Data protection on the internet
In one of our sessions of new media, we focused on the topics of data protection on the internet, copyright issues and the protection of young children. This essay will now be about data protection on the internet and one suggestion about how teachers can work on this issue with their pupils. My new media class and the parallel course collected 10 rules concerning data protection on the internet. The rules collected at the university now function as the basis of this essay.
Reasons for teaching data protection rules
But why should we teach our students about data protection on the internet? First of all, today`s pupils regularly use the internet in their free time (see my essay about the JIM-Study). Therefore, they might encounter many instances in which they are tempted to or expected to make use of their private data. This might be the case when they use social networking tools, when they buy things via the internet, when they register for accounts, or when they simply download from websites. All these are moments in which the pupils should be aware of data protection issues. But the pupils also increasingly use the internet for school purposes even in foreign language classes. When we as teachers expect the pupils to use some online tools or the internet in general, we should teach them how to use it in a responsible and appropriate manner. As teachers are responsible for their students, data protection should not be neglected and should definitively be a topic at school.
An example of a worksheet
To start discussing the topic of data protection, I have prepared a worksheet teachers could use at school. This worksheet consists of a data protection checklist. In this checklist, twelve aspects about data protection are mentioned. In each case, they are formulated as personal statements (like “I do not publish any private data on the internet”) the pupils can answer with “yes” or “no”. Due to the use of the personal pronoun “I” in the statements, the pupils are addressed directly, and that is why they might realize that the topic is of importance for them.
Here is a screenshot of the worksheet.
Reasons for teaching data protection rules
But why should we teach our students about data protection on the internet? First of all, today`s pupils regularly use the internet in their free time (see my essay about the JIM-Study). Therefore, they might encounter many instances in which they are tempted to or expected to make use of their private data. This might be the case when they use social networking tools, when they buy things via the internet, when they register for accounts, or when they simply download from websites. All these are moments in which the pupils should be aware of data protection issues. But the pupils also increasingly use the internet for school purposes even in foreign language classes. When we as teachers expect the pupils to use some online tools or the internet in general, we should teach them how to use it in a responsible and appropriate manner. As teachers are responsible for their students, data protection should not be neglected and should definitively be a topic at school.
An example of a worksheet
To start discussing the topic of data protection, I have prepared a worksheet teachers could use at school. This worksheet consists of a data protection checklist. In this checklist, twelve aspects about data protection are mentioned. In each case, they are formulated as personal statements (like “I do not publish any private data on the internet”) the pupils can answer with “yes” or “no”. Due to the use of the personal pronoun “I” in the statements, the pupils are addressed directly, and that is why they might realize that the topic is of importance for them.
Here is a screenshot of the worksheet.
The whole worksheet can be downloaded as a pdf file below.
| data_protection_checklist_final.pdf |
At this point, I would like to mention that I can imagine different ways of using the checklist. One possibility could be to use the checklist as a pretest. Here, the pupils could test their knowledge they already have about data protection on the internet. After they have ticked all answers, they can see what they already know and what aspects still have to be learned. If the pupils tick “no” somewhere, this can also serve as the basis for later discussions. What is important is that the pupils tick the answers honestly and do not just mark “yes” for all questions, even if the statements are not true for them.
An alternative could be to use the checklist at the end of a unit about data protection. If this is the case, the pupils could check whether they know the most important aspects of data protection, and they could also see what they have learned in the previous sessions. To underline the learning process, you could also distribute the sheet at the beginning and at the end of the unit so that the pupils could compare their results.
After introducing the worksheet I created and its possible use in school, I would like to refer to the points mentioned in detail.
Publishing private data
The first statement is “I do not publish any private data on the internet. This includes my real name, my address, my telephone number, my age etc.” The pupils should be aware of this rule because publishing private data on the internet can have many negative effects. One result might be to receive lots of adverts afterwards. The ads might be send via e-mail, or the pupils might even receive unrequested phone calls. What is even worse is that there are also people who have criminal intentions. A child who has published the real name, the address and probably also the age on the internet might easily fall victim to abuse, for instance. Of course, this is an extreme example, but I think that it illustrates how important it is to cease from publishing private data on the web.
