Slashdot Mirror

Bennett Haselton has another article on offer for us today, this time looking at the implications of a Canadian initiative to protect children online. Bennet writes: "Cybertip.ca, a Canadian clearinghouse for providing information to law enforcement about online child luring and child pornography, has announced that a group of major ISPs will begin blocking access to URLs on Cybertip's list of known child pornography sites. A Cybertip spokesperson says that the list fluctuates between 500 and 800 sites at any given time." Read on for the rest of his analysis. The system is named after a similar filtering system used by service provider BT in the UK. It is also reminiscent of a law passed in Pennsylvania in 2002 requiring ISPs to block URLs on a list of known child pornography sites; the law was struck down in 2004 on First Amendment grounds. Although child pornography is of course not protected by the First Amendment, the law was struck down partly because the ISPs were blocking entire servers and IP address ranges, hundreds of thousands of non-child-pornography sites were also being blocked.

Under the implementation of the Cleanfeed system, representatives from Sasktel, Bell Canada, and Telus claim that only exact URLs will be filtered, not sites hosted at the same IP address. (Although conventional Internet filtering programs sold to parents and schools have also made the same claims, only to turn out to be filtering sites by IP address after all, so we'll have to wait until the filtering is implemented before we know for sure.) The other difference of course is that the Cleanfeed system is not the law, so there's nothing to "strike down" in court. Cybertip did acknowledge that this means customers can get around the filtering for now by switching to a non-participating service provider, although they are encouraging more providers to sign up. Cybertip declined to say whether any providers had simply refused to participate. But of course it's much easier than that to get around the filter, since filter circumvention sites like Anonymouse and StupidCensorship will not be blocked.

So, if it's that easy to circumvent, does it do any good? Even respected Canadian academic and columnist Michael Geist, hardly a friend of censorship in other forms, has spoken out in favor of the plan. I'm going to go out on a limb and say that it doesn't accomplish anything meaningful, and may set a horrible precedent that could make it much easier to block other content in the future.

First of all, it seems that it obviously won't stop anyone who is deliberately looking for child porn. Empirically there's no way to tell -- we don't whether systems like Cleanfeed in the UK have prevented people from accessing child pornography on purpose. Even if the providers are counting the number of blocked accesses to known child porn sites, nobody knows what people have been looking at instead through proxy sites like Anonymouse. All we can do is ask, logically, whether it is likely to work. I think purely logical arguments are frustrating when there is no empirical data to act as a referee, but let's face it, users are not going to self-report on their success at finding child pornography, and there's no way to see what users are accessing through encrypted circumvention sites. Logic is all we have.

So, consider people who are deliberately looking for child pornography. Such people are likely to be resourceful to begin with (since real child porn -- remember, non-sexual pictures of naked children do not count -- is vastly less common than regular porn; Cybertip claims after all that they "only" have about 800 sites on their list, compared to millions of regular porn sites). Virtually all such people would be aware of circumvention sites like Anonymouse, or of peer-to-peer networks, which Cybertip says they have no plans to block. So nothing is blocked from people who want to get around the filter.

The only scenario where the filters could make a difference is the case where someone accidentally accesses a child porn site. Now when I first read the Cybertip press release announcing that the filter would aim to stop "accidental" exposure to child porn, I thought that was just a tactfully sarcastic way of referring to the people who get caught accessing child porn and claim it was just a mistake. But Cybertip.ca claims they've received over 10,000 reports since January 2005 from people who accessed child porn by accident. Even though that only works out to about 15 per day, I have to concede in those cases it almost certainly was a bona fide mistake, for the simple reason that nobody would voluntarily report accessing a child pornography URL that they visited on purpose. But even so, there's the question: What have you accomplished by blocking accidental exposure?

I would argue that the harm done by child pornography is to the minors coerced into the production of it, not to the people who view it. (This, by the way, corresponds with current U.S. jurisprudence; the U.S. Supreme Court ruled in 2002 that a law banning fake child porn was unconstitutional, even when the viewer can't tell the difference.) Obviously you prevent the most damage by stopping child porn at the production stage, but if it's too late for that, you can try to stop people from obtaining it willfully. This lowers the demand and decreases the incentive for people to produce more in the future.

But how would it lower demand if you block people from accessing it accidentally? If those people weren't going to proceed to buy or download more pictures anyway, then they're not fueling the demand. You can block them from accessing the pictures, but the pictures are still out there, and the people who really are fueling the demand can still access them.

So it seems that by blocking someone from accidentally viewing child porn, all you've really accomplished is to avoid offending their sensibilities. Now I don't mean that mockingly, I'm certainly not disagreeing with anyone whose sensibilities are offended by child porn. But there are lots of graphic pictures on the Internet that could offend someone's sensibilities, which are outside of Cleanfeed's mandate. Consider a photo of a 16-year-old having sex, versus a photo of an adult woman fellating a horse; even though the former is illegal to possess and the latter isn't, I think most people would be more grossed out by the second one. (I would even argue that there was more harm to the participants in the making of the second one, and in this case the law's priorities are a bit screwed up. Poor horse!)

So, why block 1% of the content that would offend someone's sensibilities, when 99% of the content that would still offend that person would still be out there? The fact that the 1% is illegal doesn't answer the question; even if it's illegal, you don't have to block it, so what have you accomplished if you do?

