robs a house doesn't get any lesser a sentence if the front door was unlocked versus locked and bolted. The fact it's ridiculously easy there to beat their puny security shouldn't make any ultimate difference.
The school has rules. You break the rules, they toss you out.
Adding a computer into the mix doesn't change that equation.
There is no law that says "Oh, the rule that you broke involved the Internet! Well, that's an entirely different case!"
Three Squirrels
This is what bureaucrats do. They cover their posteriors and foist the blame onto others. Bureaucrats take many forms ranging from government minions at schools, to many of the people who will decisively outrank you in the private sector. They will do two things to you, that you just have to learn to deal with, unless you can make your own way in life independent of them:
1) They will set up the hierarchy to obfuscate the chain of authority to make it hard to hold any one of them individually accountable.
2) They will, as a group, foist the blame onto the nearest target that looks helpless.
You, as a student who knows how to do basic things in Unix, are scary to many adults today. You are probably also scary to many young people because the truth is, many young people are no more comfortable with "real technology" than their parents are. This makes you a good target. "Look! He's up to no good!" They don't have to prove that you were doing anything wrong, and most people are a combination of too stupid and too uneducated to understand the ins and outs of what you are doing. It's all voodoo to them.
I am also increasingly convinced that there is a segment of the human race that is sheep-like in its quickness to assume danger, its irrational hysteria and inability to gauge danger appropriately. You will also see these types of people in every walk of life, especially in "safe" environments like schools, corporations and government agencies where they can be protected from the realities of life. These are the sort of people who are so stupid that they would call a teen who makes a quake map of his school a "terroristic threat," but would lead their student body onto a football field that is surrounded by barbed-wire and fence and about twenty good sniper nests the day they get a bomb threat. Yes, that happened to me, in HS. I scared the tar out of some of my teachers by pointing out the irony of them trying to "make us safe" from a possible psycho who'd blow up half the school, but surrounding us in an enclosed point where a sniper could pick us off, and reload with impunity.
I am a tech director for a k12 public school district. Just last week we had to suspend 5 kids (actually bright kids) for using proxies among other things (and moreover being stupid about it). One of the problems was that a student found a website (that I have actually used before) that lets you boot to a floppy and recover a windows password from a computer. That student then had admin access to all of our 420 laptops. As the only tech there (and part time at that) it is much easier to suspend them than to re-image all 420 laptops, password protect the bios and prevent booting from anything but hd! I felt bad nabbing them, but they were dumb enough to leave their script kiddie programs on their network drives... a simple search for *.exe screwed them all. As far as proxies, they are coming out with them faster than I can (or care to) block them. As my case is not different from many other school districts facing harsh budget cuts out there, I don't forsee security in schools getting better any time soon mostly because most of us cracking down used to be those little nerds wreaking havoc on our school's sysadmins.
Why are students punished for stealing school supplies? Surely it's the school's fault for not keeping everything locked up well enough?
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
I'd say that I'm sorry that the kids are being punished, but I'm not. This isn't about the school district doing anything inappropriate. It's about kids doing something that they knew was inappropriate and being punished appropriately. I fail to see why anyone is upset by this. Part of the function of education is to teach children how to behave and what their boundaries are.
If they're told that these are rules, but you don't *really* have to obey them, what other rules will they choose to ignore? Will they ignore the rules about bringing weapons to school? Will they ignore the rules about bringing drugs to school? Will they chose to ignore the rules about cheating on tests?
I've seen people walked off jobs for less. If there's a proxy, it's there for a reason. If the rules say that you have to use the proxy or you can't see that site, surf it from home. I would much rather see them punished now, while the only thing they get dinged for is some time out of school, extra curricular activities, etc. instead of waiting until they're grown-ups with a car payment, a mortgage, some credit cards, and a couple of kids who get fired for doing the same thing at work.
2 cents,
Queen B.
