Slashdot Mirror

There's a boatload of censorware news today, enough for two or three Slashdot stories -- but to conserve electrons, we're bringing it to you all in one easy-to-download package. First, Peacefire has a report on the accuracy of intelligent skin-tone-scanning software, one month after its company said they'd have it working in a month. And since the CEO of ClickSafe spoke at the COPA Commission meeting yesterday, Peacefire ran a check to see how many COPA-related sites its AI blocks. Finally, Waldo Jaquith has a report from the meeting itself which should be sobering but cracked me up anyway. Pay attention, everyone, these are the folks who are going to censor your Internet.

The Child Online Protection Act, passed late last year and then struck down early this year, is still under appeal. Colloquially it's known as "CDAII." Part of what the Act does is establish a Commission that meets every so often -- the Commission's website has details on its mandate and so on.

(Update, a few minutes later: make that "injunctified," or whatever one says for a law against which an injunction has been applied, instead of "struck down." Sorry; IANAL.)

Speaking at the Commission meeting yesterday and today were the CEOs of several major censorware companies. Among them was Michael Stephani, whose company Exotrope makes a product called BAIR.

BAIR

BAIR checks images as they download onto your computer, and claims to be able to tell the difference between pornography and other types of images. The "AI" in its acronym stands for artificial intelligence, running on supercomputers.

When the Wired story on BAIR came out last month (a story "borrowed" from Peacefire -- I'm not going to get into it), Wired quoted the company as saying "they plan to fix the errors within the next month." What errors?

"BAIR incorrectly blocked photographs of Yellowstone, the Baltimore waterfront, Snoopy, boats, sunsets, dogs, vegetables and even a Wired News staff meeting.

"It rated as acceptable for minors -- even on the most restrictive setting -- explicit images of oral sex, anal sex, group sex, masturbation, and ejaculation."

That was one month ago. How's BAIR doing now?

Peacefire retested the same 50 pornographic images that they'd used last month (which presumably BAIR's programmers would have paid extra-special attention to). Their new report finds that, instead of zero, the number of blocked images is now: 34. I've got a great slogan for them: "now your children can only see 32% of the web's oral sex, anal sex, group sex, masturbation, and ejaculation."

One's respect for these programmers is dampened a little, though, because there's more to Peacefire's report. It seems, in a random sample of 50 photos of people's faces, BAIR blocked ... how many? ... 34.

Maybe that slogan should be: "now your children can only see 32% of the web," period.

It's wonderful to live in a world where artificial intelligence offers limitless possibilities. Its website suggests that "Because Artificial Intelligence can be taught to recognize a variety of patterns," -- oh, OK -- "our BAIR can be taught to evaluate other categories such as violence or illegal activities. The BAIR is currently undergoing training in these areas to provide additional filtration selections."

ClickSafe

Richard Schwartz, CEO of ClickSafe, also spoke yesterday at the COPA Commission meeting. Just for kicks, Peacefire decided to try out their spiffy AI software too.

Insert marketblurb here: "...by combining cutting-edge graphic, word and phrase-recognition technology, ClickSafe has achieved accuracy rates of over 99% (according to recent sample tests). ClickSafe can precisely distinguish between appropriate and inappropriate sites (e.g. sites related to issues such as breast cancer will not be blocked)."

What Peacefire did was test this software against the website of the COPA Commission itself, and related sites such as those of speakers or Commission members. They found that blocked pages included:

• The Child Online Protection Act itself, in original and amended form;
• The COPA Commission FAQ;
• Biographies of Commission members Stephen Balkam and John Bastian;
• Bio of Commission member and famed anti-porn crusader Donna Rice Hughes, as well as AppendixA from her book Kids Online: Protecting Your Children in Cyberspace;
• A list of technologies the Commission examines;
• The scope of what the Commission is called upon to do;
• A service agreement from a little company called Network Solutions, whose rep chairs COPA's meetings;
• "About the ICRA" (the makers of RSACi, "a simple, yet effective rating system for web sites which both protected children and protected the rights of free speech");
• Bible study tools: "We hope these free resources foster a desire for Christians to learn more about the Bible, deepening their relationship with God" unless they're using censorware;
• The American Family Association (a conservative Christian group that is trying to force censorware into public libraries, including those surrounding the Slashdot Geek Compound);
• The ACLU, the EFF, and the Center for Democracy and Technology;

and so on.

