Missouri bans teacher-student Facebook contact

You won’t find teachers in Missouri friending their students on Facebook, or any other social network for that matter, this school year — not unless they want to violate a new law in the state that prohibits such contacts.

Senate Bill 54, signed into law by the Gov. Jay Nixon and taking effect Aug. 28, is quickly becoming known as the “Facebook law” in Missouri, although the bill is creates what is known as the “Amy Hestir Student Protection Act.” Hestir was a Missouri public school student who was molested by a teacher decades ago; the law basically requires school districts to report any allegations of sexual abuse to state authorities within 24 hours.

School districts will also be liable if they fail to disclose suspected or known abuse by past employees to other public school districts that make inquiries about those workers.

But buried deep in the bill is Section 162.069 is a mandate that references social networking sites, as well as teachers not being allowed to have a “nonwork-related website that allows exclusive access with a current or former student”:

By January 1, 2012, every school district must develop a written policy concerning teacher-student communication and employee-student communications. Each policy must include appropriate oral and nonverbal personal communication, which may be combined with sexual harassment policies, and appropriate use of electronic media as described in the act, including social networking sites. Teachers cannot establish, maintain, or use a work-related website unless it is available to school administrators and the child’s legal custodian, physical custodian, or legal guardian.

Some teachers think the law is overkill for what’s needed to ensure student safety.

Randy Turner, Joplin East Middle School communication arts teacher, wrote on her blog that “hundreds of teachers across the state who have effectively used Facebook and other social networking sites to communicate with students, and I am one of those, will have to trash years worth of work, because all teachers are potential criminals” in the view of the author of the bill, State Sen. Jane Cunningham.

“The teachers I know who communicate with students through Facebook have a large number of parents as ‘friends’ and most of the communication with students is done on the Facebook wall,” Turner wrote.

And, she noted, the bill went through “in spite of the positive effect that teachers and students being Facebook friends had on Joplin Schools’ effort to locate students after the May 22 tornado.”

Related stories:

•  Teachers told not to friend students on Facebook
• ACLU: Students can insult teachers on Facebook
• Red Tape: Teachers, students and Facebook, a toxic mix
• Teachers asked to ‘unfriend’ students on Facebook

Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.

Share and Enjoy

Facebook launches security bug bounty program

Facebook has launched a program for compensating security researchers that discover vulnerabilities in the website’s code. To cash in, hackers must sign up at Facebook’s new whitehat hacking portal, called Information for Security Researchers, over at facebook.com/whitehat and report the issues directly to Facebook’s security team.

Facebook offers a base payment of $500 (one bounty per security bug) but says it is willing to pay more if the discovered flaw is a major one. The company says this new program is one of the ways it shows appreciation to the security researchers who help it keep the service safe and secure for everyone. It is allowing security researchers to create test accounts on Facebook in a way that doesn’t violate the website’s terms of use and doesn’t impact other Facebook users.

In order to qualify for a bounty, Facebook says that hackers must:

• Adhere to its Responsible Disclosure Policy by giving the company a reasonable time to respond to a report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of the service during research
• Be the first person to responsibly disclose the bug
• Report a bug that could compromise the integrity or privacy of Facebook user data, such as Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), and Remote Code Injection
• Reside in a country not under any current US Sanctions (such as North Korea, Libya, Cuba, and so on)

Previously, Facebook has focused on simple recognition by putting the security researcher’s name on its security page under a list of White Hats (at the time of writing, there were 42 individuals listed). The company also often sent them Facebook merchandise, and even offered jobs based on their disclosures or their security work elsewhere (infamous hacker Geohot was hired three months ago). Now the portal has been upgraded so that security researchers can sign up, log in, and report bugs.

That being said, there are some exceptions that Facebook lists right off the bat:

• Security bugs in third-party applications
• Security bugs in third-party websites that integrate with Facebook
• Security bugs in Facebook’s corporate infrastructure
• Denial of Service Vulnerabilities
• Spam or Social Engineering techniques

Since Facebook has more than 750 million users, vulnerabilities can potentially affect a huge number of people. As a result, this security bug bounty program, while not new (Mozilla and Google offer one as well), help hackers make a positive impact on the website.

Share and Enjoy