HDGary secures my bank
Part of what schools are teaching is that one needs to take responsibility for one's actions, which have consequences. Breaking the rules and doing things that you've been told not to do - no matter how ingeniously it's done - is not something that's going to get you pat on the head in the real world. Screw around with someone else's system, and you can expect the people who run it to screw back.
You know, no one congratulated me on my ingenuity and craftsmanship when I was able to buy beer with my doctored driver's license. "Why am I being blamed for the fact that the store owner couldn't identify a fake ID?" I protested. God, I was a brat.
Teenagers keep asking to be treated like adults, then whine about it when they are.
http://alternatives.rzero.com/
I agree that the 3 month suspension punishment was over the top. But to argue (as you did earlier) that kids should be encouraged for this creative behavior, I vehemently disagree. If they did not get a warning (including a school-wide warning, as long as it was focused on the proxy issue and not generic), then I think that a warning would have been the appropriate response. If they did get a warning, then a 1-day in-school suspension (or detention) would probably have been a reasonable response.
To argue for no response whatsoever, however, seems irresponsible.
Ben Hocking
Need a professional organizer?
I can empathize with students wanting freedom on a computer network, or even wanting to just play around with the system to see what they can do. Heck, when I was in high school, I was one of those guys who would bump his print jobs up in the queue using pconsole, or discovering all the accounts that had access through the Squid proxy to the Internet.
...Naturally, students decided they wanted to push the envelope. Kids started remotely shutting down one another's laptops and trying to steal one another's passwords. Eventually, a student guessed a faculty member's password, found a user account created by my predecessor long before I started on a faculty server, rdp'd into a server, and tried running a password cracking application...that contained a root kit.
On the other hand, I was a network/system administrator at a high school after college, and I can understand the challenges administrators have to deal with in terms of high school students. Administrators don't just decide that they want to lock students down; heck, some schools don't WANT their students to have restrictions placed upon them. When I started, the school had upgraded from Windows 2000 to Server 2003 the year before, and the security that was implemented was essentially Windows 2000 security. They made some stupid mistakes; all passwords stored in LM format, weak ACLs on systems, no BIOS passwords, few if any group policies. On the other hand, they had their VLANs designed properly, the servers all had fairly strong passwords, and they weren't running unnecessary services. The security that was implemented was essentially designed to protect users from malware and keep outsiders from poking around.
An administrator's job is to, in effect, install and maintain technology that reflects the mission of an organization. Some schools have a pedagogy that encourages open exploration; other schools want strict rules and regulations. The school I worked at fit somewhere in between. When kids decided they wanted to try and cheat on exams, down using p2p applications, and attempt to change their grades, they put me in a position (mind you, just months after I started working there, and hardly after enough time to complete a full security audit and redesign) where I couldn't just trust them to be responsible in an open system. So, the next semester, they were irritated to find out that their accounts were running as local users; that group policies had been designed using strict Software Restriction Policies creating a whitelist of applications they could run; that their laptops and desktops all had BIOS passwords; that the only route out to the Internet was through an ISA server that connected directly to a filtering application, and then into a Packet Shaper; that their Flash plugin was disabled; that their ability to run Java applications was limited; that their exam account couldn't do anything EXCEPT run the exam application; that their ability to create and log onto local accounts was eliminated, etc.
Were there things on that list that should have been implemented earlier? Absolutely! Any organization should ALWAYS have BIOS passwords set on their machines, which should change every year. LM passwords should NEVER be enabled. Having some type of proxy is also a must, as are strong ACLs on switches and routers. Some type of bandwidth management device should be implemented, as there are more than three people using the network at a school. The school DEFINITELY should have set up WSUS to keep their Windows systems updated.
I'll admit that, when I have the authority, I'm active in creating (from the start) a secure environment, but you're not helping out an administrator when you just start poking holes in the network and not give them the chance to fix the holes. Schools don't have huge budgets, and the IT department is often required to play the role of help desk, admin, developer, engineer, etc, rather than just one niche. In my case, I was lucky; I had a good relationship with the people
Are you for real?
