The Cybercitizen Partnership:
Teaching Children Cyber Ethics
A White Paper
Peter N. Smith
Director, Cybercitizen Partnership
Information Technology Association of America Foundation
1401 Wilson Blvd., Suite 1100
Arlington, VA 22209
Incidents of computer crime are reported on an almost daily basis. The total cost of these crimes is most certainly now in the billions of dollars. These are only the crimes we know about -- many more go unreported. The 2000 Computer Security Institute/FBI Computer Crime and Security Survey indicates that computer crime and other information security breaches are still on the rise, and the cost is increasing. Ninety percent of the study's 585 respondents reported computer security breaches within the last twelve months - an increase from 62% in 1999. Furthermore, the total financial losses for the 273 organizations that could quantify them adds up to $265,586,240-a 100% increase in reported losses over the 1999 figure of $123,779,000.1
The consequences of damage to critical infrastructure -- air traffic control, power distribution, hospitals and emergency services, to name a few -- go well beyond monetary losses and could reasonably be expected to result in loss of life. Only the most outrageous attacks receive significant public attention. What often goes unnoticed is the continuum that reaches from "bad behavior" to "criminal misconduct" that results in these monetary and infrastructure damages.
There are two clear trends that, while overwhelmingly, positive do have critical downsides when it comes to information security. First, the world depends more and more on networked computers (the Internet) for commerce, communication, delivery of services and education. Secondly, more and more private citizens are accessing the Internet through computers at home, in schools and libraries and in the work place. The growth of Internet use by children is no exception. The U. S. Census bureau reports that children ages 5 to 17 have extensive access to computers. Between 1993 and 1997 access among this age group increased from 32% to 50% at home and from 61% to 71% at school. These numbers (in the year 2000) are now significantly higher. The report further states that, among households with computer access, 60% of children ages 3-5 years are actively accessing the computer, 84% of ages 6-11 use the computer and 89% of ages 12-17 years are accessing the computer.
The Computer Security Institute has highlighted recent trends in cyber crime to be addressed:
- Organizations are under cyber attack from both inside and outside of their electronic perimeters;
- A wide range of cyber attacks have been detected;
- Cyber attacks can result in serious financial losses; and
- Defending successfully against such attacks requires more than just the use of information security technologies.2
One such defense, as research bears out, is to minimize the effects of children behaving inappropriately online by raising their Internet ethics to the level of their technology skills, while discouraging learned behaviors such as idolization of hackers, crackers and computer criminals. Such an effort would allow law enforcement and computer security specialists to focus on definitive threats, while minimizing the threat child's play may pose.
The Advent of Cyber Ethics: Issue in Context
Dr. Marvin Berkowitz of St. Louis University conducted an analysis of the behavioral development factors that must be considered in searching for an optimal age range for instruction of cyber ethics. Dr. Berkowitz concluded that the 9-12 age was a "very reasonable" age to target for a first time strategy of cyber ethics instruction. Several factors led to this conclusion. This age range is considered a "gateway" age and has been used by other groups to begin message delivery; e.g. substance abuse and sex education. Absent hard data on the age at which children actually begin to go on line, we can generally assume that by age 13 children have routine access to the Internet. The 9-12 age is also the point in development where children begin to understand abstract values, for example, privacy rights, and can begin to evaluate the consequences of their actions. It is important to be able to think abstractly, particularly when working in a medium that is routinely described as "virtual."
Dr. Berkowitz explored seven issues that could be potentially addressed in a cyber ethics awareness campaign. Dr. Berkowitz suggests that each cyber specific issue encompasses one or more "derivative" issues. For example, the cyber issue of computer hacking contains the derivative (or core) issues of theft, vandalism and privacy. Copyright issues contain the derivative issues of theft and ownership. Other cyber behavior problems can be dissected in the same way. It is important to identify these derivative issues as they are often dealt with in value, ethics and character education. General character education has been found to have great preventive power, even when the specific issues in which they are contained are never discussed. Thus any discussion, formal or informal, of behavior, ethics and responsibility has the potential to develop core values essential to acceptable online behavior.
