The introduction of tablets for the digitalisation of lessons has become increasingly important in Swiss schools due to coronavirus. While tablet cases were initially only provided on a class-by-class basis (1:n solution), each child soon received their own mobile device in so-called tablet classes. As part of Curriculum 21, computers and tablets are already being used1 in primary schools2. In many Swiss schools, at least the 5th and 6th grades are now equipped3 1:1 (each child has their own tablet) with digital learning tools. This teaches children how to use digital media like paper and pencil so that they can work with it later in their careers. They also learn about the dangers associated with using the internet and mobile devices. This is where school can sensitise them directly to and with the devices. However, not all children and young people are able to buy the necessary mobile devices themselves.
BYOD - own mobile phones yes, own tablets no!
"A look at the personal device ownership of young people shows that almost all of them have their own mobile phone or smartphone and around three quarters have their own computer or laptop," summarise the authors of the JAMES Study 20224 , but go on to say: "Owning a tablet is unevenly distributed depending on the socio-economic status of the family." In short, almost every older child in Switzerland has their own smartphone, whereas tablets are available in fewer families. The JAMES study therefore concludes that "schools cannot rely on a bring-your-own-device (BYOD) strategy if they want to use tablets at school." In addition, the management of bring-your-own-device devices is very complex in legal, technical and organisational terms. After all, students use their personal and school data on their own devices that they bring to school. The technology pool is therefore very heterogeneous, which requires teachers to have a high level of expertise in the various operating systems. Also, not all apps may work on all tablets, meaning that children acquire different digital skills. However, the greatest danger of the BYOD strategy is viruses and possible manipulation from outside, which are less of a problem with centrally secured tablets. IT security must therefore be approached extremely specifically when it comes to the school's own devices.
Security requirements for BYOD
The most important aspect of a BYOD model is the strict separation of school and private data on the devices and therefore compliance with data protection regulations. To achieve this, schools should use containers for school content in the BYOD model, which store this data and documents in an encrypted area. The Canton of Zurich Department of Education recommends such encryption, especially for sensitive data, in its ICT Coach, which considers "a separate school software environment" and "container apps and other visualisation techniques"5 to be essential for BYOD. Children and young people can then work safely in the encrypted areas. According to the "Data security guidelines for teachers and school management", published by the Swiss Teachers' Association (LCH)6 and others, the minimum measures are "setting up passwords, installing virus protection and carrying out regular updates". However, someone has to set all this up on the devices. A separate, dedicated WLAN with integrated parental control filters also provides security. The school can also only authorise certain apps in such a WLAN. This is because children can still install apps in the private area of their own devices that are not wanted by the school, such as games, social media or other distractions from everyday school life. Such apps make it more difficult to control children's work and open the door to malware. The BYOD model is therefore more suitable for young people from secondary school onwards who are already aware of their responsibilities. And it is something for schools that have the right technical expertise or have a suitably experienced IT service provider on hand.
The 1:1 tablet
To avoid legal uncertainties, public authorities and many security experts recommend equipping pupils with standardised school devices that are managed by the school7. This allows tablets to be used 1:1, which, according to a study by the Schwyz University of Teacher Education8, even leads to a better learning effect. It also complies with Article 62 (paragraph 2) of the Federal Constitution, which regulates the free provision of primary education. The canton of Schwyz therefore only considers a 1:1 environment to be legally unobjectionable "as long as the school provides all pupils with a device and at the same time pays for the purchase, licensing of the software, maintenance and support"9. To this end, the device is procured, configured and issued centrally by the school. The school also implements the security guidelines for passwords, apps and encryption. It thus ensures what is permitted and what is not. The 1:1 model is favoured by most schools, as it best supports the objectives of media education, as the study by the Schwyz University of Teacher Education10 shows: Children and young people improve their motivation to learn by learning with 1:1 tablets and put more effort into their lessons. They are made more aware of the dangers of the Internet by the schools and show more reflective and critical behaviour on the Internet overall.
Sexting and cyber grooming
Sexting – the sending of sexually charged images via social media – is more commonly referred to by children and young people as "sexy pictures" or "nudes"11. But even normal, slightly clothed poses can lead to problems online. The fact is: sending revealing or intimate photos is exciting for young people. And it's dangerous. The images can quickly be distributed or made public without consent. According to the JAMES Study 202212, 60 per cent of girls in Switzerland have already been approached by a stranger with unwanted sexual intentions. Paedophiles also often exploit children's trust by pretending to be their peers. They scour the internet for gullible children (cyber-grooming), often with the aim of preparing sexual offences. It is therefore important to set the profiles on all tablets to "private" and deactivate the location function. Children should be sensitised to the dangers of video chats. If the teacher makes the settings together with the children (and has the necessary skills to do so, as recommended by the "Final report of the working group on media and IT in Curriculum 21" back in 201513), they should give them further tips on how to protect themselves, such as
- do not disclose personal information to strangers,
- always switch off the webcam,
- do not make appointments with strangers without informing adults or taking them with you.
