Proposed legislation would prevent employers from demanding Facebook access

June 27, 2012

Responding to the blatant trampling of consumer’s privacy, Senator Richard Blumenthal (D-CT), Representative Martin Heinrich (D-NM) and a number of cosponsors in both the House and the Senate have introduced new legislation called The Password Protection Act of 2012 (PPA).

This act would make it “illegal for an employer to compel or coerce access to any online information stored anywhere on the internet if that information is secured against general public access by the user.”

Speaking to the proposed legislation Senator Blumenthal said, “Employers seeking access to passwords or confidential information on social networks, email accounts, or other protected Internet services is an unreasonable and intolerable invasion of privacy. With few exceptions, employers do not have the need or the right to demand access to applicants’ private, password-protected information. This legislation, which I am proud to introduce, ensures that employees and job seekers are free from these invasive and intrusive practices.”

U.S. Senator Jeanne Shaheen (D-NH), who joined in introducing the legislation said, “As Facebook and other websites become an increasingly important part of the daily lives of millions of people, we must be vigilant in protecting online privacy. This legislation provides an important safeguard for all Americans.”

Drafted with assistance from major technology companies and legal experts the proposed act is provides welcome first step in providing relief from employers encroachment on employee privacy.

However, as the ACLU points out, there are some omissions and exceptions in the Act as it currently stands that should be remedied:

  • It doesn’t protect students so schools can continue their assault on student privacy
  • It allows states to still require passwords of government workers who work with children under age 13
  • It allows the executive branch to exempt whole classes of workers and require passwords if they come into contact with classified information, including soldiers.
  • “Finally the legislation doesn’t make clear that states have a role to play. Many states have already begun to act, and we believe that it’s critical that federal legislation be a floor, not a ceiling, for employee protections.”

“This bill creates a necessary framework for guarding privacy in the 21st century,” Christopher Calabrese, ACLU legislative counsel, commented. “While the legislation contains some problematic exceptions, it does establish clear, bright boundaries when it comes to what online information our bosses can access. Employers have no business snooping on their employees’ Facebook pages, private email accounts and smart phones. Passing the Password Protection Act would be a major step toward ensuring they can’t. We’ll work with the sponsors to extend these protections to students and eliminate some problematic exceptions.”

This proposed legislation matters to each and every citizen. It draws a line on personal privacy protections and continues the dialog about the need to extend these protections in many other technology related areas – the rights of privacy and control over one’s data. The ownership of your personal information. The limits to how corporations can expose your information. And so on.

Let your voice be heard.

Take 5 minutes and contact your elected officials with a message saying “I support the password protection act”.

To find your representatives and their email addresses click here:

To find your senators and their email addresses click here:



New Infographic Highlights the Mobile Generation

November 14, 2011

Think you know how and when your college students are using their phones? This infographic from might make you think again, my suspicion is that high schoolers’ aren’t far behind.

If you’re student’s grades aren’t what they should be, this data may give you a few pointers for discussion. It’s hard to learn when texting in class yet 25% say they text in every single class period, and 88% say they do so regularly.

25% say they’ve been involved in sexting, but the healthier viewpoint is that 75% say they have not sent or received sext messages. Perhaps a bigger a red flag that the study found 50% of respondents say they check their significant other’s text history, indicating some fairly unhealthy relationships.

Generation Mobile

Student Stalking or Support – Using GPS to Track Truants

March 29, 2011

Some school districts in California, Texas and Kentucky are using a GPS student tracking and mentoring program called Attendance Improvement Management (AIM).   This service has been steadily gaining schools as clients since 2005 and has made huge fans of some school administrators and judges dealing with chronic truancy cases.

The AIM program has two aspects to helping kids at risk of dropping out or with chronic truancy. The first is mentoring, and there is a body of evidence supporting the benefits of providing additional mentoring to at risk kids.

The second aspect is tracking, by providing each at risk student with a bulky cellphone sized GPS device, and this raises a red flag for me. The ramifications of tracking students’ locations should be very carefully considered before we proceed down this path.

Frankly, I side with those who believe the GPS tracking aspect of this program is an inappropriate way to address school truancy. These kids aren’t violent criminals who represent such a threat to society that a permanently affixed GPS ankle bracelet is a needed safeguard.  If this is an adequate reason for schools to track teens every movement, what’s next?

The company points to their success results and they are impressive, but what isn’t clear is how much can be attributed to the GPS element. See the sidebar about the company’s very hands-on mentoring, and I suspect this much attention from a mentor is the real driver of change. In fact, the company itself says it is the mentoring aspect that is the most important factor in success.

I question the accuracy of results on a GPS device that isn’t firmly affixed to the user. If I had been a truant teen, I’d have just left it with a friend who was at school. If I had to enter a code periodically, the friend would do that too.  If I can figure this out, truant teens are already doing it.

I also am concerned about the motivation of the schools adopting the program. I firmly believe all schools want to help kids succeed, but what came up frequently in the interviews posted on the company’s website, as well as in the company’s own results (see below) is another, very different motivator.


When money is part of an equation about whether we should track our students’ every move, we’re in very murky water.

If the AIM program did not raise school revenues, would they still find it acceptable to trample their student’s privacy by monitoring their locations?

