1. Students can explain that once any type of content is shared online, it can be instantly available to anyone. As a result, students can make more informed decisions about the type of content they choose to share.
2. Students can list examples and elaborate on ways in which shared content may be stored online forever, disseminated, and potentially used to harm them.
3. Students can list some factors that might lead to an online communication being misinterpreted.
4. Before sharing a piece of information online, students can imagine potential negative consequences of that information becoming public knowledge.
5. Students are aware of privacy settings, can explain what they do, and can apply these skills to aid them in better controlling what information they release and to whom.
6. Students are able to articulate how their behavior significantly affects the privacy of others, and can apply this knowledge by asking others about unspoken sharing preferences.

Lesson elements in this module can be used to address the following computer-science curricular standards.

AP Computer Science Principles Curriculum Framework

Elements substantially address the following Essential Knowledge under Big Idea 7, Global Impact:

• 7.1.1H. Social media, such as blogs and Twitter, have enhanced dissemination.
• 7.3.1G. Privacy and security concerns arise in the development and use of computational systems and artifacts.
• 7.3.1J. Technology enables the collection, use, and exploitation of information about, by, and for individuals, groups, and institutions.
• 7.3.1K. People can have instant access to vast amounts of information online; accessing this information can enable the collection of both individual and aggregate data that can be used and collected.

The following Essential Knowledge is also touched on:

• Under Big Idea 3: Data and Information: 3.3.1A, 3.3.1F.
• Under Big Idea 6: The Internet: 6.1.1A.
• Under Big Idea 7: Global Impact: 7.1.1A, 7.1.1C, 7.1.1M, 7.3.1A, 7.3.1L, 7.3.1M.

CSTA K–12 Computer Science Standards (Level 3 — High School)

Elements substantially address the following learning objective under Level 3, Course 3A: Computer Science in the Modern World:

• CI.10. Describe security and privacy issues that relate to computer networks.

The following learning objectives are also touched on:

• Under Level 3, Course 3A: Computer Science in the Modern World: CD.9; CI.1; CI.4; CI.8.
• Under Level 3, Course 3B: Computer Science Concepts and Practices: CI.1; CI.2.

ACM Computer Science Curricula 2013 (CS2013) Guidelines (Undergraduate)

The following Learning Outcomes are touched on:

• Under Human-Computer Interaction: Collaboration and Communication 3.
• Under Information Assurance and Security: Security Policy and Governance 5.
• Under Networking and Communication: Social Networking 2.
• Under Social Issues and Professional Practice: Social Context 1; Security Policies, Laws and Computer Crimes 3.

Estimated Time: 5-10 minutes.
What You’ll Need: Blackboard/whiteboard (optional).

Ignite Question

Is there anything you’ve ever posted on social media (Twitter, Instagram, Snapchat…) that you wouldn’t want me (your teacher) reading out loud to the class right now?

Fanning the Fires:

• If “No”: Has anyone you know ever posted something about you that you wouldn’t want read out loud?
• Is there anything you’ve posted that you wouldn’t want your parents to read?

Quick Knowledge Check

If you share something online, can you prevent certain people from seeing it?

Follow-Up Prompts:

• If “Yes”: How could you do that?
• If “No”: Why not?
  

  Target Answer: No. Once you’ve shared it, the data is out there and will probably live forever. If you wish to reduce the exposure of the data, you could delete copies you have access to (and ask others not to reshare it and to delete their copies too), or (for social media) change privacy settings to restrict access to accounts where the information was shared. However, there is no guarantee any of this will work.

Estimated Time: 3 – 5 minutes per story.
What You’ll Need: Computer and projector (optional).

These news items can be used to illustrate the real-life consequences of privacy breaches. If you have a computer and projector, you can show the stories on a screen as you talk about them. If not, you can simply summarize them verbally.

