Results tagged “telework” from Lohrmann on Infrastructure

Many schools around the nation issue student laptops. But what activities are allowed with those laptops by students or family members? What policies apply? What happens if a laptop gets lost or stolen? Equally important, what can be done if policies are broken?  How are policies enforced? What privacy rights do students have? What if network or security staff use these tools inappropriately?

These are just a few of the questions being asked by students, parents, lawyers and school administrators around the nation after a student claimed that his school spied on him with a webcam. In case you're not familiar with the case, here's an excerpt from philly.com:

"A Lower Merion (PA) family has set off a furor among students, parents, and civil liberties groups by alleging that Harriton High School officials used a webcam on a school-issued laptop to spy on their 15-year-old son at home.

In a lawsuit filed Tuesday in federal court, the family said the school's assistant principal had confronted their son, told him he had "engaged in improper behavior in [his] home, and cited as evidence a photograph from the webcam embedded in [his] personal laptop issued by the school district."

The suit contends the Lower Merion School District, one of the most prosperous and highest-achieving in the state, had the ability to turn on students' webcams and illegally invade their privacy."

To be fair, the facts of this case are not known at this time. The PA school district denies spying on students. Here is an excerpt of the statement that was made by Dr. Christopher McGinley, who is the Superintendent of the Lower Merion School District:

"Last year, our district became one of the first school systems in the United States to provide laptop computers to all high school students. This initiative has been well received and has provided educational benefits to our students.

The District is dedicated to protecting and promoting student privacy. The laptops do contain a security feature intended to track lost, stolen and missing laptops. This feature has been deactivated effective today."

The letter goes on to describe their policy and reasons for using this security feature - mainly for situations that involve lost or stolen laptops.

So why highlight this issue for government technology professionals? No doubt, some readers have authority and/or oversight responsibilities for school networks, laptops and other technology. In those situations, this case has a direct impact on any student laptop program you are administering. 

And yet, related issues could, and in my personal opinion probably will, surface for government laptops (and other portable devices). That is, the same questions that I asked at the beginning of this blog also apply to adults at work for state and local governments. No, you don't need webcams for similar questions to arise. What about any type of personal use or conversations or activities that you users feel are private?

The vast majority of governments have an acceptable use policy which states that employees should have no expectations of personal privacy protection when using government owned IT resources. While there are many good reasons for these types of policies, turning on laptop webcams to monitor user activity is certainly not a behavior that anyone that I know would condone or implement. In Michigan, we don't even issue webcams on standard state government-issued laptops.

So while we may not have this specific issue, all of us can still ask similar "what if" policy questions about use of government laptops both now and in the future. Questions will also arise for mobile devices (such as blackberries) or cell phones with cameras. For example: Are pictures you take on work cell phones the property of your employer? Most lawyers I know would probably say, "It depends."

A different aspect of this case (or future cases) may involve the potential unauthorized monitoring by technology staff. For example, even if the policy is correct, fair, and proper, what if someone working for a government or school turned on those webcams remotely in violation of the stated policy?  This would be similar to the police misusing their authority and/or weapons to do harm instead of good. Is the school responsible for an employee's unethical behavior? What safeguards are in place?

Meanwhile, technology executives will continue to make decisions on what technology tools should be used for monitoring and accountability with work-issued PCs, laptops or other devices. This CBS News video describes how some private companies are cracking down on those who surf the web on the job while others encourage monitoring with accountability software - where every website and keystroke is captured.  Of course, every situation is different, but some people tend to lump all of these topics together under "spying"- which is an extreme response. Building trust between employees and management is the key, and the employees shown in this video appreciate the fact that they can surf the web within reasonable limits.

There is no doubt that these monitoring tools can be used for good or evil. Remember that malicious hackers could even take control of these same web cams or other devices and use the computer for their own purposes.  The issue of illegal hacking of web cameras is not new, since Bruce Schneier blogged about this topic back in 2005.       

From a simplistic point of view, this particular school laptop case may seem like an obvious violation of decent behavior. Spying on kids via school laptops with webcams in homes is clearly wrong and a violation of personal privacy. Nevertheless, that may not be what truly happened. Time will tell on this case, and the courts will decide whether this activity was appropriate security or illegal spying on children at home.            

