Enforcing Acceptable Use Policies

Revised and Updated by Max Uhls, Highland High School, Highland, IL

Original Written by Jim Peterson, Bloomington School District, Bloomington, IL

Introduction
"We may have been great fools to develop the post office, to invent the newspaper and the railway; but the harm is done--it will be our children who will see it; we have created a Frankenstein monster at whom our simplicity can only gape." (as quoted by American-born author Henry James, late 1890s)

Although the installation of filters, desktop and network security packages, firewalls and other hardware and software are important in protecting users from technology ailments and misuse, issues arise with information technology in schools that cannot be controlled by hardware and software alone. When most school districts install networked computers, and connect them to the Internet, there is a specific purpose in mind: to enhance the educational opportunities and resources for its staff and students. Because they sometimes allow free rein to extensive and hard-to-predict influences, new technologies can be intimidating. Society, however, has experienced this before, and with common sense and a few basic safety measures, students (and teachers) remain very resilient. One of the most essential and effective precautions is an Acceptable Use Policy (a.k.a. AUP).

An acceptable use policy is a standard document that allows the district to outline the rights, responsibilities and authority of its network. This paper explores the components of acceptable use policies and the ethical questions that they raise.

Acceptable Use Policy Components
A well-written Acceptable Use Policy concentrates on conscientious use of computer networks, including the Internet, and access and broadcasting of information to K-12 classrooms and the media center. Different features of an AUP may exist. Some include authorization for access and use of the Internet (and other District resources). Others may include a clause which may require consent to publications of a child’s work on a District’s web pages. Many include a form for parents to sign, permitting the display of their child’s image on District web pages. Most include all three clauses. Once a policy is approved by the board of education, collective bargaining units, or other entities, the policy is distributed to all staff and students for their signature of acceptance prior to using the network resources. Students are often required to provide the signature of their parent or guardian. Most Acceptable Use Policies include the following components:

Outlining Terms and Conditions
Most acceptable use policies begin by outlining the terms and conditions of the policy, including:

Acceptable Use – This section presents a broad-based definition on what is considered acceptable network use. Common language includes "the purpose of the network/Internet is for the purpose of education, communication or research and be consistent with the educational objectives of the school/district as set forth in written board policy."

Privileges - This section makes a statement about the privilege of network use, the right to revoke privileges, and the designation of authorities to revoke such privileges. Common language includes "The use of the District’s Internet connection and computer resources is a privilege, not a right. Inappropriate use will result in a cancellation or limitation of those privileges. The system administrator will make all decisions regarding whether or not the user has violated this Authorization and deny, limit, revoke, or suspend access at any time; his or her decision is final. Any administrator, teacher, or employee of the District may suspend a student’s access to the Internet or computer resources of the District until the system administrator has made a use/access determination."

Due Process - This section is included for those users who may question the revoking of privileges. Common language includes “Users who disagree with the decision made regarding whether or not an employee has violated the AUP may appeal such decision through grievance procedures of collective bargaining agreement."

Unacceptable Use - This section is often included to demonstrate examples of unacceptable use. Language may include "Unacceptable use should be defined but not limited to, nor attempt to state all required or prescribed behaviors by users. Examples of such include:

Personal Use - A personal use clause is often included to encourage and facilitate the use of network technology by users. Common language includes "For purposes consistent with this policy; employees are permitted reasonable use of the network for personal use provided that such personal use does not interfere with or disrupt the educational process or the normal operation of the school/district and that such personal use does not violate any of the policy provisions."

Network Etiquette – This section addresses the expectation of users to abide by the general rules of netiquette. These include, but are not limited to, the following:

General Conditions and Information - Often, the acceptable use policy will also include general statements of conditions and information about the network within the acceptable use policy. Common elements and language include:

No Warranties - The District makes no warranties of any kind, whether expressed or implied, for the service it provides and will not be responsible for any damages an individual suffers. This includes loss of data resulting from delays, non-deliveries, missed deliveries or service interruptions caused by its negligence or your errors or omissions. Use of any information obtained via the Internet is at a user's own risk. The District specifically denies any responsibility for the accuracy or quality of information obtained through its services.

Indemnification – The user agrees to indemnify the District for any losses, costs, or damages, including reasonable attorney fees, incurred by the District relating to, or arising out of, any breach or violation of this Authorization, District policy, or rules and procedures.

Unauthorized Access - Users shall not tamper with or attempt to gain access to computer data for which the employee has no security authorization. This includes, but is not limited to, financial, employee, or student information. If the security level of a user is in doubt, he/she is to contact the appropriate administration.

Vandalism - Vandalism is defined as any malicious attempt to harm or destroy data of another user or any network. This includes, but is not limited to, the uploading or creation of computer viruses.

Security – Network security is a high priority. If you can identify a security problem on the Internet, you must notify the system administrator or Building Principal. Do not demonstrate the problem to other users. Keep your account and password confidential. Do not use another individual’s account without written permission from that individual. Attempts to log-on to the Internet as a system administrator will result in cancellation of user privileges. Any user identified as a security risk may be denied access to the network.

Violation of Policies - Any user who violates the policy shall be subject to disciplinary action including, but not limited to, written warnings, suspension wihout pay, or dismissal in accordance with the applicable provisions of the appropriate entity agreements or school code. In addition, if a user's conduct violates federal or state laws, the user may be subject to prosecution under such laws.

Issues Regarding AUPs

Vague Language
The language found in most AUPs is broad-based and not entirely specific. Phrases such as "including, but not limited to" or terms, like "inappropriate" embedded throughout the acceptable use policy are often considered vague. This is often used as a protection for the school to include an array of technology misuse instances - especially those that have yet to be defined. This often becomes a point of contention with users who may violate such policies as illustrated by a number of cases in state and federal courts. Nancy Willard, author of K-12 Acceptable Use Policies, writes "Rules that do not provide sufficient clarity can be attacked on the grounds that they are unconstitutionally vague. Courts have declined to apply criminal standards for the determination of vagueness in the educational environment because it is recognized that school officials need flexibility to respond to the unexpected and school sanctions do not reach the level of criminal sanctions. Courts have upheld as sufficiently clear such terms as ‘willful disobedience, ‘intentional disruption,’ and ‘vulgarity’ in a school setting."

Annotated Web Sites

http://www.pen.k12.va.us/go/VDOE/Technology/AUP/home.shtml This site is an online "handbook" of resources. Since schools are at various stages of implementation in the use of computer networks, this electronic handbook does not prescribe a single Acceptable Internet Use Policy. Instead, it provides links to various sources of information that may be helpful to administrators, teachers, library media specialists, and parents in the development of a local AUP. The handbook provides links to sites that contain information on The Components of an AUP, Sample School/Division AUPs, Samples and Templates for an AUP, and Resources.

http://en.wikipedia.org/wiki/Acceptable_use_policy A site that introduces what an AUP is and links to example AUPS and also a well-written e ssay on AUPs of educational organizations

http://yahooligans.yahoo.com/tg/aup.html A teachers guide to Acceptable Use Policies

http://www.education-world.com/a_curr/curr093.shtml The Acceptable Use Policy (AUP) for Internet use is one of the most important documents a school will produce. This site will help educators develop an effective Acceptable Use Policy.

http://responsiblenetizen.org/ A web site that declares itself the Center for Safe and Responsible Internet Use

A Legal and Educational Analysis of K-12 Internet Acceptable Use Policies

Last Updated: 08/02/2005