VIDEO PODCAST: Download It! It’s Free. Well…Not Really.

VIDEO PODCAST: Download It! It’s Free. Well…Not Really.


(upbeat music) Greetings, and welcome to
Boston Public Schools Technology video podcast on, “Download It!
It’s Free, Well…Not Really” video podcast on internet privacy. This is episode three of
our “Digital Citizenship and Safety” series. We have three guests with us today, two educators and one industry leader. My name is Nick Gonzales, and I am a digital learning
specialist for BPSTech, and I will have our guests
introduce themselves as well. We’ll start with Nilufer. – My name is Nilufer Johnson,
and I teach at Snowden. I teach ESL and Computer Science Classes. – Ingrid Skoog, I’ve been in
the security and privacy world for 15 years now moving
from government to academia, to now the for-profit world. – I’m Cynthia Soo Hoo. I’m the Principal of the
Quincy Elementary School. – Great, great to have you all here. Thank you for joining us. So, let’s get down to the nitty gritty. We’re gonna talk about internet privacy, and what it actually is and the different ways it impacts schools, and impacts students, and our
teachers, and parents as well. First thing I’d like to
talk about is privacy. What role do educators have in talking about internet
privacy with students? Phones, permissions, different
types of devices, Alexa, Siri in your room, in your house, data? How much infringement
on privacy is too much? Will it significantly change by the time our students become adults? And we’ll go ahead and
we’ll start with Nilufer. What do you think? – When I was a little girl, I heard the same advice from my mother or maybe you all have heard, never take candy from strangers. She was nervous about
all the risks out there. But today as a mother and an educator, I feel like it’s our job
to teach our students to be internet smart as
well as being street smart. Because the social medias
have become our neighborhoods, but even though there were risks outside, my mother never pulled
me back indoors saying that you can’t go. I think it’s our– we were
just told to be careful. And we learned how to be careful, and I think it’s now our
mission to teach our students how to be sensible using
technology and social media, and let them enjoy their time, you know, have a healthy experiences in their time. And maybe our kids, their generation, will be hearing never click a link from a stranger instead
of a candy from stranger. – Right, very true. – I’d say, absolutely there’s a rule that we should be playing
with the educators to teach students about this. We’re saying before that security’s been on our minds for a while now. Privacy is really gaining
steam that we care about this. I think it’s a myth that I
hear that a lot of young people don’t care about privacy,
or that privacy is dead. This notion that we can claw it back is, the horse is out of the barn. I don’t agree with that. I think that students are very
smart about what’s going on in many ways are coming
up and taking ownership of a lot of issues. They’re seeing the world and privacy is just another one on that list that I think they’re
very successful at once they understand what it is that they need to be concerned about, they can articulate really well. Here’s the line where
it works for me of, yes, companies I’m okay with you
doing this, but not that. And it’s our job to inform them and from an industry perspective, I would love to partner
with the schools more where I can to lend my expertise and I know my colleagues
feel that way too. One of my friends does an old lady’s group that she goes to retirement homes and talks to them about privacy. So we’re here to partner and help the students learn some more. – [Nick] Awesome. – Great. Yeah, so first I want to thank Nick and OIIT for having this conversation. I think it’s a very important conversation to have around downloading. So I’m at the elementary level, and many of our students
work with technology throughout the day in their classrooms and teachers can put some blocks on there. We’re on a secure network
and other things like that. However, many of them have
their own devices at home, and they’re at free range to
download or to communicate, and use those devices however they want. And even though my students
are at the elementary level, many of them do have their
own telephones, cell phones. And some applications may ask, you know, check this box if you’re
13 years or older, and they may still be
just checking it off. – [Nick] Exactly. – There’s no way to really prove
that, and they’re going in, downloading all different types of apps. Some are social, because
their classmates have it and they want it too. Which, you know, can bring some concern. So as educators, even
at the elementary level, I think it’s very important to try to help them gain
habits of understanding what is being asked of them when they’re going to download an app. What is the purpose of the app? What is their intention for using the app? What type of permissions
are they asking for, right? I think that’s very important, especially when there’s
