Why Are Students Liable for School Insecurity?

yamamushi asks: "Within the past few weeks, students across Boerne ISD were being called into offices to discuss the use of proxies to circumvent the schools websense system. The problem is that some of these students are being suspended from school for up to 3 months at a time. Shouldn't the school district be liable for their own insecurity? Why are they punishing so many students for something that should be handled from the district's end? I know at the time I was going to school there, I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. They refused to update any of the computers and as such I was using the same tactic till the day I graduated." While security breaches by students are something to take seriously, should school administrations continue with their knee-jerk mentality to something like this, especially at the times when its obvious that no malicious intent was involved?

DMCA-think

[pclminion]

Why bother improving security when you can just pass a law enabling you to arrest or expel anybody who tries anything funny?

After all, we all know that the most dangerous elements of our society are stopped by LAWS, right?

Re:

[Improv]

In fact, why have laws at all? The only people who do bad things are bad people, and they're not stopped by laws! :)

If we ban proxies at school...

[FatSean]

...then when bad people break the law and use proxies...the 'good guys' won't be able to use proxies to stop the bad guys!

Or something...

Re:If we ban proxies at school...

[packeteer]

If you outlaw proxies only outlaws will use proxies.

Re:If we ban proxies at school...

[ShieldW0lf]

If the fundamental argument for the use of the proxies and security in schools is that the students are youths, to be protected from the corruption of the internet for the very reason that they are impetuous and easily led astray at this tender stage of their life, then it's inconsistent to punish them for the failures of those measures.

Clearly, the systems exist to protect the corrupt society from idealistic youth who are not materially benefited by the society. But it's a hard sell politically.

Thus this ridiculousness.

Re:

[pclminion]

We need the laws because they define the punishments. But just because there is a punishment for, say, breaking into a house and stealing a stereo, is no logical reason to not lock your front door. This is exactly the point -- it is not sufficient to just punish everyone who does something illegal. Wouldn't you like to PREVENT THE ILLEGAL ACT in the first place?

Re:DMCA-think

[TheRaven64]

That's only half of the reason we have laws. The other half is to codify a set of behaviours that we, as a society, consider unacceptable. Killing people and taking their property, for example, are things most people consider unacceptable, and so we have laws against murder and theft. The problem is that a lot of new laws don't represent the collective ethic of the population, they represent the views of small special-interest groups.

When this happens, it is very bad because it leads people to question all laws. If one law is unjust, why should the law have any special status if much of it doesn't reflect the will of the people? This starts to move the law from being something that we agree is fair, and will abide by because we want other people to abide by it, and turns it into something that is enforced from outside. There are only two outcomes from this point; a radical restructuring of the laws, or a police state.

Re:

[Mattintosh]

You had me on your side until you stated that you trashed the network in retribution.

Umm... how did you get that conclusion out of "My classmates... essentially trashed the network until the end of the year in retribution"?

The GP dropped out and was not there to do anything to the network. His classmates were the ones that trashed it, proving the GP's point about the security problems he found.

Re:

[Improv]

I don't tend to lock up the silverware whenever I have a party at my place - society depends on a mix of trust, good will, and rules to function. I personally would rather live in a society that would usually prefer to say "don't do X" rather than prevent me from doing X.

Re:

[The Ultimate Fartkno]

True. However, you must keep in mind that though there is no way of punishing you for doing X, doing X is frequently its own punishment as it causes you to spend far too much time listening to blippy music and pledging your undying love to girls in angel wings who won't be *nearly* as hot the next morning.

Comment removed

[account_deleted]

Comment removed based on user account deletion

About Teaching Appropriate Behavior

[queenb**ch]

I'd say that I'm sorry that the kids are being punished, but I'm not. This isn't about the school district doing anything inappropriate. It's about kids doing something that they knew was inappropriate and being punished appropriately. I fail to see why anyone is upset by this. Part of the function of education is to teach children how to behave and what their boundaries are.

If they're told that these are rules, but you don't *really* have to obey them, what other rules will they choose to ignore? Will they ignore the rules about bringing weapons to school? Will they ignore the rules about bringing drugs to school? Will they chose to ignore the rules about cheating on tests?

I've seen people walked off jobs for less. If there's a proxy, it's there for a reason. If the rules say that you have to use the proxy or you can't see that site, surf it from home. I would much rather see them punished now, while the only thing they get dinged for is some time out of school, extra curricular activities, etc. instead of waiting until they're grown-ups with a car payment, a mortgage, some credit cards, and a couple of kids who get fired for doing the same thing at work.

2 cents,

Queen B.

Three months? For proxies?

[StarKruzr]

Are you for real?

This is about school admins being lazy and wanting to make examples out of kids for doing something which is more or less innocent on the basis of them being "hackers."

The punishment does not at all fit the crime here.

Re:Three months? For proxies?

[gfxguy]

That doesn't sound right at all; the kids knew what they were doing and they were doing specifically to circumvent what little security there may have been, but that doesn't make the violation of the rules "less bad."

I may be an idiot if I forget to lock my door, but the criminal that comes in and steals my TV is still a criminal and still needs to be punished for what he did wrong.

The thief knew what he was doing was wrong, the students knew what they were doing was against the rules. It's really that simple.

Re:Three months? For proxies?

[rilian4]

I speak as a school sysadmin. I am not lazy, I am overwhelmed. The same goes for my district admins. I cannot possibly close every last security hole in the over 600 computers I am ultimately responsible for. The task is too large. Either way, the rules were written and most likely(as is the case in the school where I work) students signed off on a form or booklet that said they would agree to abide by these rules. These rules include appropriate network use. The fact that a security hole is not patched, does not negate the signed agreement by said student(s) who signed an agreement that they would not do it and said agreement lists punishments (at least at my school) that will be meted out in response to breaking of said rules. Therefore the fact that a security hole is there does not give a student the right to breach it or use it to their own advantage.

At my school, we encourage students to report such breaches to us that they discover (and they are guaranteed not to get in trouble for the discovery) so we can improve our security. We like to try and keep the kids who are good at this stuff on our side in this way but if any student should use such a breach to their advantage in the way this article describes and they get caught, there will be consequences...not 1 month suspensions generally but still a message needs to be sent.

As an earlier poster in this thread said, part of being in school is teaching students how to respect boundaries. Same poster also said correctly that similar actions as an adult lead to far more serious consequences such as loss of job or worse.

Re:Three months? For proxies?

[k12linux]

I have to agree with you. As a district admin, I have something to say to those who feel that because a proxy was available it's the school's fault students used it.