Leigh Van Bryan And Emily Bunting Banned From Entering US After Twitter Joke About ‘Destroying America’

• Summary:Two British tourists are denied entry to the U.S. because one made a Twitter post about “destroying America” — where “destroying” is slang for “partying in”.

Amanda Todd Case Highlights Issue of Online Bullying

• Summary: Twelve-year old agrees to flash an older man in a web-cam chat; he later finds her and shares the photo with everyone she knows; after years of bullying, she commits suicide.
• Content Advisory: The article includes discussion of a picture of breasts and of an online sexual predator, and describes Amanda Todd’s drug and alcohol abuse and suicide. The story may be particularly distressing for students who have experienced bullying or sexual harassment/abuse.

Facebook Party Invite Sparks Riot in Haren, Netherlands

• Summary: Teenager leaves the Facebook event page for her birthday party public; the invite goes viral and 3,000 people crash the (now cancelled) party; riots ensue.
• Content Advisory: The accompanying video shows mild violence and major property damage; references to alcohol.
  

  Note: Accounts differ as to whether the young woman made the event page public on purpose.

Optional Extension 1

Estimated Additional Time: 5–7 minutes per story.

For each news item, ask the students:

• What kind of information did this person lose control of?
• How did this person lose control of their information?
• When did this person realize they had lost control of their information?
• What were the consequences of sharing the information?
• How could the situation have been avoided?

Optional Extension 2

Estimated Additional Time: 3–5 minutes.

The birthday party in Haren is an extreme example of the phenomenon of Project X-style flash-mob parties, where people find public Facebook invitations to private parties and forward them widely, encouraging others to crash. The situation in Haren can be contrasted with the following (non-Project X-like) story:

More Than 400 Strangers Show Up to Minnesota Girl’s Birthday Party After Facebook Invite Goes Viral

• Summary: When no one RSVPs in the positive for a ten-year-old’s birthday party, her mother makes the Facebook invite public and posts it to community groups; 400 people attend and the community kicks in to make it work.

Ask students to compare the two situations, using the following questions:

• What were the different outcomes in the two cases?
• Was there anything different about how social media was used in the two situations?
• Did those differences in social-media use contribute to the different outcomes, or were the results due to other factors?
• Could either situation have gone differently?

Estimated Time: 10-15 minutes.
What You’ll Need: Paper and pens/pencils.

This activity demonstrates how difficult it is to track down and deal with every copy of a piece of information once it has been shared online, using paper copies of a piece of shared information hidden around the classroom (the “Internet”).

1. Ask one student, the “sharer”, to write something of their choice on the board, such as a word, a phrase, or some bit of trivia about themselves.
2. Ask the sharer to leave the room.
3. Instruct the other students, the “re-sharers”, to copy what was written on the board onto a piece of paper.
4. Give the re-sharers thirty seconds to copy out the word or phrase and hide their slips of paper somewhere in the classroom. They may make and hide as many copies as they can in the time given.
5. After thirty seconds, invite the sharer back in and tell them they have three minutes to find every copy of the information they wrote on the board.
6. Meanwhile, the re-sharers can still keep writing and hiding pieces of paper with the information given. (You may or may not decide to tell the sharer this.)

Wrap-Up Explanation for Students: Given that it is unlikely that the student will find every slip of paper, this activity highlights how difficult it is to take back information once it is shared. People might post this information on their social-media accounts, send it to people they know, have people they know send it out to their own networks, save it on cloud services, remember it, and so on. Any of the online services involved might make duplicates to serve as backups, and someone else may be able to obtain the information from them as well if they gain access to one of their accounts, ensuring that the information is permanently out there.

Even if the student is successful in recovering every slip of paper, the other students will still know what the notes said — they can’t unlearn it.

Estimated Time: 4-7 minutes.
What You’ll Need: Blackboard/whiteboard (optional).

