LPS cares deeply about protecting students.
We go to great lengths to protect them physically. This is evident in many ways; secure entrances, background checks on staff members, regular drills to prepare for dangerous situations like tornadoes, fires, intruders, or other disasters, and much, much more.
It’s important to us that you also know that we also care deeply about protecting our students DIGITALLY. We go to great lengths to make sure that the interactions a student is having online are safe and appropriate, that the data we collect about them as they go through school is securely held, and that we are helping students to continue to make good digital decisions when they are not under our watchful eye. These digital efforts are often less visible than our physical security efforts, so we assemble the following information to increase awareness of these important measures that are happening in LPS every day.
If you are left with questions about our data security practices in LPS, please reach out to us through ConnectNow by selecting Technology Services as your category.
There are many “layers” of digital protections that follow your student as they go through their day. It is easier to understand them if we break them down by layers of protection & caring. We will start with some Federal statutes that protect all children and their data in America.
Rights and Privacy Act
20 U.S.C. § 1232g; 34 CFR Part 99
Protects the privacy of student education records. The law applies to all schools that receive funds from programs of the U.S. Department of Education.
Privacy Protection Act
20 U.S.C. § 1232g; 16 CFR Part 312
Imposes requirements on operators of websites or online services that collect personally identifiable information from children under 13 years of age.
47 U.S.C. § 254
Requires schools to have a web content filter limiting children’s access to obscene or harmful content and a plan to educate students on topics of digital citizenship.
Computing Services is happy to present about the many different ways in which we strive to protect students digitally with the same level of effort we protect them physically. Much of the information on this page is contained in their presentation.
If you are interested in having a Computing Services staff member share this slide deck with your teacher, parent or community group please reach out via the ConnectNow! tool and select “Technology Services.”
After addressing the Federal statutes we move closer to home. Following are a number of different school district initiatives, tools and supports to protect all of our students in LPS.
Chief Technology Officer
Computing Services (CS) is comprised of 60+ staff members grouped into functional work teams. Information security and IT governance are amongst the areas handled by our Chief Technology Officer (CTO).
Chief Technology Officer
Information Security Officer
As a testament to our commitment to data security in LPS, we were the first school district in Nebraska and one of the first in the country to hire a full time Information Security Officer (ISO). Our ISO manages and oversees the use and security of LPS data, and plays a key role in the development and implementation of data security rules and guidelines.
Information Security Officer
Board of Education Policies
The LPS Board of Education regulates professional performance and student expectations through Policies & Regulations that are enforced by the departments of the District and building Administration. LPS Policy around the digital safety & security of students is primarily found in the following areas:
The CTO coordinates the efforts of nineteen school and district committees who collectively contribute to the development of goals and principles that define how information technology rules, procedures, practices, resources and architectures are established, deployed, managed, secured and maintained.
IT Rules & Procedures
LPS information technology rules (ITR) and information technology procedures (ITP) for staff members describe responsible use and/or expected behavioral norms related to District technology resources. All staff are expected to annually acknowledge that they have reviewed posted rules, procedures and practices.
Instructional Technology Tool Selection
A strategic component of the ongoing data security work in LPS is an Instructional Technology Tool (ITT) evaluation process. Buildings and teachers who wish to use tools that use or store LPS student data must select a previously approved ITT, or request that the ITT committee review the new tool.
The Matrix catalogs applications, extensions, websites and other digital tools reviewed by the District ITT Evaluation Committee. This matrix provides school leaders and teachers with additional information connecting research-based instructional strategies, tool functionality and curricular connections. After identifying an instructional need, teachers and school leaders are encouraged to review the LPS ITT Matrix when considering Instructional Technology Tools.
In an effort to make it easier and more secure for teachers to get students logged in to those web services, the district has set up the student Chromebooks to start at a site called “The Portal”. The Portal includes a button that takes students directly to approved web services, and passes their credentials to most services in a secure manner.
Web Content Filtering
Based upon CIPA guidelines, LPS maintains and configures an “Internet Content Gateway” (aka: the web filter) that applies to all devices in LPS. Staff devices are filtered while on the LPS network. Student Chromebooks are filtered everywhere they go, including school and home use. Filter considerations include:
- Sites that allow for circumventing of web filters (Anonymous Proxies)
- Access to sites that directly support instructional objectives and outcomes.