Bull! Before someone claims that schools should block 100% of the "bad sites" out there and that not doing so gives students the right to use them, try this:

1. Go get set up a SquiGuard filtering server or buy an expensive commercial filter or find one you can get a "demo" for 30 days.
2. Set up some PCs behind the filter.
3. Block MySpace.com
4. Spend some time finding all of the proxy servers you can and add them to the block list.
5. Now find 6 teens who are comfortable using Google and computers in general (so basically any 6 teens.)
6. *important* - Provide free Pizza it's a good motivator
7. Have three just browse the Internet for stuff they are interested in.
8. Challenge the other three to get around the filters and get to MySpace.com
9. Tell the kids to switch PCs every 5-10 minutes.
10. Go to another room so you can't see who is at which PC
11. Using only the logs and reports from your filter software, figure out when someone accesses MySpace.com through a proxy.
12. Confirm that the site really is a proxy site and not just a single page on a big hosting server.
13. Add the new site/page to the block list
14. Repeat 11-14 until you are pretty certain you have every proxy blocked.
15. Check with the teens and find out you are wrong. Go back to 11.

Now ask yourself... how much time did you just spend doing nothing but blocking proxy sites? Do you think it would be easier/harder if you had 1200 kids who might or might not be trying to find proxy sites instead of 6? Would you be willing to spend that much time every day? (New proxies appear constantly you know.)

And in the end is it which important? That you stop every kid who wants to break the rules and an agreement *that they signed*? Or that your firewall is set up right, the servers work, all 600-1000 PCs are up and running, Windows is patched, networking is Ok, Internet access is working, the servers hard drives aren't filling up, etc.?

I could probably do a fair job of blocking almost every proxy out there if only I spent 1/2 of my day every day working at it. But why? When did "You didn't stop me" become the same as "I'm allowed to"?

What if life was like that? Someone stole your bike? Sorry, we can't punish them. You may have had a lock and chain on it, but the chain wasn't resistant to acetylene torches. You didn't take full precautions.

Someone broke into your house and stole your computer? Yeah, we caught them but had to let them go. Why? They said that your doors and windows were locked but that they smashed your bedroom window with a rock. A rock they found in your yard. You should have either used break-proof glass or removed every rock from the yard. Your security was too flawed so we had to let them go and keep the PC too.

Re:Three months? For proxies?

[k12linux]

I know this is probably feeding the trolls but...

get a clue and stop trying to CONTROL CHILDREN by using CENSORSHIP

I know it's in vogue to claim that schools just want to control kids and stick them in little boxes. I'll admit that sometimes colossally bad decisions are made at a school or some seemingly arbitrary new school rule is added. But the truth is that there may be more behind what is done than you realize. Still, it's a fact that school and district admins are just people and sometimes people make mistakes even with the best intentions.

To be perfectly honest I would love to do away with filtering. I have things to deal with besides whether Johnny has the ability to see a nipple on images.google.com or if Cindy is sending emails to her new Lesbian girlfriend she met online who lives in another state. There are four things that stop me from yanking the filters and giving everyone unrestricted access:

1. http://goat.cx/ [goat.cx] - No six year old should stumble upon the nastier version of that site. Heck I'm not a prude but I wish I'd never stumbled upon it. Think a 3rd grader doing a report on beavers (the kind that make dams) won't accidentally see something they are too young to understand?
2. Parents - After some kid spends four hours trying to bypass filters and manages to see a breast then they (or the kid sitting next to them) quickly goes home to tell mom and dad how they saw someone having sex on the school computers. Some parents are shocked that their "innocent" child was exposed to something like that and will call all of their neighbors to warn them. At least we can tell the angry mob that shows up that we are making an honest effort to block access to that stuff. Then usually they put down the pitchforks.
3. Federal/State laws - While we can't be hauled in to jail for not filtering we can have money withheld. If you think your school is doing a poor job then how good do you think it would be if they had 1/2 of the budget to pay for things like teachers, books or electricity?
4. PC Access - We had MUCH looser filters a few years ago. Then the lab assistants called to let us know that regularly every computer in the lab was in use by someone using chat or web-based email often for the entire hour.

Since I've been asked this offline I'll assume someone is going to ask here... "What's wrong with #4? Their parent's taxes pay for the computers, Internet access and even your salary!"

True, but so do the parents of all of the kids who can't get time on a computer to work on actual homework. I bet the parents of the kid chatting away every one of his study periods expects that their tax money is going to educate their children... not to let them search for Britney Spears look-alikes naked.

Censorship is never an appropriate solution to anything,

Nobody is shutting down web sites. Nobody is telling you that you can't watch videos of some chick getting it on with a horse. Nobody is censoring anything. You are free to view/read what you want online in your own home with your own computer using Internet access that you or your parents pay for. We're just saying, "No, not here, not with things funded by the public for the purpose of education." Schools aren't (and shouldn't be) your private ISP.

children should be guided and educated rather than controlled or restricted.

A great altruistic ideal and goal. But the truth is that a fair amount of time is spent educating students in our district about not only what they should and shouldn't do online but why. Things are taught like how it might affect their future career if they view porn at work, etc.. I believe that with a large percentage of students that is enough and they won't intentionally go to sites they shouldn't.

But if you take 1200 kids in one school and just say "shame on you. It's naughty for you to do that and here is why..." then there will still be enough wasting computer time to keep those who want to learn and do their homework off of the PCs.

Re:Three months? For proxies?

[zCyl]

I cannot possibly close every last security hole in the over 600 computers I am ultimately responsible for.

Viruses infest systems because of security holes. Students do not access proxies because of security holes, students access proxies because of information censorship which they disapprove of. The proxies are external information portals, and are not under your control. They simply route information from one place to another, providing a different means of accessing information. Therefore an attempt to block access to proxies is NOT a security issue and is ONLY a censorship issue.

We need to be more judicious in the language we use to discuss these issues so that it is more clear what we're really talking about.

In relation to this article, students should not be punished as if they committed a security violation, because they did not. They at worst violated a censorship policy by viewing information that violates school policy.

Re:

[zCyl]

Where did you get information that they didn't commit a security violation? The clearly bypassed a censorship policy, however nowhere in the "article" did they mention anything about how they got around these things, other than the vague "use of a proxy".

It's very simple. The only thing the article accuses them of doing (and by article I am using it in the same context that you yourself did) is the use of proxies. As the use of proxies is sufficient to bypass most filters (which websense is), and as the u

Re:

[try_anything]

I agree that students who break the rules shouldn't try to shift the blame to the insecurities they exploited. However, that doesn't excuse the school for applying grossly disproportionate punishments. I was the valedictorian of my high school, and like virtually all the other honors students, I broke rules all the time.