Regardless of the outcome, there will be more cases and similar questions for all of us in government technology. In fact, the same questions also apply to the private sector. We need to ask: what is the right balance between security and privacy. How often should we update our policies? And, what if proper security technology tools are used to violate personal privacy or to do harm to staff?

What are your thoughts on this case or on monitoring software?

A funny thing happened on my way to work yesterday. Actually, the situation was pretty frustrating, and there were a few lessons learned regarding interactive conference calls. Here's what happened:

 I was in the car listening in to our normal 7:30 AM "Day Start" call which goes over enterprise-wide status. (To get a sense of what I'm talking about, you can watch this quick video on our technology service management center in Michigan.)   

All was going well as I pulled into my underground parking spot at about 7:40 AM.  On this morning, we were scheduled to have a issue resolution follow-up discussion regarding one customer with a subset of people.

The roll call began: "Dan Lohrmann." 

I said, "Here." There was a long pause. "Dan, are you there?"

I checked my blackberry again. (No, I was not driving at this point.) My phone was not on mute. I said again: "This is Dan, I am here!"

 Continuing down the list, "Lynn... Mike.... John.... Judy..." No one responded.

Until, Sue said, "I am here." She continued, "I know that many people were planning to be on this call, I'm not sure what happened. We probably need to reschedule...."

Then came Jack, "I'm here to." A seven minute conversation ensued with several people discussing the importance of the issue at hand, the fact that this was a time-sensitive topic, the scheduling of the meeting, the reality that it was Friday and some were off, the early hour of the call, the level of commitment applied to this issue, and a host of other related topics. 

Meanwhile, I started talking very loudly into my phone. I felt like a "Who" in Horton Hears a Who. (Yes, I saw the movie with my kids.) 

As I walked across the Lansing Capitol grounds into the building, I was practically shouting. "We are here, we are here, we are here!" I felt frustrated and momentarily helpless.  (I later found out that about ten others on the call felt the same way.)

What was strange about this teleconference was that some people could be heard but others could not. We have had situations where all the phones were muted, but never just a few - unless the end user had their phone muted.

 Yes, we did find out what happened. Here the explanation:

"AT&T stated that the call monitor may have un-muted the calls, but logged off too quick for the calls to un-mute.  The call monitor has control of the call, so people could not un-mute themselves at that point by hitting * 6 or any other command.  He did find an option for the host to use if this happens again.  From the day-start conference call line, the host can hit *7 and choose option 1 to un-mute everyone.

 In the future, the Service Management center staff will have the call monitor stay on the website and make sure everyone is un-muted before logging off the website.  We will also document the capability for the day-start host to use *7 and option 1 to un-mute callers."

In other words, there was a combination of operator error and technology training concerns. We have learned in the past that sometimes a seemingly simple function like unmuting phones can cause serious problems and misunderstandings amongst virtual attendees. 

So what did I learn?

1) Teleconference operator training is important. All of those one-off 800 conference line functions that are available and seem unimportant are probably in there for a reason. You will likely use them some day, so you may want to double check the manual.

2) A few months back, we had a different problem, and in that case we added a step in our roll call process. The host confirms that attendees are heard by saying: "Thank you Dan" after the person says "I'm here."

3) Be careful what you say on a conference line about those who may appear to not have shown up. Perhaps they are listening and trying to get through. 

4) I need to laugh at myself more in work situations sometimes. The events actually became pretty funny - when I took a step back and thought about what was actually happening. 

Yes, we got things fixed and rescheduled the call for Monday. But if they can't hear me next time, I won't start shouting at my blackberry.  Hopefully, I'll just smile. 

 Any funny teleconference stories to share?

Do you ever struggle with balancing work and family time? I certainly do. Turning off a Blackberry can be hard - even on vacation. No doubt, there's plenty of advice available that tends to go to one of the two extremes - totally unplug or stay connected 24 x 7. 

   So what's possibly wrong with unplugging for a week or two? The benefits seem obvious, and experts encourage leaders to unplug so that others can to. A vacation should be a time to recharge and get away to de-stress, and many bloggers (such as this one) chastise people for reading emails on vacation. One argument goes further and says that your team needs to feel empowered and know that you trust them.  Reading emails on vacation can even send the wrong message to your team.