This is about school admins being lazy and wanting to make examples out of kids for doing something which is more or less innocent on the basis of them being "hackers."
The punishment does not at all fit the crime here.
+++ATH0
I am astonished that everyone on this forum seems to be siding with the school. What harm were the kids doing by bypassing the websense system? It's not like by viewing forbidden things they were hurting anyone else. Sure, they were breaking the rules - but if I had been suspended for 3 months every time I broke a rule I'd never have had any time in school.
The
When your mother told you, "Because I said so," you should have listened.
Congratulations on completing High School. Welcome to the real world!
Laws and regulations do not exist to accord with moral principles or even common sense. Laws exist to compel behavior. There is no court of principle or reason to hear your appeals.
You do not abide by rules, regulations, and laws because you necessarily agree with them or believe them to be justified. In many cases you abide by them because you fear the consequences of violating them. You abide by them because they are threats, threats of the form: "If you do [or do not do] X, then we will punish you by doing Y."
Society, your High School, your College - like your mother - rules not by prior consent, not by reason, not by universal moral principles, but rather by tradition, intuition, emotion, and force.
Better these students learn this in school as minors than in the real world and end up in prison.
Absolutely they should be coming down on the students.
The schools have rules, conditions, and access limitation in place for multiple reasons:
In the case of things like students accessing proxies not on the blacklist to access sites on the blacklist, or booting LiveCDs, or otherwise evading the infrastructure as it was in place, these students are willfully violating the conditions of their using the resources. Even if they're smart enough to avoid the viruses and popups and such, they're opening up the computers to risks the administrators have deemed too high.
Students who willfully misuse school resources, in the case of almost everything, are subject to discipline up to suspension or expulsion for most things. In the case of computers, they're not just doing something that could hurt them, they're potentionally hurting everyone at the school.
Consider if it were a work environment. In most workplaces, even looking at porn on your own computer is considered "creating a hostile work environment" for anyone who works there, since you have no expectation of privacy at a workplace. Infraction of workplace rules is punishable by up to and including termination. Convert that back to a schoolplace, and at least you get to come back to school.
The computers aren't there for your personal enjoyment, they're there as tools of learning for the student population as a whole. There is nothing "educational" to be gained by browsing Facebook or MySpace, or reading your personal email, or anything the school has explicitly decided you shouldn't have access to. If you feel you should, there should be a policy in place for reviewing and allowing or denying access.
Just cause you CAN do something doesn't mean you MAY or SHOULD. You can steal from shops, kill people, and sleep with your brother's wife. You probably may not or should not do any of those things, though.
Seriously, if you're going to go intentionally getting around rules that have been put in place, why are you complaining about being disciplined when you get caught? Chat with your MySpace ho's at home, leave the school computers for people doing real work.
This space for rent. Call 1-800-STEAK4U
That doesn't sound right at all; the kids knew what they were doing and they were doing specifically to circumvent what little security there may have been, but that doesn't make the violation of the rules "less bad."
I may be an idiot if I forget to lock my door, but the criminal that comes in and steals my TV is still a criminal and still needs to be punished for what he did wrong.
The thief knew what he was doing was wrong, the students knew what they were doing was against the rules. It's really that simple.
Stupid sexy Flanders.
I speak as a school sysadmin. I am not lazy, I am overwhelmed. The same goes for my district admins. I cannot possibly close every last security hole in the over 600 computers I am ultimately responsible for. The task is too large. Either way, the rules were written and most likely(as is the case in the school where I work) students signed off on a form or booklet that said they would agree to abide by these rules. These rules include appropriate network use. The fact that a security hole is not patched, does not negate the signed agreement by said student(s) who signed an agreement that they would not do it and said agreement lists punishments (at least at my school) that will be meted out in response to breaking of said rules. Therefore the fact that a security hole is there does not give a student the right to breach it or use it to their own advantage.