• I repeatedly snuck into a computer lab when it was supposed to be empty and locked, because I knew the door didn't shut correctly. Usually I did it to take a nap during lunch.
• As a chem

Re:Three months? For proxies?

[Sancho]

Let's look at it this way. If there was a rule that you weren't supposed to go to pornographic websites on school property, but there was no software in place that censored or prevented this behavior, would you expect someone who intentionally went to a porn site to be punished? Most people would say yes. There was a rule in place, they broke the rule, they get punished.

I was shocked reading the content of the slashdot posting!

I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs.

Read that again. This person is blaming the administration for allowing him to do something that was against the rules. Perhaps he would like to be chained to his desk so that he cannot get up, move about, disturb the class, and get in trouble with the teacher?

It's so absolutely outrageous that I don't know where to begin discussing how terrible it is. He's asking for a nanny state (most Slashdotters seem to think that a nanny state is bad). He's asking for stronger censorship on the part of the school (blocking access to proxies). He's asking for the admins to change the computer security settings so that he isn't capable of doing something that he knows will get him into trouble. It's truly insane, and honestly, it sounds like someone managed to troll Slashdot into fighting for these absurd things by appealing to the "OMG, highschool kids have no rights!" crowd.

Re:

[Sancho]

That's a trick question. Of course they should secure their computers. Failing to do so, however, does not diminish his culpability. I don't think that failing to put a BIOS password on the computers constitutes an creating an attractive nuisance.

Re:Three months? For proxies?

[sumdumass]

This is about school admins being lazy and wanting to make examples out of kids for doing something which is more or less innocent on the basis of them being "hackers."

I have been responsible for at least two people losing their jobs for surfing areas outside the proxy and one of them caused enough damage in configuration that I needed to visit the workstation itself to get back on the network which ended up coming out of his past paycheck.

The thing is, In real life, the employer makes rules, if you don't follow them, you can lose your job. If something gets damaged in the process, you can have to pay for it. It doesn't matter how stupid the sys admin or the rule is or how lazy for that matter, it is their property you are using. And If I had to constantly check and change stuff to make sure your not going somewhere your not supposed to be on the company network, Guess what, you don't have access anymore and you will be lucky to have a job. You are costing the company money they shouldn't have to pay. Plain and simple.

Employers and schools aren't like your parents were they have an obligation to keep you around. If you want to violate the rules and treat someone like shit, stay home and live off your parents. Cause you will get fired or suspended anywhere else. And in some cases, you could be out some money with lots of bad credit following you around.

I don't think anyone who isn't related to the owners of a business or fucking one of the owners can seriously say they have some right to poke around where the company says they don't (this include bypassing a proxy or Internet restrictions). And IF you seriously think your too important to get fired, Keep it up, they just haven't found your replacement yet. But as soon as you start costing them money, you can bet they will look even harder.

Re:

[iamacat]

Sounds good if the company never requires me to do a job that can only be reasonably completed by bypassing their network restrictions. Say, I need to connect to an outside database with my special debugging client to find out why the customer's application is not working. The logical way to do it is to tunnel through an HTTPs proxy, but this is presumably against company's policy - they meant to block all traffic besides web browsing. Say, I call you at 2am on Sunday and ask you to reconfigure the network

Re:

[sumdumass]

Well, Chances are you won't be hired at this company. All the software they use is purchased and not developed on site.

But in the case you are working there and need something like that, All you have to do is inform someone you will need the access with a decent reason for it, and you will have it. It isn't very hard, All you have to do it give someone VPN access to the part of the network that isn't restricted and off you go. But remember one thing, Everything you do will be monitored and logged so visitin

Re:

[sumdumass]

If Linux or mac could run the programs that need run, they would be there too. And no, I didn't decide to babysit, I don't make the rules. I just follow and implement them.

Maybe some day when your network is something more then your mom's cable connection, you will understand that people take jobs at places and have bosses. And these places with bosses have certain requirements and you cannot just change the stuff on your own.

Re:

[Paulrothrock]

Part of the function of education is to teach children how to behave and what their boundaries are.

Really? I was taught good behavior by my parents. All school taught me was how to go outside the boundaries without getting caught, among other things.

And does this really stop people from doing it at work? I've seen people fired for similar reasons. I've also seen people not fired because they're high enough in the system not to get caught. The problem here is human nature, not disrespect for the law. Get s

Re:About Teaching Appropriate Behavior

[iamacat]

When did breaking simple rules become the authorities fault?

Why, of course - when authorities started passing ridiculous, unnecessary rules and imposing excessive punishments for minor infractions.

Re:About Teaching Appropriate Behavior

[iamacat]

How so? The students are using school computers to access content not owned by the school and generally available to public on Internet. This is done without permanently altering hardware or software of computers in question, hacking school servers or accessing/altering any confidential information. The damage to the school is limited to the trivial cost of bandwidth, which is paid for by parent's taxes. How does this justify a suspension? Make them wash the floor for a day or something.

Re:About Teaching Appropriate Behavior

[biffnix]

How so? I'll tell you - it's because the students are violating the Acceptable Use Policy that all students sign and agree to. If they disagree, then can use their parents' computers to accomplish those things that are explicitly forbidden at school (and that they are required to enforce by law - the CIPA, in fact), or find other public use computers that do not have those restrictions.

I'm not sure why folks don't understand this - it doesn't MATTER if you, or anyone else thinks that having an Acceptable Use Policy is a good idea or not. What does matter is that they agreed to it, then violated that agreement. That means they will face a consequence for that violation.

That's like getting a library card - you agree to borrow a book, and return it. If you think that because you're impoverished, or need the money to buy medicine for chemotheraphy for your sainted mother, and so sell the book and fail to return it, that you WON'T be prosecuted for violating the law, then you're delusional.

The school enforces policy that the local school board approved. The parents elect the school board, and so they delegate the responsibility to the board to come up with school policies. We DO still live in a representative democracy, after all. Sheesh.

I agree with an earlier post - it's far better to teach our youth that there are consequences for our actions, and that THEY are responsible for their own actions. Get this hard lesson learned when the only consequence is missing Grad Night at Disneyland or a big school dance, and not getting fired for violating the company AUP when your wife is pregnant, the car needs new tires, and your doctor says you need an operation.

Sometimes those consequences are things that we disagree with. Great. Go out, fight the good fight, and get those policies changed. Run for school board. Get petitions signed. Make REAL change. And find out that it's hard, thankless work.