free apps out there. – We were talking about
this a little earlier, in terms of permissions. Some of these apps, you turn
them on, you accept them, and they’re free, and some students and some kids who are well
below sometimes 10 years old, will just say yes because it’s free, but they don’t understand that when they say yes to the terms and agreement that it’ll have
access to their microphone, or it’ll have access to
their GPS, or whatnot. This begins– I mean again
this goes back to privacy. 20, 30 years ago, the idea of privacy was you have your domicile, right? You have your house and within your house, that’s your domain and that
was your area of privacy. But now with our computers,
and with our devices, with our tablets, with our phones, now it’s coming inside of our house now. So, what exactly is privacy? Because the notion of it has changed even within the last 10 years
with all the advancements that have been made with mobile
technology, and with tech. So I wonder, just like Cynthia was saying, as teachers and as educators,
and even as industry, what is our responsibility in
relaying this to our students? Is it of the utmost importance to let them know what’s happening? And to give them an idea
of they have a choice. They can download certain
apps that they want, and this is what’s gonna happen. I think Ingrid touched on this a little. – I’d say privacy– it’s
an interesting thing that we’ve talked about
everyone’s line for privacy is different so that’s important
for people to understand. But also, there’s a difference between if you have my information,
you’re targeting me, ’cause you know I want to buy
a particular pair of shoes. Well, that might be okay. I don’t mind if you’re trying to show me products I’m interested in, but privacy in terms of
self-autonomy, in that, I am choosing and making
decisions for myself and corporations and companies
don’t have enough information that they’re manipulating
me or coercing me because of information they’ve gotten. I think that’s the really
powerful thing around privacy that we want to have
autonomy over our decisions. We don’t want social
media to be nudging us and knowing enough about us to steer us toward political decisions
or how we interact with our friends and colleagues. So that’s the important thing I’d love to see our students know more about. – Yeah, and I would also
say, I think it’s in tandem. I think it’s educating
students what habits, but also reaching out to families, and letting them know that if you’re choosing to allow
your children to have devices, what are some things you can put on it? You know, can you block certain things? Are there security things that you can, what are they called, like you know, parental blocks and other things, controls that they can have. – Agreed. I totally agree, because I think it’s important to definitely go after parents and go after just educators in general. A lot of adults do not
know what’s happening. And so I think it’s going to be a multi-pronged administrations,
teachers, and parents. And I think eventually, hopefully
if we cross our fingers, it gets down to the students
at the younger level, at the younger ages,
because I think that’s where it’s gonna need to start. Especially you get the
younger kids who are in 2nd and 3rd grade when they start typing, when they start getting
onto their Chromebooks, and especially around 2nd, 3rd grade where they start to learn, develop these habits of good privacy and good digital citizenship measures. So let’s get into our second question. Now we’re gonna talk about passwords and password protection practices. And Ingrid, I’m sure you can, well I’m sure everyone can back this up. You get a new password,
and I’ve done it myself, when I didn’t know all the stuff that could be done with my password. Sometimes I put it on a Post-it, and sometimes I’d stick
it right on my computer. This was like five, 10 years
ago, but hey, little did I know that was probably the worst thing I did considering what could’ve
been done with my password. So, let’s talk about why
they’re important for our kids and why they need to
password protection practices need to be taught at all levels, right? And why are they important
to faculty and staff as well? And, let’s discuss longer
more elaborate passwords and some of the practices
that might impact how strong your password is. – Of course we hear everywhere
having longer passwords with combinations of
letters, capital, lowercase, and change them periodically. It’s so overwhelming for myself,
and I know, for many of us. It’s just like we are visiting
hundreds of pages everyday. Trying to have a single
password is like trying to carry a single key
for each door we open. It is definitely, you
know, we forget them. They’re getting too complicated. However, we need to be
very cautious about it, because of the privacy
and security issues. Everyone can have, I think, of course, big companies are doing big
password management systems they’re using, but as an
individual, as a child, or mother, or you know educator, what
we can do, is try to come up with our own homemade
