Schools, Filtering Companies Blocking Google SSL 308
An anonymous reader in the UK writes "Over the past several weeks we've discussed the rolling out of Google SSL search. Now an obstacle to the rollout has arisen, much to the frustration of school students and teachers alike. Content filter vendors have decided to block all Google SSL traffic — which also blocks access to Google Apps for Education. Google is working to appease these vendors. The questions at the heart of this situation are: Does a company (school, government) have a right to restrict SSL traffic so it can snoop your data, or does an individual have a right to encrypted Internet facilities? And, is the search data you create your data, or is it your employer's (school's)? IANAL but blocking SSL search seems at odds with the UK Data Protection Act, because some local governments here may be using the very same filtering service for their employees. It would also seem to go against the spirit of FIPS in the US (though I appreciate that federal standards are separate from schools in the States)."
Old news (Score:5, Insightful)
SSL has always been tricky for those filtering appliances. If you deny it, you prevent things like legitimate credit card orders for, say, classroom supplies - or checking a bank account balance regarding a paycheck. If you allow it, kids/employees will just use one of the dozens of SSL proxy sites.
And the nature of SSL is it's pretty much all-or-none.
In the U.S. It's your employer/school's. (Score:4, Insightful)
Uh... Yes, a company perfectly has that right. No, if you are using an employer/school-provided connection, you have no rights outside the conditions of access you agreed to when you accepted employment/enrollment. (As it relates to internet access, anyway.)
If you want "Free with a capital F" access, you need to get it yourself, not assume that someone else is going to provide it for you.
Snooping? (Score:3, Insightful)
It's not about snooping as much as it is about being able to bypass the filtering function. The fact that a student could use the secure search to access www.porn.com [porn.com][NSFW!] does not mean that the sysadmin is watching their every move online.
Freedom of the press belongs to the owner... (Score:5, Insightful)
It's their computers and their networks, so they can do whatever they want. Still, if you deny Google the right to encrypt on your network, Google still has the right to deny you any or all of their services. Teachers like to call that "natural consequences...
Questions have already been answered (Score:2, Insightful)
Does a company (school, government) have a right to restrict SSL traffic so it can snoop your data,
They have a right to restrict what protocols and port numbers are allowed to be used on their network, as a matter of policy.
They have a right to implement technical measures to assist in enforcing policy, even if those technical measures are so draconian that they prevent some things that are technically allowed by policy.
They have a right to do this, by virtue of it being their network.
does an individual have a right to encrypted Internet facilities? And, is the search data you create your data, or is it your employer's (school's)?
An individual does not have a right to use encryption.
A user has a right to install encryption software that they own on their computer that they own.
A user does not necessarily have the right to transmit data over a network, that they have encrypted using software.
Especially not if that data also belongs to the school/employer (proprietary sensitive info)
In all cases; a school/employer has a right to say: either you connect using non-SSL, or you choose to refrain from connecting.
Of course from a security POV, SSL is probably better, as long as the organization controls the keys and manages ciphers used
Re:In the U.S. It's your employer/school's. (Score:3, Insightful)
Re:In the U.S. It's your employer/school's. (Score:3, Insightful)
In the US, there is a good chance they do have the right to look at anything you take out of the building.
Re:Freedom of the press belongs to the owner... (Score:5, Insightful)
Funny how that's not true when it comes to landlords and tenants. In some countries it's even not true when it comes to landlords and squatters. Even squatters have rights.
I suspect there was some history in getting those protections.
The landlords in the "IT world" want their stuff to be legally treated like property but not too much like property
Re:In a school, yes. (Score:3, Insightful)
Re:In the U.S. It's your employer/school's. (Score:2, Insightful)
I'm of somewhat mixed opinions on this subject.
Its really a very different question if you're talking about a company, a school (for minors? or adults? public? private?), or the government.
For a company-- absolutely they have the right. They own the connection and the computer. They have every right to set any policy they see fit in this regard. Your rights are to choose to accept the terms of your employment (which include, 'follow policy'), or not.
For a school of minors-- this is irritating to me, as I feel we treat our youth far too much like idiots and do not encourage their actual questioning and independent growth, BUT-- a school acts in loco parentis. They have a responsibility to monitor the children in their care. We take that to stupid lengths, but that's another topic.
A private school for adults-- absolutely they have the right. Largely the same argument as company above, save you probably own your own computer, and are just using their network by whatever terms you've agreed to.