But for pete's sake, stop with the whining!

Joe G.
Mono County Office of Education
Mammoth Lakes, CA

Re:

[mythar]

How so? I'll tell you - it's because the students are violating the Acceptable Use Policy that all students sign and agree to. If they disagree, then can use their parents' computers to accomplish those things that are explicitly forbidden at school (and that they are required to enforce by law - the CIPA, in fact), or find other public use computers that do not have those restrictions.

actually, in this case, if they disagree, then they can spend 3 months at home. does that seem like a fair and appropriate punishment to you?

That's like getting a library card - you agree to borrow a book, and return it. If you think that because you're impoverished, or need the money to buy medicine for chemotheraphy for your sainted mother, and so sell the book and fail to return it, that you WON'T be prosecuted for violating the law, then you're delusional.

if i thought that, i wouldn't be delusional; i'd be right. because, failing to return a book to the library will get me fined by the library, not prosecuted by the courts.

there's been a lot of talk about whether students should follow the rules or not, but i think the real issue here is the severity of the punishments handed out. at most, these students should hav

Re:

[drinkypoo]

Totally free internet access at school isn't going to be an option.

Actually, I think the schools should whitelist.

Those computers are made available for the purposes of education. That's why my tax money was used to purchase them - to further the cause of education. Not so a bunch of little peckers can browse porn or surf myspace.

Re:

[drinkypoo]

Yea they could request it but that might take forever.

That's not a problem with the concept of whitelisting, but with specific schools.

Far from an ideal solution but one that may end up happening.

There are no ideal situations in reality.

Filtering technology gives totally inexplicable false positives.

Blacklists are by definition outdated on the web. It won't match new sites, and it will still match old sites that are now harmless.

But arguably, no student needs access to material they aren't willing to

Of course they should.

[Lord Bitman]

You come into my house, I say "don't fuck with the computer."
You fuck with the computer, I kick you out.

If anything, a public resource should be more tightly controlled.
Should they fix their security issues? Yes.
Should they kick out people who exploit the fact that they don't? Hell yes.

Malicious or no, you should not be touching the school computers anymore.

Re:

[SatanicPuppy]

Bah, that's crap. Kids who are smart enough to figure that stuff out need to be nurtured, not beat down. They displayed initiative, imagination, and creative problem solving, and they didn't cause any actual harm, just broke an arbitrary rule.

It's no different than having a teacher slap you down in class for a correct answer that isn't the answer out of the book. The point of schools should be to help you grow, not to force you into a mold so you can graduate and do some meaningless work that could be done

Re:

[Nos.]

There's a policy in place, most like for good reason. These kids violated that policy, knowingly. Besides, what exactly was so clever about these kids using an anonymous proxy to bypass web filtering software?

Re:

[SatanicPuppy]

Well, clearly they were smarter than whoever set the system up in the first place.

And it's a stupid policy; completely arbitrary, and in no way worthy of a THREE MONTH suspension...that's so beyond the pale there aren't even words. What do they get for fighting at that school? Death penalty? Isn't the point to provide kids with more information? I've dealt with enough crappy filter software to know it catches as many good sites as bad ones.

If you provide internet access, you have to accept that people are g

Re:Of course they should.

[ZombieWomble]

Each of your arguments I find quite baffling:

With the whole "they're smarter than those who set up the system" argument - it may be possible, but we have no idea what sort of decisions went into choosing this system. It may have been simple ignorance of the level of security provided, but it may well have been details of cost, personnel and the like which prevented them from implementing a more comprehensive system. Moreover, it's quite likely that this system was never desired to provide absolute security, but rather to clearly mark out the section of the internet which is "bad", according to school policy, so pupils know full well that by going there they're breaking school rules and are liable to be punished, as these kids were.

This leads into your second point - the punishment, and it's scope. The article is almost entirely empty of context about this, and the only information we have is that 1) Kids used proxies; 2) They were punished, to varying degrees. We have no idea about the context of what happened - What were the kids circumventing the proxies to look up? How long did this go on for? Did the kids have other records of offenses which added to the severity of their punishment? I suspect* people picking up 3 month suspensions may not have been otherwise immaculate students who simply accessed some really nifty site on Newton's Laws (blocked by the evil, evil content filter denying them information) through a proxy as a proof of concept.

And then there's the last, really baffling point - You're suggesting that if you provide a service conditional on some rules being followed, you have to accept that people will break these rules? That's just a ludicrous assertion, as shown by this very story - someone broke the rules, they were punished, and are at present denied access to the system. Seems to me that one doesn't have to sit idly by after all.

* - I say "I suspect", because that is how many of these stories go when one digs a little deeper. If there's anyone with some more details on this who is able to correct me, feel free.

Re:

[SatanicPuppy]

What if they were trying to figure out who to blow up the school?!?! ZOMG!!!

Seriously, I can't believe you said that. Child porn? Where the hell did that come from?

And blacklists are retarded specifically BECAUSE of proxies. If you want to control access you have to whitelist, and the reason people don't do that is because they want to pretend like they're not censoring your information.

Re:Of course they should.

[The Ultimate Fartkno]

> Seriously, I can't believe you said that. Child porn? Where the hell did that come from?

Not that it's mentioned in the question at all, but I guarantee you that this is what happened.

Parent: "ZOMGBABYRAPERSONTHEINTERNETS!!1!1"

School: "What?"

Parent: "Don't you watch TV? Some man tried to buttrape Miss America on Facebook!

School: "Fine. We'll block Myspace and Facebook at school."

Parent: "THINK OF THE CHILDREN FOR GREAT JUSTICE!"

one day later on answers.yahoo.com...

ASHLEYROX: N E 1 no how to get on myspace at skool?
LiLbAbIsExIgUrL: What are prxies?
xXmandiXx: Anyone have working proxies?
PoNyGiRl: I NEED MYSPACE PROXIES PLZ PLZ PLZ!!

School: We can't block every proxy site out there, so we're just going to start suspending you if you won't stay off the fucking Facebook. Miss America got sodomized by a boar that way, you know?

Teens: WE NEEDS OUR FACESPACEBOOK!!

School: Banhammer.

Parents: HOW DARE YOU SUSPEND MY PRECIOUS, PERFECT, ANGEL DUMPLING! CALL SCANDALCHANNEL 10 AND THE NEWS CHOPPA!

School: Sigh.

Parents: Class-action lawsuit against involved party with most liquid cash.

Re:Of course they should.

[xerxesVII]

Shouldn't there be an "I'm chargin mah lazers!" somewhere in there?