Ask students to give examples of different things they’ve posted online in the last week. Examples can be written on the board. Pick some interesting examples and ask:

• Who is the target audience?
• What do you think those people will think or do when they see or hear what you shared?
• Is there anyone who you wouldn’t want to share that with?
• Why not? What might they think or do?
• What do you think you’ll think about that post in ten years?

Some examples you can start them off with:

• An Instagram photo post labeled “Look at this ugly sweater I got for my birthday today! Thanx Grandma!”
• A Google+ post with a geotagged photo of their bedroom.
• Their home address (for example, when signing up for a new service).

Extended Version:

Pick a couple of examples from the first part of the exercise and ask, How might that information be seen by someone who isn’t in your target audience?

Some examples you can start them off with:

• You forgot they’re in your Friends or Followers list.
• You didn’t realize the post was set to Public.
• The recipient/someone on your Friends/Followers list forwarded them the post, or took a screenshot and sent it to them.
• The recipient/someone on your Friends/Followers list showed them or told them about it in person.
• The app/site changed its privacy policy or default settings and a private post changed to be Public.
• The service got hacked.
• The recipient’s (or your) phone got stolen.
• The service sold the information to another company.
• Your or the recipient’s phone, email, etc. was subpoenaed by a court.

Estimated Time: 7 minutes.
What You’ll Need: Computer, speakers, and projector.

“Sharing Releases Control” investigates how information we share online can be misused, misinterpreted, re-shared, and taken viral, and provides some pointers for how to mitigate the potential damage. Part of the TROPE video series, with humorous illustrations by Ketrina Yim that turn each point into a memorable story.

Includes human-generated closed captions.

Estimated Time: 7-12 minutes.
What You’ll Need: Computer, projector, and speakers.

These slides can be used for an overview lecture on the basic concepts underlying the principle “Sharing information over a network means you give up control over that information — forever”. The slides are accompanied by Notes with details and examples to guide your lecture.

Access Slide Deck: “Sharing Releases Control”

Coming soon! We will add a graphic organizer to guide students’ notetaking.

The Blown to Bits textbook covers a wide spectrum of ideas related to Internet privacy, with a particular focus on the new, unique, ever-changing nature of the Internet.

Online Version: Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion, by Hal Abelson, Ken Ledeen, and Harry Lewis

You can assign students all or parts of the following chapters for an in-depth but engaging exploration of the ideas covered in Module 5.

• Chapter 1: Digital Explosion: Why Is It Happening, and What Is at Stake? — Excerpt
• Chapter 7: You Can’t Say That on the Internet: Guarding the Frontiers of Digital Expression — Excerpt

• Content Advisory: Blown to Bits refers to STI outbreaks and discusses the dangers of sending sexually explicit content online.

Estimated Time: 25-30 minutes.
What You’ll Need: Computers or mobile devices. Paper and pens/pencils (optional).

In this activity, students examine the online presence of Kai Peroc (a fictional character created by the Teaching Privacy team) from the perspective of a hiring manager, to gain a better understanding of how others might perceive the students’ own online profiles in different contexts.

1. (2 minutes) Have students split up into groups of three to four people. Each group will act as a team of hiring managers for its own company.
2. (3 minutes) Students in each group collectively decide what their company does and (optionally) give it a name, and decide what position they’re hiring for.
3. (10 minutes) Give all groups the name of the job applicant, Kai Peroc. Have them search for the applicant on various search engines. (Tip: Search using quotes for exact matches.) Each group should take notes about its findings and whether each piece of information is relevant to hiring the applicant — does it help or hurt their job application?
4. (5 minutes) Students discuss within their groups whether they would hire K.P. based on their discoveries.
5. (7 minutes) In a class discussion, each group shares its findings and explains whether they would hire K.P. and why. If groups made up companies in Step 2, they can also explain the perspective they’re coming from and how it impacted their decisions.

Note: If your school blocks access to Facebook, Twitter, etc., you can make a PDF of Kai Peroc’s current profiles using the tool at web2pdfconvert.com.