password management system which could be something
really personal to you, something difficult to guess, and something you can’t
change periodically, but you can remember. I don’t know, what we should do is people have good intentions, write down their passwords on
an Excel sheet, keep in Drive, might not be the best idea, but definitely following some
best strategies out there. But I agree with you with
the previous question. As educators, as teachers
we feel so nervous and not knowledgeable enough, so I think we should
start with the educators, make sure they feel comfortable
with the technology, and then pass all these knowledge to kids. – I have so many thoughts on passwords, and how much I hate them, and
how much we all hate them. But they’re not going away. I mean, there are a lot
of things that industry is trying to improve on them,
but when it comes down to it, we all just have a ton of passwords. For me, password managers
are a key to helping us, because we just can’t remember all the different passwords we have. We have hundreds of them. And so, in order to have
unique strong passwords, I think that there are free and affordable password
managers out there, and you only have to remember one password to be able to store all
your passwords in there. That is something we’ve been telling folks all over the place. And even writing them down,
sometimes that can make sense if it’s kept in a safe at home. If that model works for you, what’s the likelihood that
someone’s going to get into that list that you keep at home. The problem is if you carry it with you. If you have it in that
sticky note on your computer, right where you’re gonna use it. That’s the problem, but there are things that we can do, share with the students and with educators and
ourselves that we can do better than what we’re doing now. – What I found helpful around passwords is finding some sort of a
system that you can use. Maybe there is like one combination
that you’re always using but changing up a little
bit depending on what, you know, what you’re logging into. So that would change a little bit. I love the idea of having
a password manager, because I find myself writing on stickies, or having a book somewhere. I started going online, but I was like, well, what if someone can get
into my documents and stuff, and then they’ll find that, right? So just figuring out a
system that works for you and also understanding that sometimes when you’re working on–
your signing into things, there are administrators and depending on what program it is that you’re working on, they may actually be able
to see your passwords. And so that’s why it’s important
to have different passwords for different programs you’re using. – So yeah. So I guess it comes down to both. I mean I think if you’re
more heavily involved in the internet and you
have a ton of passwords. You have 30 or 40 that you use. I think a password management
system would be great. But then you also have people who don’t. They have three or four, you know, they could use Nilufer’s methods as well, where if they know they have a safe place that they can store their passwords, that’s a better choice to use. That’s a better choice to go with. But in terms– how about
of making passwords? Because sometimes we have students that’ll just, they’ll use, you know, if it’s a 3rd or 4th grader,
they’ll use the word “leg” for a password, l-e-g, right? And sometimes it’ll accept. How do we instill within our students, the idea of password
encryption and how, you know, if you have a longer password, right? Versus if you have like
a nine character password versus a 13 character password. Being able to brute force get into, which means essentially
trying to enter as many words as you can within a password field. It’s much likely, more
likely, for it not to be hacked or decrypted by
having a longer password versus a shorter password. The only thing is, when
you have longer passwords they’re more difficult to remember. So, you know, how do we
instill this practice within students and educators
of having longer passwords and having more difficult
passwords to hack. – I think Nilufer brought up a great point of having numbers, and
letters, and symbols, and upper, and lowercase. But those symbols can
actually help, right? You know, where you have to
shift and put the and sign or exclamation points. I think that also adds,
or makes it more difficult to kind of figure out. – I don’t worry about the brute force, the guessing over and over so much as I worry about the pet’s name. Oh, well my cat’s name
is a great password, or “RedSox34,” that’s a great password, and I bet someone watching
will have that password, and go, oh. The commonality of things
that someone could guess that if I knew a little about you that I would think, oh,
I bet your password’s this pet name or this sports team. Those I would love to
see people get away from. – A lot of our students
just go with date of birth, because that’s officially
assigned to them at the beginning. – [Ingrid] Yeah, or
anniversary or something. Moving away from that would be a big– every year there’s a top ten list of most common passwords