Re:

[SatanicPuppy]

I don't know if it's easier. I mean, there are a hell of a lot of sites to blacklist on the internet, and comparatively "few" that are actually educational. Put a policy in place that allows students to request access to new sites barring approval from faculty, and your good to go.

As far as rule breaking, it's too close to a thought crime for me to agree with it. Either throttle it down intelligently, or accept that people will find things you may find objectionable.

Re:

[Nos.]

Its too close to a "thought crime" to you to outlaw using proxies to bypass the filtering system in place? Wow, I'm all for freedom of information and personal privacy, but bypassing a filtering system doesn't even come close to being a thought crime in my books.

Re:

[SatanicPuppy]

Why not? What if I was in China, and I was bypassing the filters there? Would you be the Yahoo exec turning my name over to the Chinese government so they could throw my ass in jail for wanting to taste the wider world outside the little mental happy place my government has set up for me?

It's exactly the same thing, and you'll say, "But it's for their own good!" and I'll say, "Who? My kids, or the Chinese?"

Middle ground

[benhocking]

As far as rule breaking, it's too close to a thought crime for me to agree with it. Either throttle it down intelligently, or accept that people will find things you may find objectionable.

I agree that the 3 month suspension punishment was over the top. But to argue (as you did earlier) that kids should be encouraged for this creative behavior, I vehemently disagree. If they did not get a warning (including a school-wide warning, as long as it was focused on the proxy issue and not generic), then I think that a warning would have been the appropriate response. If they did get a warning, then a 1-day in-school suspension (or detention) would probably have been a reasonable response.

To argue for no response whatsoever, however, seems irresponsible.

Re:

[jimstapleton]

It's no different than having a teacher slap you down in class for a correct answer that isn't the answer out of the book. The point of schools should be to help you grow, not to force you into a mold so you can graduate and do some meaningless work that could be done better by a machine.

If you studied your histor, you'd know that, at least for K-12, the exact opposite is true, at least for the earlier US Schools.

That being said, while the intelligence of the student should be nutured, the willfull disobedi

Re:

[SatanicPuppy]

The exact opposite of what? Are you saying that kids aren't slapped down enough, or that they're slapped down too much?

In my experience, and from all that I've read, I have to say that our method of teaching to standardized tests out of standardized books produces standardized kids who have no problem solving abilities.

I'm not sure how visiting a website that the school doesn't approve of is failing to respect their property, and frankly, I'm not into kids being taught to blindly follow rules dealing with w

Re:

[jimstapleton]

K-12 was originally developed in the US, not to educate, but actually to condition people to be good little peons and follow the rules.

The fact that I mentioned history and you talked about the whole slapping down, when there was talk of the past in your post suggests to me you are being deliberately obtuse here.

and if you don't understand why it's disrespectful - here's a simliar situation:
I ask you if I can come over for a beer and chat later. You agree, but tell me not to turn the TV on, and have a piece

Re:

[SatanicPuppy]

Agreed on the K-12 thing.

Disagree on the TV analogy. It's more like when I come over to watch your TV, and you have infinite channels, and you say, "You can't go to channels 1-1000" and I say, "Ok" and then go to channels 10,000-11,000 which I know are mirrors of the 1-1000 channels.

If you don't want people to go to it, you have got to block it. They didn't block the proxies, therefore they must have been alright with that, right?

Re:

[Applekid]

Except they weren't taking a class on how to circumvent web filtering. If they were, hey, great job!

As far as "arbitrary rule", it's their network and their computers. All rules are discretionary, arbitrary or not.

Suppose they used the proxy to navigate to a site that was blocked and installed a bunch of spyware or viruses or other malware. Who's gonna clean it up? The smart kiddies who circumvented the rules? I doubt it: they just wanted to jump on myspace or whatever instead of using the school equipment

Re:

[SatanicPuppy]

Hey, if you think being suspended for three months for visiting MySpace on the sly is fair, that's your choice, but it's sure as hell not something I support.

Re:

[Amouth]

this all reminds my of my high school.. we had a web proxy for the county - the funny thing is that it worked both ways..

you could go home plug in the poxy's public address and ports and use it to bypass the county firewall and use resources at the school.. (which had no protection at all and where very poorly managed)

very dirty network.. and very dirty junk

Re:

[faloi]

Do what? When did changing the proxy server settings on your web browser become indicative of imagination and higher problem solving skills? What problem were they trying to solve anyway? Not being able to look at stuff the school doesn't want them to look at? Stuff that, under the right circumstances, could've led to lawsuits against the school?

Re:

[4D6963]

I completly agree. I'm at a sysadmin school, and I can tell you can learn a hell of a lot more about networks by messing around with ICMP tunneling to circumvent the blocking of TCP/UDP packets by the firewall and ignoring the boring classes than by paying attention to the boring classes (and please don't ask me how I know that)

Re:

[SatanicPuppy]

Heh. I learned to hack Novell networks in AP CompSci (not what I was supposed to be learning), so I agree with you. Not that I ever had a use for those skills, but it's all part and parcel with learning to use technology. Fiddling with networks and network security is something that you have to do to be good at creating networks and network security.

Making kids afraid to test the limits of the system stunts their potential. Even if they circumvented security, as long as they didn't wreck things, or do anyth

Re:Of course they should.

[theStorminMormon]

Bah, that's crap. Kids who are smart enough to figure that stuff out need to be nurtured, not beat down. They displayed initiative, imagination, and creative problem solving, and they didn't cause any actual harm, just broke an arbitrary rule.

This is a separate issue. Look, you've got one of three alternatives.

1. It's a stupid rule because violating it doesn't necessarily result in harm. (See above.)
2. It's a good rule, but the punishments are too harsh.
3. It's a good rule, and the punishments are fine.

What's not an option is any thing that includes "and the student is not responsible for breaking the rule because the school didn't prevent him." Any law with a punishment affixed is by definition not 100% preventative. If it was, you wouldn't need punishments. So the one thing that should not be up for debate is whether or not the student is responsible for the act of violating the policy. Whether that responsibility is good/bad/neutral etc. is debatable, but where that responsibility lies is not. That however, was the tone of the article, and that attempt to shift responsibility is what I and (I believe) GP are reacting against.

Re:Of course they should.

[tverbeek]

Translation: "I am a sensitive and misunderstood flower, who must be watered with love and affection, regardless of how anti-social my actions might be."

Re:

[Lord Bitman]

With a post like that, I can't help but wonder why Slashdot has labeled you a "freak", which I've never seen an explanation of, but assume means "has you listed as a foe".

Re:

[coyote-san]

That's a totally bogus analogy.

