Educause Security Discussion mailing list archives
Re: CIPA Children Internet Protection Act
From: Ozzie Paez <ozpaez () SPRYNET COM>
Date: Tue, 13 Sep 2011 13:36:20 -0600
Sorry Karla and thank you for your question - I posted the entry a few days after HP announced that it was ending production of its WebOS products (tablet, phones, etc.) and looking to sell or spin off its consumer computer business. A few days later the company tried to clarify what it was doing and since then continued producing and selling its Tablet computer, while sticking to its decision. I read a range of comments and watched the market's reaction (and have continued to do so), which were not positive. Dell, for instance, quickly established a program to help HP customers ditch HP for its own solutions, which brought more attention in the media. The point of the blog is that when something unexpected happens that is likely to impact stakeholders and the media, messaging is critical to prevent losing the opportunity to influence how your story is presented and perceived. This applies equally well to situations such as kids/parents reporting access to inappropriate content. So, any story that is likely to cause the media, stakeholders, etc. to ask "Who would have thought?" is a good candidate for extra careful management of your messaging. Ozzie Paez SSE/SAIC www.ozziepaezdecisions.com 303-332-5363 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Karla Parker Sent: Tuesday, September 13, 2011 11:06 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] CIPA Children Internet Protection Act Ozzie, What announcement from HP are you referring to? Thanks, Karla -----Original Message----- From: Ozzie Paez <ozpaez () SPRYNET COM> Sent: Tuesday, September 13, 2011 9:13 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] CIPA Children Internet Protection Act Dear Bill, This is a really tough topic because so much of it is still being litigated and case law is anything but definitive. Here are a few thoughts and recommendations that might help you, the kids and your school. 1. Managing the network to filter offending sites is a great start and every institution providing these services should do this, 2. Internally produced content, which is not filtered by boundary systems, create significant risks, particularly when users can take devices with them. For example, it is illegal for any organization or person to have sexually explicit material involving minors - Mere possession is enough. This is still being litigated, but as of now, that is a risk. Such content can be injected from behind the boundary systems, so it is a real issue. 3. You need clear policies, procedures and agreements on connectivity outside your network if students will be able to connect through their home or other network. I can tell you from experience that configuring devices like laptops to filter content when connected to different networks outside of your control can be tricky and a determined user with plenty of time on his or her hands (teens come to mind) may well be able to get around controls. So, assume that one or more of them will get around those controls, then put in place processes for dealing with the situation. Messaging is critical - If you lose control of your message and it gets into the news, getting caught up is almost impossible. Just consider what happened to HP after their latest announcement. I put an analysis piece on my blog that deals with that situation and may offer some insights for you. You can get it freely (no ads or banners...) at http://ozziepaezdecisions.com/2011/08/24/who-would-have-thought/ . 4. You need to protect yourself and your organization from a potential CIPA violation. One recommendation that I strongly suggest is for you/your organization to join Infragard. It is a Department of Justice/FBI - Private Sector organization that can be of great help in preventing and responding to a CIPA violation. Get to know the FBI points of contact. They can really help should a violation take place and put you and your organization in a totally different light. 5. Be very careful if the students post information, documents, etc. and they get reviewed, tweaked and approved by your organization. There are protection for web site operators, but many of those protections evaporate if those providing oversight are shown to have "materially altered content" before it is approved. If you materially change content, then you own the content; and there can be spillover effects as there are already case law to that effect. So, you need to think your way carefully if any of the monitoring will be done by your organization. There is much more than I can address in an e-mail, but this is a really tough area. A good strategy is to start by assuming "worse case" and recovery; then work your way back. Good Luck! Ozzie Paez SSE/SAIC www.ozziepaezdecisions.com 303-332-5363 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of William C. Moore Sent: Monday, September 12, 2011 6:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] CIPA Children Internet Protection Act I searched the archives and couldn't believe I didn't get a hit on this subject. I am looking for input from a college or university that facilitates K12 classes on their campus. To put my questions in context my university has taken a leadership role and management assistance for a charter school adjacent to our campus. This includes assuming management and control of the network infrastructure (all traffic is through our network). My questions begin with are you compliant with CIPA (Children Internet Protection Act) and if so are you only targeting compliance for minors on your network or a certain segment of your network. A related question is do you continue CIPA oversight and management on portable institutional devices when they leave your network? For example controls on a laptop issued to a student to carry home. Any list or direct reply comments are most welcomed and thanks in advance. Bill William C. Moore II, CISSP, MEd, MLIS Chief Information Security Officer Division of Information Technology Valdosta State University Valdosta, GA 31698 Phone:(229)333-5974 Fax: (229)245-4349 =
Current thread:
- CIPA Children Internet Protection Act William C. Moore (Sep 12)
- Re: CIPA Children Internet Protection Act Bob Bayn (Sep 13)
- Re: CIPA Children Internet Protection Act Ozzie Paez (Sep 13)
- <Possible follow-ups>
- Re: CIPA Children Internet Protection Act Karla Parker (Sep 13)
- Re: CIPA Children Internet Protection Act Valdis Kletnieks (Sep 13)
- Re: CIPA Children Internet Protection Act Ozzie Paez (Sep 13)
- Re: CIPA Children Internet Protection Act William C. Moore (Sep 14)
- Re: CIPA Children Internet Protection Act Valdis Kletnieks (Sep 13)
- Re: CIPA Children Internet Protection Act Ozzie Paez (Sep 13)