and it doesn’t change much year to year. Things like, password 1234, or I love you. – I had heard this Facebook or
other social media sometimes send this questionnaires. What’s your favorite movie? Where did you meet your
boyfriend, girlfriend? And what’s your pet’s name? And then these questions, because you feel like you’re
taking a questionnaire and then they’re used to
hack into your accounts, because they are usually the passwords. – One of the tricks we’ve taught folks when we’ve worked with
them is a line from a song. That can be pretty long
and it’s easy to remember. If you pick out a lyric,
a line from a song that could be a great password. – And the use the spaces too. I mean that’s one that we took away from a citizenship training
we had here for the district where people don’t usually
use spaces in their password. – [Cynthia] I didn’t know you could, wow. – But you can, you can
use spaces sometimes. Well, most of the time I believe. – Sometimes, the rules are all different which makes it hard too. Sometimes you need those
special characters, sometimes you need upper,
lower, little drop of blood, all these different
special, do three turns. – Moving on from passwords, this is gonna actually come
back into sensitive information. Let’s talk about phishing,
and what phishing is, and how important it is for
our faculties and students in our schools to know what phishing is and the scams that are out there. So first, can I have someone– Ingrid can you explain what phishing is? – Sure, so phishing is most often when someone is trying to get
your login, your username, and your password so that they can get into your bank account, or get into your social media account, and it’s this way of trying to trick you into giving that information up. – Is this important for schools to know? Is it important for our
students and teachers to know? Thoughts?! – Oh, absolutely. We are working with
confidential information, we are working with students on IEPs, very confidential information. We have to be very alert. Luckily, I think it is
managed by the center that our emails go to spam if
there’s any phishing emails, and sometimes if there are
risky activities going on, we get notifications which is great. But as individuals, I think
it is important to be, you know, like street
smart, internet smart. We have to be smart. When we see a person out on the street that doesn’t make us feel comfortable, maybe something he says
doesn’t sound right or the way he looks, the way he dresses, and we say, you know
what, I should be cautious about this person. And it’s the same thing about phishing. Usually they come with emails
and just to be careful. Does this email sound right to me? Is it from someone I know? Usually we don’t know the people, the address looks like
something we could trust. Like instead of “bostonpublicschools.org,” it’s from dot com “BostonPublicSchools.com.” It’s sounds almost right,
but it’s not right, and sometimes they’re
using our human feelings. Like hey, this is time
sensitive you need to help. And as default, we want
to help people, right? So clicking one thing
could be very dangerous, so just to be cautious and pay attention to these little things could help. – Yeah, I absolutely agree. You brought up something earlier, too, around strangers, and
stuff like that, right? It’s knowing who’s sending it to you, checking for those little things like, is it the exact address,
or is one letter off? Did they change the order of the name? And what information are they asking for? If you feel like it’s anything private, that could lead to
giving away your password or most of them are asking
you to change your password. Just being very, very clear
in what they’re asking for. And figuring out why
they’re asking for it. At BPS we can always just forward that email to someone and just say, is this legit, what’s happening here? – A lot of students can spot phishing, because they’re born in,
they’re digital citizens, they’re born into tech,
I guess you can say. And a lot of them think that they can spot phishing
scams right off the bat, but some phishing scams are so good, it takes five sometimes 10 minutes to actually analyze the
entire page and say, oh, this isn’t the actual page. There are really good
phishing scams out there. So I think a lot of students
think they know more than they do. Especially high school students, but I’ve seen the case where
that’s not actually true. – Someone will fall–
we’ll all at some point, have a weak moment, be in a
hurry, fall for something. And that’s okay, it
doesn’t make us stupid, or anything, but it’s
important that when you know if you have that realization, I’ve put in my credentials
where I shouldn’t have, that you reach out to get help. It’s not embarrassing to
say, I did something wrong and let’s fix this quickly. And also if you do have that, stop and think, and pause, and this seems like it has a sense of urgency,
