K12 Proxy Policy Changes

K12 Proxy Policy Changes

Introduction

The relationship of DTI and DOE, as it relates to proxy policy, is that DTI makes IT security decisions and DOE makes CIPA compliance calls. Over time, things we currently block have been identified as being blocked for reasons other than security and CIPA. Things like Games, Social Media, YouTube (with Safety Mode), etc are examples. These are generally blocked for bandwidth concerns, bullying concerns, et al. We feel that these latter decisions are better made at the LEA level.

Changes

To align the policy with this new sentiment, the following policy changes are being made. Descriptions of the categories discussed below and examples of sites falling into these categories can be found here:

To be allowed; currently blocked

Alternative Spirituality/Belief

Games

Social Networking

To be allowed with “Safety Mode” enabled; currently blocked

youtube.com

To be blocked (with exceptions below); currently allowed

Mixed Content/Potentially Adult

Exception:“Mixed Content/Potentially Adult” sites that support “Safe” options will remain open

“A9_Domains“
“Alltheweb_Domains”
“Altavista_Domains”
“Ask_Domains”
“Google_Domains”
“Lycos_Domains”
“MSN_Live_Bing_Domains”
“Orange_Domains”
“Yahoo_Domains”
“YouTube_Domains”

Exception:“Mixed Content/Potentially Adult” sites that are also categorized as “Reference” or Education” will remain open

commons.wikimedia.org for example

Cleanup

Over the years, the proxy policy has grown for a variety of reasons. We hope to address this in a few different ways.

The block page will point the users to Blue Coat to give the end user the option of requesting that a site be recategorized if they feel it is classified incorrectly

Anyone can request that Blue Coat recategorize a site. If a site is categorized as “Games” but the user feels it should be “Mixed Content/Potentially Adult” the end user can make the request to have Blue Coat modify the categorization. The turnaround is generally within 24-48 hours. If the new category has a different behavior (like being blocked) the proxies will automatically react according to policy based on the site’s new categorization.

We will only accept change requests from IT staff, ISO’s, and IRM’s

Often times we get calls about sites being “blocked” because the user fat fingered the URL or the domain is now abandoned or the remote site is down. Generally, the proxy response states the reason why the page was not delivered but end users see the “Block” page and assume it’s been blocked and request that it be opened. To resolve this, we are going to point the users to their local technical staff for assistance (if the recategorization option above does not meet their needs). The IT staff can then request policy modifications as necessary.

We will audit existing LEA specific rules

We will be sending out the existing LEA specific rules. Some rules are no longer necessary if you adopt the new policy. For instance if your LEA allows Facebook as a rule today and you accept the new policy which allows Social Media by default, you will no longer need the specific rule for Facebook. The average number of exceptions to the current policy per LEA is around 2 or 3 (if you are looking for a barometer). We’ll need you to respond to our email that shows you your custom rules to say which need to be maintained moving forward. Without receipt of this response, your LEA will go live with the new default policy.

We will not block individual sites as a replacement for classroom management

While we admit this is a judgment call, we want to try to deter LEAs from blocking sites for reasons other than CIPA, Security, and resource impact (like bandwidth), bullying concerns, etc. In most cases, if the site is categorized appropriately and the policy allows the content, we’d prefer to see the teachers manage the situation rather than making individual site blocks.

Try to make all rules by category rather than by site

This will keep the policy fairly streamlined and still allow LEAs to have customized content as needed.

Options

To make sure your options are clear, here are some terms we’ll use below.

Current Default Policy: This is the policy as DOE and DTI have defined that’s in use today. This does not include LEA specific modifications.

New Default Policy: This is the policy with the changes discussed in this document.

LEA modifications: These are changes that have been requested over time that modified the Current Default Policy affecting only your LEA. We will be sending this out to the Technology Coordinators soon after you receive this email. We ask that you please review your customizations to ensure they are still necessary.

New Default Policy Option:

Go live with the New Default Policy when the new proxies go live. This will open access to Social Media, YouTube, etc as described above. This will be the default option for all LEA’s unless we hear otherwise.

New Default Policy with existing LEA modifications:

If this option is chosen, after validating your current LEA modifications, please send us the resulting set of modifications that need to be carried over.

Current Default Policy with existing LEA modifications:

If this option is chosen, after validating your current modifications, please send us the resulting set of modifications that need to be carried over. Alternative Spirituality/Belief, Games, Social Networking, and YouTube will remain blocked and your reviewed LEA modifications will be applied.