It's better to talk about it than to forbid it from the outset! This is the only way children can learn to assess cyber dangers for themselves.
Technical protection options against cyberbullying/grooming
1) Use Apple device parental controls:
Settings > General > Restrictions > Activate restrictions
2) Activate parental control settings on Android devices:
Google PlayStore > User Controls
or
Google Family Link: https://families.google.com/familylink
3) Install filter for Google search:
SafeSearch (www.google.com/preferences)
4) Refine security settings in YouTube:
https://support.google.com/youtube > Manage Account and Settings > Manage Privacy Settings > Enable Restricted Mode
5) With the free JusProg developed in Germany, adults can install filter software for their children and young people on all end devices that protects children from age-inappropriate content on the Internet: www.jugendschutzprogramm.de
Financing options for private 1:1 solution
As not every family can afford their own tablet, this is where the cantons come in. They have been providing financial support for the digitalisation of schools for many years, but can only equip a portion of Swiss schools. This is why there are providers who offer the private purchase of tablets via a school's own web shop and enable parents to lease or make a zero per cent instalment purchase (private 1:1 solution). This is now being practised successfully in many schools, so that the only challenge is installing the devices. But this is precisely where the dilemma lies: there is a lack of human resources, expertise and still a lack of school infrastructure (Internet, LAN, WLAN, server), as we see time and again. The Canton of Zurich also writes in its ICT Coach: "As the operation of the ICT infrastructure is not one of the school's core competences, the school should not operate the ICT systems itself."14 It is therefore important to make the administration and support of mobile devices as simple as possible and as secure as necessary.
Mobile Device Management (MDM)
If the tablets are managed centrally via a mobile device management (MDM) application, for example, the school can save itself a lot of work. From the inventory of mobile devices to the distribution of software, data and guidelines, everything is possible. For data protection reasons, the MDM software is usually operated by the school itself or used by a service provider for the school. With the help of an MDM management console, which can be accessed via a web portal, for example, the school's IT managers can then configure and manage all devices in a class remotely. However, different tablet manufacturers require different MDM solutions. Apple devices, which are most commonly used in schools due to their high level of security, can be managed with Apple School Manager and a downstream MDM. "Jamf School" (www.jamf.com/de) is often15 used here. Android devices use various MDMs. Windows devices use Microsoft's own MDM "Endpoint Manager" (formerly "Intune"). It is important that standardised procedures for configuring school devices are implemented for all of them. Regardless of whether apps or services are provided, email accounts are configured or security policies are defined – these can be securely integrated using standardised procedures. In addition, an MDM ensures that the device can be quickly reset or restored in the event of a problem (hardware reset and backup/recovery). This can also be done remotely, as can support.
Security guidelines for tablets
Especially for iPads used in schools, clear security guidelines must be set up that define what is and is not permitted. This includes authorisations, application control and encryption. It is important to filter content according to age, set up data protection regulations (privacy) and only allow camera and location if it is important for the app. All purchases, payment methods and third-party providers must also be blocked/deactivated. Children are very keen to experiment, so tablets must be protected from jailbreaking (iOS) and rooting (Android). Measures should be implemented to prevent unauthorised changes to the operating system of the devices. This also includes ensuring that no apps can be installed. If an automatic WLAN connection of the tablets can be configured via the MDM used, the WLAN hardware used must meet the minimum security requirements for encryption (at least WPA2-CCMP).
Checklist: Security settings/configurations in MDM for student devices
Not every MDM offers all configurations. However, it is important that the settings comply with the General Data Protection Regulation. The forwarding of images, privacy protection and much more should therefore be prevented. The following settings should therefore be activated on all student devices:
|
|
Loan devices | Shared devices (class sets) |
|
Using the camera |
Yes |
Yes |
|
Microphone activated |
Yes |
Yes |
|
Allow screen recordings |
Yes |
Yes |
|
Allow app installations by users |
If required |
No |
|
Allow app uninstallation by user |
If required |
No |
|
Use USB connection |
Yes |
Yes |
|
Enable NFC |
Yes |
Yes |
|
Device lock code or user authentication active |
Yes |
If required |
|
Allow the lock codes to be changed |
Yes |
No |
|
Automatic updates activated and configured |
Yes |
Yes |
|
Activate encryption of the memory |
Yes |
Yes |
|
Allow Javascript |
Yes |
Yes |
|
Location services |
Yes |
Yes |
|
Allow service for locating devices |
If required |
If required |
|
Allow print services |
If required |
If required |
Onboarding/issuing the tablets
As soon as the tablets are installed, they can be distributed to the teaching staff and children/young people. Efficient processes are also crucial here. For example, the inventoried devices must be assigned to a pupil. Some administrators assign animal names to the tablets to make it easier for teachers to memorise them. In addition to acquiring media skills through the use of iPads, teachers should define tablet rules with consequences for offences in the classroom to ensure the proper use of the devices. In the event of offences, the class must agree on coordinated measures. A media usage contract can be drawn up jointly (the zischtig.ch association offers initial guidance at https://zischtig.ch/medienvereinbarung). However, it is always important to weigh up restrictive guidelines and the associated general monitoring against the necessary personal responsibility of the children. The advantages and disadvantages should be worked out together with the class and then decided upon.