At my school, we encourage students to report such breaches to us that they discover (and they are guaranteed not to get in trouble for the discovery) so we can improve our security. We like to try and keep the kids who are good at this stuff on our side in this way but if any student should use such a breach to their advantage in the way this article describes and they get caught, there will be consequences...not 1 month suspensions generally but still a message needs to be sent.
As an earlier poster in this thread said, part of being in school is teaching students how to respect boundaries. Same poster also said correctly that similar actions as an adult lead to far more serious consequences such as loss of job or worse.
...quicker, easier, more seductive the darkside is...but more powerful, it is not.
If you outlaw proxies only outlaws will use proxies.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
If the fundamental argument for the use of the proxies and security in schools is that the students are youths, to be protected from the corruption of the internet for the very reason that they are impetuous and easily led astray at this tender stage of their life, then it's inconsistent to punish them for the failures of those measures.
Clearly, the systems exist to protect the corrupt society from idealistic youth who are not materially benefited by the society. But it's a hard sell politically.
Thus this ridiculousness.
-1 Uncomfortable Truth
I was shocked reading the content of the slashdot posting! I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. Read that again. This person is blaming the administration for allowing him to do something that was against the rules. Perhaps he would like to be chained to his desk so that he cannot get up, move about, disturb the class, and get in trouble with the teacher?
It's so absolutely outrageous that I don't know where to begin discussing how terrible it is. He's asking for a nanny state (most Slashdotters seem to think that a nanny state is bad). He's asking for stronger censorship on the part of the school (blocking access to proxies). He's asking for the admins to change the computer security settings so that he isn't capable of doing something that he knows will get him into trouble. It's truly insane, and honestly, it sounds like someone managed to troll Slashdot into fighting for these absurd things by appealing to the "OMG, highschool kids have no rights!" crowd.
The thing is, In real life, the employer makes rules, if you don't follow them, you can lose your job. If something gets damaged in the process, you can have to pay for it. It doesn't matter how stupid the sys admin or the rule is or how lazy for that matter, it is their property you are using. And If I had to constantly check and change stuff to make sure your not going somewhere your not supposed to be on the company network, Guess what, you don't have access anymore and you will be lucky to have a job. You are costing the company money they shouldn't have to pay. Plain and simple.
Employers and schools aren't like your parents were they have an obligation to keep you around. If you want to violate the rules and treat someone like shit, stay home and live off your parents. Cause you will get fired or suspended anywhere else. And in some cases, you could be out some money with lots of bad credit following you around.
I don't think anyone who isn't related to the owners of a business or fucking one of the owners can seriously say they have some right to poke around where the company says they don't (this include bypassing a proxy or Internet restrictions). And IF you seriously think your too important to get fired, Keep it up, they just haven't found your replacement yet. But as soon as you start costing them money, you can bet they will look even harder.
I'm a student at a Burlington Catholic High School in Wisconsin, and the security there is lacking. In fact, many students, including myself were all punished simultaneously for using a student made bypass proxy (quite ingenious). The site was blocked as soon as they caught some idiot looking at ebay, but I often used this bypass for school purposes, to access web sites like ancestry.com for use with genealogy in a history class. Hundreds of pages, if not thousands, are blocked as "personal pages" that contain very informative content. So, I was banned for four weeks from use of a school computer (along with other students) for accessing content that was/wasn't blocked by Bess, the school security proxy.
I found it hilarious that I was banned for four weeks though. First, the website had a username/password on it, so technically they still do not know whether or not it truly was a bypass system. Secondly, other than ONE STUDENT on ebay, they cannot prove that any other students accessed unprivileged content. So, they just banned everyone who accessed the website (no matter what they used it for) for two to four weeks.
Students should not be punished for School insecurities, administrators should be punished for insecurities. So now, I just use a different bypass website, well, more like 10 different ones.