When I spoke with Bennett about this, he commented that the strange thing was that these flaws are so easy to find; you'd think someone would have run these simple tests already. If anyone reading wants to get their name in Slashdot (and other news media too), censorware is a gold mine of untested misinformation. Buy a product, design a solid unbiased test for it, run the test, and send us what you find. Repeat until the whole world has a clue.

The COPA Commission Meeting

The following is an account of yesterday's COPA Commission meeting, by Waldo Jaquith. Keep in mind that this meeting's purpose, according to the Scope & Timeline Proposal which is blocked by ClickSafe, is to study filtering and blocking software to learn what to recommend in its report to Congress late this year.

Folks,

For more information on the COPA Commission, see http://www.copacommission.org/. (Unless your network has ClickSafe installed, in which case you shouldn't bother.) There is an agenda for this meeting, and there are bios for most people, as well as the prepared speeches for many of the below folks. I've tried to be objective.

Oh, screw that. There's nothing objective about it. But I've tried to give useful facts, quote accurately, etc.

The whole affair, which was scheduled to start at 9:30am, didn't actually start until 10:15am. Which was good, because I didn't get there until 9:45. Although the event was being held at the University of Richmond's Jepson Alumni Center, the room felt like your basic hotel meeting room. Bad carpet, ugly chairs, poor lighting. There were enough chairs to seat about 100 people, but only 35 people were in attendance. Directly in front of the two columns of chairs was a table with chairs, facing away from the audience. This table was for people asked to testify before the COPA Commission. On the other side of that table was a long table, at which was seated the commission, all sixteen members. The result was that the people testifying, who did most of the talking, could only be recognized by the backs of their heads by the audience.

Chairman Donald Telage called the meeting to order and introduced the first panel, who was to speak for approximately 45 minutes on the topic of client-side filters. This panel included Gordon Ross, the President and CEO of Net Nanny, Mark Smith, the President of BrowseSafe, Susan Getgood, the VP and General Manager of Cyber Patrol, and Richard Schwartz, the CEO of Opportunity-America (ClickSafe.com).

Gordon Ross kicked things off with a tremendously boring ten minute speech about how client-side filters work. The only interesting comment that he made was his belief that "consumers should have the ability to analyze each and every site in the database..." [...because his product Net Nanny is the only one of the 150 censorware packages on the market that allows oversight of its blacklist. -ed] He also kicked off the First Amendment references, which nearly every speaker throughout the day would spend some time talking about, but not really saying very much.

Mark Smith from BrowseSafe occupied the next few minutes, giving a rambling speech in which he discussed censorware as if it were some far-off and idyllic concept.

"Most products focus on either client-side- or server-side-based technology. What would happen if the benefits of each could be brought together to provide the user with a new, more flexible and powerful way of surfing the web? What if every sub domain of every site had been categorized and classified by its content? Wouldn't you agree that everyone could benefit from that combination of technology? Of course you would? Now let's walk across the street to the front porch of the family of the home and try to view it from the parent's perspective. What if parents were able to determine what the child sees? What would it be like if e-mail, instant messaging, chat and other computer tools could be also controlled?"

Then, although the topic was client-side filters, he rambled on for several minutes about PlanetGood, a website that was probably unfamiliar to many in the room. He used the site's name in every single sentence for several minutes. And, naturally, he closed talking about "our forefathers" and "these inalienable rights that our forefathers entrusted to us and many of them died for."

Susan Getgood from Cyber Patrol kept things short and sweet, and took the "I'm a new mother and want to protect my children" approach. She muddled the definition of censorship somewhat, saying that "[s]ome critics confuse censorship, which is imposed by the government, with technology that a family or school can choose to use and then set to implement an individual policy." Our school system isn't a part of the government?

Richard Schwartz of ClickSafe.com touted his product nearly as much as Mark Smith promoted the mysterious "PlanetGood." He also described a system that his company has developed that sounds very much like Exotrope's BAIR. "Fleshtone has a very unique set of features [...] Through a combination?of a set of sophisticated algorithms it can establish if something is pornographic. [...] Justice Potter Stewart lives within our system, because he knows it when he sees it. It works, it's been tested out, it's over 99% effective." "We can distinguish between chicken breast and sexy breast." "A consortium of Portuguese and Australian pornographers had been hijacking people off of different sites, including the Harvard Law Review site into their pornographic sites. And then you have to reboot your computer in order to get out."

After the four had testified, we moved into the commission Q&A session. (No questions would be allowed from the audience.) A few interesting questions, answers, and comments cropped up during this portion.

Richard Schwartz, only half kidding, proposed a tax on Internet pornography.

