Why Are Students Liable for School Insecurity?

yamamushi asks: "Within the past few weeks, students across Boerne ISD were being called into offices to discuss the use of proxies to circumvent the schools websense system. The problem is that some of these students are being suspended from school for up to 3 months at a time. Shouldn't the school district be liable for their own insecurity? Why are they punishing so many students for something that should be handled from the district's end? I know at the time I was going to school there, I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. They refused to update any of the computers and as such I was using the same tactic till the day I graduated." While security breaches by students are something to take seriously, should school administrations continue with their knee-jerk mentality to something like this, especially at the times when its obvious that no malicious intent was involved?

DMCA-think

[pclminion]

Why bother improving security when you can just pass a law enabling you to arrest or expel anybody who tries anything funny?

After all, we all know that the most dangerous elements of our society are stopped by LAWS, right?

Re:DMCA-think

[TheRaven64]

That's only half of the reason we have laws. The other half is to codify a set of behaviours that we, as a society, consider unacceptable. Killing people and taking their property, for example, are things most people consider unacceptable, and so we have laws against murder and theft. The problem is that a lot of new laws don't represent the collective ethic of the population, they represent the views of small special-interest groups.

When this happens, it is very bad because it leads people to question all laws. If one law is unjust, why should the law have any special status if much of it doesn't reflect the will of the people? This starts to move the law from being something that we agree is fair, and will abide by because we want other people to abide by it, and turns it into something that is enforced from outside. There are only two outcomes from this point; a radical restructuring of the laws, or a police state.

Of course they should.

[Lord+Bitman]

You come into my house, I say "don't fuck with the computer."
You fuck with the computer, I kick you out.

If anything, a public resource should be more tightly controlled.
Should they fix their security issues? Yes.
Should they kick out people who exploit the fact that they don't? Hell yes.

Malicious or no, you should not be touching the school computers anymore.

Re:Of course they should.

[ZombieWomble]

Each of your arguments I find quite baffling:

With the whole "they're smarter than those who set up the system" argument - it may be possible, but we have no idea what sort of decisions went into choosing this system. It may have been simple ignorance of the level of security provided, but it may well have been details of cost, personnel and the like which prevented them from implementing a more comprehensive system. Moreover, it's quite likely that this system was never desired to provide absolute security, but rather to clearly mark out the section of the internet which is "bad", according to school policy, so pupils know full well that by going there they're breaking school rules and are liable to be punished, as these kids were.

This leads into your second point - the punishment, and it's scope. The article is almost entirely empty of context about this, and the only information we have is that 1) Kids used proxies; 2) They were punished, to varying degrees. We have no idea about the context of what happened - What were the kids circumventing the proxies to look up? How long did this go on for? Did the kids have other records of offenses which added to the severity of their punishment? I suspect* people picking up 3 month suspensions may not have been otherwise immaculate students who simply accessed some really nifty site on Newton's Laws (blocked by the evil, evil content filter denying them information) through a proxy as a proof of concept.

And then there's the last, really baffling point - You're suggesting that if you provide a service conditional on some rules being followed, you have to accept that people will break these rules? That's just a ludicrous assertion, as shown by this very story - someone broke the rules, they were punished, and are at present denied access to the system. Seems to me that one doesn't have to sit idly by after all.

* - I say "I suspect", because that is how many of these stories go when one digs a little deeper. If there's anyone with some more details on this who is able to correct me, feel free.

Re:Of course they should.

[The+Ultimate+Fartkno]

> Seriously, I can't believe you said that. Child porn? Where the hell did that come from?

Not that it's mentioned in the question at all, but I guarantee you that this is what happened.

Parent: "ZOMGBABYRAPERSONTHEINTERNETS!!1!1"

School: "What?"

Parent: "Don't you watch TV? Some man tried to buttrape Miss America on Facebook!

School: "Fine. We'll block Myspace and Facebook at school."

Parent: "THINK OF THE CHILDREN FOR GREAT JUSTICE!"

one day later on answers.yahoo.com...

ASHLEYROX: N E 1 no how to get on myspace at skool?
LiLbAbIsExIgUrL: What are prxies?
xXmandiXx: Anyone have working proxies?
PoNyGiRl: I NEED MYSPACE PROXIES PLZ PLZ PLZ!!

