CHAPTER 3 ACCEPTABLE USE POLICY

CYBER SECURITY FOR EDUCATIONAL LEADERS: A GUIDE TO UNDERSTANDING AND IMPLEMENTING TECHNOLOGY POLICIES

© Routledge Richard Phillips and Rayton R. Sianjina

ACCEPTABLE USE POLICY (AUP)

AUPs are written agreements signed by users that state specific rules and regulations for technology use.

Outline possible punishments and penalties if technology is used inappropriately (iSAFE, 2011).

According to Standler, AUPs have three goals: 1. Educate 2. Provide legal notices 3. Protect the organization (lawsuits and viruses)

(Standler, 2002)© Routledge

MAIN COMPONENTS OF AN AUP

The Media Awareness Network (2011) lists the following components of an AUP:

An explanation of the availability of computer networks to students and staff members in your school or district

A statement about the educational uses and advantages of the Internet

An explanation of the responsibilities of educators and parents for students' use of the Internet

A code of conduct governing behavior on the Internet

An outline of the consequences of violating the AUP(Media Awareness, 2010)

© Routledge

MAIN COMPONENTS OF AN AUP CONT. A description of what constitutes acceptable and

unacceptable use of the Internet

A description of the rights of individuals using the networks in the school/district (such as the right to free speech, right to privacy, and so on)

A disclaimer absolving the school district from responsibility, under certain circumstances

An acknowledgement that the AUP complies with provincial and national telecommunication rules and regulations.

(Media Awareness, 2011)© Routledge

IMPORTANT FEATURES OF AN AUP

Signature portion (VDOE, 2011)

Disclaimer releasing the industry from user wrongdoing (Media Awareness, 2011)

Policy enforcement

Data collection and alerts (software like eSNIF and VIEW (Fitzer, 2002)

Vocabulary and understandable language (Lightspeed Systems, 2011)

© Routledge

AUP TEMPLATES Many individuals and industries have developed

templates and guidelines to model AUPs.

Wentzell states that every AUP should include the following: Philosophies Goals Advantages and disadvantages Statements that tech is a privilege and not a right Definitions and vocabulary Statement of privacy Copyright and netiquette Personal responsibility statement Attorney review

© Routledge

ACCEPTABLE USE POLICY: LEGAL ASPECTS© ROUTLEDGE

CYBER SECURITY FOR EDUCATIONAL LEADERS: A GUIDE TO UNDERSTANDING AND IMPLEMENTING TECHNOLOGY POLICIES

LEGAL ISSUES Acceptable Use Policies are legal binding contracts

between users and industries.

The user agrees to use the equipment appropriately while the industry agrees to maintain and provide the equipment.

However, every AUP is different and is created based on the needs of the industry.

Often times when developing Acceptable Use Policies user rights and the rights of the industry conflict.

© Routledge

USER RIGHTS

In the United States the Constitution provides certain “unalienable rights” to its citizens.

1st Amendment — freedom of expression, speech, etc.

4th Amendment — no unreasonable searches and seizures, right to privacy.

14th Amendment — Equal Protection Clause, and strengthens due process.

(U.S .Const., Amends. I, IV, and XIV)

© Routledge

INDUSTRY RIGHTS

Protect the equipment/technology.

Establish levels of security.

Protect the privacy of employees and users.

(iSAFE, 2011)© Routledge

CONFLICTS

When an industry tries to develop an AUP that dilutes the rights of users the dispute is often settled by the U.S. Supreme Court.

O’Connor v. Ortega (1987) Private files of a doctor were seized for an investigation. Doctor tried to get the evidence rejected based on 4th

Amendment. Supreme Court ruled that “the operational realities of

the workplace may make some public employee’s expectation of privacy unreasonable” (Findlaw, 2011).

Allowed industries the freedom to search and was later applied to technology (Smith, Woodsum, & MacMahon, 1999)

© Routledge

CONFLICTS

Reno v. ACLU The internet is a public forum and a protected form of

speech. Strengthened Tinker v. Des Moines court case that

disruptive speech can be banned from schools. Schools can limit speech (public) if it has a reasonable

risk of disruption (Tedford and Herbeck, 2006).

Urofsky v. Gilmore College professors were accused of accessing

pornography on campus, they sued based on 1st Amendment and privacy violation.

Supreme Court ruled that since the college owned the computers then they could punish and search at will.

© Routledge

LARGER CONTEXT

Each of the cases mentioned have one thing in common … an AUP.

Rights of the users were diluted due to the protection of the industry and individuals involved.

AUPs have to be reviewed by attorneys for the simple fact that the policy and actions of the user could potentially end up in court.

Also, an attorney needs to certify that the document is in compliance with federal and state mandates.

(Meyer and Johnson, 2011)© Routledge

CONCLUSION

AUP is a series of guidelines that keep both the user and the organization informed about expectations and what actions are acceptable and what are not.

It is also important to involve an attorney due to the fact that AUPs are contracts, and like all contracts can be legally binding and can come under scrutiny, especially when they conflict with personal freedoms.

© Routledge