In language programs which make use of the Internet, appropriate strategies to protect the students from the risks it presents must be considered. One strategy for lowering risk factors is to implement and enforce a clear policy for acceptable use of the technology. This presentation outlines one such Acceptable Use Policy (AUP), and addresses the political and administrative challenges faced in seeing it adopted by a private Japanese jr./sr. high school.
Pretend for a moment you are a high school language instructor. Keen to empower your students and embrace the benefits of modern technology, you have successfully persuaded your school to spend large amounts of money to equip a classroom with computers and a high-speed connection to the Internet. The students are given instruction in basic computer skills, provided with personal e-mail accounts and are encouraged to communicate with their peers around the world in their second language. Motivation is high, the enthusiasm is obvious, and students appear to be engaging in productive, effective language tasks that bring out talents you never knew they had.
Then one day, looking over a student’s shoulder, you notice that she is copying down a phone number and hotel name from an e-mail message... or that she is about to double-click the “happy99.exe” file attached to an e-mail from a keypal... or that her host family has apparently sent her a nude celebrity photo as a prank, the message headers containing a hidden link to a site where other sexually explicit materials, some of it advertised as illegal child pornography, could be accessed.... or picking up a stray printout from the printer you notice that a student was using her account to arrange meetings with her college boyfriend?
Besides the obvious question - What do you do now? - other questions soon come to mind. What could I have done beforehand to prepare for such an incident? Could I have prevented this from happening? How could the student have been better prepared for this? What else is going on here that I don't know about? What have I done?
All of these examples are based on real incidents that occurred in the CALL Lab at our school. While not the motivation for implementing our AUP (in fact, they all occurred subsequent to the implementation), they provide a concrete illustration of some important issues to be considered when introducing such technologies into the classroom.
As implied above, there are numerous and well-documented risks associated with Internet access. These risks cover a broad spectrum, ranging from exposure to offensive materials, harassment, verbal abuse, and privacy violations, to malicious software such as viruses, to criminal activities such as fraud and solicitation. These are a direct threat to the safety and welfare of students and need to be considered.
In addition to protecting students from others, illegal acts committed via the school network by students could carry substantial consequences for the school itself. For example, activity violating the school's ISP service agreement could result in fines, termination of service, or higher fees. The school could potentially be held legally responsible for the behavior of students.
Besides these general concerns, some specific problems were being identified at our school. The great popularity of the Web brought an explosion of services and activities that could be accessed through a Web browser, such as Web mail, chat, and games. These Web-based services presented a challenge; students were becoming deft at manipulating several windows at once, hiding a chat or Hotmail session behind a course-related browser window in the way a comic book might have been concealed in a calculus textbook twenty years ago. Such sessions do not typically leave log entries, and are difficult to detect.
Due to the lack of a clearly defined policy, teachers using the Internet had instructed and monitored the behavior of students in an ad hoc fashion, making judgments on a case-by-case basis. Teachers disagreed on allowing students to use chat sessions, particular Web search engines, and personal e-mail. There was also confusion regarding the applicability of the rules during free access times versus use of the computers during lesson periods.
The lack of a clear policy regarding Internet usage and what constituted acceptable behavior was beginning to cause some degree of confusion, resentment, and anger among students and teachers. Students were becoming (understandably) frustrated at being told that chat was OK by one teacher and forbidden by another. Teachers were likewise dismayed to find out that they had instructed students to do something other teachers felt was not permissible.
As a result of these problems we drafted and adopted an acceptable use policy with these three goals in mind:
The policy was initially adopted during the 1999-2000 school year. Students were given a copy of the policy and a parental consent form that was to be taken home and signed by their parents or guardians, as well as the students themselves, indicating that they had read, understood, and agreed to the terms of the policy.
While nearly all the students complied with the request to sign and return the consent form, there were isolated but vocal objections raised by certain students and parents. These objections included questions about the students' right to privacy, non-academic use of the network outside of school hours, and the lack of an opportunity for input by parents prior to adoption of the AUP.
There was also some degree of resentment voiced by students who had been engaging in activities such as chat, and who felt the policy was reactionary and directed towards them personally. Students who refused to sign the consent form were denied access to networked computers until such time as they did return a signed form to the school.
Beginning with the 2000-2001 school year, the AUP was integrated into the enrollment process of the school for all incoming students. The AUP is published in the student handbook given to all students, which includes other rules and standards of conduct such as appearance, dress, and behavior, as part of the package of information given to all students in March, and the consent form is to be returned by the start of the school year in April. Students refusing to agree to the terms of the AUP are denied access to networked computers at school. As this directly interferes with their ability to complete their coursework, this could potentially result in failing a given course.
As one of the primary goals of the AUP is to educate students as to the potential risks of Internet use, the AUP is worded in a way that the students can understand, and that gives specific examples of what is acceptable and prohibited.
The policy also guides students as to the proper actions to take when they suspect a violation of the policy has occurred through no fault of their own, assuring them that they will not be held responsible for things beyond their control.
Our policy takes the form of a contract between the student and the school. Each item of the AUP takes the form of a statement in the first person, such as "I will not ...", or "I understand that...". This is done with the aim of helping the student internalize the policy, making it a personal assumption of responsibility.