Sounds good if the company never requires me to do a job that can only be reasonably completed by bypassing their network restrictions. Say, I need to connect to an outside database with my special debugging client to find out why the customer's application is not working. The logical way to do it is to tunnel through an HTTPs proxy, but this is presumably against company's policy - they meant to block all traffic besides web browsing. Say, I call you at 2am on Sunday and ask you to reconfigure the network for me, since the customer is getting impatient. Given that it takes you great trouble and expense to even "visit a workstation in person", I doubt that you would solve the problem before the customer gets pissed and drops the contract. In this case, give me a good reason why YOU shouldn't be promptly fired and the $10M value of the contract charged against your paycheck?
I never saw a company that accepts its own security restrictions as a valid excuse for not doing the assigned work.
Well, Chances are you won't be hired at this company. All the software they use is purchased and not developed on site.
But in the case you are working there and need something like that, All you have to do is inform someone you will need the access with a decent reason for it, and you will have it. It isn't very hard, All you have to do it give someone VPN access to the part of the network that isn't restricted and off you go. But remember one thing, Everything you do will be monitored and logged so visiting smut sites or doing your on line banking from work isn't a good idea. Surfing Slashdot for hours on end and then billing the time isn't a good idea either.
The costs to administrate the network and everything involved has been cut by two thirds after restricting were people can go and such. We had a few people quit in protest but only one actually left and word is he had another job waiting before throwing a fit. Virus problems have been almost nonexistent, Slowdowns and downtime from Spyware and stuff have almost been completely eliminated. Mysteriously, Problems with computer crashing and general repairs have been almost completely eliminated. Employees are more productive and they are making more money (through a combination of profit sharing and small raises). It is something else when you look at a controlled network like this.
You have a very valid point, but I have one caveat:
Heres the story:
1) Day 1: Ask Teacher To Unblock Site
2) Day 3: Teacher Eventually Asks Admin to Check it Out
3) Day 5: Project is Due
3) Day 6: Admin has to verify this is OK with school board
4) Day 15: School Board Meets
5) Day 30: Admin gets the go-ahead
See the Problem?
ERROR: SIG NOT FOUND (A)bort, (R)etry, (F)ail?:
Bull! Before someone claims that schools should block 100% of the "bad sites" out there and that not doing so gives students the right to use them, try this:
Now ask yourself... how much time did you just spend doing nothing but blocking proxy sites? Do you think it would be easier/harder if you had 1200 kids who might or might not be trying to find proxy sites instead of 6? Would you be willing to spend that much time every day? (New proxies appear constantly you know.)
And in the end is it which important? That you stop every kid who wants to break the rules and an agreement *that they signed*? Or that your firewall is set up right, the servers work, all 600-1000 PCs are up and running, Windows is patched, networking is Ok, Internet access is working, the servers hard drives aren't filling up, etc.?
I could probably do a fair job of blocking almost every proxy out there if only I spent 1/2 of my day every day working at it. But why? When did "You didn't stop me" become the same as "I'm allowed to"?
What if life was like that? Someone stole your bike? Sorry, we can't punish them. You may have had a lock and chain on it, but the chain wasn't resistant to acetylene torches. You didn't take full precautions.
Someone broke into your house and stole your computer? Yeah, we caught them but had to let them go. Why? They said that your doors and windows were locked but that they smashed your bedroom window with a rock. A rock they found in your yard. You should have either used break-proof glass or removed every rock from the yard. Your security was too flawed so we had to let them go and keep the PC too.
If Linux or mac could run the programs that need run, they would be there too. And no, I didn't decide to babysit, I don't make the rules. I just follow and implement them.
Maybe some day when your network is something more then your mom's cable connection, you will understand that people take jobs at places and have bosses. And these places with bosses have certain requirements and you cannot just change the stuff on your own.
Viruses infest systems because of security holes. Students do not access proxies because of security holes, students access proxies because of information censorship which they disapprove of. The proxies are external information portals, and are not under your control. They simply route information from one place to another, providing a different means of accessing information. Therefore an attempt to block access to proxies is NOT a security issue and is ONLY a censorship issue.