School: We can't block every proxy site out there, so we're just going to start suspending you if you won't stay off the fucking Facebook. Miss America got sodomized by a boar that way, you know?

Teens: WE NEEDS OUR FACESPACEBOOK!!

School: Banhammer.

Parents: HOW DARE YOU SUSPEND MY PRECIOUS, PERFECT, ANGEL DUMPLING! CALL SCANDALCHANNEL 10 AND THE NEWS CHOPPA!

School: Sigh.

Parents: Class-action lawsuit against involved party with most liquid cash.

Re:Of course they should.

[xerxesVII]

Shouldn't there be an "I'm chargin mah lazers!" somewhere in there?

Seriously, get Serious.

[rueger]

The school has rules. You break the rules, they toss you out.

Adding a computer into the mix doesn't change that equation.

There is no law that says "Oh, the rule that you broke involved the Internet! Well, that's an entirely different case!"

About Teaching Appropriate Behavior

[queenb**ch]

I'd say that I'm sorry that the kids are being punished, but I'm not. This isn't about the school district doing anything inappropriate. It's about kids doing something that they knew was inappropriate and being punished appropriately. I fail to see why anyone is upset by this. Part of the function of education is to teach children how to behave and what their boundaries are.

If they're told that these are rules, but you don't *really* have to obey them, what other rules will they choose to ignore? Will they ignore the rules about bringing weapons to school? Will they ignore the rules about bringing drugs to school? Will they chose to ignore the rules about cheating on tests?

I've seen people walked off jobs for less. If there's a proxy, it's there for a reason. If the rules say that you have to use the proxy or you can't see that site, surf it from home. I would much rather see them punished now, while the only thing they get dinged for is some time out of school, extra curricular activities, etc. instead of waiting until they're grown-ups with a car payment, a mortgage, some credit cards, and a couple of kids who get fired for doing the same thing at work.

2 cents,

Queen B.

Re:About Teaching Appropriate Behavior

[biffnix]

How so? I'll tell you - it's because the students are violating the Acceptable Use Policy that all students sign and agree to. If they disagree, then can use their parents' computers to accomplish those things that are explicitly forbidden at school (and that they are required to enforce by law - the CIPA, in fact), or find other public use computers that do not have those restrictions.

I'm not sure why folks don't understand this - it doesn't MATTER if you, or anyone else thinks that having an Acceptable Use Policy is a good idea or not. What does matter is that they agreed to it, then violated that agreement. That means they will face a consequence for that violation.

That's like getting a library card - you agree to borrow a book, and return it. If you think that because you're impoverished, or need the money to buy medicine for chemotheraphy for your sainted mother, and so sell the book and fail to return it, that you WON'T be prosecuted for violating the law, then you're delusional.

The school enforces policy that the local school board approved. The parents elect the school board, and so they delegate the responsibility to the board to come up with school policies. We DO still live in a representative democracy, after all. Sheesh.

I agree with an earlier post - it's far better to teach our youth that there are consequences for our actions, and that THEY are responsible for their own actions. Get this hard lesson learned when the only consequence is missing Grad Night at Disneyland or a big school dance, and not getting fired for violating the company AUP when your wife is pregnant, the car needs new tires, and your doctor says you need an operation.

Sometimes those consequences are things that we disagree with. Great. Go out, fight the good fight, and get those policies changed. Run for school board. Get petitions signed. Make REAL change. And find out that it's hard, thankless work.

But for pete's sake, stop with the whining!

Joe G.
Mono County Office of Education
Mammoth Lakes, CA

Re:Three months? For proxies?

[rilian4]

I speak as a school sysadmin. I am not lazy, I am overwhelmed. The same goes for my district admins. I cannot possibly close every last security hole in the over 600 computers I am ultimately responsible for. The task is too large. Either way, the rules were written and most likely(as is the case in the school where I work) students signed off on a form or booklet that said they would agree to abide by these rules. These rules include appropriate network use. The fact that a security hole is not patched, does not negate the signed agreement by said student(s) who signed an agreement that they would not do it and said agreement lists punishments (at least at my school) that will be meted out in response to breaking of said rules. Therefore the fact that a security hole is there does not give a student the right to breach it or use it to their own advantage.