A successful methodology may be relating real world behavior (entering a neighbor's house without permission) to virtual world activity (accessing someone else's computer without permission). Most of the bad behavior occurring on the Internet can be mapped to real world incidents and in most cases children can understand the derivative issues in context. Parents and teachers routinely teach real world behavior; the transition to online actions should not be difficult to make. Berkowitz concludes that without this correlation the concepts of privacy rights, copyright protection, plagiarism, "harmless" breaking and entering, downloading of unauthorized software all become difficult to teach. Kids think they are anonymous online. They never see either the victim or the consequences of their actions. It is therefore critical to develop programs and materials that close this loop.
In focus groups conducted on the subject, children were well aware of hacking, less aware of the behavior traits that fall short of criminality. Nonetheless they did not generally understand the consequences of a particular online behavior. A recent online poll by Scholastic Magazine of almost 50,000 elementary and middle school students showed that 50% of the students did not believe that hacking was a crime, supporting the results of focus groups. Parents and teachers in the focus groups had a good grasp of online child safety issues, but in most cases had not considered the possibility that their children might proactively hurt someone else. Part of this failure to extend the safety model comes from the fact that many parents and teachers are not comfortable with their level of computer skills and don't fully understand the medium. Further, many feel inadequate discussing these issues with children, most of whom are quite computer/Internet literate.
Teachers and parents often fail to realize that children see computers in a different light than they do. The first generation of computer users was not networked and viewed the computer as a tool for accomplishing tasks. Almost all early software packages were aimed at automating office skills. Children see the computer as a device for exploring, playing and communicating; these activities are all going online. Research indicates that the message of online safety for children has achieved a high rate of understanding and penetration, indicating that cyber ethics awareness could reach similar levels with adequate focus.
The Partnership Strategy:
The Cybercitizen Partnership was established by the Information Technology Association of America (ITAA) Foundation and the United States Department of Justice to establish a broad sense of responsibility and community in order to develop in young people smart, ethical and socially conscious behavior. The Partnership has a three-pronged strategy. First, the Partnership is reaching out to organizations that have developed, adopted and invested in cyber ethics training programs. These programs are all unique, tailored to the needs of the particular organization. The Cybercitizen Partnership will act as the national clearinghouse for these programs. Highlighting and sharing existing ethics programs is clearly one of the most effective ways to get content into the hands of those who need it. Online safety programs can incorporate ethics and ethics programs can incorporate safety. There are no barriers between and in many ways they complement each other.
The Partnership will also act as a distribution channel for specific materials. Attempting to capture the best content from knowledgeable sources, toolkits for teachers, parents and other mentors will be developed. These kits will contain the materials needed to deliver an ongoing cyber ethics message.
The Partnership will counter the popular perception of computer crime as glamorous. The media has made heroes out of hackers and the results are clear as the Scholastic poll indicates. Media outreach and education is clearly necessary to change the attitudes of many in the entertainment industry.
Lastly, the question of de-motivating children will be addressed. Kids are naturally inquisitive, prone to exploring and always pushing boundaries. Delivering a negative message is not the way to achieve success when there is so much positive in the medium. Children need to be challenged in a positive way, but they are not necessarily going to discover these challenges on their own. The Partnership will provide the tools, the contests, the games and the motivation to encourage those children who might be so inclined to use their talents in a positive way. Peer pressure is strong. Giving students an active role in system administration and in teaching other students is one excellent approach to addressing this issue.
The Cybercitizen Partnership seeks to engage in pre-emptive activity in order to combat irresponsible online behavior by kids. The program will only be as strong as the support it receives from industry, academia and parents. It is intended to become a legacy program, because unlike today's computers and software, the concept of ethical behavior has no half-life. The effort put into providing today's children with a clear understanding of cyber ethics will insure the development of future generations of good cybercitizens and support the growth of the Internet in a way that benefits all users.
1"CSI Press Release." Computer Security Institute. [OnLine}. Available http://www.gocsi.com/prelea_000321.htm. [March 22, 2000]
2"Computer Security Issues & Trends." Computer Security Institute. Vol.VI, NO. 1, Spring 2000.