Optional Extension

Ask students to think about how their decisions were affected by what they inferred about K.P.’s personality based on the explicit information they found in K.P.’s profile and posts — and whether someone else might have interpreted that information in a different way or made a different judgment based on it. (For example, did they think K.P. seemed friendly, responsible, irresponsible, etc., and what evidence did they have for that impression?)

Estimated Time: 20–30 minutes.
What You’ll Need: Copies of worksheet and pens/pencils; computers or mobile devices.

Summary of Activity: Students review their own online profiles with a critical eye to the kinds of things an employer might find unfavorable, and examine their privacy settings to see who can see their more questionable posts. This activity makes a good follow-up homework after the in-class “You’ve Been Promoted” activity.

Download Worksheet: “The Pre-Interview Evaluation”

Alternatives

• Students who do not use social media sites/apps can take an in-depth look at the social-media presence of Kai Peroc (a fictional character created by the Teaching Privacy team) or of their favorite celebrity.
• For a shorter activity, students can examine only one or two posts.

Estimated Time: 60-90 minutes.
What You’ll Need: Student computers that can access social media sites.
Programming Language: Python.
Prerequisite: Introductory Python lessons.

In this Python-based exercise, students use the Facebook API to extract information about a fictional character, Kai Peroc, by making API calls as a third-party app. They are then asked to brainstorm about what types of apps might want that information and what they might do with it.

View Programming Exercise (as web page): What Does Facebook Tell Third Parties?

Options:

1. Pair Programming: We recommend you have students do this exercise in pairs or groups. At least one student in each pair/group will need to have or create a Facebook account. For tips on pair programming in the classroom, check out NCWIT’s pair programming kit.
2. Depending on the dynamic of your classroom, it may be better to assign the optional extension (where students extract data from their own Facebook accounts) as an individual exercise/homework rather than including it in the pair/small-group part (where their data could be exposed to each other).
3. Brainstorming questions can be used for small-group or whole-class discussion or for individual writing.

Programming Concepts Taught:

• Use APIs and programming languages together to extract and analyze data.
• Practice using for loops to manipulate iterables, such as dictionaries and lists, to extract information and store values.
• Use object-oriented programming and the dot notation to manipulate data.

Caveat: We use a fictional character to avoid the risk of embarrassing and potentially harmful revelations if students look at each other’s social media posts. An extension of the exercise asks students to extract data from their own Facebook accounts if they have them. However, we specifically do not recommend suggesting that they extract data from each other’s accounts as part of the exercise.

Of course, they may think of spying on each other without your help. If you think this is a concern, or that there may be issues within pairs/groups if you assign the extension, you may want to begin the activity by reemphasizing your rules for a safe classroom.

Teachers: Find out how to access the Facebook Sharing with Third Parties exercise solutions.

Estimated Time: Depends on protocol chosen.
What You’ll Need: Blackboard/whiteboard (optional).

Use one or more of the following questions to help students digest the information presented in the lesson so far and personalize the content. The questions are compatible with many common classroom discussion protocols. We suggest Think-Pair-Share, Inside/Outside Circles, Chalk Talk, or Listening Dyads, but many others can be found on the NSRF’s protocol list.

• Can you think of some examples of things you or someone you know has posted online, then realized that you/they shouldn’t have? What made you think it wasn’t appropriate to post?
  

  Teachers’ Note: Obviously there aren’t any “right” answers here; the intent is for students to begin to personalize what they view as acceptable and not acceptable to post online, and explore their reasons for thinking that.

  Teachers’ Note: Be mindful of the framing — make sure the environment is safe for students to share potentially sensitive information (establishing ground rules may be helpful for some classes).

• Can you think of some examples where information has been “reshared” without your consent, or the consent of whoever posted it? Was the resharing fair to the original person that posted it? Why/why not?
• • Possible Follow-Up: What about a screenshot of a post or text/instant message? How is that similar/different? Is it fair/unfair to the original sender/poster? Are there situations when it might be okay or even beneficial to post a screenshot like that?
• When something is reposted, or screenshot and reshared, what are different ways that post could be misinterpreted?
  