The schools weren't "inviting" the kids in, they're required to open their arms to students unless the school district can demonstrate a compelling reason why the student's right to a free public education must be denied.

The students aren't "choosing" to go to school because they think it's a bunch of fun, they're compelled to go to school (public, private, or home) until the age when they can legally drop out.

Many times the students aren't on the computers because they're hav

Re:

[theStorminMormon]

Yet another person with a reasonable point of view that has little to do with the article. Look at the title "Are students liable for school insecurity?"

All discussion about whether the policy is a good one or not are moot. Totally, completely, and 100% irrelevant to answering that question. It's about where responsibility lies. Not whether the rule is smart or not. Maybe the submitter is just dumb and meant to ask a question about whether the rule is harsh or not. But if we're actually responding to t

Re:Of course they should.

[theStorminMormon]

I agree. What is this idea that unless someone prevents you from doing something, they are responsible for you doing it? That's like saying "sorry for raping your daughter, but it's your fault for not putting up an electric fence with guard dogs around your house."

Yeah, I know, that's a really over-the-top example, but this blatant attempt to push off responsibility for your own actions infuriates me. It's true that the school should certainly work to solve some of their gaping security holes. But when I was in school I was usually one of the kids that worked for the labs and I know that the guys running campus security were frequently over-worked and underpaid. So give them a break. Their job is supposed to be keeping computers up and running for students to use to pursue their education, not preventing said students from circumventing security measures.

More than anything else though, it's this infantile idea that you can hold someone else responsible for your actions because they didn't stop you. Grow up. If you graduated college with that mindset then that's just a disappointing commentary on your own moral development more than anything else.

The colleges are responsible for not patching the security holes, but the students are responsible for exploiting them.

Re:

[Hatta]

More than anything else though, it's this infantile idea that you can hold someone else responsible for your actions because they didn't stop you.

I agree, kids have a responsibility to follow the rules. Those in authority however, have a responsibility to make fair rules. In this case, it's the authority figures who neglected their responsibility first.

Check the acceptable use policy

[0racle]

Check what the kids and their parents agreed to before complaining. Most I've seen explicitly state that using external proxies is against the rules.

"Malicious"

[Applekid]

It is malicious intent. If you are using the internet in an environment were you're blocked from visiting certain sites, then they don't want you visiting them on their network.

If you turn around and sneak through their system and do it anyway, that seems pretty bad faith to me.

If they locked up the computer lab after hours and because you are smart/skilled enough to get in anyway because you can pick locks, you're still doing something that you're not supposed to be doing.

To paraphrase Dragnet: "if you don't like the law you can try to get that law changed that doesn't give you the right to break it." The school network isn't "law", no, but they can still cause trouble for you if you go against it.

Personal responsibility

[Scutter]

Just because the door is unlocked does not necessarily mean it's not breaking and entering. The students know the rules. If they choose to break them, they should suffer the consequences. The technological measures that may or may not be in place are irrelevent.

Re:

[Scutter]

This is slashdot, you have to accept that people are gonna nit-pick you.

No, I don't. You're not the boss of me.

Re:

[jdgeorge]

This is slashdot, you have to accept that people are gonna nit-pick you.

No, I don't. You're not the boss of me.

Hmmm.... Perhpas the word "accept" should have been replaced with "exist in a context where". Although the Hadlock may not be the boss of you, it is quite clear that he is the nitpicker of you.

Nitpickers of the world, Untie!

No

[Nos.]

"Within the past few weeks, students across Boerne ISD were being called into offices to discuss the use of proxies to circumvent the schools websense system. The problem is that some of these students are being suspended from school for up to 3 months at a time. Shouldn't the school district be liable for their own insecurity?

No.
The school apparently has a policy in place to forbid students from going to various sites. They use appropriate tools (like websense) to enforce that policy. Simply because

Re:

[pclminion]

There code of conduct talks about an agreement signed by the students. If they violate this agreement they should be punished.

Yeah, right. You can't attend school if you don't sign it. "Okay, then don't sign it." Then you can't attend school. But wait. Attending school is legally mandated. So refusing to sign the agreement means you are breaking the law. Which means it is not an agreement, it is an ultimatum.

Re:

[Pope]

Golly, they can look up this shit when they get home then.

Re:

[Applekid]

Home schooling? Other schools?

Back in my day the schools had rules regardless of whether I agreed to them or not. They applied to everyone. Signing agreement is probably so that they KNOW what the rules are. Heh, back in my day ignorance wasn't an excuse, either.

All I need to do is say I walked 20 miles to school, in the snow, uphill, BOTH WAYS and I'd be officially admitted to the old gimp club.

No different from other crimes

[honkycat]

This isn't really any different from other "crimes" (or violations of school policy). The school's rule is simply that you are not allowed to do certain things on the computers. Some of these things are restricted by their security systems, others are not. Just because you *can* do it, doesn't mean it's within the rules they've established. The students are responsible for their behavior -- it's not the responsibility of the admins to make it impossible for the rules to be violated.

I don't see any problem with punishing students for misuse of its resources, as long as they were given fair warning of those rules (and as long as those rules are consistent with the school's educational mission). A teacher can't prevent students from cheating on exams, but they'll still be punished when they're caught breaking that rule. Why should this be treated differently?

malicious intent?

[blowdart]

It has nothing to do with malicious intent and more to do with liability. I'd bet that the school has to protect its pupils from the darker side of the internet (p0rn, 4chan, RMS's latest rant about how it should be GNU/Linux etc.) And I'd also hope that before using the PCs you had to agree to a terms of conduct. I've had this discussion before with someone I know in the UK who got slapped for trying to bypass his school's filters, and he tried the "malicious intent" argument. It doesn't wash, simply becau

Re:

[Alchemar]

And what was the purpose of those computers? If those computers were paid for with my tax dollars for the purpose of educating the younger generation, then they should be used as such. Learning about security is a very good use for those computers. If they were the computers bought for administration use, then they are the computer of the person doing the administration. If it was purchased for the students, then it is for the students. I am tired of hearing everone reply with, "...but it is not your (c

Makes sense to me

[CdrGlork]

A thief who robs a house doesn't get any lesser a sentence if the front door was unlocked versus locked and bolted. The fact it's ridiculously easy there to beat their puny security shouldn't make any ultimate difference.

Seriously, get Serious.

[rueger]

The school has rules. You break the rules, they toss you out.

Adding a computer into the mix doesn't change that equation.

There is no law that says "Oh, the rule that you broke involved the Internet! Well, that's an entirely different case!"

