Eric Graham knows all too well that when kids go online for the first time, the freedom of the cyberworld can seem intoxicating.

When he got on the Net four years ago, “it was the first time I was given complete power over something – I could do whatever I wanted, and there was no one there to do anything about it,” says Graham, now 17.

When he was 13, he downloaded some novice hacking tools and began “monkeying around in one of AOL’s chat rooms,” where he disrupted a conversation of some friends. While his pals were amused, America Online wasn’t – the company suspended his family’s account. “My parents didn’t really understand what was going on,” but “I felt real guilty,” says Graham, a

junior at Cincinnati Country Day School. “At 13 or 14, people are just starting to learn responsibility, and it’s almost all trial and error. . . . I realized that I am responsible for my actions. If I do something wrong, I have to face up to it.”

In a cyberworld in which criminals are invisible and technical knowledge is power, law enforcement just doesn’t work the way it does offline. As society scrambles to find new ways of preventing anti-social behavior on the Net, schools, communities and federal agencies are increasingly looking to the importance of teaching good old ethics: standards that anyone can use

to determine right from wrong.

The importance of tech-savvy teens being able to make such judgments was highlighted last month when an online attack, which lasted almost five days, slowed the Internet by 20% and crashed many of the world’s most popular e-commerce sites. Investigators and computer security professionals say the culprits, still unidentified, could be teen hackers using simple software tools from the Net.

In an unusual posture for law enforcement, the Justice Department is touting ethics education as a potentially powerful tool for addressing computer crime, from theft of intellectual property to digital vandalism. It has earmarked $300,000 this year as seed money to develop curricula, identify successful programs and spread the word that kids need ethical as well as technical education to become successful citizens in the Internet age.

Kids need to understand, for example, that “it’s a really scummy thing to go looking at other people’s e-mail. We would never think of doing that in the (physical) world, but somehow in cyberspace there’s less reluctance,” says Martha Stansell-Gamm, chief of the Justice Department’s computer crime section.

Such breaches stem from feeling virtually invisible in cyberspace.

“The standards of conduct that guide our lives are premised on the notion that we are going to have face-to-face relations with people,” says Paul Thompson, philosophy professor at Purdue University in West Lafayette, Ind., who will teach a mandatory ethics course in the school’s soon-to-be-established interdisciplinary computer security masters program. “But in the virtual world, that reinforcement dissipates.”

Thompson says that is especially true for those drawn to computing. “Most people with science or engineering backgrounds tend to think consequentially,” he says. If there are no apparent consequences to behaving badly, some might see no reason to do otherwise. But increasingly, authorities are concerned about reaching the youngest computer users, even preteens, before they begin experimenting.

The Cincinnati Country Day School, where every student is issued a laptop in the fifth grade, is a pioneer in dealing with computer ethics. Beginning in the sixth grade, when students are permitted to use their laptops to access the school’s network and the Internet, students spend one class period a day studying appropriate Internet behavior.

For example, students assemble their own Web pages and, as part of the lesson, must verify that nothing they post violates any copyright.

“We talk about things like copyright, trademark, intellectual property,” says sixth-grade teacher Anna Hartle. “It is a little hard for them.”

They do come to understand the importance of copyright protection, she says. Some place copyright notices on their Web pages. Like most schools with access to computers, Cincinnati Country Day has an “acceptable use”

policy. A typical policy states in detail what is acceptable behavior for use of the school’s computer equipment, as well as security standards and safety instructions. Anyone found in violation faces strict reprimands, loss of privileges and suspension. By high school, “they are so familiar with how a computer works and how integrated the computer is to everyday life, it goes without saying you respect other computer systems,” Hartle says.

Mia Patch, managing director of Scholastic Inc.’s social marketing solutions division in New York, says the company is talking to educators and tech professionals about hacking and computer education, with the aim of an October rollout of materials for a curriculum in cyberethics. “It’s really about taking the issue into the classroom and asking teachers how they would like to teach that,” Patch says.

In April, Junior Scholastic magazine, read primarily by fourth-, fifth- and sixth-graders, will ask students to tell how their online behavior differs from their actions in the “real” world. The results should help target inappropriate behavior more precisely, Patch says. As only a few schools and colleges in the nation teach more than a week or two of cyberethics, there is a need, says Nancy Willard, professor of education at the University of Oregon in

Eugene.

“The long-term strategy is to incorporate this into everyday life,” says Willard, who has received National Science Foundation grants to develop classroom standards for “acceptable behavior.” She avoids terms like ethics and morals, which some associate with religious instruction. We generally learn to discern right from wrong based on rewards or punishments meted out by an authority figure, she says. But in cyberspace, in the absence of authority, how can you learn proper behavior? “Plato even recognized this,” she says. “He tells the tale of a young shepherd boy who finds a ring that makes him invisible. The question becomes: If you are invisible, how will you act?”

To begin with, Willard says, “we need to be more involved with our children in the real world as they move into the technological world.” Next, teens need guidance. Willard believes that the insatiable curiosity of young people can be channeled in beneficial ways- say, to fill the growing need for scientists, engineers and security experts. “Why not target these young people into responsible positions with youth technology programs, where they are receiving advanced training, and direct them to apply their skills where we need them?” she asks. A good launching pad for such a program, she says, could be Students Recycling Used Technology (STRUT), with chapters in Oregon, Washington, California, Arizona, New Mexico, Texas and Massachusetts. Group organizer Greg Sampson says the program uses old, donated equipment to teach students to build and maintain PCs and computer networks. Along the way, they are frequently instructed about proper behavior in cyberspace. Just as STRUT works outside the classroom, the Justice Department, working with the Information Technology Association of America, a trade group with about 30,000 corporate members, is planning a public awareness campaign as pervasive as Smokey Bear. It’s being funded by a $300,000 Justice Department grant. But not everyone agrees that teaching kids cyberethics will solve the Internet’s security problems.

“This is an international problem,” says Peter Neumann, a senior scientist at Stanford Research Institute and a frequent government adviser on security issues. “Are you going to educate the hackers in China and Bulgaria? The winning strategy is to improve the security of our infrastructures. This is the fundamental problem we must deal with.”

Raising standards for government contractors would be a good start, he says. “Government contracts routinely waive security, reliability and performance requirements after vendors say they can’t complete the job as promised.” When it comes to online kids, Willard thinks they understand proper behavior better than many adults give them credit for. Given the millions of young people who are on the Internet who could be misbehaving, there must be a growing awareness of appropriate behavior. Otherwise, the Internet would have ground to a halt a long time ago,” he says.

A contract with students. Many schools have “acceptable use” policies that specify appropriate behavior for use of the school’s computer equipment.

At Cincinnati Country Day School, the acceptable-use policy is a 13-point contract, in which students promise to:

Never snoop through others’ e-mail.

Never violate copyrights by illegally duplicating software or stealing others’ original works.

Always scan new software for viruses.

Never attempt to access areas of the school network not open to them.

Respect the confidentiality of others’ accounts and keep their own passwords to themselves.

Never divulge personal information online, nor strike up conversations with strangers in online chat rooms.

– M. J. Zuckerman and Will Rodger, USA TODAY