A publicly funded school for adults-- this is where I start questioning. The university may in a way 'own' the network, and the machine, but the public ultimately does. Just like in a library, an adult should be able to do anything not-illegal that they want.
The government-- in its capacity as a government, absolutely not without court order. In its capacity as employeer (especially employeer of someone who may have access to sensitive data), absolutely.
On the one hand... (Score:3, Insightful)
..sure, in the US, schools have the right and perhaps the duty to block SSL searches. On the other hand, the behavior of both the censors and the censorware providers argues strongly for the idea that censors are scum of the earth.
Re:Old news (Score:5, Insightful)
Well, here's a slightly less costly alternative, then:
Stand where you can see the student's screens.
*sigh* When did morals and ethical behaviour become a technological problem?
Comment removed (Score:4, Insightful)
Re:Old news (Score:5, Insightful)
Good thing for you most large governments have the root CAs in their pocket and can easily Man in The Middle most SSL transparently, unless the user is superbly vigilant.
Re:Don't write it during school hours (Score:3, Insightful)
Sadly people misunderstand how extremely important it is to have fun at school, to excercise creativity and gain inspiration. To be happy, have fun and work on positive socializing AS well as learning. Not all the learning done at schools is purely academics as it's the prime area we learn how to socialize, to get a long with people etc.
Amazing ... (Score:3, Insightful)
Re:Not your home network? No right to complain (Score:2, Insightful)
Open access in school's doesn't work (Score:5, Insightful)
I was the tech director of a school district for 13 years. I've run schools with very restrictive Internet filters and everything in between to schools with no restrictions at all. What I've found over the years is that the more you restrict the Internet the more the school's grade average goes up, and the nicer the students are to deal with. Our schools consisted of about 75% to 100% of the classes,depending on the school, being delivered though distance learning courses. If you give the kids open access to the Internet 90% of the kids will just chat, play games and watch non educational videos all day every day. They get away with this by leaving a window with their school work up and when the teachers comes to check on them they bring it to front, or by making the offending browser window very very small, so that you can't tell without looking very closely that they aren't doing your work. Left unchecked, at the end of the year, 90% of the students would need to be held back a grade. A couple of side effects of kids that aren't on task is they tend to have very bad classroom behavior that disturbs the students that are trying to stay on task, and most of the time wasters the kids like to use are also HUGE bandwidth hogs, so you end up having to buy 10X the Internet connection that you actually need for the school to function, which only deprives the school of much needed funds that could better be spend on something else.
The extreme other side of the coin, and the way the school is currently running is to completely block the Internet except for a select few websites that the school needs for their distance learning courses. There are some "research" or "library" computers that the kids need special permission to use when they need to look things up for papers and such. By blocking everything, the grade average of the entire schools district has shot up to record highs, and the classrooms are a lot more quiet and easier to control.
When it comes down to it, schools are a closed environment that is specially designed for education. When you introduce distractions into that environment that level of education that the kids are getting goes down significantly. It's not a matter of free speech or the school snooping in on private things, it's a matter of making sure that your kids get a certain level of education.
As for using school computers for personal activities and the school snooping in on them... you weren't supposed to use the computers for personal activities at all. Everyone, teachers and students alike, sign off on the school's computer use policy at the beginning of every year, and I don't know of a school that doesn't require one in some form. We didn't give the teachers computers so that they could maintain contact with their family while they were supposed to be working, and we didn't give the students computers so that they could keep in touch with all their friends on facebook. To argue that it is violating their rights not to be given unfettered Internet access would be like arguing that the school should provide every student with a cell phone so that they could keep in touch with their family and perhaps call people for help on research for papers... even if you could figure out a good reason to give students a cell phone, it would ultimately be a complete flop and a total distraction for an education environment.
In a traditional school, the students time on a school provided computer would be a lot less and therefore a lot less of noticeable
on their overall grades, but the problems are still there.
All that being said, I am completely against any kind of censorship when it comes to my personal Internet, or anyone else's personal Internet, but when you get into a school/business environment, it's no longer YOUR Internet and the owners of the Internet connection can do with it what they like... you have to remember, they don't HAVE to give Internet access at all, and whining that they are blocking access to things that are not in keeping with the task at hand... well maybe you should think about what you are saying before you start whining. After all, you are probably 1 step away from being expelled/fired, and the block is their way protecting you from yourself.
Re:Exactly. (Score:3, Insightful)
As a sysadmin for a school district, I don't give a flying fsck about "someone's data". My job is to implement our filtering policy. As we can't tell if SSL-encrypted search pages contain banned content, we block them.
