ISSC331 week 3 forum

timer Asked: Jul 16th, 2018
account_balance_wallet $15

Question Description

Discussion Points:

You are the systems administrator for a for-profit educational institution. The institution’s library provides Internet access, in particular, to students and their children (while the parents are attending classes). Discuss the requirements of FERPA, CIPA, and COPPA in granting rights to an individual under the First Amendment. In addition, you need to explain why you think these laws should outweigh the special rights related to free speech, keeping the good of society in mind.

After your discussion, you need to prepare a summary report. The report should include:

  • Bullet points of the requirements of FERPA, CIPA, and COPPA in granting rights to an individual under the First Amendment
  • Justification for why these laws might outweigh special rights related to free speech

Remember to reply to two or more students to promote interactivity!

Forum Rubric:

Rubric for Learner Posts


Synthesis of concepts in 250 or more words and Well formed conclusions (critical to class performance)


Applications of personal experience


Uses external resources validating position with applicable knowledge


Writing standards: appropriate use of terms, correct spelling and grammar


Participation in discussion, feedback and posting to two fellow classmates 150 words or more - minus these points for not submitting on time.


Total Points:


Unformatted Attachment Preview

Security and Privacy of Information Belonging to Children and in Educational Records S everal laws are in place in the United States to protect children when they are online. The Children’s Online Privacy Protection Act (COPPA) governs how information from children is to be collected and used. If you host a Web site that collects information from children, COPPA applies to you. The Children’s Internet Protection Act (CIPA) protects minors from obscene or objectionable material on school or library computers. These computers must implement technology to filter objectionable content. The Family Educational Rights and Privacy Act (FERPA) protects the privacy rights of students and their educational records. Students and parents have the right to review these records. Additionally, schools cannot release records without the written consent of a student or parent. This chapter begins with a discussion of children and the Internet, and the unique challenges Web site operators face in protecting children. The chapter then provides details about COPPA, CIPA, and FERPA. CHAPTER 5 Chapter 5 Topics This chapter covers the following topics and concepts: • What challenges exist in protecting children on the Internet • What the Children’s Online Privacy Protection Act (COPPA) is • What the Children’s Internet Protection Act (CIPA) is • What the Family Educational Rights and Privacy Act (FERPA) is 121 Chapter 5 Goals When you complete this chapter, you will be able to: • List some of the challenges with protecting children on the Internet • Identify the purpose and scope of COPPA, and describe its main requirements and oversight responsibilities • Identify the purpose and scope of CIPA, and describe its main requirements and oversight responsibilities • Identify the purpose and scope of FERPA, and describe its main requirements and oversight responsibilities Challenges in Protecting Children on the Internet U.S. children ages 8 to 18 spend over seven hours a day using electronic media. This includes television, music, computer use, and video game use.1 Parents, schools, and Web site providers all have different roles to play in protecting children when they are online. It’s not unusual to hear about cases where Web site operators run afoul of the laws that attempt to protect children: • In 2013, a social media company paid $800,000 to settle charges with the Federal Trade Commission (FTC). The company had an app that allowed children to create journals and share those journals online. Children could also post photos and share location information. The FTC alleged that the company violated the Children’s Online Privacy Protection Act (COPPA). The company collected the birth dates of 3,000 children before getting parental permission. • A company that created virtual online gaming worlds agreed to pay $3 million in 2011 to settle charges with the FTC. The FTC alleged that the company improperly collected and disclosed the personal information of thousands of children without parental consent. This is the largest civil penalty so far in a COPPA action. • A student sued a local school board alleging that the school had violated the student’s First Amendment rights. The lawsuit alleged that the school’s Internet filtering software blocked too much legitimate content. In this case, computers in the school library blocked access to Web sites that promoted gay rights, but allowed access to Web sites that opposed gay rights. The student did not challenge that federal law required the school to use filtering software to block obscene material. In 2012, a federal court judge found that the school’s blocking software configuration was unconstitutional. It ordered the school to reconfigure its software to make sure that did not discriminate against different viewpoints. 