Possibly law enforcement is sick of people using the "I accidentally clicked on it" excuse when they get caught accessing child pornography, and wants to remove that as a defense. But couldn't someone just as easily claim that they "accidentally" accessed child pornography through a circumvention site like Anonymouse? They could claim that they thought they were accessing a regular porn site, they were using a circumventor to protect their privacy, and they didn't know that the site carried child porn and didn't find out until they'd already accessed it. So it doesn't seem like the filtering would remove the "accidental" defense.

So, I don't think the filtering accomplishes much at all, but it could set a very bad precedent once the filters are in place. Once Internet users have accepted the precedent that ISPs should block content that is "probably" illegal, what's to stop organizations and lawmakers from demanding that ISPs block access to overseas sites that violate copyright, for example, as the RIAA did in 2002? The technical means will already be in place, and more importantly, people will have gotten used to the idea that legally "questionable" content should be blocked. And with lobbyists claiming that 90% of content on peer-to-peer networks violates copyright laws, wouldn't it follow logically to block peer-to-peer traffic as well?

In a legislative climate where lawmakers have proposed everything from jail time for p2p developers to letting the RIAA hack people's PCs for distributing copyrighted files, we should resist any kind of content-based blocking that would let them get their foot in the door. That includes even well-intentioned efforts like Cleanfeed.

Bennett Haselton has writes "In recent arguments over the constitutionality of the Child Online Protection Act, both sides have argued over the efficiency of Internet blocking software. While COPA would prohibit commercial U.S. websites from publishing freely available material that is "harmful to minors", the ACLU has argued that blocking software is a far more effective alternative, since among other things it can block porn sites located overseas, non-commercial websites, and p2p programs, all of which are beyond the reach of COPA. On the other hand, we had the surreal experience of watching the Department of Justice lawyer arguing in favor of a censorship law by saying that the blocking software alternative was unfair to children -- because it blocked too much legitimate material." The rest of Bennett's essay follows.

"For example," said DOJ attorney Eric Beane during opening arguments, "one filter even blocked a website promoting a marathon to raise funds for breast cancer research. Part of the CIA's World Fact Book was blocked. And a page with an ACLU calendar. [Blocking software blocks] a significant portion of other materials on the World Wide Web, materials that in many cases are necessary for a child to complete his homework." (Opening arguments transcript, p. 37.) As someone who has been publishing critiques of blocking software for years, I read those words and felt like cheering, despite the fact that I'm sitting in the other side's fan section for this match. (Beane is right, but he's missing the point, which is that whatever problems exist with blocking software, are minor compared to the problems with COPA -- because blocking software raises no constitutional issues when it's used by a private party in their own house, whereas COPA affects everyone in the U.S.)

The irony, of course, is that three years ago, in the trial over the similarly-named Children's Internet Protection Act (CIPA) which required blocking software in all schools and libraries that receive federal funds, it was the ACLU pointing out the flaws in blocking software and the Department of Justice claiming that blocking software was accurate and effective.

At first it would seem that both sides are now guilty of flip-flopping. But reviewing what was said then and what was said now, my conclusion is that the ACLU did nothing more than shift their focus to a different set of facts, while the government did contradict themselves. And the source of this seeming flip-flop actually comes down to something pretty simple: two different ways of stating one set of numbers.

Now before going further I can't resist saying that I think the whole debate over "harmful to minors" material is pretty silly, because I don't think the pro-censorship side has ever put forth a reason why they think that pictures of naked people, or even people having sex with each other, are harmful to people under 18. I disagree with some people on matters like abortion and the death penalty, but I at least think they have some facts on their side; but I don't know of any facts supporting people who think that pornography is dangerous. Why is a woman's nipple harmful but a man's nipple isn't? How are the majority of high school students who have already had sex anyway, supposed to be harmed by pictures of other people having sex? And apart from the logical paradoxes, the pervasiveness of the Internet has now given us empirical data too: virtually all minors have now have access to anything they want to get on the Internet (either at home, or by sneaking to a friend's house), and where's the evidence that adolescents' brains have been hormonally turned to mush any more than they always have been?

But for the remainder of the discussion, suppose you're addressing people who believe that nudity and sexual material really are harmful to people under 18. (In any case, the judges probably believe it, and even if they don't, they're bound by legal precedents that assume as much.) The question is how accurately blocking software achieves this goal.

Blocking software has two types of error rates: underblocking (failure to block porn sites) and overblocking (blocking of non-pornographic sites). Underblocking errors are usually expressed one way: the percentage of porn sites in a given sample that are not blocked. But overblocking errors can be stated in two ways: the percentage of non-porn sites that are blocked, or the percentage of blocked sites that are not pornographic. (There are borderline cases like nude art sites, but it turns out they're not common enough to affect the margin of error much; the vast majority of sites are either clearly porn or clearly not.)

The key is that if you want the overblocking rate to sound low, you talk about the percentage of non-porn sites that are blocked. If you want it to sound high, you talk about the percentage of blocked sites that are non-porn.

For example, in the 2003 Supreme Court arguments over CIPA, Department of Justice attorney Theodore Olson downplayed the error rates of blocking software by saying:

"But even if it's tens of thousands of the -- of the 2 billion pages of material that is on the Internet, we're talking about one two-hundredths of 1 percent, even if it's 100,000, of materials would be blocked."