The next point mentioned in the checklist is strongly connected to the first one. The second statement says “I do not upload pictures, especially embarrassing ones, to the internet and link them to my real name”. Publishing pictures in connection with the real name might have the same negative consequences I have just mentioned. In addition, publishing embarrassing pictures (like vomiting after drinking too much etc.) and too many party pictures can have negative effects on the chances on the job market. Today, more and more employers start searching for the applicants on the web. If they find that a candidate joins many parties, this might arouse a negative impression. People who often join parties at night might neglect their job duties because they are too tired on the next morning, for example. Pictures showing someone vomiting or behaving badly also do not express seriousness or reliability.
The third aspect mentioned in the checklist still is strongly connected to the first two points. In this case, the statement is formulated as “I always use a nickname when I register for an online tool (e.g. facebook, icq, any forums). This is an important rule the pupils should remember in order to avoid publishing their real name. When using social networks, the pupils should always try to publish as little private data as possible. This is a point teachers should also consider themselves. Many teachers do not want their pupils to read any personal information about them and do not want to be found in any social networking communities. If the use an account with their real name, the pupils will find them very quickly.
Passwords
The fourth, fifth and sixth statements on the checklist now refer to passwords and are formulated as follows: “My passwords are hard to crack.” “I use a different password for every account I have.”, and “I do not save my passwords in plain text on my computer.” These three guidelines ensure that the accounts the pupils have for certain tools cannot be used by someone else that easily.
If the students should use secure passwords, they have to know how to generate them. In this context, many suggestions can be found on the internet. One page that describes many different methods and provides some examples is the following: http://www.thebitmill.com/tools/password.html#passwordbuilder
I will now present three methods that are mentioned on that page, as well. One method to create a relatively safe password could be to replace some letters by numbers that look similar. If you would like to use the password “bibliography”, for instance, you could replace the b with a 6, the g with a 9 and the o with a 0. So the final password could be “6i6li09raphy”. Another method could be to take two separate words and to mix them according to a certain pattern later on (e.g. cat+dog becomes cdaotg). The last method I would like to present is to delete the vowels of a word. By doing that, the word Marburg would result in Mrbrg. Of course, one could also make use of more than one of these methods at the same time. All of them help to make a password harder to crack because the resulting words cannot be found in any dictionary.
The rule to use an individual password for every account is important, too. If a person has managed to find out about one password, he or she would have access to all account at the same time. If every account is protected with an individual password, the damage is less severe.
Although using different passwords has many advantages, an undeniable disadvantage is that one has to remember all of them. A helpful tool to do so is a password manager. Such a manager saves all passwords in an encrypted version, and one only has to remember one single password. An example of such a tool is KeePass Password Safer. This tool can be downloaded on the page sourceforge. org (http://sourceforge.net/projects/keepass/ ). This page is especially suitable for teaching purposes as only Open Source Software can be downloaded, there.
By using a password manager, the pupils can avoid storing their passwords in plain text, and therefore, they can stick to rule number six. To show you how to install and use KeePass, I have included the following YouTube tutorial.
An alternative could be to use the checklist at the end of a unit about data protection. If this is the case, the pupils could check whether they know the most important aspects of data protection, and they could also see what they have learned in the previous sessions. To underline the learning process, you could also distribute the sheet at the beginning and at the end of the unit so that the pupils could compare their results.
After introducing the worksheet I created and its possible use in school, I would like to refer to the points mentioned in detail.
Publishing private data
The first statement is “I do not publish any private data on the internet. This includes my real name, my address, my telephone number, my age etc.” The pupils should be aware of this rule because publishing private data on the internet can have many negative effects. One result might be to receive lots of adverts afterwards. The ads might be send via e-mail, or the pupils might even receive unrequested phone calls. What is even worse is that there are also people who have criminal intentions. A child who has published the real name, the address and probably also the age on the internet might easily fall victim to abuse, for instance. Of course, this is an extreme example, but I think that it illustrates how important it is to cease from publishing private data on the web.
