I am working on a committee developing school technology “security” procedures. We need feedback about web filtering standards. (The Libertarian committee of my personality tells me that we shouldn’t have web filtering. For those interested in understanding mindset theory see an analysis here. My political committee member tells me that web filtering is required by politicians to answer the fears, whether justified, of parents about Internet in schools. This posting is not to contribute to the debate about filtering, but rather inform schools how they can address the basic principles of its implementation.)
Here is the issue: In developing a rubric about school technology “security” issues, how should we inform schools the various levels around web filtering. The rubric includes many other issues. This topic is one. The rubric has four levels, already decided, and they cannot be changed. Basic is the “lowest” level in rubric, advanced the highest. The work of the group now has the following actions:
- Basic: — Web filtering has been implemented to meet the requirements of local policy, state laws, and federal laws.
- Developing – Web filter logs are reviewed regularly to note use and determine adjustments in categories.
- Adequate – Users can request modifications to web filter blocking for school use; requests are reviewed and action taken within 48 hours of request.
- Advanced – School employees have overrides to web filter for school purposes.
What are we missing? Please respond in the comment box below.
If this is suggestive that the levels build upon each other it would not work, at least for us. I could answer advanced becuase we do have that capability and use it but #2 does not apply: Web filter logs are reviewed regularly to note use and determine adjustments in categories. We do refer to log filters for “evidence” when incidents are reported or suspected, but do not review them regularly looking for incidents.
If you are able to check all that apply, I could check 1, 3 and 4.
I echo Marianne’s comment. Perhaps the category names could be “Basic”, “Proactive”, “Reactive”, and “Autonomous” (or something along these lines). And the response is select all that apply.
I would also echo Marianne’s comment. The rubric doesn’t build upon each level. A “check all that apply” would give a good picture of how a school district manages filtering.
If you are looking for other possible levels I would add granular. We have different levels of access for different users: Filtered for students, Open for some administrators and modified for teachers who request access to sites not generally available to students, but still with some filtering.
We currently are at Adequate. I have been at Advanced, but had faculty use that privilege inappropriately so we are back at adequate.
Our small private school is at Adequate, with teachers and students receiving different filtering. While override passwords are possible, we do not use them broadly, as keeping it from students is difficult in the long run. I think it’s important to state that as one moves up the levels, the more intrusive the filtering is for the end user (and the more work for the I.T. guy). Our users are prompted to authenticate for Internet access with some browsers and with non-domain computers. It’s great for accountability, but adds yet another point of failure for Internet access.
If each higher level includes the previous lower levels, then the categories work; otherwise you need the ability to check multiple descriptors.
We only block staff and students from what you’d call “Basic”. Three categories of our filter are blocked for everyone: Adult Content, Gambling, and Tasteless. Additionally, against my recommendations, the district decided to block students from http://www.facebook.com as if that was going to make a difference.
With everything else “open” we are able to move forward with Web 2.0 activities, including proper instructional technology strategies along with classroom monitoring and supervision.
Eric Willard, CTO
What about filtering for district owned student or staff mobile devices outside of the district firewall/filter or VPN? Advanced?
Individualized/LDAP content filtering, advanced.
Student content filter logs viewed by non tech, like a Dean.
I also think that reveiwing logs tend to come later than modification requests.