If you don't care about someone's data then why are you filtering it. I mean seriously if you didn't care then you would be blocking it. And you could blocking it you weren't scanning the content (even if you are only looking at the content of the URL, you are still looking at "someone's data"). Never mind the fact that in most cases you are only annoying the legit users, because the one's that want to misuse your network, can and will find a way around the blocks.
Re:Don't write it during school hours (Score:3, Insightful)
Re:Purpose of banning the content? (Score:3, Insightful)
So what is the purpose? Just to protect the schools from legal liability and lambasting
by the prude faction?
That's pretty much it, yes. I've worked in SD's and I've seen some things that - IMHO - might seem like a lack of common sense to people with a technical acumen, however to many technology is still very much a boogeyman. For smartphones, I don't see *too* many kids with the high-end ones yet, most are just used for texting and possibly a bit of facebook.
But a few stories. Years ago, some students found the semi-nude/nude section of deviantart. It's well labelled, so not somewhere you'd stray by accident. Solution given: block all of DA. I protested by was overruled, and thus DA was blocked. In any non-IT instance, say if it was a kid bringing racy mags to school, the solution would be to deal with the kid, except nowadays that doesn't seem to be a viable option as the parents complain if little junior gets suspended or given detentions. Usually the parents that complain the loudest are - surprise - the ones with the more ill-behaved children.
In another case, we had an instructor bring up the whole facebook thing. It's blocked, but as always there's a gazillion ways to get around filters and in the arms race of tech, kids have less experience but time and numbers are on their side. We had discussed *why* the sites were blocked. The answer, cyber-bullying and privacy. Junior might snap an embarrassing picture in the boy's washroom and upload it to facebook. Again, WTF. First of all, junior is probably going to - as the parent mentioned - do so with a smartphone and upload the damn thing over the CELLULAR network, which we have 0% control of. IMHO again, the logical solution is to deal with the "Juniors" of the world, but to non-technical people computers - in addition to being a boogyman - are made up of 50% magic and if you sacrifice the right chicken and do the right chant, you can do anything with them! I'd expect that many people expect us to work in secret labs with holograms and touch-panel transparent screens like in Iron Man or a sci-fi movie.
The faction of parents (and educators) who have a thin grasp on technology is a greater percentage than those who do. Granted, this is changing as one generation ages and replaces another, but for now policy will reflect the whims of the majority, no matter how little it seems to make sense in a technical sense. Think about the last time you helped a less-technical relative work on his/her computer, and then try to imagine that those type of people still represent the majority of the population in terms of technical understanding (and fear). Overally, perhaps that's not a bad thing. Given the number of armchair engineers and professors here on slashdot, if the world were populated by geeks we'd have a few hundred "solutions" to every issue.
Re:Exactly. (Score:1, Insightful)
"I'm only doing my job."
Good boy.
Re:Open access in school's doesn't work (Score:2, Insightful)
You said "Granted I was one of the self-motivated students while a lot of my classmates wasted time" which clearly points out that you probably didn't fall into the high percentage of students that can't resist doing things in class that they should be, while acknowledging that it wouldn't work for "a lot" of your classmates. There are a lot of rules/laws in society that effect 100% of the people, but are there to make sure that a smaller percentage of the population isn't hurt or taken advantage of in some way. In a perfect world where we have nothing but self motivated students who aren't easily distracted, there would be not be a need for filters. Even if it was just a small portion of the population, there could be alternative means to control, but with the vast majority of students it's just too much of a temptation not to screw around instead of doing what they are there for, which is to get an education.
Of course there are exceptions to every rule and we had them as well. There were times we allowed games in the classroom and we had the ability to turn them on for just single computers, a room full of computer, a whole school or anything in between. I would bet that if you were to ask your teachers if s/he would mind if their students as a whole were capable of free access to the Internet while they were trying to teach a class, they would almost universally say no, and the ones who said yes, would probably be low on the list of teachers if the principal were to rank them.
Imagine this, a very smart self motivated student finishes up whatever they are working on and the teacher allows them to play video games till the end of class. Meanwhile you happen to be the unlucky student next to them that had to deal with a video game going on out of the corner of your eye while you finish up your work. I would bet that you would find that situation more than just a little distracting... how would you like to get a C instead of an A because of being forced into situation...
Re:In the U.S. It's your employer/school's. (Score:2, Insightful)