Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Paper: Ethics, Safety, and Security in the IT Curriculum for Schools

First published: 16th September 1998

"Road safety on the Information Superhighway"

Alex Fung B.Sc., Cert.Ed., M.Ed., Ph.D. alexfung@hkbu.edu.hk
Hong Kong Baptist University

Allan G. Dyer B.Sc., M.Sc. (tech), AIDPM, MIAP, MHKCS adyer@yuikee.com.hk
Karen Cheung B.Ed., M.A., M.B.A. karen@yuikee.com.hk
Yui Kee Co. Ltd.

Abstract

We are the first immigrants to the Electronic Society, our children will be the native citizens, so we must help them develop into good, responsible and safe members of that society.

This paper proposes a curriculum for the teaching of ethics, safety and security in our schools and describes the development of course materials to support the curriculum.

Society and Ethics

In every society, first parents and then schools instruct children on acceptable and safe behaviour. In most societies, particularly ones without formal schools, the parents take the major part of this responsibility. However, as we enter the electronic society, parents are often uninformed about IT and therefore poorly placed to take this role so schools must take the responsibility. In order to do this, resources must be allocated, a curriculum developed, teachers trained, and teaching materials developed.

Computer Education in Hong Kong

In the early 1980s Computer Education was introduced as a new subject in Hong Kong schools as a new subject in the curriculum. Almost all secondary schools now offer Computer Literacy to junior form students age 12 to 14 and Computer Studies to senior form students age 15 to 16. Computers have not been used across the curriculum, nor in the area of CAL/CAI (Computer-Assisted Learning /Instruction). Over the years Hong Kong has advanced from a developmental phase to a popularisation phase in the use of Information Technology to assist schools in administration and management. In the development phase of over a decade individual schools produced their own Computer-Assisted School Administration software in an uncoordinated manner.

The popularisation phase arrived in 1993 when the Hong Kong government started a centralised approach to implement the School Administration & Management System (SAMS) in about 1,300 schools across the Territory. Schools will soon be provided also with access to the Internet by the government. Whether there was conscious planning for capacity building for IT in Hong Kong is a matter of doubt. The path taken in Hong Kong is traced and a major question raised is whether that path is unavoidable when developing countries are building their capacity for IT in education or if there could be quantum leaps bypassing the starts and fits of earlier implementers.

Hong Kong's use of IT in education is primarily technology driven. No proactive planning has occurred nor is there an IT policy for education. The strategy of introducing computers as a teaching subject in secondary schools followed by the introduction of SAMS territory wide has been driven by technology.

Hong Kong's use of IT in education has increased over the past ten years. Though lagging behind business organisations, IT applications and developments are moving forward at all levels of education. Four different application and development areas of IT in education are ITEM (Information Technology in Educational Management), CAL/CAI (Computer-Assisted Learning/Instruction), Computer Studies and TSS (Teacher Support Systems). The Hong Kong Government introduced Computer Studies into the secondary school curriculum in the early 1980s but only started an Information System Strategy for computerised administration and management in 1993.

Education In Hong Kong

Education in Hong Kong has expanded rapidly over the last decade. Compulsory education up to the age fifteen was introduced in 1978 and there are now approximately 900 primary and 400 secondary schools in the territory. The school system is centrally controlled by the Education Department of Hong Kong. Over 90% of students who finish the compulsory stage of education continue to secondary schools or technical institutes that provide vocational training and 18% of students have opportunities for further studies in university degree courses.

Computers have been used by the central Education Department since the 1970s for allocating school places to students at age 6, 12, and 15. The Joint University Admission Scheme also uses computers to keep track of student admissions. The Hong Kong Examinations Authority, responsible for administering the public school leaving and advance level examinations, has had computerised administration.

Higher education institutes introduced Computer Science courses in the 1970s. Today IT related departments and courses are common and popular in local universities. The Hong Kong Academic Research Network (HARNET), administered by the Joint University Computer Centre (JUCC), links the universities to share information and resources - library resources, for example.

Computer courses in about thirty secondary schools began as pilot projects in 1981. In August 1997, over 90% of secondary schools offered computer studies in their senior grades and students can take public examinations in the subject in the Hong Level Examination (HKCEE). Many schools also offer Computer Literacy courses to their junior secondary students but there was no government supported computer education in primary schools.

Teaching computers as a subject in secondary schools is the easiest and cheapest way to introduce the technology into an education system because it is not that difficult to put forward justifications to policy makers to get resources but only a small percentage of the teaching force has an opportunity for staff development in IT.