- Bandwidth maintenance
- BoE Policy enforcement
- Uncategorized sites
LPS has implemented an identity management environment that allows staff and students to use their LPS username and password to access approved ITT capable of Single Sign-On (SSO). Only ITT capable of SSO are approved, meaning that any ITT that requires students to manually “set up” an account may not be used. The reason for this ‘SSO only’ parameter is to significantly reduce the variability in ways that students login to services they need to use, thus creating greater security and decreasing wasted time in class with different logins & passwords.
One of the many steps LPS takes to better secure the data of our students and employees is multi-factor authentication (MFA). MFA is an extra step in the sign-in process whenever LPS staff are accessing tools while away from their building. They must successfully present two or more pieces of evidence (factors) that they REALLY are a person who should be able to access the system. The first factor is the username and password they usually use. The second factor is a one time code sent to a device they have registered with the District.
The proliferation of “social engineering” attacks directed at staff members requires ongoing training on identity access. LPS attempts to provide natural training opportunities for staff about phishing and spam tactics. One way we do this is by delivering our own “phishing” messages to LPS employees that help us learn lessons about these tactics in a safe way.
Each individual building has processes and expectations set & modeled by Principals and staff. A few of the common ones are shared here.
Legally, parent permission is required before any device may be assigned to, or used by an LPS student. This includes all building technology and all access to online systems, with the exception of required LPS and state assessments. This is accomplished by asking parents to sign a “Parent Acknowledgement (PA) of Instructional Technologies” once each in elementary, middle, and high school during the enrollment or online registration (census form) process.
The Parental Acknowledgement document serves some important purposes for LPS:
- This acknowledgement is part of our agreement with the parents of the minors in our care regarding digital identity, data privacy, and information security at LPS.
- It clearly indicates to parents that their child will be using devices in the school building that can access the internet.
- The signature of the parent serves as the parent’s consent to allow LPS to manage which ITTs (Instructional Technology Tools) may gather PII (Personally Identifiable Information) about their child, per COPPA, FERPA, PPRA, and other Federal and State laws.
- Establishes that use of the devices is a privilege and students must demonstrate appropriate caution and responsibility when using them.
LPS has a list of Key Concepts that are taught to all K-12 students from within the existing courses. Teachers use lessons, digital games, and other materials to help students tackle cyberbullying, internet safety, and other digital dilemmas head-on within common LPS classes. It includes materials from a number of sources, including Common Sense Media and Google’s ‘Be Internet Awesome’ program.
LPS stresses the importance of password security with students. If a student feels that another student knows their password, they should enter a help ticket and/or ask a trusted adult for help resetting their password IMMEDIATELY.
Student tickets can be entered by clicking the “StuHelp” button in the portal.
However, parents SHOULD have access to their minor student’s password so that they can sign in and see exactly what their student’s digital learning experience & tools look like.
Ask your student to share their password with you. Even better, ask them for a tour of the digital tools they use for school.
Contact your school to get your student’s password if needed.
LPS provides a number of teacher tools (and the training to use them) that can be used to monitor and maintain a safe classroom environment.
Each student in LPS has access to a Computing Device. Use of the device is a privilege and students must demonstrate appropriate caution and responsibility when using it. Depending upon your grade level, this process looks different. The language and instructional processes used are age appropriate.
- Kindergarten – 5th grade students review & sign an RUA each year (in age appropriate contexts) prior to using classroom Chromebooks. The RUA is used by teachers to frame proactive classroom discussions that instruct students about appropriate behaviors when using devices and network services in the classroom setting, as opposed to behaviors they may express when using devices in a personal (home) setting. Digital citizenship lessons also address student ownership of personal behaviors and the consequences that can arise from them.
- 6th-12th grade students acknowledge the RUA each time they sign into their Chromebooks, along with digital citizenship lessons in various classes. You can review the RUA that secondary students abide by here.
The RUA serves to encourage alignment with PBiS protocols as a Tier-1 Universal Support for setting building expectations around the use of devices in all classroom settings across the building.
Hāpara Highlights is a Chromebook activity monitoring tool. It allows teachers to proactively set up an appropriate tab environment on student Chromebooks so that the whole class is looking at the right web page at the right time. It also features the ability to focus student work to specific browser tabs, as well as eliminating distractions during work time.
- Hāpara does not allow teachers or any other LPS staff the ability to control student Chromebooks when they are off of the LPS network.
- Hāpara does not allow teachers or any other LPS staff the ability to access the camera on student Chromebooks.
Safe Searching Tools
Not every search should be a “Google” search.
LPS Students and staff have access to a library of high quality digital content linked from your school building’s library media web page. This content is available from school or home.
Digital resources provided there are appropriate for emerging readers all the way through college bound students, including read-aloud and translation features.
- eBooks (Fiction & Non-fiction)
- Encyclopedias in three languages
- Databases of periodicals, newspaper and reference resources
- Streaming video, audio. newsreels, sound effects, music tracks, and images
- Historical, genealogical and census information
- Research bibliography and note-taking tools
You’ve probably heard some horror stories from the internet or national news broadcasts about “zoombombing” and other security concerns that come along with remote learning. You should know that LPS is not using the free version of Zoom, so we can set our students’ environment up to be more appropriate for our educational uses. This has been our practice for many years prior to COVID-19 related remote learning, and continues to be the case. For example:
- Because of an integration with our student information system, student meetings are uniquely generated by period and require LPS credentials to join.
- Meetings begin with a waiting room enabled. This puts the teacher in control of who is admitted to their meeting room, and when.
- Private chat between meeting guests (students) is turned off. Students can chat with the host (teacher) but not with each other.
- Screen sharing is limited to the meeting host (teacher). A teacher can choose to allow student screen sharing.
These changes (and a handful of others) dramatically reduce the likelihood that obscene disruptions could occur in our environment.
LPS stays alert to Zoom’s recommendations around best practice for enterprises of our size and type. In consultation with our curricular and instructional specialists, we regularly adjust settings and update teaching staff with improved strategies to boost student engagement and maintain a secure learning environment.
Staff who host Zoom meetings for LPS (with students, parents or with other staff) are required to use their LPS Zoom account. It is not optional. LPS provisions each staff member with a paid & licensed account that is part of our “enterprise” in Zoom. This strategy allows staff members to inherit security settings LPS has adjusted and provides features that do not come with free Zoom accounts.
Security in Google Apps for Education
Google Workspace for Education is the primary productivity tool set available to LPS students. Teachers and Administrators have observed many opportunities to efficiently collect, reference and analyze information in Google for Education. Many documents that have always existed on paper to formatively assess individuals or analyze classroom or building data in aggregate has been made digital within this tool.
Furthermore, all LPS students in grades 2-12 utilize Chromebooks for many learning opportunities, and Chromebook data and accounts are managed by Google. Considering this, it is important that we look carefully at the security practices of the company and it’s tools.
The tools that we refer to as “LPS Google Docs” exist in an environment that Google refers to as its “Workspace for Education.”
Tools in an educational domain like ours are held separate from the same tool sets made available to businesses or the general public. They are also ad-free and provide unlimited data storage. Only verified educational institutions can participate in the “Workspace for Education” program.
Keeping the Education version of these apps separate allows Google to maintain different licensing, terms of service, and privacy standards than those that apply to the business or general public’s tools.
We present the most commonly asked questions below, as well as a list of resources that will allow you to look deeper into any issues of privacy or security on your own if you are so inclined.
Who owns the content produced in Google Workspace for Education?
The Google Apps Terms of Service contractually ensures that your institution (or students, faculty, and staff) are the sole owners of their data. Your content belongs to your school, or individual users at your school. Not Google.
Who can see our content?
Google does not look at your content. Google employees will only access content that you store on Apps when an administrator from LPS grants Google employees explicit permission to do so for troubleshooting.
Who is our content shared with?
Google does not share your content. Google does not share personal information with advertisers or other 3rd parties without your consent.
Google complies with applicable US privacy law, and the Google Workspace for Education Terms of Service specifically details obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations.
Is Google Workspace for Education FERPA compliant?
The Terms of Service for Google Workspace for Education specifically address this question as follows:
The parties acknowledge that (a) Customer Data may include personally identifiable information from education records that are subject to FERPA (“FERPA Records”); and (b) to the extent that Customer Data includes FERPA Records, Google will be considered a “School Official” (as that term is used in FERPA and its implementing regulations) and will comply with FERPA.
How is student Chromebook data used?
Google’s systems do compile and collect data from Chromebook usage, but it is only used after the information has been completely scrubbed for information about individual education users. This data is used to improve the services they provide.
LPS has specifically disabled “geolocation services” on student Chromebooks. (See ‘Is Google tracking the location of the Chromebooks?’ below.)
Are there ads in Google Workspace for Education?
No. There are no ads in Google for Education core services and we do not collect or use student data for advertising purposes or create advertising profiles. K-12 Google for Education users also don’t see ads when they use Google search while signed in to their Google for Education accounts.
