A couple of weeks ago, I was watching a program on ABC2 called hack and they were exploring in an open-forum style the issue of privacy and the world of Web 2.0. You can see the show at
http://www.abc.net.au/triplej/hackhalfhour/programs/s2359534.htm and it is well worth the watch.
It was quite interesting, and somewhat scary, how naive even supposedly sophisticated users are.
Most were totally unaware about how much information about each of participants was available online, what a phishing attack was or how seemingly easy it is for a third party to launch a dedicated identity attack against them.
A whitehat (a hacker who works for good) explained to the crowd how a spear fishing attack can occur whereby an email is sent containing information specific to the individual being targeted and looking like it came from a legitimate source, but containing a link to a spoof or fake site requesting log on details. The site looks genuine in every respect, including styling and branding, and feeling comforted by familiar surrounds a user tries to log in and in the process hands over their user name and password to a third party who then has complete access to that person’s account. Given that most people use the same password for almost everything, a successful attack can open up a user’s email account to abuse and from there a complete identity fraud, including online banking can occur. Scary stuff! The next comments from the crowd were disheartening, ’so you can get hacked by clicking on an “attachment”‘. Yes, that is true, but misses the entire point of the explanation. You were left with a sense that still most of the crowd didn’t get it. The whitehat didn’t correct; he just sat there with a sad smirk on his face.
At the very least, every user involved in a social networking site or any of the available Web 2.0 services should be aware of how much information about ourselves we give away for free. From a training perspective this should very much inform us on what we need to be communicating to our learners.
As part of the education landscape in Australia we are bound by legislation to protect our learners’ privacy and we have a duty of care to do so. This means we need to be aware and ahead of the game when it comes to how the technologies we use work and impact on privacy.
If we are using available social networking sites such as Facebook or MySpace for communicating with and amongst our student, and this can be a very good thing, we need to be aware of who can see what and when. A gentle word that is completely appropriate in a face to face environment can very easily turn into an embarassing comment screamed out to a student’s friends, family and indeed the whole world by accident. As with most things, context is everything.
From an administrative point of view, if learning is occurring in an LMS of any description the LMS should be configured correctly. Any impartation of other LMS users’ details to other users needs to be at the user’s discretion. If we by means of incorrect settings allow open access of details between users without their permission, life is by no means rosy. And of course, contingency is also important. The question how to respond to a breach should be answered well before the likelihood of a breach taking place. One great resource is
http://www.privacy.gov.au.
Finally we need to educate those we train on how they can protect themselves. If a learner’s details are displayed in a public space or they make a fool of themselves in spaces such as Facebook or MySpace because we didn’t prepare them adequately where does the duty of care fall? What can we do to prevent such a calamity?
Now it needn’t be all doom and gloom, but we need to approach online learning and Web 2.0 with our eyes open. Failure to use the medium and tools available to us simply limits how well we interact with the digital generation. The tools available are great and incredibly useful and I argue should be used. The question is how best to do so.
I’m interested in your thoughts. What do you think about the whole online privacy thing and where do you sit? What challenges have you faced? Have you been subject to ID theft or know someone who has? How do you think we as trainers, teachers, educators, students and learners need to approach our own online lives and learning? Huge questions, but well worth the asking.