Commissioner Gregory L. Rohde asked Richard Schwartz if his image filter could tell the difference between art and pornography. Astoundingly, Schwartz replied that it could.

Commissioner Jerry Berman asked if there were any plans to create an organization that could provide objective reviews of censorware products to help parents decide what to buy. Gordon Ross said that this had been tried a few years back with SIFT (?), and that it didn't work out.

After a short break, we began the second panel, which addressed server side filtering. Testifying was Kevin Fink, N2H2's CTO; Sunil Paul, Chairman of Brightmail; Stephen Boyles of Library Guardian (Swifteye); Michael Stephani, President and CEO of Exotrope; Ginny Wydler, Director of Standards and Policy at AOL; and Tim Robertson, CEO of FamilyClick.

The first person to say anything interesting was Michael Stephani, who made some fairly interesting claims. He said that their blacklist of sites included four million sites, and that their image-recognition software, BAIR, is 99.8% percent effective. Stephani bragged that it blocked 1 out of 6 general images and 96 out of 100 pornographic images. He pointed out (perhaps rightly) that image filtering is the only real way to filter out pornography, and also that client-side filtering would so go the way of the dodo, given the proliferation of Internet appliances. It wasn't long before he got all 'God bless America' and 'think of the children,' and eyeballs could be heard rolling throughout the room.

As Commissioners asked questions of the panel, Chairman Donald Telage admitted that he wasn't aware that client-side filters were able to use a blacklist. He was under the impression that they could only filter. I had flashbacks from the Napster hearings last week ("Can't you track their intellectual property address?")

Out of the blue, Karen Talbert asked the panel for a show of hands regarding their respective products' ability to work with high-speed connections. Obviously, everybody's hands went up.

How do these people get on the commission?

When given half a chance, Stephani got all "think of the children, my god, won't somebody think of the children?" again. He also bragged that Exotrope has a new, not-yet-released product that filters IM [AOL Instant Messaging -ed.] and even detects innuendo. Stephani said that they just got a contract to install this program on 30,000 school servers. Continuing his spectacular Old Faithful of shit, he cheerfully envisioned a time in the future when there would be "photonic switches" that would maintain a complete blueprint of everything that every user had ever done on-line. Christ, that's frightening. Stephani said that they'd spent $6.5MUS developing BAIR, and went on to point out the coincidence that Peacefire released the report showing that BAIR was 0% effective on the same day that their servers went down. Perhaps he was implying that Peacefire members hacked the server, perhaps that we were taking advantage of them, or perhaps he was just laughing at the circumstances.

There was no promised audience Q&A. That's probably because the whole event ran well over when it was supposed to end. Lacking a better approach, I rushed up to the ebullient Stephani with a copy of the newest BAIR report in hand. Although he was already talking to a reporter, he stopped when he saw my nametag ("Waldo L. Jaquith, Peacefire") and looked a little surprised. He, as well as his sidekick PR guy, enthusiastically introduced themselves. We talked for a few minutes, during which time I said that BAIR appears to suck less than many other censorware programs. But I was still fundamentally opposed to all of them. Between this and the revised report, Stephani was my new best friend. Several other people came forward to read nametags and shake hands, but I continued to talk to Stephani and the reporter, Drew Clark from Technology Daily.

Ten minutes later, when I walked out, I felt a little baffled. Stephani behaved towards me as if Peacefire had just given him the most glowing review that BAIR had ever gotten. This, despite my repeatedly pointing out that Peacefire is fundamentally opposed to filters, always will be, and BAIR is simply rather effective at performing the task that we hate.

I was disappointed that a few major points were never brought up during the discussions:

• Server-side censorware (especially that which is housed with each website) will always be a severe privacy violation, because it needs data on the user in order to establish what information to provide.
• Client-side censorware is doomed to fail because children know more about computers than their parents. The parent has to trust that little Suzy won't uninstall Cyber Patrol. But if Suzy can be trusted, why bother with Cyber Patrol?
• Internet censorship is impossible. The Internet is so large that it's a waste of time, so let's all stop. Gated community models, like AOL, Compuserve and such, are a far better way to provide a "safe" experience for kids.
• The concerns about children's wellbeing presented during the meeting mirror those that parents, since the beginning of time, have always had for their children. How can I keep my child safe when I'm not watching him? How do I know what my child is doing if I'm not around? How do I keep my children from hearing / seeing / saying bad things? Censorware makes no more sense than installing a v-chip in little Suzy's head. Get over it.