At my school, we encourage students to report such breaches to us that they discover (and they are guaranteed not to get in trouble for the discovery) so we can improve our security. We like to try and keep the kids who are good at this stuff on our side in this way but if any student should use such a breach to their advantage in the way this article describes and they get caught, there will be consequences...not 1 month suspensions generally but still a message needs to be sent.

As an earlier poster in this thread said, part of being in school is teaching students how to respect boundaries. Same poster also said correctly that similar actions as an adult lead to far more serious consequences such as loss of job or worse.

Re:Three months? For proxies?

[Sancho]

Let's look at it this way. If there was a rule that you weren't supposed to go to pornographic websites on school property, but there was no software in place that censored or prevented this behavior, would you expect someone who intentionally went to a porn site to be punished? Most people would say yes. There was a rule in place, they broke the rule, they get punished.

I was shocked reading the content of the slashdot posting!

I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. Read that again. This person is blaming the administration for allowing him to do something that was against the rules. Perhaps he would like to be chained to his desk so that he cannot get up, move about, disturb the class, and get in trouble with the teacher?

It's so absolutely outrageous that I don't know where to begin discussing how terrible it is. He's asking for a nanny state (most Slashdotters seem to think that a nanny state is bad). He's asking for stronger censorship on the part of the school (blocking access to proxies). He's asking for the admins to change the computer security settings so that he isn't capable of doing something that he knows will get him into trouble. It's truly insane, and honestly, it sounds like someone managed to troll Slashdot into fighting for these absurd things by appealing to the "OMG, highschool kids have no rights!" crowd.

Re:Three months? For proxies?

[k12linux]

I have to agree with you. As a district admin, I have something to say to those who feel that because a proxy was available it's the school's fault students used it.

Bull! Before someone claims that schools should block 100% of the "bad sites" out there and that not doing so gives students the right to use them, try this:

1. Go get set up a SquiGuard filtering server or buy an expensive commercial filter or find one you can get a "demo" for 30 days.
2. Set up some PCs behind the filter.
3. Block MySpace.com
4. Spend some time finding all of the proxy servers you can and add them to the block list.
5. Now find 6 teens who are comfortable using Google and computers in general (so basically any 6 teens.)
6. *important* - Provide free Pizza it's a good motivator
7. Have three just browse the Internet for stuff they are interested in.
8. Challenge the other three to get around the filters and get to MySpace.com
9. Tell the kids to switch PCs every 5-10 minutes.
10. Go to another room so you can't see who is at which PC
11. Using only the logs and reports from your filter software, figure out when someone accesses MySpace.com through a proxy.
12. Confirm that the site really is a proxy site and not just a single page on a big hosting server.
13. Add the new site/page to the block list
14. Repeat 11-14 until you are pretty certain you have every proxy blocked.
15. Check with the teens and find out you are wrong. Go back to 11.

Now ask yourself... how much time did you just spend doing nothing but blocking proxy sites? Do you think it would be easier/harder if you had 1200 kids who might or might not be trying to find proxy sites instead of 6? Would you be willing to spend that much time every day? (New proxies appear constantly you know.)

And in the end is it which important? That you stop every kid who wants to break the rules and an agreement *that they signed*? Or that your firewall is set up right, the servers work, all 600-1000 PCs are up and running, Windows is patched, networking is Ok, Internet access is working, the servers hard drives aren't filling up, etc.?

I could probably do a fair job of blocking almost every proxy out there if only I spent 1/2 of my day every day working at it. But why? When did "You didn't stop me" become the same as "I'm allowed to"?

What if life was like that? Someone stole your bike? Sorry, we can't punish them. You may have had a lock and chain on it, but the chain wasn't resistant to acetylene torches. You didn't take full precautions.

Someone broke into your house and stole your computer? Yeah, we caught them but had to let them go. Why? They said that your doors and windows were locked but that they smashed your bedroom window with a rock. A rock they found in your yard. You should have either used break-proof glass or removed every rock from the yard. Your security was too flawed so we had to let them go and keep the PC too.