Now a huge effort is required to train staff as the government is implementing the computerised School Administration & Management System (SAMS) project across the Territory. Putting computers into secondary schools for teaching has benefited teachers as many schools develop administrative uses for their computers. The less fortunate primary school teachers do not have such an opportunity and most of them are computer illiterate if not resistant to IT.

Applications Of Information Technology In Hong Kong Schools

IT in educational management

Computerised school administration is common in Hong Kong secondary schools. According to Fung's 1991 postal survey over 85% of secondary schools were using some form of computer-assisted school administration.

School Administration & Management System (SAMS) in Hong Kong

In September 1993 the Hong Kong Government initiated the use of computers in educational management on a territory wide basis when it adopted an Information Systems Strategy (ISS) for the Hong Kong Education Department.

Computer-assisted instruction and learning

A study by Gilmore reveals that teachers using computers in their teaching had increases in confidence and used IT to provide cognitive and social benefits for students. They believed that both Computer-aided Learning (CAL) and Computer-aided Instruction (CAI) are important in the learning and teaching process. Regrettably the Education Department has no policy for CAL and this area is very much undeveloped in Hong Kong.

Lacking a government policy, the use of computers across the curriculum is virtually non-existent in Hong Kong schools. Individual teachers and students might be using imported CAI or CAL packages but except for several CAI packages that come with textbooks produced by publishers, little CAI/CAL material is locally developed.

Teacher support systems (TSS)

The concept of Teacher Support Systems (TSSs) - IT used to support teaching - is not new. In Hong Kong two TSS projects currently in development limit access to teachers from selected schools. TELENEX was started by the Teaching of English Language Education Centre of Hong Kong University in 1994 in support of English Language teaching . CLTSS, for teachers of Chinese Language, began development in April 1995 at the SAMS T&R Unit of the Hong Kong Baptist University. Both projects are funded by the Language Fund of the Hong Kong government. Technical operation of the two networks are similar.

Preparing for the Internet

With the advent of the Internet and the World Wide Web a new era begins. The Hong Kong government provided schools with one Internet access account in 1997. Recent studies in America suggest that there are now more than 100,000 E-mail accounts in the USA on state educational networks and approximately 600,000 students networked through private and grassroots initiatives . Expert opinion estimates that by the end of the decade, there will be 3 to 5 million networked students in the US.

The technology for building Chinese websites is growing more mature and, given time and resources, schools across the Hong Kong territory will be able to access a CLTSS website with hypertexts and multimedia capabilities.

Partnership with the Other Sectors

Given that Hong Kong's school system has been overly centralised, the government bore responsibility for resourcing all schools in the public sector with standard equipment.

Policy makers need to be aware of the impact of IT on the society at large and on education in general to prepare students for the 21st century. A vision must be developed and an integrated IT policy to support school management, teaching, and learning must be implemented.

IT Curriculum

Has ethics, safety and security for IT been addressed in the existing school curriculum in Hong Kong?

The closest information that can be found is in the Guidelines on Civic Education in Schools composed by the Curriculum Development Council in 1996. There is a section written for students that take up Computer Studies (see Appendix A) which outlines the issues to be addressed at each student level.

Guidelines on Moral Education in Schools that was published in 1981 has general moral education guidelines on general ethics, but there is nothing particularly written for the IT era.

Guidelines on Sex Education in Schools that has been revised recently also have mention Pornographic materials in general, but do not have guidelines relating to Information Technology. Although it could be said that IT is merely the access route so there is no need for special guidelines, this ignores how the Internet will make a wide range of material available inside the classroom.

Information Technology for Quality Education and the Five-Year Strategy 1998/99 to 2002/03 committed by the Chief Executive announced in his 1997 Policy Address and aim to have 25% of the school curriculum taught through IT in five years' time. This is obviously taking IT beyond the narrow confines of Computer Studies students and, in view of the present situation, there is a insufficient guide to educators and students in the ethical and security issues in IT and the Information Superhighway.

We need clear guidelines to position IT across the Curriculum with sufficient consideration on Ethics, Safety and Security for every IT users in schools.

Scope of the Subject

The areas of ethics, safety and security are closely linked and include many issues that interrelate in a complex manner. We should look at these in terms of protecting children, preparing children to be adults and protecting society from irresponsible children.