The next point mentioned in the checklist is strongly connected to the first one. The second statement says “I do not upload pictures, especially embarrassing ones, to the internet and link them to my real name”. Publishing pictures in connection with the real name might have the same negative consequences I have just mentioned. In addition, publishing embarrassing pictures (like vomiting after drinking too much etc.) and too many party pictures can have negative effects on the chances on the job market. Today, more and more employers start searching for the applicants on the web. If they find that a candidate joins many parties, this might arouse a negative impression. People who often join parties at night might neglect their job duties because they are too tired on the next morning, for example. Pictures showing someone vomiting or behaving badly also do not express seriousness or reliability.
The third aspect mentioned in the checklist still is strongly connected to the first two points. In this case, the statement is formulated as “I always use a nickname when I register for an online tool (e.g. facebook, icq, any forums). This is an important rule the pupils should remember in order to avoid publishing their real name. When using social networks, the pupils should always try to publish as little private data as possible. This is a point teachers should also consider themselves. Many teachers do not want their pupils to read any personal information about them and do not want to be found in any social networking communities. If the use an account with their real name, the pupils will find them very quickly.
Passwords
The fourth, fifth and sixth statements on the checklist now refer to passwords and are formulated as follows: “My passwords are hard to crack.” “I use a different password for every account I have.”, and “I do not save my passwords in plain text on my computer.” These three guidelines ensure that the accounts the pupils have for certain tools cannot be used by someone else that easily.
If the students should use secure passwords, they have to know how to generate them. In this context, many suggestions can be found on the internet. One page that describes many different methods and provides some examples is the following: http://www.thebitmill.com/tools/password.html#passwordbuilder
I will now present three methods that are mentioned on that page, as well. One method to create a relatively safe password could be to replace some letters by numbers that look similar. If you would like to use the password “bibliography”, for instance, you could replace the b with a 6, the g with a 9 and the o with a 0. So the final password could be “6i6li09raphy”. Another method could be to take two separate words and to mix them according to a certain pattern later on (e.g. cat+dog becomes cdaotg). The last method I would like to present is to delete the vowels of a word. By doing that, the word Marburg would result in Mrbrg. Of course, one could also make use of more than one of these methods at the same time. All of them help to make a password harder to crack because the resulting words cannot be found in any dictionary.
The rule to use an individual password for every account is important, too. If a person has managed to find out about one password, he or she would have access to all account at the same time. If every account is protected with an individual password, the damage is less severe.
Although using different passwords has many advantages, an undeniable disadvantage is that one has to remember all of them. A helpful tool to do so is a password manager. Such a manager saves all passwords in an encrypted version, and one only has to remember one single password. An example of such a tool is KeePass Password Safer. This tool can be downloaded on the page sourceforge. org (http://sourceforge.net/projects/keepass/ ). This page is especially suitable for teaching purposes as only Open Source Software can be downloaded, there.
By using a password manager, the pupils can avoid storing their passwords in plain text, and therefore, they can stick to rule number six. To show you how to install and use KeePass, I have included the following YouTube tutorial.
This video can also be opend with the url: http://www.youtube.com/watch?v=1UUuuqBNlNk&feature=related
General terms and cookies
Checking the general terms of websites, as suggested under point number seven, helps the pupils to decide whether they enter personal data or not. Often, websites save the data longer than necessary. In some cases, the data are also used for advertising purposes, or the data are sold to other companies.
The next statement is “I only allow cookies for selected websites”. This is an important aspect because cookies allow creating user profiles. If cookies are allowed, companies can see which products are looked at in online shops, for instance. With the help of this data, the advertisements displayed on the screen can be adjusted to the users` profiles.