Here he's referring to the percentage of non-porn sites that are filtered. Attorney Paul Smith, arguing against the law, countered:

"And so we have -- on these lists is a proportion, a huge proportion, perhaps 25, perhaps 50 percent of the sites that are blocked that are not illegal even for children."

and:

"And the evidence is that there's about 11 million websites on the Internet, in --in the accessible part of the Internet and that 100,000 of those are the sexually explicit ones and that the --there are at least tens of thousands more that are on the list. So it's --the Government also says in their brief that about one percent of the Internet is over- blocked, which would be about 100,000 sites. So it is a substantial percentage. It is also a substantial amount. And most importantly, it's a very large percentage of what they're blocking is not what they intend to block."

-- that is, talking about the percentage of blocked sites that were non-pornographic. Both sides cited the same figure (100,000 non-pornographic sites blocked, apparently referring to an average across all blocking programs) -- but that same number could be seen as an "error rate" of either one hundredth of one percent, or 50%, depending on which formula you use.

Then in this year's COPA trial, the ACLU called CMU professor Lorrie Faith Cranor who testified that in tests that she reviewed,

"[blocking software programs] correctly blocked an average of approximately 92 percent of objectionable content. And they incorrectly blocked an average of 4 percent of content not matching the test criteria."

(Oct. 24th transcript, p. 57.) Back to talking about the percentage of non-porn sites that are blocked -- which, again, when you put it that way, sounds low. On the other hand, although I couldn't find exact numbers cited by the DOJ's lawyers on the number of sites that were incorrectly blocked, in the portions of his opening argument quoted above, Eric Beane focused on the sad fact of the sites that were blocked -- not the fact that they comprised only a tiny fraction of sites on the Web. The two sides simply swapped formulas.

As for Peacefire's own studies over the years of blocking software error rates, one of the legitimate criticisms that could be made about our efforts was that we focused almost exclusively on the second number, the percentage of blocked sites that were non-porn. If you were interested in how blocking software actually affects the surfing experience of minors who are forced to use it, perhaps you would focus more on the first number, the percentage of non-porn sites that are blocked. Perhaps, you might say, that as an organization addressing the blocking software issue specifically from a minors' rights point of view, we really should have focused on that number quite a bit! But I did get a bit preoccupied with playing "gotcha" with the blocking companies, focusing on the percentage of blocked sites that were obvious mistakes, because it was frankly too much fun publicizing the absurdly high error rates of their programs, which belied the claims made by most blocking companies that all sites on their blacklist were examined by a human at their company before being added. (Although it seems to have done some good -- as far as I know, no blocking company is making that claim about their product today.)

The error rates were indeed absurdly high; we took a sample of the first 1,000 .com domains in an alphabetical list, ran them through several programs, and found that of the sites blocked, between 20% and 80% (!) were errors. (The median error rate was about 50%, which corresponds to the figure given by Paul Smith in the CIPA trial oral arguments quoted above.) This surprised even critics of blocking software, and skeptics complained that we must have made mistakes or simply fudged the numbers. (The whole point of using the first 1,000 .com domains was that if we had used a random sample and gotten error rates like that, we could have been accused of "stacking the deck" and using a fake random sample that was loaded with known errors and not truly random.) Years later, it came out that the companies whose products we'd tested, had been following a policy that if they found an objectionable site on a given IP address, all sites on that IP would be blocked, on the theory that hosting companies often group porn sites together on the same machine. Trouble was, while this may have often been true for bona fide porn sites, it was not true for most sites that featured just an incidental shot of someone's bare breasts or a large amount of profanity -- but this would also be enough to get all sites blocked at a given IP. So the 80% error rate was about what you'd expect after all.

You might think that a product with an 80% error rate could never survive in the marketplace, but consider who was buying the software. On the one hand, you had schools and companies buying the programs -- but they didn't care whether it worked so much as they cared about being able to show, for liability reasons, that they did something. On the other hand, you had parents who really did care about keeping porn off their computer -- but how many parents really did any thorough testing of the product, other than making sure it blocks the obvious sites like Playboy.com? A serious test could take days. Their kids are the only ones who would end up doing any thorough "testing" of the product, and if they found a way around it, it's not likely that they would tell their parents. With no market pressure to fix problems, an 80% error rate wasn't really surprising.

But even the most vocal critics of blocking software only pointed out that blocking software sometimes blocked sites about plumbing, or soccer, or aluminum siding; we never claimed that most of those sites would be blocked. Even with our high numbers of wrongly blocked sites, if they had been expressed as a percentage of non-porn sites that are blocked, they would have still sounded like a "low error rate".

The moral is, always keep track of what the "error rate" refers to in these debates. By moving around a few variables in a formula, the Department of Justice was able to go from saying in 2003 that blocking software was minimally intrusive, to making a speech in 2006 that made blocking software sound so tragically limiting that you could practically hear the violins playing. (I know, people who live in glass houses... *ahem*)

And what about the ACLU? If the Department of Justice is guilty of flip-flopping, from saying in 2003 that blocking software is a reasonable and narrowly tailored solution, to saying in 2006 that it's clumsy, ineffective, and overbroad, is the ACLU guilty of flip-flopping in the opposite direction?

Actually, the ACLU's position has always been consistent: blocking software has First Amendment problems when used in a school or library, due to overblocking and underblocking errors, but if used in the home it is still a lot more effective than a law like COPA, which would score pathetically on the same scale. As ACLU attorney Chris Hansen stated in opening arguments:

"COPA does not reach the 50% of all speech that is overseas... Filters are the most effective. Almost all of the filters that [expert witness] Mr. Mewett tested were at least 95% effective. Think about the 5% ineffectiveness compared to where we start with COPA being 50% ineffective..."