Re:

[fatduck]

Submitter doesn't seem to have a point at all, but if I had to guess I'd say he's talking about the opposite effect of what you're talking about. Student gets caught fighting in the parking lot after school: 3 days suspension. Student gets caught hacking the Gibson on the internet!!1 and he's suspended for 3 months, has his hammer collection confiscated, and has to go door-to-door telling his neighbors he's a terrorist.

Re:

[Deathbane27]

Hey, if it works for patents...

Re:

[rizzo420]

if the school doesn't have a rule that explicitly bans the use of proxies to get around their websense blocking software or explicitly prohibits the use of liveCD's, then the student should not punish the students for doing this.

Re:

[RabidMonkey]

I was feeling bad that I was going to be a dissenting voice, but I am glad I found someone who agrees with me.

As much as I encourage kids to want to learn and try things, the fact of the matter is that there are rules, and if they break the rules, then there are consequences.

it seems like a lot of the consequences of things are being removed in order to make things easier and less mean for kids. This is bringing a whole herd of kids through schools who think that actions don't have consequences, then hit t

What are you smoking?

[rhombic]

Let me get this right-- you're criticizing the schools for acting in bad faith, failing to protect their networks from you? When you've agreed to their terms, in order to use their computers, and then you break your agreement by attacking their systems? WTF?

Yes, the schools should make an effort to protect their systems from attackers, for their own benefit (reducing IT headaches in the long run, preventing release of confidential info, etc etc). But if you violate their terms, you deserve to be punished ac

Comment removed

[account_deleted]

Comment removed based on user account deletion

Been there

[jkorz]

I am a tech director for a k12 public school district. Just last week we had to suspend 5 kids (actually bright kids) for using proxies among other things (and moreover being stupid about it). One of the problems was that a student found a website (that I have actually used before) that lets you boot to a floppy and recover a windows password from a computer. That student then had admin access to all of our 420 laptops. As the only tech there (and part time at that) it is much easier to suspend them than to

Re:

[Deagol]

I have to ask...

Why such the big fuss with filters and proxies at all? Aren't adults (you know, the *teachers*) present at the computer labs? I can't imagine a kid looking at pr0n while there's an adult in the room, and find it unlikely that visiting non-schoolwork sites would be a problem during a class. So long as they get the work done, who the hell cares what sites they visit? Isn't that the way many real-world computing environment work?

I mean, why have internet access at all if you're going to

Re:

[account_deleted]

Comment removed based on user account deletion

Easy != Correct

[sczimme]

One of the problems was that a student found a website (that I have actually used before) that lets you boot to a floppy and recover a windows password from a computer. That student then had admin access to all of our 420 laptops. As the only tech there (and part time at that) it is much easier to suspend them than to re-image all 420 laptops, password protect the bios and prevent booting from anything but hd!

You knew about this issue (booting from alternate media), but did nothing to resolve it? You t

Similarly...

[metamatic]

Why are students punished for stealing school supplies? Surely it's the school's fault for not keeping everything locked up well enough?

Related Story

[rueger]

In Watchmacallit Kansas eight year old Billy-Bob was sent to the principal's office for stickling his used chewing gum under the seat of his desk.

"But, but, but..." he cried, "It's not my fault! If they didn't want me to stick my gum there they shouldn't have given me a desk with a seat attached to it!"

somes school's have very poor ITand the rules.....

[Joe The Dragon]

Need to be bypassed just to get work done that needs to be done. Students / teachers some times need to by pass Security just to get software / websites to work that are needed for class. Systems that only have a admin login for all users and the school district IT people don't have the time / manpower / funding to lock things down and make the software work at the same time.

school district should be liable for things like keeping the systems up to date and the teachers should have to go to JAIL for porn th

Simple

[DragonWriter]

Why Are Students Liable for School Insecurity?

They aren't, they are liable for their own deliberate actions in violations of the rules.

liable for insecurity

[fermion]

A teacher puts her purse in a drawer, and a student steals the purse. Is the student defense that the teacher should have locked up her purse? Equipment is locked in a room, but the window is left unlatched. Is the student defense that the school should have made sure to latch the window? A student plagiarizes a paper. Is the students defense that the teacher should have set the rules more clearly? A student gets drunk on spiked punch and then raped at a party. Is the defense of the rapist that the s

Why could they use proxies in the first place?

[Todd Knarr]

Why were those students even able to use proxies? All traffic should be going through a commercial-grade router. A few rules and all TCP 80/443 traffic will be going to the designated filtering system and outbound connects on any other ports will be getting only an "administratively prohibited" ICMP error. Once that's done it doesn't matter what the students do on the client side.

Yes, I know the downsides, but if you want a secure filtering system you can't trust the client end to behave. If you could, you

Seriously?

[jgoemat]

"Why are students liable for school insecurity?"

Students are liable for their actions, not for the school's insecurity. You know you shouldn't be doing it, yet you continue because you can. That's like saying "Why should I be liable for skipping class? The door was unlocked and there was no malicious intent..." You'd better learn to follow rules before you graduate or you'll be posting about how you're homeless because your employer caught you surfing the 'net at work.

yes and no

[Jabrwock]

While security breaches by students are something to take seriously, should school administrations continue with their knee-jerk mentality to something like this, especially at the times when its obvious that no malicious intent was involved?

Yes they should punish kids who break the "spirit" of the rules. The firewall/proxy is there for a reason, as long as the school lays out the rules, just because you found a loophole doesn't make you immune. It just means you found a creative way to get around the rules.

On the other hand, 3 months is clearly a knee-jerk compared to things like school-yard fights, stealing someone's lunch money, plaigerising, etc. If punching another student or stealing their homework also netted you 3 months suspension,

Sad...

[c_g_hills]

I work in such a place, and I usually get two or three requests a week to block proxy sites. I would prefer it if access to the internet was completely unrestricted. If you do not have trust and respect for people, they will not have any for you. Part of the problem is that some lecturers either cannot control their class, or do not, for fear of making their attendance figures suffer, which in turn can have an effect on how much money is raised in funding.

Why? Because it's educational.

[tverbeek]

Part of what schools are teaching is that one needs to take responsibility for one's actions, which have consequences. Breaking the rules and doing things that you've been told not to do - no matter how ingeniously it's done - is not something that's going to get you pat on the head in the real world. Screw around with someone else's system, and you can expect the people who run it to screw back.

You know, no one congratulated me on my ingenuity and craftsmanship when I was able to buy beer with my doctored driver's license. "Why am I being blamed for the fact that the store owner couldn't identify a fake ID?" I protested. God, I was a brat.