122 CHAPTER 5 | Security and Privacy of Information Belonging to Children and in Educational Records Although most people agree that children should be protected when they are online, they don’t always agree on how that should be accomplished. For example, some people suggest that a parent should monitor a child’s Internet access and decide if the child’s Internet activities are acceptable. Others suggest that laws should be in place to protect the child even if a parent is not monitoring the child’s Internet use. As you will see in this chapter, several laws have been enacted to protect children. Most of these laws are directed at the Web site operators who provide online content to children. However, even when enacting laws, challenges still exist. These include: • Identification of children—How can Web site operators distinguish between adults and children online? • First Amendment and censorship—When does censoring certain types of content violate the First Amendment? • Defining objectionable content—Where is the dividing line between material that is merely inappropriate for children and that which is truly objectionable? Identification of Children In 1993, the New Yorker published the now-famous cartoon by Peter Steiner with the caption, “On the Internet, nobody knows you’re a dog.” It is just as hard to separate children from adults on the Internet. To protect children, you must be able to identify them. Although you can require identification from restaurant customers to ensure they’re old enough to purchase alcohol, it isn’t easy to require identification when users access a Web site. Most users can easily remain anonymous when they’re online. This creates a problem for Web site operators. Most of the laws that aim to protect children while they are online require Web site operators to be able to distinguish children from adults. Web site operators can use several methods to distinguish children from adults. These include: • Requiring user input—A Web site can require users to identify if they are children or adults. For example, users can select a check box indicating they are over a certain age. They can be required to enter an age or a birth date. This isn’t a foolproof method, however, because people can simply lie about their age. If a child accesses an age-restricted Web site under false pretenses, the Web site operator can still be liable for providing objectionable content to a child. • Requiring payment—If a Web site has material that should be restricted from children, it can require a payment to access the site. Payment can be made using a credit card, a PayPal account, or another method that a child is unlikely to be able to use. The payment may be a nominal fee, such as 99 cents. It could also be a larger fee designed to generate revenue. A payment requirement can be effective because children generally don’t have access to means of payment. 5 123 Children and Educational Records 124 NOTE The Entertainment Software Rating Board (ESRB) is a self-regulating nonprofit that assigns independent ratings to computer and video game content. This includes games available online. The ratings help parents select appropriate games and other content for their children. Web site operators can rate their Web sites according to ESRB so that parental controls work properly. Visit to learn more. PART 2 | Laws Influencing Information Security • Using parental controls—Some operating systems include parental controls. So do many applications. Parental controls allow a parent to restrict their children’s access to objectionable material based on different ratings. • Requiring parental consent—If a child wishes to access a particular Web site, that site can block the child’s access until a parent provides permission. This means that the Web site operator implements controls to verify that a parent is providing consent to access the Web site. First Amendment and Censorship The First Amendment is a part of the Bill of Rights. The First Amendment grants certain rights related to freedom of speech. It also protects freedom of the press and the free exercise of religion. First Amendment issues come into play on the Internet in many different ways: • Individuals online have a First Amendment right to view lawful content, including content that others might find troubling. • Web site operators and other content creators have a First Amendment right to post lawful content, including content that others might find troubling. The U.S. Supreme Court has said that the right to freedom of speech applies to the Internet.2 This means that the government can’t restrict an adult’s access to content on the Internet. However, the government can restrict a child’s access to harmful online materials if the government has a compelling reason to do so. When the government restricts a child’s access to objectionable online materials, other issues are raised. Does it violate a Web site operators rights to force it to censor material because a child might view it? If individuals are required to identify themselves before they can use a Web site, such as proving that they’re not children, does that restrict their free speech? Does it restrict free speech if individuals are required to identify themselves by name in comments on a Web site? If libraries are required to use filters on computers to keep children from viewing objectionable content, does it restrict the free speech rights