  Possible Answer: Without its original context, the post might be misinterpreted; for example, people might not realize the original was a joke. Something in the context of the reposting might suggest a different interpretation than was originally meant — perhaps something maliciously added by the reposter, or perhaps accidental. The new audience might not have the same cultural background or other shared references that the original audience could be expected to have.

• What can you do to prevent your information from being inappropriately shared?
  

  Example Answer: Review your privacy settings; don’t share content in a public post — or a post shared with all your friends/contacts — if you don’t feel comfortable with the whole world knowing (including your grandma); when in doubt, assume the Internet can’t take a joke; make your sharing expectations clear to those you interact with online…

• What can you do if someone publicly shares something you sent them privately?
  

  Target Answer: There isn’t anything you can do to “unshare” the info that’s already public, but you can take it as an opportunity to talk to that person about your sharing preferences (and theirs).

• What happens if you take down your website, Twitter feed, or Facebook postings? Where does the information “go” then?
  

  Target Answer: It’s deleted from the currently-viewable version of your site/feed/timeline, but other copies probably exist (the Internet never forgets!). Examples: Old posts (and sites) are still stored in backup storage servers (online or offline). If someone reposted/retweeted it, it may still be in their feed (depending on how they did it, the policies of the site, and your settings) — and if they reposted it on their own website, it will still be there. If your contacts have notifications sent to their email or phones, the content may still be there.

Estimated Time: 10-15 minutes.
What You’ll Need: Copies of review sheet.

This learning assessment can be used as an in-class quiz or as homework.

Download Assessment: “Sharing Releases Control: Review Questions”

Teachers: Find out how to access the answer key for the Module 5 review questions.

Poster: I Took a Photo of My Friend That I Want to Share… Now What?

• Target grades: 7–12
• Summary: This poster demonstrates the thought process an online user should employ before posting about someone else on a social media site.
• Produced by: Common Sense Media
• Link: http://www.commonsensemedia.org/educators/middlehigh_poster

Lesson Plan: Private Today, Public Tomorrow

• Target grades: 9–12
• Summary: In this lesson, students learn how to be responsible for others’ privacy when posting information online. Students read about real-world cases and create materials about how they would prevent information leaks. Note: Teacher registration required.
• Produced by: Common Sense Education/Common Sense Media
• Link: https://www.commonsensemedia.org/educators/lesson/private-today-public-tomorrow-9-12

Activities and Videos: Social Networking; Revealing Too Much

• Target grades: K–12
• Summary: NetSmartz has activities and videos, including some that are very teen-friendly. Resources in the “Social Networking” and “Revealing Too Much” categories focus on the potential dangers and consequences of sharing personal information on a social-networking site.
• Produced by: The National Center for Missing & Exploited Children and Boys and Girls Clubs of America
• Link: http://www.netsmartz.org/Resources (Note: The link is to a page where you can retrieve activities by category and grade level.)

Lesson Plans: Counter Cyberbullying

• Target grades: 5–12
• Summary: A collection of teaching resources on cyberbullying and digital ethics for students across grades. Note: These lesson materials are Canadian and reference Canadian statistics and regulations.
• Produced by: MediaSmarts
• Link: http://mediasmarts.ca/lessonplan/classroom-resources-counter-cyberbullying-portal-page

Lesson Plans and Videos: Standing Up, Not Standing By: A Free Cyberbullying Toolkit for Educators

• Target grades: K–12
• Summary: This teacher’s toolkit has videos, activities, and discussion guides about the scale and dangers of cyberbullying for students of all ages, along with resources to give to parents.
• Produced by: Common Sense Media
• Link: https://www.commonsensemedia.org/educators/cyberbullying-toolkit