Conclusion
If tablets are introduced in the school, the school should opt for an age-appropriate solution that is adapted to the region and the social environment of the pupils, as well as effective endpoint management. A centralised MDM saves time and provides the necessary overview of all devices. However, this requires careful planning, implementation and monitoring - and not least a certain amount of technical expertise. The aspect of IT security must also always be taken into consideration, as data protection must be urgently observed, particularly in the school sector. So while BYOD saves the purchase of devices, it also entails an extremely heterogeneous range of devices in which sensitive school data must be containerised and encrypted. One alternative is the private 1:1 solution, which is initially managed by the school and after a few years is transferred entirely to the private use of the children and young people. However, some schools are also looking for alternative financing options for 1:1 equipment with school-owned devices. Regardless of whether it is BYOD or school-managed devices, security and configuration as well as compliance with data protection guidelines are the most important cornerstones for enabling children to learn safely and digitally with tablets at school.
Recognising bullying in class chats quickly
Even if there are technical solutions that can theoretically make bullying in class chats visible, they won't help in the long term because a catchphrase alone won't help. What's more, there are too many alternatives for children and young people to choose from. For this reason, ONE (class) chat app should initially be defined on a tablet provided by the school, which cannot be changed by the pupils. Another step is to sensitise children and teachers to the issue of cyberbullying. This is the only way to offer bullied children safety and help. The correct settings in the app also need to be practised: Only allow personal contacts, switch off location transfer, private user profiles, do not share personal data. Children need to learn this. They also need to be made aware of the risks of taking their own photos, naked pictures and video recordings.
Works as Senior Consultant Information Security at Bechtle Schweiz AG. His focus is on information security, cyber security and organisational and technical measures to protect companies from cyber risks in the long term.
2 https://www.lehrplan21.ch/ und https://v-fe.lehrplan.ch/index.php?code=b|10|0&la=yes
3 https://www.skbf-csre.ch/fileadmin/files/pdf/staffpaper/staffpaper_22_digitalisierung.pdf, https://www.bfs.admin.ch/bfs/de/home/statistiken/kultur-medien-informationsgesellschaft-sport/informationsgesellschaft/gesamtindikatoren/bildungswesen-bibliotheken/ikt-verfuegbarkeit-nutzung-schule.html
4 JAMES Studie 2022: https://www.zhaw.ch/storage/psychologie/upload/forschung/medienpsychologie/james/2018/Bericht_JAMES_2022_de.pdf
5 https://ict-coach.ch/zh/risikokultur/datenschutz-und-oeffentlichkeitsprinzip/
7 Empfohlen werden schulisch verwaltete Mobilgeräte unter anderem vom Datenschutzbeauftragten des Kantons Zürich („Einsatz von mobilen Geräten in der Verwaltung“: https://docs.datenschutz.ch/u/d/publikationen/leitfaeden/leitfaden_einsatz_von_mobilen_geraeten_in_der_verwaltung.pdf), auch das Amt für Volksschulen und Sport des Kanton Schwyz schreibt in seinen „Vorgaben und Empfehlungen zur ICT-Infrastruktur an den Volksschulen des Kantons Schwyz“: „Setzt eine Schule ein 1:1-Konzept mit schulischen Geräten um, ist es sinnvoll, allen Lehrpersonen, welche diese Klassen unterrichten, ein identisches Gerät zur Verfügung zu stellen.“ (https://www.sz.ch/public/upload/assets/47773/AVS_2020_Vorgaben%20und%20Empfehlungen%20zur%20ICT-Infrastruktur.pdf)
8 Studie „Lern- und Unterrichtsveränderungen in Tabletklassen“: https://ims.phsz.ch/IMS/LernenMitTablets
10 Studie „Lern- und Unterrichtsveränderungen in Tabletklassen“: https://ims.phsz.ch/IMS/LernenMitTablets
12 JAMES Studie 2022: https://www.zhaw.ch/storage/psychologie/upload/forschung/medienpsychologie/james/2018/Bericht_JAMES_2022_de.pdf
13 https://www.regionalkonferenzen.ch/sites/default/files/2019-02/Schlussbericht_MI_2015-02-23_mit_Anhang.pdf, Punkt 3.2.1
14 https://ict-coach.ch/zh/basisinfrastruktur/betrieb-und-support/wer-betreibt-die-ict-systeme/
15 https://www.channelpartner.de/a/apple-geraete-in-business-einsatz,3615928, https://support.apple.com/de-ch/101989
Published in Swiss IT Magazine 11-2023