Copyright: Pirate Software

It takes ones understanding and appreciation of other people's work and effort of the original creation to respect Intellectual Property. It also takes some reflection to imagine the problem created for the society and future world if we do not respect Intellectual Property. When we were a child, we were taught not to copy other people's work, not just because it is not good for our own ability development but it is also important for building a foundation of honesty. With advancing technology, it is easier and easier to plagiarise. Along this line it is valuable for students to understand how copyright affects us, the scope of copyright and how it extends to computer programs, electronic information and the Internet; how to get a license or permission to copy; and how long does copyright last.

Viruses

Computer Virus "infection" causes a common problem to nowadays computer systems. A virus is a self-replicating program created to cause intentional disruption, damage and sometimes total destruction of all data on a system. With the Internet opening up communication, viruses can easily be downloaded onto ones machine. They can also transfer themselves onto ones computer system with many other means, it is important for students to know how to protect themselves from viruses and what to do if they are infected.

Viruses are written by people, once it is written it is not entirely up to the author if it spreads and causes problems. Students should be taught of the potential problems caused by computer viruses and take up values of not writing them, or modifying existing ones or distributing them for any purpose, nor to approve or condone such activities.

Protecting and using electronic identity

An electronic identity is some way of authenticating ourselves, which could be as simple as a username and password, but also includes public key / private key pairs and other methods. We are all gaining many such identities, and students need to learn how and why to use them in a safe, secure and responsible manner.

When not to use an identity is also important - in some forums it is acceptable to be anonymous. When using an electronic identity on line, people can collect information related to your identity. The Personal Data (Privacy) Ordinance gives us rights about how data about us is collected and used, anonymity can help us protect those rights. It also protects us against spammers, but, paradoxically, protects the spammers from us too. There is also an issue with defamation and anonymity.

Unauthorised access (hacking)

Preventing hacking is an area in which children should be prepared for their future - they are not likely to have information or systems access an attacker would want, unless it is other children attacking. For most students, learning about preventing hacking is mostly at the level of protecting your identity and following system administrators instructions, but more technical detail may be required for computer studies students. The ethics of why hacking is wrong is linked with concepts of property, ownership and malicious damage.

Personal safety

Paedophiles have utilised the Internet for various purposes including contacting and manipulating children, so appropriate preventative measures should be taken. This could cause problems with other areas, for example, if we are teaching children to use public key / private key cryptography to secure email, could a paedophile take advantage of that to send messages which could not be monitored?

A lot of the content on the Internet may be unsuitable for children such as pornographic sites, racism or harmful advertising practices. Content blocking software offers some protection, but it may fail to stop all bad material, it may stop acceptable material, and methods for uninstalling or disabling it may be available on the Internet.

Crimes in Cyberspace

IT can also be the “location” for more familiar crimes, such as theft and fraud. The way the Internet crosses legal boundaries also gives a new complexity to some issues, like Internet gambling. These will be issues for ordinary students and computer studies students.

Children as a Security Threat

We tend to think of education as a preparation for life and somewhat isolated from the real world but IT is one area where children can and have become a notable threat to businesses and other organisations.

Solomon identified the computer underground as being involved in Hacking, Phreaking, Carding, Anarchy and Viruses, and largely consisting of teenage boys . Hacking in this context is illegal remote access. Phreaking is telephone abuse - making long distance and international calls by using company's out-diallers, or directly tricking phone company systems. Carding is credit card abuse. Anarchy is a collective word given to anything that may be justified on political grounds. A good example is a text file on how to make a pipe bomb or steal cars. Such files seem to be exchanged as an expression of revolt rather than for their practical use. Viruses are, of course, self-replicating computer programs.

Although some of activities are criminal, they should be put into some perspective. Not all in the computer underground do all these things, in fact, antagonism exists between various groups - hackers often regard virus writers with contempt, and carding may be seen as criminal or stupid by others. The impression of the computer underground is of a teenage gang of boys, trying hard to impress their peers, defying authority, having fun and generally behaving in the way that boys of 18-25 have always behaved. When compared with some other "youth gang" activities, such as Triads or football hooligans, the computer underground does a lot less damage and are unlikely to end up as professional criminals. However, there are more acceptable groups that youths can join, the Scout Association was formed, in part, for this reason and Solomon has recounted his own wild youth as a bridge club member9. In studying computer virus writers, Gordon found that they were not as sometimes characterised, evil, depraved or sociopaths, but in fact they showed a range of ethical and moral development within the norms of their age groups . In a follow-up and expansion of the original study, Gordon again found that the subjects were following normal patterns of ethical and moral development.