The AUP and consent form are distributed with a cover letter urging the parents to read and discuss the AUP with their child, and to contact the school with any questions, concerns, or comments they may have.
The opening paragraphs of the policy statement itself provide some background and definitions to help the reader understand the policy. Examples of the benefits and potential risks of Internet use are given. It is clearly stated that the school cannot control every aspect of Internet use, and that agreeing to an AUP is necessary to make the experience as safe as possible. The student is given direct responsibility for adherence to the policy.
The consent form stipulates that the parent has read, understood, and agreed to the policy and its purpose. Two clauses specifically indemnify the school from claims of damage or injury resulting from a student's use of the Internet and/or willful violation of the terms of the AUP. These are perhaps the most critical and controversial elements of the AUP, but ultimately are only stating the ugly truth. The school cannot control everything that happens on the Internet, and so cannot be held responsible; using the Internet in its current form implies accepting some level of risk.
An AUP addresses issues that cross many boundaries, having social and technical facets that are not easily separated. For the present, use of the Internet usually implies use of a networked computer, and a large and complex skill set is required to confidently use a typical Macintosh or Windows desktop environment. What exactly constitutes launching an application or downloading a file, or opening an attachment is not always easy to understand or even define, making the task of wording the AUP an arduous one.
In choosing language and limits for the scope of the AUP, differing viewpoints among staff members often resulted in lengthy discussions about procedure and individual provisions, not to mention the ultimate goals and purpose of having an acceptable use policy at all. The consent form was especially contentious, with disagreement whether to ask for or require parental consent, and if such consent should be indicated by a signature or a personal seal. Despite finally agreeing on language, much of the policy still remains to be tested in practice, and there will undoubtedly be differing interpretations of the AUP that will need to be reconciled.
Experience has made it clear that an AUP alone is not sufficient to educate staff and students fully. There is a definite need for incorporating basic technical and social skills into any curriculum that intends to make use of the Internet, and into formal training for the staff. It is especially critical that instructors supervising students using the Internet be well trained and well experienced in both the technical and social aspects of Internet usage. Students learn and infer much from the examples and behavior of their instructors, and a teacher who displays ignorance or ineptitude on the Internet is unlikely to be able to effectively instill or enforce respect for the rules and proper conduct.
Although we feel our AUP is strong as a policy statement, it can only be considered successful to the extent that it actually influences peoples' behavior. I think that one mistake we made was not introducing the policy to the faculty in advance of the implementation, and failing to offer them training and an opportunity to become comfortable with it. As the individual homeroom teachers were made responsible for the dissemination of the AUP, the interpretations they offered their students therefore varied. Simply reading and signing the AUP is insufficient to ensure understanding and compliance. It would be better to not only review and refer to the AUP in class more often, but to actually structure some activities around the issues it addresses.
The AUP addresses risks to the safety and welfare of the students outside of the classroom as well as inside. For example, a provision of the policy forbids students to arrange real-world meetings with people they meet online. Such aspects of an AUP must mesh well with other school policies regarding attendance, appearance, and aspects of students' social lives. Problems may arise if the rationale for and/or enforcement of the various rules are different enough to be confusing, or worse, contradictory.
The AUP is also designed to minimize certain risks to the school network itself, specifically those that are dependent on uninformed, lax, or non-existent guidelines for Internet usage. A significant percentage of computer security lapses can be attributed to "social engineering" - manipulating users to divulge information that can be used to attack a computer system. The AUP takes its place among more sophisticated security measures such as hardware and software solutions to monitor, filter, and log network traffic.
Official recognition of AUPs and the broader topic of Internet Safety varies greatly from country to country. Even to this day, AUPs have not been widely adopted in Japan, and despite the Mombusho's initiatives to get Japan's schools connected to the Internet, there seems to be very little offered in the way of safety guidelines. In the US, by comparison, awareness is high, a current hot topic of debate being whether or not to mandate content filtering at public access points, such as schools and libraries.
One of the challenges facing any attempt to define what constitutes socially acceptable behavior is the large degree of variation among cultures, geographical regions, and age groups, etc.; what is tolerated in one locale may be offensive, or illegal, in another. As the Internet does not respect these borders, a school making use of the Internet could potentially find itself in an international dispute.
The legal landscape is undergoing rapid change as the law follows where technology leads. Our AUP will likely need to be amended as legal precedents and new legislation is enacted. Also, the legal obligations of an educational institution in Japan may not coincide with all the provisions of an AUP. In our case, although it was considered in committee meetings, our policy has not yet been examined by a legal expert, and could well contain provisions that would not be upheld in a legal challenge.
Although not glamorous, AUPs address a dark side of technology and the Internet that cannot be ignored. Although this may seem far from the central concerns of CALL and computer-assisted instruction, one cannot separate the risks from the benefits when introducing the Internet into a language program. It is necessary to follow through with the technology implementation and take responsibility for the messy parts.
Most instructors at the university level will not be held personally responsible for these concerns, although they still need to be prepared for incidents that may arise in the classroom. At lower grade levels however, especially where use of the Internet and its attendant exposure to risk has been at the instructors' insistence, it may be a prudent measure to examine the situation at one's own school, and work to see some sort of policy adopted.