of adults who also use those computers? Many of these issues continue to evolve within the context of the laws discussed in this chapter. Defining Obscenity The laws discussed in this chapter protect the privacy of children. They protect children from harmful content. For the most part, this harmful content is content that would be considered obscene. Most people agree that children should not see obscene material. However, it is difficult to legally define what obscene material is. CHAPTER 5 | Security and Privacy of Information Belonging to Children and in Educational Records I Know It When I See It A 1964 U.S. Supreme Court case shows the difficulty of defining obscenity.3 In Jacobellis v. Ohio, a movie theater manager was convicted under state law of illegally possessing and exhibiting an obscene film. The state supreme court upheld the conviction. The U.S. Supreme Court later reversed that decision. In this case, the Court agreed that the First Amendment does not protect pornography or obscenity. It disagreed about whether the motion picture was obscene. In the Court’s decision, Justice Potter Stewart expressed the difficulty of defining what is obscenity and pornography. He wrote “But I know it when I see it, and the motion picture involved with this case is not that.” This case was decided over 50 years ago. Yet the challenge of identifying obscenity still exists today. 125 The U.S. Supreme Court addressed this in 1973. In Miller v. California the Court said that for material to be identified as “obscene,” it must meet three conditions. The condi-tions are based on the average person applying contemporary community standards to a review of the material. The three conditions are that the material: • Appeals predominantly to prurient interests—prurient indicates a morbid, degrading, and unhealthy interest in sex • Depicts or describes sexual conduct in a patently offensive way • Lacks serious literary, artistic, political, or scientific value4 NOTE The three conditions for defining obscenity are known as the Miller test. It isn’t always easy to apply this definition. What one person considers obscene, another person may consider healthy. Material that one person finds informative may be deemed tasteless by another. Material that is offensive to one person may be viewed as valuable by another. How a person views material is often influenced by societal, family, community, and religious values. Children’s Online Privacy Protection Act The Children’s Online Privacy Protection Act (COPPA)5 passed in November 1998. It first went into effect in April 2000. COPPA governs how Web sites collect information from children under the age of 13. The Federal Trade Commission (FTC) oversees COPPA compliance. It has the power to make rules for COPPA compliance. The FTC Rule governing COPPA is called the COPPA Rule. This rule was first drafted in 1999. In 2012 the FTC revised the rule to respond to changes in technology. The new rule gives parents more control of how their children’s information is used. The revised rule went into effect in July 2013. 5 Children and Educational Records 126 NOTE COPPA is not the same as the Child Online Protection Act (COPA). COPA was enacted in 1998. Its purpose was to protect minors from access to harmful material on the Internet. However, courts ruled that COPA violated free speech and the law never went into effect. CIPA is similar to what COPA attempted to accomplish and is discussed later in this chapter. PART 2 | Laws Influencing Information Security Web sites must follow specific rules under COPPA to collect and use information from children. There are several important definitions in the COPPA Rule: • Child—Any person under the age of 13 • Parent—The legal guardian of a child • Operator—A Web site operator, or operator of an online service, who collects or maintains personal information about users Purpose of COPPA The primary purpose of COPPA is to protect children’s privacy on the Internet. Web sites must follow specific rules if they collect or use a child’s personal information. They must obtain a parent’s consent before doing so. They must also post a privacy policy explaining their practices. Personal information includes: • A child’s first and last name • A child’s e-mail address or other online contact information such as an Instant Messaging username or voice over internet protocol (VOIP) identifier • A child’s screen name or username • A child’s physical address, such as their home address • A child’s telephone number • A child’s Social Security number • Photographs, video, or audio files that contain a child’s image or voice • Geolocation data that identifies a physical address • Any persistent identifier, such as an Internet cookie or Internet Protocol (IP) address that is used to recognize a user over time and across different Web sites • Any other information concerning a child or the child’s parents that a Web site operator collects from a child and combines with any other data about a child6 Any personal information that’s collected must be protected. This means that the Web site operator must protect the confidentiality, security, and integrity of this data. Web site operators must ensure the information isn’t made publicly available to others. This includes making sure it isn’t displayed on a home page of a Web site, on a message board, or