In a nutshell, I'm not sure what, if anything, was established at this meeting. It's clear that most of the Commissioners knew every little to start off with, and their opinions are being formed on what amounts to a series of sales pitch sprinkled with god-and-country references, a la mega blowout carpet sales around Independence Day. I'm glad COPA was struck down. Let's get on with our lives.

Best,
Waldo

As promised last Friday, here's more on the Munich conference. Pay attention or wait to be forced to label your internet content. It's your choice.

A number of articles have appeared in the online press about Munich. Half of them are just rehashes of press releases - nothing very useful there. Some of them are fairly in-depth (we think CNET and the NY Times had the best coverage), but none of them really give you the big picture. We're going to try to. Let us know how we do.

The first thing that the press is missing is that there are (well, were) two meetings in Munich, not one. The first is the one you heard about: a meeting called by the Bertelsmann Foundation, part of the huge Bertelsmann publishing empire, which sponsored the Internet Content Summit. They're getting together to have a little feel-good session about "self-regulation" of internet content. By self-regulation they don't mean that end-users regulate their own behavior; they mean that ISPs regulate users instead of government doing so directly. Users will still be regulated, of course. And the regulation will be driven by what the national government wants. It's just that government will lay their heavy hands upon the ISPs, and the ISPs will act as the enforcers rather than law enforcement. Think of it as a distributed system - government assumes the role of a second-line rather than first-line manager. At a previous internet content summit, this type of regulation was described as "soft law" versus "hard law", and we think that's a good way to think about it. They are not talking about voluntary, individual actions of corporations - they are talking about imposing laws and restraints on the citizenry through another means. Self-regulation = soft law, but law nonetheless.

The first meeting is interesting for a number of reasons, but not terribly ominous - the people meeting were not previously working together, and all that will come out of it is thoughts and ideas. The second meeting is rather more dangerous.

The second meeting, scheduled in conjunction with the first, was of the principals of INCORE, Internet Content Rating for Europe. This group consists of a number of European corporations and protect-the-children groups and their sole goal is to establish a single rating system for use across Europe (they're also coordinating with Australia). Of course, the members of this group overlap significantly with the first - for example, Jens Waltermann, director of the Bertelsmann Foundation and sponsor of the first meeting, is also one of the prime movers in INCORE - which ought to tell you why the Bertelsmann conference is so slanted towards ratings systems as the sole means of protecting the children.

But why is this going forward? As at least one slashdot poster pointed out in the discussions of last week's article, rating systems have been discussed before, and haven't come to anything yet.

What happened is the government (the European Commission, in this case) decided to get serious. They buckled down, and at the end of 1998, allocated funds to be spent on the development of a global rating system. About $11 million is allocated to be spent on developing this system, so the corporate participants can be reasonably assured of being reimbursed for all their plane fares and hotel costs. (Question: if it's so voluntary, how come the government is paying people to develop it?)

The European Commission's plan runs from January 1999 to December 2002, four years. 1999 is scheduled for development and meetings. 2000 is scheduled for rollout and beta testing. 2001 and 2002 are allocated for the encouragement process and tweaking - making sure everyone is toeing the line. There's plenty of time allocated because it's important to make sure that the resulting rating system aligns with national laws - for instance, since Germany outlaws hate speech, one of the rating categories will involve hate speech, and Germany will outlaw the transmission of any content rated in this category into the country. Laws can be "hung" off the rating categories, if they're set up properly.

The rating system will be based off the American Recreational Software Advisory Council's system, that they originally developed for video games and then, when threatened by Congress with the CDA, transformed for internet content. (The funny thing is, for the first year that RSACi was being promoted for use on webpages, it still had all the original references to video games. Pretty sad.) RSAC was recently folded into the Internet Content Rating Association, basically so they can revamp the RSACi system and submit it to the European Commission for approval and funding. Who is the chairman of ICRA's board of directors? Jens Waltermann again. Are you beginning to see a pattern?

Civil liberties groups world-wide have finally recognized the threat that government-mandated rating systems pose to the internet. The ACLU was the first major group to speak out against them, in their 1997 paper Fahrenheit 451.2: Is Cyberspace Burning?. But for this Munich conference, the chorus was loud and close to unanimous - the Global Internet Liberty Coalition condemned it, the ACLU condemned it, Electronic Frontiers Australia condemned it, Internet Freedom (UK civil liberties group) condemned it.

Several civil liberties groups managed to wrangle themselves invitations to the conference. The Electronic Privacy Information Center is attending and distributing a book free of charge to all participants (besides the attack on free speech, EPIC is irritated because the European Commission has also recommended that online anonymity be strictly prohibited for all European Union residents - after all, if they're anonymous, it's harder to make them obey the law). Nadine Strossen of the ACLU published the statement she's making to the Conference, harshly opposing the labeling requirements; even Esther Dyson, a tremendous supporter of rating systems, expressed her unease at the slant of the conference.