However, not reading emails at all for 7-10 days can also cause issues. For one, you return to well over a thousand emails (at least in my case), and getting through them can require substantial time and energy once you return.  In addition, what about hot questions or emergency issues sent requiring a quick reply? Yes, you can use "out of office" replies directing senders to others, but I have avoided dozens of major problems and challenges by providing a quick reply to customers or external partners on important projects. 

On the other extreme, there is little doubt that you can ruin the vacation for your entire family if you trot around Disney World looking at you Blackberry all day.  You are probably sending unwanted messages to your loved ones, and your mind may be focused elsewhere. That is not a vacation. I have seen Blackberry addicts at little league baseball games, in lines at amusement parks, and even in the lobby of a church right before a wedding. In each case, the user looked as if the "other activity" was secondary to sending their "essential" message.

So what do I do? Over the years, I've developed some guidelines that seem to work well for my entire family. I certainly "over-text or email" sometimes, and I make mistakes. But allow me to illustrate a middle-of-the road approach.

This past week my family of six enjoyed a wonderful week next to a beautiful lake in Northern Michigan. I knew that our rented house had no Internet access, and I was told that cell coverage was spotty at best.  Yes, there was a landline phone in the house, but at ten cents a minute, I wasn't biting on that hook. My initial plan was to check into the office and catch-up on (only the most important) email two or three times during the week as part of planned visits to Mackinaw City and Mackinaw Island.

 After we arrived, unpacked the car, divided out the bedrooms and ran out onto the dock with the kids to explore, my Blackberry started to vibrate. "I guess it does work up here. This will require discipline. Back to the guidelines," I thought to myself.   I stuck to the guidelines, and in this case they worked well and provided plenty of needed rest.

So what are the guidelines? Every person and situation is different, but I try and follow a "one-hour rule."    Here's what that includes:

1. No more than one hour of email a day on vacation.
2. Keep number of "checking-in" times to a minimum. (No more than three times a day.)
3. Only respond to the most important (red) emails. Skip others or forward to another team member for response.
4. Never interrupt important activities with kids or my wife Priscilla. (For example: No checking my blackberry at dinner out or during a family game/movie, etc.)
5. Turn off my blackberry at other times. Reduce temptation to peek when hot emails or calls come in.
 

I know. I'm supposed to have this perfected by now, since I wrote a book called Virtual Integrity and a PCIO article on the Seven Habits of Online Integrity. (Habit #5 is balancing online and offline life.) But this is still a constant battle requiring regular adjustments. The key is aligning your real priorities with your actual activities. I also recommend getting input from your family and friends as to how you are actually doing.

I doubt if my one hour rule will work when I travel with my daughter to South Africa in September (on vacation) to speak at GovTech 2009 in Durban.  I doubt if my Blackberry will even connect, but I'll update you on how that turns out in a later blog.

Meanwhile, what's your approach to disconnecting? How do you deal with "family time?" Does your Blackberry, iPhone or web-enabled phone travel with you on vacation? Any tips to share?

I'd love to hear what works for you and what doesn't.

To buy or not to buy (more telework capacity) - that is the question during an epidemic. As the H1N1 flu situation evolved rapidly over the past two weeks, CIOs, CTOs, CISOs, and other government technology officials faced (and still face) a series of tough buying decisions in difficult budget times. 

 When the World Health Organization (WHO) raised their pandemic alert level from 4 to 5 (the second highest level), organizations were told to begin implementing their pandemic plans. No problem - right? A few years back,　governments created pandemic plans in preparation for Asian bird flu, so these plans　have not even had time to gather dust. In Michigan,　we have an excellent plan which we are following. (My focus in this blog is only on the technology-related actions.)　

Government Technology Magazine ran a nice background piece on this telework question last week. They brought up some great points about the overall capacity of Internet Service Providers (ISPs) access into homes during emergencies. They also pointed to success stories in states like Virginia. Still, I'm confident that many cash-strapped government organizations face difficult buying decisions at a time when we all need to do more with less.