An unusual insight into the world of the virus writer is provided by Mike Ellison, formerly "Stormbringer" , , and ex-virus writer who gave up four years ago after one of his creations got into the wild and a panicked user called him. He started programming in LOGO, and later taught himself assembler. He began analysing then writing viruses, "My motivation remained purely knowledge until Mark Ludwig's contest - when I began to enjoy the reputation I was getting". He characterises the virus writing groups he was a member of as "just a group of friends with similar interests". He claims that he never intended to harm people, and, when his parents learnt of his hobby they were supportive, provided that he did not release the viruses he wrote. Mike's attitude since he was contacted by a victim has changed, "Nothing I did was illegal (at least in the US), nor was it intended to harm anyone. I was negligent, yes". This example highlights various points: programming skills allow virus writing, parents may not understand the issues enough to guide their children appropriately, peer groups and reputation are an important part of the development and virus writers usually give up as they mature.

The popular press and films have sometimes picked up on the idea of children as a security threat and have glamorised computer criminals and crimes. The press sometimes refers to "Computer Whiz-kids" and child-geniuses outwitting security experts, idolising them. In films, Wargames and Hackers depict teenage hackers. "Wargames" (inspired by a real-life hacker incident) shows a teenage hacker beating the best military experts, and the more recent "Hackers" shows a group of "Good" skateboarding teenage hackers foiling the plans of an adult "Evil" hacker. Other films confuse the boundary between right and wrong in computer security: in "The Net", the villain is foiled by a virus, and in "Independence Day" a virus is used again, this time to prevent alien invasion and save the world (despite the unlikelihood of alien computers being compatible with current earth operating systems or even of being able to run earth programs). "Johnny Mnemonic" is a representative of the Cyberpunk style of science fiction which depicts a near future of ultra-powerful, amoral corporations, street gangs and electronic warriors. In that world, hacking, data theft and viruses are not merely common, but almost essential tools for survival. The glamorisation is typical of the film world treatment of many subjects, where, for example, guns only run out of ammunition when convenient for the plot, and imagination and fantasy are normal, healthy human activities. However, with computers and networks it is, perhaps, easier to loose the difference between reality and fantasy: if the victims are never met, and all interaction is via the same computer used for video games, how real are they?

This is where an appropriate school curriculum can help in reducing security threats from children, by introducing the reality of what can happen and the ethical issues involved.

Empirical Studies and Teacher Preparation

Empirical Studies

Two pilot studies were performed on small groups of tertiary year 1 students and primary and secondary teachers.

Student Survey

The first survey was performed at an orientation camp for new students organised by a Information and Systems Management Students’ Society. Having just progressed through it, they represent the results of the primary and secondary education systems. The survey was first performed in 1997, results from a repeat in 1998 will be added to the presented version of this paper and the questionnaire and a summary of the responses is in Appendix B.

From the 1997 results, 25% were the victim of a virus, one (3%) was the victim of a trojan horse, and cracking or data theft were not reported. The majority of the students thought data theft (Yes: 75%, No: 6%) and cracking (Yes: 56%, No: 17%) should be a crime, but were less certain about knowingly spreading (Yes: 47% No: 25%) and writing (Yes: 47%, No: 31%) viruses, and thought unknowingly spreading a virus (Yes: 3%, No: 78%) and spreading a trojan (Yes: 25%, No: 31%) should not be a crime. Note that under the Computer Crimes Ordinance, knowingly spreading a virus or trojan, cracking, and data theft are probably crimes, while unknowingly spreading a virus or writing a virus are probably not crimes.

The third question asked if the student had ever committed any of these acts. One person admitted to knowingly and unknowingly spreading a virus, cracking and data theft. She had ten years PC experience and four years Internet experience. One person admitted writing and unknowingly spreading a virus, he had ten years PC experience and five years Internet experience. A third person admitted knowingly and unknowingly spreading a virus, she had two years PC experience and no Internet experience. Two other people also admitted unknowingly spreading a virus. Some concern must be raised by the fact that, even in this small sample, there are two people who could be computer criminals under Hong Kong law, and a third who has written a virus (which can certainly be classified as a dangerous activity). Two of these three were the most experienced of the group in PC's and the Internet. Two of these three were female, which is unexpected given the popular stereotypes of the computer underground and other reports9,10,11.

Just three respondents had ever done on-line shopping, two of these said the shop had a security system, but the great majority of the others (79%) expected to do on-line shopping in the future.

The group ranked the importance of security threats in the order viruses, data theft, cracking and trojans. Given that a quarter had been the victim of a virus, it is understandable that this was ranked first.