or it doesn’t seem right. Check out a band, don’t rely on the email, call the person, or text them, or take some out of way of saying, hey, Nick, did you send me this thing that’s asking to change my password? And that can sometimes really help you. – So the last topic I’d like
to talk about is data breaches. And we’re gonna focus
specifically on schools throughout the country that have students who many times, well most all
the schools I’ve worked with, have a lot of students
that know a lot more than the faculties do about technology. And a lot of times I see these students help in some way or another the faculties and administrations within schools. And some schools around the country too, we have these formations of tech teams. These teams that are being
educated on how to use tech, and they’re going out and
helping the administrations and the faculties within these schools navigate their technology. And so, many times these
students are given information that is really sensitive. Sometimes it’s the case
that this information is given over to students
unbeknownst to the people who gave it to them. And so, how do we mitigate this? How do we send the message
out that it’s great to have, this is a great idea,
this is a great concept to have students actually help
teachers and administrators, but also there’s a positive side to it, but there also could be
a negative side to it. What to do in this situation? Cynthia, do you want to start? – Sure. So– I wanna go back and say, so when we’re logged onto things, right? We share many devices as well. So there could be
breaching in that way too, where we’re not logging
off and so when others are getting on to that same device they may automatically be able
to get into your information. But around breaching, and
yes, many of our students are definitely in the digital age, and we have these tech teams
and we may think it’s harmless to give them login information so that they can help
us complete something or organize all of our
student’s presentations or something like that, and not realize that with that one password,
they’re able to get access to all of our other information. So I think that’s very
important to think about when you’re giving students
these responsibilities. Is there a way that we can
give them a separate access to complete the same thing
that you’re hoping for. – That really drives to what
I’m focused on privacy now is the views and the access you have. You only want people to be able to look at what it is they need to do. And so maybe you do have a case where you need to have a student help you, but you could change your password after. So you’ve seen them use it and help you, but then they can’t get back in later. Or have a different kind of log in, depending on the technology you’re using, understanding with your support folks, hey is there an account
that this student could use to only see this material and help me, but not have that broader, wide view. – Sometimes it’s not
even that sophisticated, we take attendance, stay logged in, walk out of the classroom for a second, it’s vulnerable, right? Data is vulnerable to
student or anyone’s action. You know, we grew up with
this phrase of time is money, time is money, time is money, but now, what I observe is the data is money. So the data is so important,
information, any information about you could be very
important for other parties, for their benefit. It could be your location,
your interests, your school, your medical records, everything. Since the data has become so
valuable and so important, we need to be more cautious
about how to protect, how to handle it. Not only people who provide
the data needs to be educated, such as, you know, if the
parents provide us data, students themselves, teachers, us, and people who handle the
administrators, the teachers, and in your case, you know, example students sometimes
handle this data. It’s very, very vital,
because it’s no game anymore. It is so important. People are paying you for your data. We have to be very alert
and smart about it. – Right, right. People are paying for data, and people can sell social
security numbers online, you can sell birthdays online. There’s a lot of things
you can do with it, that sensitive data that
some students can get, and not to say that that’s happening, but it’s just as a potential. And so, yeah. – Even surveys now, right? We don’t take surveys anymore
without any, you know, like if you’re not giving me a gift card, I’m not completing, sorry. Because it’s my data, right? It’s my information. The times are changing
so we have to catch up. – And they’re changing fast, right? So that’s gonna do it for our, “Download It! It’s Free…
Well, Not Really” video podcast by the Digital Learning Team
at Boston Public Schools. I’d like to thank Nilufer
Johnson of Snowden High School for joining us. – Thank you. – And Ingrid Skoog, Industry Leader in Information Security
and Cynthia Soo Hoo, Principal of the Quincy Lower. And Nikolas Gonzales of
the Digital Learning Team, Digital Learning Specialist here at BPS. Thank you so much for
joining and watching. (upbeat music)

Leave a Reply

Your email address will not be published. Required fields are marked *