Strossen's comments above neatly summarize the civil liberties community's objections to so-called self-rating systems, and we urge all readers to take a look at that link above. She makes several points:

1. Self-Rating Schemes Will Cause Controversial Speech To Be Censored
2. Self-Rating Is Burdensome, Unwieldy, and Costly
3. Conversation Can't Be Rated
4. Self-Ratings Will Only Encourage, Not Prevent, Government Regulation
5. Self-Ratings Schemes Will Turn the Internet into a Homogenized Medium Dominated by Commercial Speakers

Strossen is far more eloquent than we are, and she makes the points extremely well. Take a look, it's worth your time.

But back to the conference. The main document to come out of the conference is their Memorandum on Self-Regulation (538K), released yesterday. A number of "internet experts" contributed to the report - mostly these same people we've been seeing, representatives of the companies that want the Net to be kid-friendly (increase profits!) and protect-the-children groups from throughout Europe, and representatives from various governmental agencies. They lay out their censorship proposal in some detail. The basics are laid out in a single phrase: "Content providers worldwide must be mobilized to label their content...".

Prepare to get mobilized.

"It is in the best interest of industry," they say, to take the steps necessary to "enhance consumer confidence" and meet "business objectives." The suits invited must all have nodded their heads to this one: if only they could get the obnoxious people off the net, then all the soccer moms and grandpas would feel safe enough to fire up a browser and finally type in their credit card numbers.

So, problem: naughty stuff on the net. Answer? Open source! <spit>

On p. 59 of the 60-page memo is a neat diagram that looks almost like an API to a multi-layer code library. Except in this case, the bottom slice is the underlying technology of censorship (PICS), and the top slice is the user's experience of censorship (at the browser).

Sitting on top of PICS is Layer 1, in which the content creators - that's you, me, and everyone else who makes anything public on the internet - label our data with a "basic vocabulary" of keywords. If we write porn, we call it porn. Simple enough so far?

Next comes Layer 2, which is where the fun stuff starts to happen. Here, third parties can invent "template profiles." These combine the keywords in interesting ways. The idea is that in one country, the ratings systems will typically rate porn as bad but violence as OK; in another, perhaps the opposite; someone else will invent a profile for use in schools that blocks everything noneducational; a profile for your company's router might block all sports but let profanity through; a national profile for Australia might block all sex but let stupid political grandstanding through; and so on.

These template profiles should be, according to Bertelsmann, "open source."

How are they going to do this? They can't rely on a NetNanny or SurfWatch to rate the net: censorware has been a dismal failure in practice, the software just doesn't work because there's too much of the net and too few censorware employees to evaluate it all.

What they need instead is for you, the author, to do their work for them. Remember that "basic vocabulary" of keywords? It turns out you're not just going to pick porn vs. non-porn. Oh no. After all, you have to provide enough information for the profiles to work with.

That means you're going to be rating everything you publish according to:

"e.g.: gratuitous violence,
frontal nudity,
explicit sexual acts,
crude language,
vulgar language,
sports,
extreme hate speech,
arts,
aggressive violence,
death to humans,
medicine,
non-explicit sexual acts,
strong language,
history, ..."

E.g.? E.g.!? There's more?

Well, there has to be more. In fact, Bertelsmann has only scratched the surface. In order for there to be enough "template profiles" to be worth mentioning, the variety of keywords has to be extreme.

Be ready to run down a checklist for everything you write and decide whether it contains gratuitous or non-gratuitous violence, explicit or non-explicit sex acts. Please rate from 1 to 10 how much art and history was in that last post of yours. Don't think you'll have a choice about doing it - your ISP will be enforcing it upon you, as a condition of service.

And the "template profiles" that are provided for the end user? These profiles are just simple sets that group the predefined keywords together. If I'm the CEO of NetSitterPatrol, I group keywords 1, 3, 5, and 12 together and call it "NetSitterPatrol Profile."

And if I'm a national government that's cracking down on porn, violence, hate speech, or vulgar language (your government wouldn't do anything like that, would it?), I'll just add the keywords for indecency, abortion information, hate speech, racism, or whatever else I want to censor, and give the list to the backbone providers in my country to filter out and protect the delicate citizens. Hey look, I'm an open source programmer!

by Michael Sims and Jamie McCarthy