Software tools to protect the computer and downloading issues
Point number 9 now refers to software tools a computer should be equipped with. Whenever the pupils surf on the internet, they should use some software tools to protect their computers and their data on their harddrives. On the internet, some viruses circulate that can destroy the computers or steal data. To avoid this, a helpful device is to install antivirus software and to activate a firewall. An antivirus software available for free is called Antivir, for example. This software can be downloaded on the following page: http://www.avira.com/de/avira-free-antivirus . This page offers a premium version one has to pay for, as well, so one has to pay attention to download the right software.
Besides the students, all teachers should always use these tools. If student data are stored on a computer and if someone else has access to them, it might result in severe trouble.
What goes along with the use of such software tools and the danger of viruses is that the pupils should not download documents from sources they do not know. In addition, they should also not access suspicious websites. When downloading documents from the internet, viruses or a certain spy software could be attached to them. These programs could then search for personal data on the computer and submit them to the sender of the virus. For example, pupils should be skeptical if they want to download film material which only has a size of 1kb. Normally, this is too small for a video file.
Another statement where the students should tick “yes” on the checklist is “I do not leave my computer before I have signed out of all my accounts”. This aspect is especially important when it comes to surfing on the internet in public places. Imagine you use a computer in an internet café, and you do not lock out of your e-mail account before you leave. If that is the case, the next person using the same computer can read all your mails or write messages in your name. This can easily be prevented by pressing the lock out button.
Finally, the last point of the checklist is one of the aspects that are forgotten most often. This is: “I am aware that data I published on the internet can never be deleted completely”. This point is often referred to as digital footsteps. Because no content can be deleted completely, the pupils should be very careful about what they publish online. Things that seem to be funny at first (like embarrassing pictures) can have negative effects later on.
I hope that this essay could convince you that the pupils should be made aware of data protection issues on the internet.
Checking the general terms of websites, as suggested under point number seven, helps the pupils to decide whether they enter personal data or not. Often, websites save the data longer than necessary. In some cases, the data are also used for advertising purposes, or the data are sold to other companies.
The next statement is “I only allow cookies for selected websites”. This is an important aspect because cookies allow creating user profiles. If cookies are allowed, companies can see which products are looked at in online shops, for instance. With the help of this data, the advertisements displayed on the screen can be adjusted to the users` profiles.
Software tools to protect the computer and downloading issues
Point number 9 now refers to software tools a computer should be equipped with. Whenever the pupils surf on the internet, they should use some software tools to protect their computers and their data on their harddrives. On the internet, some viruses circulate that can destroy the computers or steal data. To avoid this, a helpful device is to install antivirus software and to activate a firewall. An antivirus software available for free is called Antivir, for example. This software can be downloaded on the following page: http://www.avira.com/de/avira-free-antivirus . This page offers a premium version one has to pay for, as well, so one has to pay attention to download the right software.
Besides the students, all teachers should always use these tools. If student data are stored on a computer and if someone else has access to them, it might result in severe trouble.
What goes along with the use of such software tools and the danger of viruses is that the pupils should not download documents from sources they do not know. In addition, they should also not access suspicious websites. When downloading documents from the internet, viruses or a certain spy software could be attached to them. These programs could then search for personal data on the computer and submit them to the sender of the virus. For example, pupils should be skeptical if they want to download film material which only has a size of 1kb. Normally, this is too small for a video file.
Another statement where the students should tick “yes” on the checklist is “I do not leave my computer before I have signed out of all my accounts”. This aspect is especially important when it comes to surfing on the internet in public places. Imagine you use a computer in an internet café, and you do not lock out of your e-mail account before you leave. If that is the case, the next person using the same computer can read all your mails or write messages in your name. This can easily be prevented by pressing the lock out button.
Finally, the last point of the checklist is one of the aspects that are forgotten most often. This is: “I am aware that data I published on the internet can never be deleted completely”. This point is often referred to as digital footsteps. Because no content can be deleted completely, the pupils should be very careful about what they publish online. Things that seem to be funny at first (like embarrassing pictures) can have negative effects later on.
I hope that this essay could convince you that the pupils should be made aware of data protection issues on the internet.