Teacher Survey

The second survey was performed on Head Teachers participating in a course on the School Management software project, SAMS (note that SAMS, being concerned with management, not teaching, is unrelated to the objectives of this paper, but it was a convenient gathering of Heads to survey). The objective of this was to evaluate what the current position is in schools. The questionnaire and a summary of responses is in Appendix C.

Thirty percent did not currently have computers for student use, and twenty percent had less than ten but 97% expected to have computers for students in six months. Twenty percent expected to have over 50 computers. The maintenance was usually the responsibility of a computer teacher (45%), but in 19%, no-one had responsibility. Most do not have an Internet connection (55%) yet. Where there was an Internet connection, responsibility for controlling it's use fell to the computer teacher (85%). Content blocking software was known to be in use in only 21% of those with an Internet connection. There were two known incidents of misuse of the Internet connection (14% of those with an Internet connection: "supervision" and unspecified) and three known cases of computer misuse (11%: "supervision", "too much time spent" and unspecified).

Using the frequency of citation to rank the teacher's security concerns gives, from highest to lowest: Confidentiality of school information, computer viruses, confidentiality of student work, students accessing inappropriate information, theft or vandalism of computer equipment, students attacking the school's systems, and, finally, students attacking outside systems.

Section B of the questionnaire was for parents of school students. Ninety-two percent of parents had a home computer used by their children, and 38% could connect to the Internet. None used content blocking software and there were no known incidents of mis-use of the Internet. There was one known incident of mis-use of computers, namely "playing games".

Conclusions and Areas for Further Investigation

As these were both small-scale studies of limited groups the conclusions must be limited. The types of computer misuse cited by teacher/parents were minor, but some of the students had been involved in serious misuse. The difference might be due to the difference in the detail of the questions and that the University entrants are, by definition, older than the school students being reported on, but there is the possibility that teachers and parents do not know the detail of their students and children's computing activities. This could be investigated by more detailed anonymous questionnaires. Unfortunately, a matched study of teachers and students would probably result in unreporting by students if they did not trust the confidentiality.

None of the parents and only 21% of the schools used content blocking software, which raises concerns about students accessing inappropriate material. The student survey could be improved by adding questions about inappropriate content.

Recommendations

Teaching all children about IT ethics, safety and security will become increasingly important as computers enter schools and society more. These recommendations suggest how to approach this, and on how to prepare teachers for this task.

Raising Awareness

Awareness of ethics, safety and security in IT should be raised in educators, parents, children, policy makers, and society in general. We wish these groups to appreciate the importance of the subject in: preparing young users for the IT environment, protecting young users from potential abuses and danger and preparing teachers with the knowledge and resource to handle these issues at school.

Establishing a Curriculum

Like other subjects in Hong Kong Education, reference should be made to the spiral curriculum, in which topics recur at increasing levels of conceptual complexity corresponding to students’ ages. In other words, contents listed under earlier stages of education need to be discussed again, at a different conceptual level, at a later stage.

The issues should be addressed across the School Curriculum and not restricted to Computer class and also not restricted to computer study students. There are relationships between some of the issues and non-computing issues, for example, not copying other people's work, honesty, respect for property, ownership, integrity, and trust. This means teachers should be encouraged to include examples from Information Technology when discussing these topics. That is introducing IT examples or cases into Moral and Civic Education across the curriculum. Even if the teacher has nothing to do with IT and never use a computer him/herself, s/he should be able to draw from IT for examples. Effort can also be put in identifying or planting syllabus topics related to this subject (e.g. Language, General Science, Social studies, Religious studies/ Ethics, and Liberal Studies).

Empowerment

The curriculum should be empowering students with the knowledge on how to be safe and secure, and to be able to select and determine the appropriate type of information from different sources.

Computer Studies

For the computer studies students, we can expect that some of them would be computer enthusiasts, that would learn a lot faster than their teachers. They would therefore be the most at risk of becoming hackers or virus writers, as they seek to show off their abilities and to impress their peers. We wish to redirect their youthful energy into more acceptable demonstration of their skills (for example, the Demo scene , ), encouraging computer clubs and giving them direction could assist.

Priority

We wish to see ethics, safety and security in IT being taken as a high priority among all the issues concerning IT in education, such as Teacher training, co-ordinating furniture and computers to create IT environment.

Resources and Training

We wish to see the government to allocate resources and special units to lead and co-ordinate the required things to do. These will include integration of the topics in teacher training to establish a long-term improvement. The composition of Teaching Kits and Learning Packages; providing useful references and contact points will be of more immediate benefit to existing teachers.