in a chatroom. The law allows Web site operators to share this kind of data only for specific reasons. However, when Web site operators share this information, they must share it only with third parties who can properly protect it.7 CHAPTER 5 | Security and Privacy of Information Belonging to Children and in Educational Records Scope of the Regulation COPPA applies to anyone operating online services that collect or use information about children under the age of 13. This includes situations where the Web site operator directly collects the information. It also includes situations where the Web site operator lets third parties collect the information. Even general-audience Web sites might have to follow the COPPA Rule. If operators of such sites know they are collecting data from children, then they must comply with COPPA. An operator might know that its site is collecting data from children if it asks users to share their birth date. An operator that collects demographic data such as school attendance and grade completion might also know that children are using its Web site. The definition of Web site or online service is broad. It includes standard Web sites. It also includes: • Mobile apps • Internet gaming platforms • Advertising networks8 Main Requirements COPPA has two main rules that Web sites must follow in order to comply with the rule. Operators must: • Post a privacy policy • Get verifiable parental consent before collecting information from children Privacy Policy Under COPPA, Web sites must post a privacy policy.9 The privacy policy states the kind of information the site collects about children. It also states how the site will use the information. The COPPA Rule tells operators the terms that must be included in the privacy policy. COPPA requires that a Web site privacy policy should be easily visible and accessible. The rule requires that a link to the privacy policy be included on the home page of the Web site. The rule also requires that the link be posted on every area of the Web site where a child’s personal information is collected.10 A COPPA-compliant privacy policy must be accessible from a clear and prominent link. This means the link needs to stand out and be noticeable. A Web site designer can achieve this in a variety of ways. For example, the designer can use different type sizes, fonts, colors, or contrasting backgrounds to highlight the link. In addition, the privacy policy must be clearly labeled to indicate it’s a privacy policy. The most common label is “Privacy Policy.” Other examples of clear labels are “Privacy Statement” and “Information Practices Statement.” NOTE COPPA doesn’t specifically use the phrase “privacy policy.” It requires Web site operators to provide a notice on their Web sites that identifies the collected information. However, the FTC’s COPPA Rule calls this notice a “privacy policy.” 127 5 Children and Educational Records 128 PART 2 | Laws Influencing Information Security Privacy Policy Content The privacy policy needs to contain specific information to be COPPA-compliant. It must be clearly written and easy to read. The format isn’t as important as the content. At a minimum, the policy must contain: • Operator contact information—This includes the name, mailing address, telephone number, and e-mail address of all operators collecting or using the information collected on the Web site. If several operators are collecting infor-mation, the policy can list the contact details for only one operator under two conditions. First, the names of all operators must be listed in the privacy policy or in a link accessible from that policy. Second, the listed operator must respond to all questions about the policy. It also must answer questions about how data is collected and used on the site. • Notice of what information is collected—The policy must be specific. A generic term such as “contact information” isn’t acceptable. Instead the policy should specify child’s name, address, telephone number, gender, age, and e-mail address. • Notice of how information is collected—A Web site can collect information actively or passively. A user entering information into a form is active collection. A Web cookie that collects personal information is passive collection. The privacy policy must clearly state how information is collected. • Notice of how the information will be used—Web sites must state how the information will be used. It must be specific. For example, a Web site could collect e-mail addresses for newsletter subscriptions. It could collect mailing addresses for prizes. It could also collect the information for sales and marketing purposes. Each use must be clearly stated. • Notice of whether the information is disclosed to third parties—The Web site must also state whether collected information is shared with a third party. These are any entities that aren’t the operator of the Web site. Third parties also include entities that don’t provide internal support for the Web site. Parents may refuse to share the ...
Purchase answer to see full attachment

Tutor Answer

School: Rice University

Hey, bro,Please s...

flag Report DMCA

Thank you! Reasonably priced given the quality not just of the tutors but the moderators too. They were helpful and accommodating given my needs.

Similar Questions
Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors