DWThe landscape of digital privacy and security within schools is silently changing, with the integration of advanced encryption technologies such as Encrypted DNS, TLS 1.3, and Encrypted Client Hello (ECH). While these represent progress in the march to enhance user privacy and cybersecurity, at the same time they present potential challenges to the statutory safeguarding expectations in England. This article aims to unpack these challenges and explore the implications for schools, with a focus on maintaining compliance with specific safeguarding policies.
Encryption and Its Global Importance
The purpose of encryption is to secure data transmissions, safeguarding against unauthorized access and breaches. Encrypted DNS serves to protect the identities of websites visited by users, while TLS 1.3 improves upon the privacy and performance of its predecessors. The "Encrypted Client Hello" protocol is a further enhancement to TLS security by encrypting additional information exchanged during the initial handshake between a client (eg web browser) and server (eg website). This prevents unauthorized parties from intercepting and inspecting sensitive details, thus strengthening the confidentiality and integrity of the connection. Such technologies are integral to upholding the privacy rights of individuals and are embraced globally for their role in safeguarding digital information.
The Challenge in Educational Settings
In England, schools have statutory responsibilities to protect their students online as set out in "Keeping Children Safe in Education" (KCSIE). The increasing use of encryption, however, complicates these obligations. While enhancing privacy, encryption can potentially and unwittingly inhibit schools’ ability to filter and monitor online activities, which is necessary to safeguard against harmful content and ensure the wellbeing of their students and wider community.
Highlighting the Need for Adaptation
The need for robust safeguarding measures in the face of encryption is not speculative. Reports such as those from the Internet Watch Foundation (IWF) and transparency reports from social media giants like Meta underscore the growing challenge. These reports reveal how encryption can hinder the detection of illegal content online, which is mirrored in the challenges schools face in monitoring for such content within their digital environments.
Device Monitoring: A Change in Safeguarding Approach
The advent of stronger internet privacy standards, such as encrypted DNS and TLS 1.3, is generally pushing filtering and monitoring systems towards a shift in their deployment — moving from a network-level (on the Internet connection) to individual device-level filtering (on laptops, tablets etc).
Traditionally, network-level filtering provided a one-stop safeguarding mechanism by blocking harmful content at the school’s internet entry point. This method worked well when the content was not encrypted, as filters could easily scan and identify unsafe material. However, with the onset of encryption technologies, these filters are increasingly unable to inspect the content, making them less effective.
Device-level filtering, on the other hand, offers a more detailed approach by installing protective software on individual devices. This ensures that, regardless of network encryption, inappropriate content can be filtered out directly on the device, providing constant protection that extends beyond school grounds. It also allows for tailored safeguarding that can be adjusted according to the age and needs of each student.
Despite these advantages, device-level filtering brings its challenges. It requires schools to manage a suite of devices consistently and effectively, ensuring that each one is protected. This is a complex task, especially with large numbers of managed devices and /or where there are multiple device types (eg laptops, tablets etc) as each device may require differing deployments and configurations . Additionally, protecting privacy whilst monitoring content is a delicate balance to maintain, particularly under UK data protection laws.
England's approach to internet safety in schools, while unique in its statutory framework, aligns with global efforts to protect children online. The implementation of GDPR across Europe and regulations like CIPA in the United States demonstrate a collective international effort to navigate the challenges of digital safeguarding. In essence, as privacy standards advance, schools must ensure that their safeguarding measures do not fall behind. This means being diligent in managing device-level filtering systems and understanding the nuances of providing comprehensive digital protection in a way that is both effective and respectful of students' privacy rights.
Bring Your Own Device: Complexities in Policy and Practice
Bring Your Own Device (BYOD) policies further complicate safeguarding efforts. These policies must navigate a tightrope of ensuring compliance with school safeguarding standards and not infringing on the personal privacy of students and staff. This requires schools to have robust management systems and policies that are adaptable and clear to all stakeholders. Managing this balance will likely mean that BYOD will become harder to accommodate and therefore diminish.
The UK Safer Internet Centre's Accreditation Scheme
In response to these technical complexities, the UK Safer Internet Centre's filtering accreditation scheme provides a valuable framework for schools to identify filtering solutions that align with these emerging challenges. This scheme offers assurance to school leaders that the solutions they implement are robust enough to meet the safeguarding standards required in the UK, even amidst the changing landscape of internet security protocols.
Policy Development and the Importance of Digital Literacy
For schools, adapting to encrypted online environments involves updating policies, enhancing digital literacy, and engaging with stakeholders. They must develop transparent, enforceable policies that uphold safeguarding duties while respecting the UK's stringent privacy regulations.
Educational technology providers also have a pivotal role in developing solutions that support schools in meeting their safeguarding obligations. These providers are innovating with machine learning and AI to detect patterns of behaviour that may indicate risk, thus offering a new layer of protection that is compatible with encryption.
Technological Evolution and Its Future Impact
Looking to the future, emerging technologies like quantum computing could dramatically alter the encryption landscape. Schools must remain proactive and adaptable to these advances, ensuring they can continue to safeguard students effectively.
As schools confront the complexities introduced by advanced encryption standards, they must balance their statutory safeguarding responsibilities with the evolving landscape of digital privacy. By utilizing accredited systems, fostering an informed school community, and continuously adapting policies, schools can strive to maintain safe educational environments that both protect and empower their students.
References:
- Keeping children safe in education - GOV.UK (www.gov.uk) UK Data Protection Act
- UK Safer Internet Centre's Filtering Accreditation Scheme
- Internet Watch Foundation (IWF) Reports
- Meta Transparency Reports
- General Data Protection Regulation (GDPR)
- Children's Internet Protection Act (CIPA)