(Opening arguments, p. 22. Note: Chris Hansen has confirmed that the official transcript is wrong; it has him saying "35%" instead of "95%", which wouldn't make any sense.) As for overbreadth, COPA would criminalize speech by adults, intended for adults, something that no blocking program could ever do -- and as for minimizing collateral damage to innocent sites, does anyone think that even if COPA is upheld, parents will throw out their blocking software?

Even though the ACLU focused on different statistics in the two trials, in both cases they were focusing on the numbers that were relevant to the issue. When talking about constitutional problems with blocking software in schools and libraries, the percentage of blocked sites that are incorrectly blocked, is important, because it's their First Amendment rights that are at issue. The DOJ lawyer talking about all the sites that weren't blocked, was missing the point. If your site is being blocked, it hardly matters to you that for every blocked site there are hundreds that are not. "Hey, your site is not accessible, but don't worry, your competitors' sites are!"

On the other hand, when talking about the use of blocking software in the home, the publisher's First Amendment rights are not at issue; the issues that most parents would care about, are how effective it is, and whether most clean sites are still accessible. Well of course most of them are. Blocking software is not that bad.

Confused? The option to just stop making a big deal out of porn on the Internet is looking better all the time, isn't it?

Bennett Haselton has writes "In recent arguments over the constitutionality of the Child Online Protection Act, both sides have argued over the efficiency of Internet blocking software. While COPA would prohibit commercial U.S. websites from publishing freely available material that is "harmful to minors", the ACLU has argued that blocking software is a far more effective alternative, since among other things it can block porn sites located overseas, non-commercial websites, and p2p programs, all of which are beyond the reach of COPA. On the other hand, we had the surreal experience of watching the Department of Justice lawyer arguing in favor of a censorship law by saying that the blocking software alternative was unfair to children -- because it blocked too much legitimate material." The rest of Bennett's essay follows.

"For example," said DOJ attorney Eric Beane during opening arguments, "one filter even blocked a website promoting a marathon to raise funds for breast cancer research. Part of the CIA's World Fact Book was blocked. And a page with an ACLU calendar. [Blocking software blocks] a significant portion of other materials on the World Wide Web, materials that in many cases are necessary for a child to complete his homework." (Opening arguments transcript, p. 37.) As someone who has been publishing critiques of blocking software for years, I read those words and felt like cheering, despite the fact that I'm sitting in the other side's fan section for this match. (Beane is right, but he's missing the point, which is that whatever problems exist with blocking software, are minor compared to the problems with COPA -- because blocking software raises no constitutional issues when it's used by a private party in their own house, whereas COPA affects everyone in the U.S.)

The irony, of course, is that three years ago, in the trial over the similarly-named Children's Internet Protection Act (CIPA) which required blocking software in all schools and libraries that receive federal funds, it was the ACLU pointing out the flaws in blocking software and the Department of Justice claiming that blocking software was accurate and effective.

At first it would seem that both sides are now guilty of flip-flopping. But reviewing what was said then and what was said now, my conclusion is that the ACLU did nothing more than shift their focus to a different set of facts, while the government did contradict themselves. And the source of this seeming flip-flop actually comes down to something pretty simple: two different ways of stating one set of numbers.

Now before going further I can't resist saying that I think the whole debate over "harmful to minors" material is pretty silly, because I don't think the pro-censorship side has ever put forth a reason why they think that pictures of naked people, or even people having sex with each other, are harmful to people under 18. I disagree with some people on matters like abortion and the death penalty, but I at least think they have some facts on their side; but I don't know of any facts supporting people who think that pornography is dangerous. Why is a woman's nipple harmful but a man's nipple isn't? How are the majority of high school students who have already had sex anyway, supposed to be harmed by pictures of other people having sex? And apart from the logical paradoxes, the pervasiveness of the Internet has now given us empirical data too: virtually all minors have now have access to anything they want to get on the Internet (either at home, or by sneaking to a friend's house), and where's the evidence that adolescents' brains have been hormonally turned to mush any more than they always have been?

But for the remainder of the discussion, suppose you're addressing people who believe that nudity and sexual material really are harmful to people under 18. (In any case, the judges probably believe it, and even if they don't, they're bound by legal precedents that assume as much.) The question is how accurately blocking software achieves this goal.

Blocking software has two types of error rates: underblocking (failure to block porn sites) and overblocking (blocking of non-pornographic sites). Underblocking errors are usually expressed one way: the percentage of porn sites in a given sample that are not blocked. But overblocking errors can be stated in two ways: the percentage of non-porn sites that are blocked, or the percentage of blocked sites that are not pornographic. (There are borderline cases like nude art sites, but it turns out they're not common enough to affect the margin of error much; the vast majority of sites are either clearly porn or clearly not.)

The key is that if you want the overblocking rate to sound low, you talk about the percentage of non-porn sites that are blocked. If you want it to sound high, you talk about the percentage of blocked sites that are non-porn.

For example, in the 2003 Supreme Court arguments over CIPA, Department of Justice attorney Theodore Olson downplayed the error rates of blocking software by saying:

"But even if it's tens of thousands of the -- of the 2 billion pages of material that is on the Internet, we're talking about one two-hundredths of 1 percent, even if it's 100,000, of materials would be blocked."