I’m against tracking the location of students at all. But if we somehow got past that hurdle, a host of other questions arise. Who can access that data? What if it’s hacked or abused? These devices track teens location 24/7 not just during school hours – where’s the justification for that?  What if law enforcement wants the information? Or parents? Or…

Just because there is technology to help solve a problem, doesn’t mean it’s appropriate to use it. When technology tramples privacy, it’s time to ask hard questions


8 Tips to prevent student hackers from accessing school computers

September 2, 2010

Back-to-School time means hacker-proofing school’s computers. While protecting students online safety is a must, so is protecting school computers from malicious students.

It’s an administrator’s nightmare – students hacking school databases to change grades, stealing computer passwords, infecting computers with key-stroke logging malware, accessing secure sections of school sites, posting pornography or hate content on school sites, or hijacking a school’s website.

And it is a reality schools across the country struggle with.

“Students are very, very tech-savvy. Far more savvy than the majority of adults at our school,” says Michael Wilson, the principal of the 775-student Haddonfield Memorial High where keystroke logging malware was used to discover passwords and gain access to protected areas on the school’s computer network.

School systems are uniquely vulnerable to hacking, says James E. Culbert, an information-security analyst for the 135,000-student Duval County schools in Jacksonville, Fla. “In the case of our school system, we’ve got 135,000 [potential] hackers within our district, inside of our same network that houses our student-information systems and HR systems.”

Staying ahead of would-be hackers is not a one-fix solution; it’s an ongoing process that periodically assesses new and existing threats and updates security practices.

If you’re school is struggling with hacking, or you are unsure of the steps your school is taking, review the 8 Tips to preventing student hackers from accessing school computers:

  1. Ensure school computers have up-to-date security software installed, and that it automatically updates. Be sure firewalls are set, and enforce the use of  strong passwords.
  2. Set the ground rules that outline what is (and isn’t) acceptable use of school computers, and make sure students and their parents are aware of both the rules and the consequences for hacking, harassment security breaches, or failing to adhere to the schools acceptable use policy. Talk about these standards periodically, not just during the first week of school.
  3. Leverage content filtering technologies that help prevent students from seeking out inappropriate online content.
  4. Swiftly and consistently, address any misuse of the schools computer system.
  5. Require each user – teacher or student – to use a unique login. Some schools have strengthened their networks by clearly identifying if it is a teacher or a student who is logging in. Some also time-stamp when the account was last accessed allowing teachers to quickly see if their account has been compromised.
  6. Use two networks – one for students, another for teachers and staff. This makes it harder for students to hack into sensitive information.
  7. Educate teachers, staff and parent volunteers about the school’s internet access policies so they can stay vigilant in monitoring students online use and actions.
  8. Teach internet safety and digital responsibility to help students develop a strong online ethic.

Its the start of a new school year, let’s get it started securely.


Seattle Schools To Hold Students Accountable for All Online Postings

August 27, 2010

The Seattle School Board voted this week to enact a new policy for this coming school year that holds students accountable for anything they post on a social networking site, forum, text etc., even if posted from home or private computer.

“The safety of our students and the security of our students is our first concern,” said Teresa Wippel with Seattle Public Schools, and adds that the Seattle School Board voted to approve the measure so schools can respond to kids who may be planning something on Facebook, MySpace, Twitter, or by texting that will be “disruptive”, according to a Komo News report.

At issue is what is defined as disruptive?

When Komo interviewed Wippel, she said, for example, a threat to fight another student after school, or bullying another student would be considered disruptive. When asked “But what if it’s a student saying something negative about a teacher? Is that free speech or is that disruptive?” Wipple responded “I think, again, that would be up to the principal to decide after he’s taken a look.”

The accountability policy won’t involve actively monitoring sites such as MySpace and Facebook according to district representatives. Instead, the policy is to prompt an investigation when a parent or student notifies the school or district that someone wrote something online that could be disruptive.

It’s easy to understand the intent of this policy, but there are troubling issues that need to be resolved to ensure that the intent and the reality are aligned, that privacy is maintained and that the policy remains within the appropriate bounds of the law.

The ACLU says they are taking, hard look at the district’s new policy, and this is an issue worth following.


Colleges Use Student Blogs on Official Sites to Attract New Students

October 8, 2009

Colleges across the country are beginning to embrace student blogs on their official websites as a marketing tool to help attract high school students – who are more interested in student’s perspectives than in official marketing materials.

At the Massachusetts Institute of Technology (M.I.T.) uncensored student blogs are prominently displayed on the school’s admissions homepage along with the responses from potential applicants.  M.I.T. pays their student bloggers $10 an hour for up to four hours a week, to write about whatever they think will interest teens considering the school.

Many schools still hesitate to allow unfettered student bloggers, but that attitude is changing. “A lot of people in admissions have not been eager for bloggers, mostly based on fears that we can’t control what people are saying,” said Jess Lord, dean of admissions at Haverford College in an interview with the New York Times. “We’re learning, slowly, that this is how the world works, especially for high school students.”

High schools students typically are avid bloggers and social networkers themselves, so it is natural for them to check out schools by following the blogs of students at colleges they are interested in to better understand the culture and connect with existing students and other applicants.

We have long warned students to be careful what they post on their social networking sites as prospective colleges and employers will be watching. That advice is now a two way street. Colleges beware; the days of glossy marketing materials may be numbered.