Author: joshgarde

Post thumbnail
The popup shown on the Guest network

As a student at Corona High School, you’ve probably experienced a little popup whenever you’ve connected onto the Guest network whenever you try to connect to a website like Google. Tapping on “Cancel” refuses to load the website, but clicking on “Continue” gives the district the opportunity to take a peak at your messages, emails, and social media accounts.

Corona[H][S] is HTTPS secured
Most websites use something called HTTPS. Basically, it’s a form of encryption for websites that ensures that your information is kept confidential between you and the website. This confidential information may include usernames, passwords, and other personal information. You can tell that a website has HTTPS by looking at the address bar.

There’s an example of this on the right. The problem is centered around the Corona-Norco Unified School District firewall and the district’s need to block certain websites. The district firewall takes this HTTPS connection and put’s itself between you and the website. This is to ensure that no blocked websites such as YouTube are accessed, however, an arrangement like this is also regarded as a form of malicious attack. By putting a third-party between users and websites, personal information can be easily accessed, read, and saved. Because of this, regardless of who is performing this intrusive act, your information is at risk.

While the district has a comprehensive usage policy for teachers, students, and administrators using their equipment, they do not have a written privacy policy for handling the personal digital information which they can see on a day-to-day basis. As a result, the safety of your your information and how it is handled is completely unknown. This information could be your email addresses, your usernames, passwords, social security number, drivers license, bank account information, etc. In contrast, Google, a company usually associated with immense privacy invasion in the name of better targeted ads, has a quite comprehensive privacy policy. It contains information about the information they collect, how they collect it, why they collect it, and your options as a consumer for disclosing that information. The same is true for Corona[H][S], the website you’re currently reading, which also maintains a privacy policy for the benefit of our staff and readers.

When pressed for comment, Brian Trudy, director of Network & Infrastructure for the CNUSD, stated that:

Due to the highly confidential nature of this information, we cannot provide comment on this information. Our information technology department strives to provide the highest level of security to ensure a safe and productive learning environment for all students.

It’s a bit ironic that the district’s policies and procedures are protected under a veil of confidentiality, but personal information, which is meant to be confidential, isn’t?

So what can you do? Use your own devices. Create your own wifi hotspots and share with friends. Refuse to use any internet connected district equipment – this includes the laptops, the tablets, the desktops, etc. It’s a tough compromise, but it’s necessary if you want to protect your information.

“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
– Benjamin Franklin.

Featured Image Credit: Sarah Klockars-Clauser 2010; Licensed under CC-BY-SA