Here he's referring to the percentage of non-porn sites that are filtered. Attorney Paul Smith, arguing against the law, countered:

"And so we have -- on these lists is a proportion, a huge proportion, perhaps 25, perhaps 50 percent of the sites that are blocked that are not illegal even for children."

and:

"And the evidence is that there's about 11 million websites on the Internet, in --in the accessible part of the Internet and that 100,000 of those are the sexually explicit ones and that the --there are at least tens of thousands more that are on the list. So it's --the Government also says in their brief that about one percent of the Internet is over- blocked, which would be about 100,000 sites. So it is a substantial percentage. It is also a substantial amount. And most importantly, it's a very large percentage of what they're blocking is not what they intend to block."

-- that is, talking about the percentage of blocked sites that were non-pornographic. Both sides cited the same figure (100,000 non-pornographic sites blocked, apparently referring to an average across all blocking programs) -- but that same number could be seen as an "error rate" of either one hundredth of one percent, or 50%, depending on which formula you use.

Then in this year's COPA trial, the ACLU called CMU professor Lorrie Faith Cranor who testified that in tests that she reviewed,

"[blocking software programs] correctly blocked an average of approximately 92 percent of objectionable content. And they incorrectly blocked an average of 4 percent of content not matching the test criteria."

(Oct. 24th transcript, p. 57.) Back to talking about the percentage of non-porn sites that are blocked -- which, again, when you put it that way, sounds low. On the other hand, although I couldn't find exact numbers cited by the DOJ's lawyers on the number of sites that were incorrectly blocked, in the portions of his opening argument quoted above, Eric Beane focused on the sad fact of the sites that were blocked -- not the fact that they comprised only a tiny fraction of sites on the Web. The two sides simply swapped formulas.

As for Peacefire's own studies over the years of blocking software error rates, one of the legitimate criticisms that could be made about our efforts was that we focused almost exclusively on the second number, the percentage of blocked sites that were non-porn. If you were interested in how blocking software actually affects the surfing experience of minors who are forced to use it, perhaps you would focus more on the first number, the percentage of non-porn sites that are blocked. Perhaps, you might say, that as an organization addressing the blocking software issue specifically from a minors' rights point of view, we really should have focused on that number quite a bit! But I did get a bit preoccupied with playing "gotcha" with the blocking companies, focusing on the percentage of blocked sites that were obvious mistakes, because it was frankly too much fun publicizing the absurdly high error rates of their programs, which belied the claims made by most blocking companies that all sites on their blacklist were examined by a human at their company before being added. (Although it seems to have done some good -- as far as I know, no blocking company is making that claim about their product today.)

The error rates were indeed absurdly high; we took a sample of the first 1,000 .com domains in an alphabetical list, ran them through several programs, and found that of the sites blocked, between 20% and 80% (!) were errors. (The median error rate was about 50%, which corresponds to the figure given by Paul Smith in the CIPA trial oral arguments quoted above.) This surprised even critics of blocking software, and skeptics complained that we must have made mistakes or simply fudged the numbers. (The whole point of using the first 1,000 .com domains was that if we had used a random sample and gotten error rates like that, we could have been accused of "stacking the deck" and using a fake random sample that was loaded with known errors and not truly random.) Years later, it came out that the companies whose products we'd tested, had been following a policy that if they found an objectionable site on a given IP address, all sites on that IP would be blocked, on the theory that hosting companies often group porn sites together on the same machine. Trouble was, while this may have often been true for bona fide porn sites, it was not true for most sites that featured just an incidental shot of someone's bare breasts or a large amount of profanity -- but this would also be enough to get all sites blocked at a given IP. So the 80% error rate was about what you'd expect after all.

You might think that a product with an 80% error rate could never survive in the marketplace, but consider who was buying the software. On the one hand, you had schools and companies buying the programs -- but they didn't care whether it worked so much as they cared about being able to show, for liability reasons, that they did something. On the other hand, you had parents who really did care about keeping porn off their computer -- but how many parents really did any thorough testing of the product, other than making sure it blocks the obvious sites like Playboy.com? A serious test could take days. Their kids are the only ones who would end up doing any thorough "testing" of the product, and if they found a way around it, it's not likely that they would tell their parents. With no market pressure to fix problems, an 80% error rate wasn't really surprising.

But even the most vocal critics of blocking software only pointed out that blocking software sometimes blocked sites about plumbing, or soccer, or aluminum siding; we never claimed that most of those sites would be blocked. Even with our high numbers of wrongly blocked sites, if they had been expressed as a percentage of non-porn sites that are blocked, they would have still sounded like a "low error rate".

The moral is, always keep track of what the "error rate" refers to in these debates. By moving around a few variables in a formula, the Department of Justice was able to go from saying in 2003 that blocking software was minimally intrusive, to making a speech in 2006 that made blocking software sound so tragically limiting that you could practically hear the violins playing. (I know, people who live in glass houses... *ahem*)

And what about the ACLU? If the Department of Justice is guilty of flip-flopping, from saying in 2003 that blocking software is a reasonable and narrowly tailored solution, to saying in 2006 that it's clumsy, ineffective, and overbroad, is the ACLU guilty of flip-flopping in the opposite direction?

Actually, the ACLU's position has always been consistent: blocking software has First Amendment problems when used in a school or library, due to overblocking and underblocking errors, but if used in the home it is still a lot more effective than a law like COPA, which would score pathetically on the same scale. As ACLU attorney Chris Hansen stated in opening arguments:

"COPA does not reach the 50% of all speech that is overseas... Filters are the most effective. Almost all of the filters that [expert witness] Mr. Mewett tested were at least 95% effective. Think about the 5% ineffectiveness compared to where we start with COPA being 50% ineffective..."

