Censorware Not Good, Just Better Than COPA

Censorware Not Good, Just Better Than COPA 146

Posted by CmdrTaco on Wednesday April 04, 2007 @11:47AM from the something-to-think-about dept.

Slashdot contributor Bennett Haselton writes in with with an essay that starts "On March 22nd, District Court Judge Lowell Reed ruled that the Child Online Protection Act was unconstitutional, partly because the judge called it 'vague and overbroad,' and partly because less restrictive means existed, such as Internet blocking software. I'll leave others to comment on the legal issues, but blocking software is something that I've studied, and it's important to make sure this decision is not seen as some kind of vindication for the 'censorware' industry." Tap that link below to read the rest of his story.

The thrust of the judge's findings about blocking software was that it blocks a high proportion of pornography, blocks a low proportion of non-pornographic Web sites, and that it is difficult for most kids get around. I think that these conclusions are correct for the purpose of the decision he was making -- in other words, blocking software blocks a high proportion of pornography compared to the law in question, and is difficult to get around compared to the law in question. But let's not get carried away -- blocking software is not that accurate, and not that hard to defeat.

Consider first the accuracy rates cited by the judge. Citing expert witness reports, he wrote, "I find that filters generally block about 95% of sexually explicit material", and then quoted several different rates for overblocking provided by expert witness reports, ranging from about 4% to 11%. I wrote earlier about the different ways to interpret overblocking error rates -- the gist was that if you care about the constitutional issues with filter use, then you look at the percentage of blocked sites that are non-pornographic (i.e. for every porn site that gets blocked, how many research sites get canned along with it), and that number tends to be high. On the other hand, if you simply care about the effectiveness of blocking software in a home setting where there is no constitutional issue raised, then you look at the percentage of non-pornographic sites that are blocked, and that number tends to be low.

For example, suppose for the sake of argument that 1% of Web sites in a given sample are sexually explicit, or 100 Web sites out of 10,000. To use Judge Reed's numbers, suppose that 95% of those porn sites, or exactly 95 in this sample, are blocked, whereas of the other 9,900 sites, 5%, or exactly 495 of them, are not blocked. Then the percentage of non-porn sites that are blocked is only 5%, but the percentage of blocked sites that are non-porn is actually 83% (495 blocked non-porn sites, out of a total of 495+95=590 blocked sites). One of our past studies of blocking software did indeed sometimes find error rates of about 80%, due to errors caused by IP address blocking and filters being tripped up by keywords (even when "keyword blocking" features were supposedly turned off -- because in that case the program still blocked sites on its master blacklist, and those blacklists are frequently built by scanning the Web for keywords).

Another portion of the judge's ruling dealt with the difficulty of getting around blocking software:

Filtering companies actively take steps to make sure that children are not able to come up with ways to circumvent their filters. Filtering companies monitor the Web to identify any methods for circumventing filters, and when such methods are found, the filtering companies respond by putting in extra protections in an attempt to make sure that those methods do not succeed with their products... It is difficult for children to circumvent filters because of the technical ability and expertise necessary to do so by disabling the product on the actual computer or by accessing the Web through a proxy or intermediary computer and successfully avoiding a filter on the minor's computer... Accessing the Web through a proxy or intermediary computer will not enable a minor to avoid a filtering product that analyzes the content of the Web page requested, in addition to where the page is coming from. Any product that contains a real-time, dynamic filtering component cannot be avoided by use of a proxy, whether the filter is located on the network or on the user's computer.

After the ruling came out, I tried some of the best-known blocking software programs to see how easily they could be defeated: Net Nanny, SurfControl, CyberSitter, and AOL Parental Controls. Net Nanny and SurfControl apparently could not block https:// sites at all, so I was able to get to https://www.StupidCensorship.com/ and access anything I wanted from there, despite the fact that that site had been public for over a year. Apparently I do have the "technical ability and expertise necessary" to "access the Web through a proxy", but then again I'm not a minor, so, kids, don't hurt yourself trying that.

CyberSitter did intercept the https:// request so it did block StupidCensorship.com, but it didn't know about some of the other proxy sites that we had mailed out to our users recently. One of those did however get blocked because the word "hacking" appeared on the page -- as in,

This site is a tool for circumventing Internet censorship to promote free speech. It does not enable any hacking, cracking or any illegal activities (since it doesn't let you to access any sites that you couldn't access from home anyway).

so it's probably safe to say that if the CyberSitter filter is that paranoid, it would result in a good deal of overblocking as well. AOL Parental Controls also did not block the latest proxies, although it wouldn't let me load sites like Playboy through the proxy, presumably because it recognized the contents of the page and blocked it (so on that point, Judge Reed was right).

But none of the products could stop the doomsday weapon, which is to burn an Ubuntu Linux CD and boot from that, bypassing any security software installed under Windows. I can see your eyes glazing over at the thought of kids attempting to do that, but it's merely an unfamiliar process to most people, not actually difficult. (I've been saying for years, that with the greater difficulty of using Linux over Windows, there's nothing cool or clever about running it just for its own sake so you can feel badass, and the only time you need it is if you want to do something that only Linux lets you do. Well, here's something!)

But in spite of everything, I think the judge's conclusions about blocking software were still broadly correct, because he was comparing the merits of blocking software against the merits of a law that would have prohibited commercial pornography from being published on the Web in the United States. In talking about the "effectiveness" of such a law, the judge and lawyers cited the fact that as many as 75% of adult sites were hosted overseas anyway. But even that high number understates the situation, because hypothetically if all the porn on the Web in the U.S. did get outlawed, it would be easy for anyone to spend all their time looking at porn from outside the country. When you're talking about a supply of content that is so large that nobody could finish looking at it all if they spent the rest of their life trying, it doesn't really matter if 25% or 50% or 75% is located within your legal jurisdiction. I never stop hoping that a judge will say, "Look, pictures of naked people don't hurt anyone, no, not even people under 18. Shoot, when I was 13 and president of Future Lawyers of America, my friend gave me a copy of Playboy as a down payment for my unsuccessful attempts to defend him on curfew-breaking charges in Foot v. Ass, and look how I turned out." But even a judge who firmly believed that people under 18 were harmed by pornographic images, would have found little reason to uphold this law.

This discussion has been archived. No new comments can be posted.