We need to be more judicious in the language we use to discuss these issues so that it is more clear what we're really talking about.
In relation to this article, students should not be punished as if they committed a security violation, because they did not. They at worst violated a censorship policy by viewing information that violates school policy.
Should the school system have harmed my education to stop me doing those things?
Now pretend my education didn't matter, and all that matters is that the school maintains order and security. Even by those standarsd, it is counterproductive to mete out disproportionate punishments. Teachers and school officials shouldn't try to pretend that they have more control than they do. Whether they like it or not, they are dependent on the judgment and good will of the students. Those are the fundamental elements that ensure the security of the school. Teachers and school officials are responsible, as leaders and educators, for fostering those elements.
Making punishment proportional to the real damage or danger incurred helps maintain trust and good will. It lets the kids know that the teachers aren't just arbitrary fascists, and it funnels them towards mostly harmless mischief. There were a handful of teachers at my school who could issue serious rules that we would obey even if we didn't agree with them. Those were the teachers who weren't really threatened by our harmless mischief. We knew they would punish us if they caught us, but we also knew they were concerned for our well-being, our education, and the well-being of the school, not their own authority. Mostly they just rolled their eyes and expressed mock exasperation when they found out about one of our pranks but couldn't pin it on us. When those teachers spoke seriously, we listened and obeyed, even if we felt they were being harsh or unreasonable. They had real authority over us, which we freely granted. (We also liked those teachers enough that we never risked getting them in trouble, unless they were in on it.)
The teachers who wanted to control us by establishing authority, who felt
That's a trick question. Of course they should secure their computers. Failing to do so, however, does not diminish his culpability. I don't think that failing to put a BIOS password on the computers constitutes an creating an attractive nuisance.
It's very simple. The only thing the article accuses them of doing (and by article I am using it in the same context that you yourself did) is the use of proxies. As the use of proxies is sufficient to bypass most filters (which websense is), and as the use of proxies often requires nothing more than a functioning web browser, there is nothing about using a proxy which implies any security violation.
And I, despite feeling alone in the belief, still support the principle of presuming innocence in the absence of evidence to the contrary.
I know it's in vogue to claim that schools just want to control kids and stick them in little boxes. I'll admit that sometimes colossally bad decisions are made at a school or some seemingly arbitrary new school rule is added. But the truth is that there may be more behind what is done than you realize. Still, it's a fact that school and district admins are just people and sometimes people make mistakes even with the best intentions.
To be perfectly honest I would love to do away with filtering. I have things to deal with besides whether Johnny has the ability to see a nipple on images.google.com or if Cindy is sending emails to her new Lesbian girlfriend she met online who lives in another state. There are four things that stop me from yanking the filters and giving everyone unrestricted access:
Since I've been asked this offline I'll assume someone is going to ask here... "What's wrong with #4? Their parent's taxes pay for the computers, Internet access and even your salary!"
True, but so do the parents of all of the kids who can't get time on a computer to work on actual homework. I bet the parents of the kid chatting away every one of his study periods expects that their tax money is going to educate their children... not to let them search for Britney Spears look-alikes naked.
Nobody is shutting down web sites. Nobody is telling you that you can't watch videos of some chick getting it on with a horse. Nobody is censoring anything. You are free to view/read what you want online in your own home with your own computer using Internet access that you or your parents pay for. We're just saying, "No, not here, not with things funded by the public for the purpose of education." Schools aren't (and shouldn't be) your private ISP.
A great altruistic ideal and goal. But the truth is that a fair amount of time is spent educating students in our district about not only what they should and shouldn't do online but why. Things are taught like how it might affect their future career if they view porn at work, etc.. I believe that with a large percentage of students that is enough and they won't intentionally go to sites they shouldn't.
But if you take 1200 kids in one school and just say "shame on you. It's naughty for you to do that and here is why..." then there will still be enough wasting computer time to keep those who want to learn and do their homework off of the PCs.