(Opening arguments, p. 22. Note: Chris Hansen has confirmed that the official transcript is wrong; it has him saying "35%" instead of "95%", which wouldn't make any sense.) As for overbreadth, COPA would criminalize speech by adults, intended for adults, something that no blocking program could ever do -- and as for minimizing collateral damage to innocent sites, does anyone think that even if COPA is upheld, parents will throw out their blocking software?

Even though the ACLU focused on different statistics in the two trials, in both cases they were focusing on the numbers that were relevant to the issue. When talking about constitutional problems with blocking software in schools and libraries, the percentage of blocked sites that are incorrectly blocked, is important, because it's their First Amendment rights that are at issue. The DOJ lawyer talking about all the sites that weren't blocked, was missing the point. If your site is being blocked, it hardly matters to you that for every blocked site there are hundreds that are not. "Hey, your site is not accessible, but don't worry, your competitors' sites are!"

On the other hand, when talking about the use of blocking software in the home, the publisher's First Amendment rights are not at issue; the issues that most parents would care about, are how effective it is, and whether most clean sites are still accessible. Well of course most of them are. Blocking software is not that bad.

Confused? The option to just stop making a big deal out of porn on the Internet is looking better all the time, isn't it?

Bennett Haselton has writes "In recent arguments over the constitutionality of the Child Online Protection Act, both sides have argued over the efficiency of Internet blocking software. While COPA would prohibit commercial U.S. websites from publishing freely available material that is "harmful to minors", the ACLU has argued that blocking software is a far more effective alternative, since among other things it can block porn sites located overseas, non-commercial websites, and p2p programs, all of which are beyond the reach of COPA. On the other hand, we had the surreal experience of watching the Department of Justice lawyer arguing in favor of a censorship law by saying that the blocking software alternative was unfair to children -- because it blocked too much legitimate material." The rest of Bennett's essay follows.

"For example," said DOJ attorney Eric Beane during opening arguments, "one filter even blocked a website promoting a marathon to raise funds for breast cancer research. Part of the CIA's World Fact Book was blocked. And a page with an ACLU calendar. [Blocking software blocks] a significant portion of other materials on the World Wide Web, materials that in many cases are necessary for a child to complete his homework." (Opening arguments transcript, p. 37.) As someone who has been publishing critiques of blocking software for years, I read those words and felt like cheering, despite the fact that I'm sitting in the other side's fan section for this match. (Beane is right, but he's missing the point, which is that whatever problems exist with blocking software, are minor compared to the problems with COPA -- because blocking software raises no constitutional issues when it's used by a private party in their own house, whereas COPA affects everyone in the U.S.)

The irony, of course, is that three years ago, in the trial over the similarly-named Children's Internet Protection Act (CIPA) which required blocking software in all schools and libraries that receive federal funds, it was the ACLU pointing out the flaws in blocking software and the Department of Justice claiming that blocking software was accurate and effective.

At first it would seem that both sides are now guilty of flip-flopping. But reviewing what was said then and what was said now, my conclusion is that the ACLU did nothing more than shift their focus to a different set of facts, while the government did contradict themselves. And the source of this seeming flip-flop actually comes down to something pretty simple: two different ways of stating one set of numbers.

Now before going further I can't resist saying that I think the whole debate over "harmful to minors" material is pretty silly, because I don't think the pro-censorship side has ever put forth a reason why they think that pictures of naked people, or even people having sex with each other, are harmful to people under 18. I disagree with some people on matters like abortion and the death penalty, but I at least think they have some facts on their side; but I don't know of any facts supporting people who think that pornography is dangerous. Why is a woman's nipple harmful but a man's nipple isn't? How are the majority of high school students who have already had sex anyway, supposed to be harmed by pictures of other people having sex? And apart from the logical paradoxes, the pervasiveness of the Internet has now given us empirical data too: virtually all minors have now have access to anything they want to get on the Internet (either at home, or by sneaking to a friend's house), and where's the evidence that adolescents' brains have been hormonally turned to mush any more than they always have been?

But for the remainder of the discussion, suppose you're addressing people who believe that nudity and sexual material really are harmful to people under 18. (In any case, the judges probably believe it, and even if they don't, they're bound by legal precedents that assume as much.) The question is how accurately blocking software achieves this goal.

Blocking software has two types of error rates: underblocking (failure to block porn sites) and overblocking (blocking of non-pornographic sites). Underblocking errors are usually expressed one way: the percentage of porn sites in a given sample that are not blocked. But overblocking errors can be stated in two ways: the percentage of non-porn sites that are blocked, or the percentage of blocked sites that are not pornographic. (There are borderline cases like nude art sites, but it turns out they're not common enough to affect the margin of error much; the vast majority of sites are either clearly porn or clearly not.)

The key is that if you want the overblocking rate to sound low, you talk about the percentage of non-porn sites that are blocked. If you want it to sound high, you talk about the percentage of blocked sites that are non-porn.

For example, in the 2003 Supreme Court arguments over CIPA, Department of Justice attorney Theodore Olson downplayed the error rates of blocking software by saying:

"But even if it's tens of thousands of the -- of the 2 billion pages of material that is on the Internet, we're talking about one two-hundredths of 1 percent, even if it's 100,000, of materials would be blocked."