Where is your content stored?
Our data is stored in Google’s network of data centers. Google maintains a number of geographically distributed data centers, the locations of which are kept discreet for security purposes. Access to data centers is very limited to only authorized select Google employees personnel.
Is your content safe from others when it is running on the same servers?
Yes. All user accounts are protected via virtual lock and key that ensures that one user cannot see another user’s data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications.
Google Workspace for Education has received a satisfactory SSAE 16 Type II audit. This means that an independent auditor has examined the controls protecting the data in Google Apps (including logical security, privacy, Data Center security, etc) and provided reasonable assurance that these controls are in place and operating effectively.
We are often asked about safety & security topics that parents should know or be aware of. Here are a few things that we’d like parents to know.
VPN use by students
We would like to take a moment to make Parents aware of VPNs (Virtual Private Networks), a technology becoming more commonly used amongst middle and high schools students in Lincoln Public Schools.
If you are unfamiliar with VPNs, they are a software tool (in many cases a phone app) that allows you to “tunnel” in and out of networks unseen. When a trusted VPN is used appropriately, it is a security tool that can shield your personal data from potential hackers.
In order to comply with Federal regulations and to provide a more focused learning environment, LPS does everything possible to limit internet traffic on our WiFi and our LPS provided Chromebooks to educational resources. LPS students often use VPN tools on their personal devices (cell phones brought from home) in order to bypass the LPS content filters.
Students are unable to install VPN software on an LPS Chromebook, but we want parents to be aware of a few of the potential dangers in allowing your student to use a VPN on their personal phones to hide their internet traffic:
- Should a student be in a life threatening situation in which police needed to track their phone to locate them, this would be made impossible.
- When students are obscuring their cell phone use from parents, it makes them easier targets for sex trafficking or other dangers.
- A VPN server is usually located abroad and free ones can be used to steal the very data they claim to be protecting.
- A free VPN tool runs on advertising. The types of ads they target to their users are often not appropriate for minors.
- Free VPN traffic could easily be intruded by malware that infects devices.
There are dozens of free VPN tools available for iOS and Android devices. A sampling of titles is below. If you find any of these apps on your students’ phones, we suggest that you have a conversation with them about why they use the app.
VPN in Touch
Who can see the camera on the Chromebook my child is using?
The Chromebook does not run a Macintosh or Windows operating system. You cannot install applications on the device in the same way that you would on Mac or Windows. Because of this, the Chrome OS is a far more secure platform, and much less likely to be “hacked” by an outsider.
There are no technical tools in use at LPS that would allow teachers or other technical staff access to the camera on a Chromebook at any time, from any location.
LPS teachers and staff use a tool called Hāpara to monitor student Chromebook screens and browsing history while on an LPS network. Hāpara denies LPS teachers and technical staff access to the Chromebook camera at any time, regardless of location.
Is Google tracking the location of the Chromebooks?
LPS has control over whether many of the data points generated through Chromebook usage are collected or retained. We have specifically disabled “geolocation services” on Chromebooks, which prevents Google from seeing the geo-data associated with the “where” of the Chromebook use by students.
LPS and Google can see the IP address (network address) of the wireless network that the Chromebook is using.
I’ve read that the Wi-Fi being used in our schools can cause cancer.
We are not aware of any scientifically significant studies that have concluded that Wi-Fi causes biological harm on a cellular level.
The products we use for our Wi-Fi access points (routers) are evaluated by the vendor to ensure they conform to safety limits adopted by such agencies as the Federal Communications Commission (FCC), the World Health Organization (WHO) , the International Commission on Non Ionizing Radiation Protection (ICNIRP) as well as several others, and are used across the globe.
The IARC – International Agency for Research on Cancer (part of the World Health Organization) has labeled short wave radio frequencies such as those used in wi-fi as “Group 2B.” To give you a little context, Group 2B includes coffee, ginkgo biloba extract, aloe vera, and pickled vegetables. This means that they are possibly, but not probably carcinogenic to humans. In other words, WiFi is just as dangerous as pickles, according to scientists.
If you have concerns, Computing Services would be happy to to do some spot checks in your child’s building to measure the wifi signal strength there, and report those numbers to you. Reach out to us through the ConnectNow link at the top of this web page.
– This response was paraphrased from advice provided by Dan Layton, CTO, Zionsville Community Schools, Indiana.