Teenagers keep asking to be treated like adults, then whine about it when they are.

Conversly, why always blame the sysadmin?

[raistphrk]

I can empathize with students wanting freedom on a computer network, or even wanting to just play around with the system to see what they can do. Heck, when I was in high school, I was one of those guys who would bump his print jobs up in the queue using pconsole, or discovering all the accounts that had access through the Squid proxy to the Internet.

On the other hand, I was a network/system administrator at a high school after college, and I can understand the challenges administrators have to deal with in terms of high school students. Administrators don't just decide that they want to lock students down; heck, some schools don't WANT their students to have restrictions placed upon them. When I started, the school had upgraded from Windows 2000 to Server 2003 the year before, and the security that was implemented was essentially Windows 2000 security. They made some stupid mistakes; all passwords stored in LM format, weak ACLs on systems, no BIOS passwords, few if any group policies. On the other hand, they had their VLANs designed properly, the servers all had fairly strong passwords, and they weren't running unnecessary services. The security that was implemented was essentially designed to protect users from malware and keep outsiders from poking around. ...Naturally, students decided they wanted to push the envelope. Kids started remotely shutting down one another's laptops and trying to steal one another's passwords. Eventually, a student guessed a faculty member's password, found a user account created by my predecessor long before I started on a faculty server, rdp'd into a server, and tried running a password cracking application...that contained a root kit.

An administrator's job is to, in effect, install and maintain technology that reflects the mission of an organization. Some schools have a pedagogy that encourages open exploration; other schools want strict rules and regulations. The school I worked at fit somewhere in between. When kids decided they wanted to try and cheat on exams, down using p2p applications, and attempt to change their grades, they put me in a position (mind you, just months after I started working there, and hardly after enough time to complete a full security audit and redesign) where I couldn't just trust them to be responsible in an open system. So, the next semester, they were irritated to find out that their accounts were running as local users; that group policies had been designed using strict Software Restriction Policies creating a whitelist of applications they could run; that their laptops and desktops all had BIOS passwords; that the only route out to the Internet was through an ISA server that connected directly to a filtering application, and then into a Packet Shaper; that their Flash plugin was disabled; that their ability to run Java applications was limited; that their exam account couldn't do anything EXCEPT run the exam application; that their ability to create and log onto local accounts was eliminated, etc.

Were there things on that list that should have been implemented earlier? Absolutely! Any organization should ALWAYS have BIOS passwords set on their machines, which should change every year. LM passwords should NEVER be enabled. Having some type of proxy is also a must, as are strong ACLs on switches and routers. Some type of bandwidth management device should be implemented, as there are more than three people using the network at a school. The school DEFINITELY should have set up WSUS to keep their Windows systems updated.

I'll admit that, when I have the authority, I'm active in creating (from the start) a secure environment, but you're not helping out an administrator when you just start poking holes in the network and not give them the chance to fix the holes. Schools don't have huge budgets, and the IT department is often required to play the role of help desk, admin, developer, engineer, etc, rather than just one niche. In my case, I was lucky; I had a good relationship with the people

"Because I said so"

[dircha]

When your mother told you, "Because I said so," you should have listened.

Congratulations on completing High School. Welcome to the real world!

Laws and regulations do not exist to accord with moral principles or even common sense. Laws exist to compel behavior. There is no court of principle or reason to hear your appeals.

You do not abide by rules, regulations, and laws because you necessarily agree with them or believe them to be justified. In many cases you abide by them because you fear the consequences of violating them. You abide by them because they are threats, threats of the form: "If you do [or do not do] X, then we will punish you by doing Y."

Society, your High School, your College - like your mother - rules not by prior consent, not by reason, not by universal moral principles, but rather by tradition, intuition, emotion, and force.

Better these students learn this in school as minors than in the real world and end up in prison.

I think that doesn't mean what you think it means

[TBone]

Shouldn't the school district be liable for their own insecurity? Why are they punishing so many students for something that should be handled from the district's end? I know at the time I was going to school there, I was punished for using a Linux LiveCD to login to their computers without using a password, even after I told the admins how to disable booting from CD-ROMs. They refused to update any of the computers and as such I was using the same tactic till the day I graduated."

While security breaches by students are something to take seriously, should school administrations continue with their knee-jerk mentality to something like this, especially at the times when its obvious that no malicious intent was involved?

Absolutely they should be coming down on the students.

The schools have rules, conditions, and access limitation in place for multiple reasons:

• To prevent abuse of school resources
• To limit access to educational resources, ensuring they're available for people who "need" them
• To reduce liability of the school by exposing 14 year olds to Tubgirl, Goatse, etc etc etc
• Many more I don't feel like itemizing, but are fairly evident to anyone who thinks about it for a bit

In the case of things like students accessing proxies not on the blacklist to access sites on the blacklist, or booting LiveCDs, or otherwise evading the infrastructure as it was in place, these students are willfully violating the conditions of their using the resources. Even if they're smart enough to avoid the viruses and popups and such, they're opening up the computers to risks the administrators have deemed too high.

Students who willfully misuse school resources, in the case of almost everything, are subject to discipline up to suspension or expulsion for most things. In the case of computers, they're not just doing something that could hurt them, they're potentionally hurting everyone at the school.

Consider if it were a work environment. In most workplaces, even looking at porn on your own computer is considered "creating a hostile work environment" for anyone who works there, since you have no expectation of privacy at a workplace. Infraction of workplace rules is punishable by up to and including termination. Convert that back to a schoolplace, and at least you get to come back to school.

The computers aren't there for your personal enjoyment, they're there as tools of learning for the student population as a whole. There is nothing "educational" to be gained by browsing Facebook or MySpace, or reading your personal email, or anything the school has explicitly decided you shouldn't have access to. If you feel you should, there should be a policy in place for reviewing and allowing or denying access.

Just cause you CAN do something doesn't mean you MAY or SHOULD. You can steal from shops, kill people, and sleep with your brother's wife. You probably may not or should not do any of those things, though.

Seriously, if you're going to go intentionally getting around rules that have been put in place, why are you complaining about being disciplined when you get caught? Chat with your MySpace ho's at home, leave the school computers for people doing real work.

Re:

[FLEB]

I agree on the first point, although punishment should not be completely withheld, as that could bring questions of favoritism and erodes student respect for the school, its rules, and its property.

On the second point-- The reason the restrictions exist is the matter of school liability. Schools don't want to have to deal with responsibility and angry parents for things like students' online bullying, looking up bomb-making, hacking, porn, and just wasting time. The classroom is guided by a curriculum, and