Here he's referring to the percentage of non-porn sites that are filtered. Attorney Paul Smith, arguing against the law, countered:

"And so we have -- on these lists is a proportion, a huge proportion, perhaps 25, perhaps 50 percent of the sites that are blocked that are not illegal even for children."

and:

"And the evidence is that there's about 11 million websites on the Internet, in --in the accessible part of the Internet and that 100,000 of those are the sexually explicit ones and that the --there are at least tens of thousands more that are on the list. So it's --the Government also says in their brief that about one percent of the Internet is over- blocked, which would be about 100,000 sites. So it is a substantial percentage. It is also a substantial amount. And most importantly, it's a very large percentage of what they're blocking is not what they intend to block."

-- that is, talking about the percentage of blocked sites that were non-pornographic. Both sides cited the same figure (100,000 non-pornographic sites blocked, apparently referring to an average across all blocking programs) -- but that same number could be seen as an "error rate" of either one hundredth of one percent, or 50%, depending on which formula you use.

Then in this year's COPA trial, the ACLU called CMU professor Lorrie Faith Cranor who testified that in tests that she reviewed,

"[blocking software programs] correctly blocked an average of approximately 92 percent of objectionable content. And they incorrectly blocked an average of 4 percent of content not matching the test criteria."

(Oct. 24th transcript, p. 57.) Back to talking about the percentage of non-porn sites that are blocked -- which, again, when you put it that way, sounds low. On the other hand, although I couldn't find exact numbers cited by the DOJ's lawyers on the number of sites that were incorrectly blocked, in the portions of his opening argument quoted above, Eric Beane focused on the sad fact of the sites that were blocked -- not the fact that they comprised only a tiny fraction of sites on the Web. The two sides simply swapped formulas.

As for Peacefire's own studies over the years of blocking software error rates, one of the legitimate criticisms that could be made about our efforts was that we focused almost exclusively on the second number, the percentage of blocked sites that were non-porn. If you were interested in how blocking software actually affects the surfing experience of minors who are forced to use it, perhaps you would focus more on the first number, the percentage of non-porn sites that are blocked. Perhaps, you might say, that as an organization addressing the blocking software issue specifically from a minors' rights point of view, we really should have focused on that number quite a bit! But I did get a bit preoccupied with playing "gotcha" with the blocking companies, focusing on the percentage of blocked sites that were obvious mistakes, because it was frankly too much fun publicizing the absurdly high error rates of their programs, which belied the claims made by most blocking companies that all sites on their blacklist were examined by a human at their company before being added. (Although it seems to have done some good -- as far as I know, no blocking company is making that claim about their product today.)

The error rates were indeed absurdly high; we took a sample of the first 1,000 .com domains in an alphabetical list, ran them through several programs, and found that of the sites blocked, between 20% and 80% (!) were errors. (The median error rate was about 50%, which corresponds to the figure given by Paul Smith in the CIPA trial oral arguments quoted above.) This surprised even critics of blocking software, and skeptics complained that we must have made mistakes or simply fudged the numbers. (The whole point of using the first 1,000 .com domains was that if we had used a random sample and gotten error rates like that, we could have been accused of "stacking the deck" and using a fake random sample that was loaded with known errors and not truly random.) Years later, it came out that the companies whose products we'd tested, had been following a policy that if they found an objectionable site on a given IP address, all sites on that IP would be blocked, on the theory that hosting companies often group porn sites together on the same machine. Trouble was, while this may have often been true for bona fide porn sites, it was not true for most sites that featured just an incidental shot of someone's bare breasts or a large amount of profanity -- but this would also be enough to get all sites blocked at a given IP. So the 80% error rate was about what you'd expect after all.

You might think that a product with an 80% error rate could never survive in the marketplace, but consider who was buying the software. On the one hand, you had schools and companies buying the programs -- but they didn't care whether it worked so much as they cared about being able to show, for liability reasons, that they did something. On the other hand, you had parents who really did care about keeping porn off their computer -- but how many parents really did any thorough testing of the product, other than making sure it blocks the obvious sites like Playboy.com? A serious test could take days. Their kids are the only ones who would end up doing any thorough "testing" of the product, and if they found a way around it, it's not likely that they would tell their parents. With no market pressure to fix problems, an 80% error rate wasn't really surprising.

But even the most vocal critics of blocking software only pointed out that blocking software sometimes blocked sites about plumbing, or soccer, or aluminum siding; we never claimed that most of those sites would be blocked. Even with our high numbers of wrongly blocked sites, if they had been expressed as a percentage of non-porn sites that are blocked, they would have still sounded like a "low error rate".

The moral is, always keep track of what the "error rate" refers to in these debates. By moving around a few variables in a formula, the Department of Justice was able to go from saying in 2003 that blocking software was minimally intrusive, to making a speech in 2006 that made blocking software sound so tragically limiting that you could practically hear the violins playing. (I know, people who live in glass houses... *ahem*)

And what about the ACLU? If the Department of Justice is guilty of flip-flopping, from saying in 2003 that blocking software is a reasonable and narrowly tailored solution, to saying in 2006 that it's clumsy, ineffective, and overbroad, is the ACLU guilty of flip-flopping in the opposite direction?

Actually, the ACLU's position has always been consistent: blocking software has First Amendment problems when used in a school or library, due to overblocking and underblocking errors, but if used in the home it is still a lot more effective than a law like COPA, which would score pathetically on the same scale. As ACLU attorney Chris Hansen stated in opening arguments:

"COPA does not reach the 50% of all speech that is overseas... Filters are the most effective. Almost all of the filters that [expert witness] Mr. Mewett tested were at least 95% effective. Think about the 5% ineffectiveness compared to where we start with COPA being 50% ineffective..."

(Opening arguments, p. 22. Note: Chris Hansen has confirmed that the official transcript is wrong; it has him saying "35%" instead of "95%", which wouldn't make any sense.) As for overbreadth, COPA would criminalize speech by adults, intended for adults, something that no blocking program could ever do -- and as for minimizing collateral damage to innocent sites, does anyone think that even if COPA is upheld, parents will throw out their blocking software?

Even though the ACLU focused on different statistics in the two trials, in both cases they were focusing on the numbers that were relevant to the issue. When talking about constitutional problems with blocking software in schools and libraries, the percentage of blocked sites that are incorrectly blocked, is important, because it's their First Amendment rights that are at issue. The DOJ lawyer talking about all the sites that weren't blocked, was missing the point. If your site is being blocked, it hardly matters to you that for every blocked site there are hundreds that are not. "Hey, your site is not accessible, but don't worry, your competitors' sites are!"

On the other hand, when talking about the use of blocking software in the home, the publisher's First Amendment rights are not at issue; the issues that most parents would care about, are how effective it is, and whether most clean sites are still accessible. Well of course most of them are. Blocking software is not that bad.

Confused? The option to just stop making a big deal out of porn on the Internet is looking better all the time, isn't it?

Bennett Haselton writes "The anti-immigration site VDARE is publicizing the fact that it has been blocked as a 'hate site' by several Internet blocking programs, although some of them backed off and un-blocked it after receiving a letter from VDARE's lawyer. Since blocking software is bound to remain in use in most public schools for the foreseeable future, this raises the question: Is it possible for a blocking company to define a 'hate site' in a consistent way, without including conservative groups that might file a First Amendment lawsuit if their sites were blocked from public school computers? See what VDARE says about the content on their own site, and how blocking software companies have handled this issue in the past and what they might do this time." This is the first in a series of article by Bennett Haselton, writing for us from the Peacefire group. Read on for the rest of his piece. The anti-immigration site VDARE.com is publicizing the fact that their site is blocked as a "hate site" by several different blocking programs. They don't name the programs, although they say that four companies used to block VDARE and "backed off after receiving a lawyer's letter".

It seems to be working, since according to the online lookup forms provided by WebSense, N2H2, SurfControl and SmartFilter, only SmartFilter lists the site under "hate speech"; the rest either don't categorize it or list it in innocuous categories. (N2H2 lists it as "Web Page Hosting/Free Pages", which makes no sense -- but not only that, N2H2 is now owned by the same company that makes SmartFilter, which means the company has VDARE listed one way in one product, and a different way in another.)

VDARE says they decided that showing legal muscle was a good way to get unblocked, after reading about an experiment Peacefire did in which we found that censorware companies would block sites with anti-gay content when they thought the sites were run by individuals, but would not block the *exact same content* when it was hosted by "mainstream" groups like Focus on the Family. Concludes VDARE: "The obvious reason for the double standard is that the foundations have lawyers on staff, and volunteer lawyers, and the Censorware companies are afraid of them." True -- although we did nominate AFA.net as a "hate site" at about the same time, and it did get blocked by Cyber Patrol, so it is possible if the content is extreme enough.

I'm against blocking VDARE, even from people under 18, but only because I'm against such blocking in general. Polls show that most people under 18 are more liberally-minded about race than their parents, suggesting that if you want to end racism, give minors more rights and freedom of information, not less. There was a big flap when it came out that in some Islamic schools in New York, parents had their children taught with textbooks which said that "the Jews killed their own prophets" and "you will find them ever deceitful", but without more civil rights for people under 18 to seek information for themselves, there's not much that anybody can do about it.

But as for whether VDARE really should be listed as a "hate site", the site owner himself says that VDARE is not "white nationalist", but adds, "We also publish on VDARE.COM a few writers, for example Jared Taylor, whom I would regard as 'white nationalist'". Well even if VDARE itself claims not to be 'white nationalist', if they host white nationalist writings, it's still accurate to classify the site as a place where such content is located. VDARE itself is also listed by the Southern Poverty Law Center as a hate group. VDARE's founder insists they are merely anti-immigration, not white nationalist, although he admits he once thought about adding a chapter to his anti-immigration book Alien Nation about the "last white family" (not the "last non-illegal-immigrant family") to leave Los Angeles.

Like BoingBoing.Net did before them, VDARE is retaliating against the block by encouraging people to learn how to get around blocking software. I wonder if they looked closely at our site first, since we fight censorship from the point of view of advocating greater civil rights for minors, which would probably not be a popular view with VDARE's ultra-conservative base. And if that's not enough, I'm planning to contact WebSense, SurfControl, and any other company that doesn't currently list VDARE as a "hate site", and ask them why not. So, VDARE sends us traffic, and this is how we repay them.

Peacefire writes "Thomas Shaddack spotted this on http://www.root.cz/ (in Czech) -- if you go to http://search.msn.com/ and search for 'XFree86', it tells you that you've 'entered a search term that is likely to return adult content', and directs you to the porn search engine NightSurf.com, which lists a bunch of porn sites that ostensibly match the term 'XFree86'. If you search for 'XFree86' on Google, however, it's clear that the top matching terms returned by a normal search, are XFree86 sites, are not a bunch of porn sites. MSN is apparently blocking the specific term 'XFree86' and not just filtering on something stupid like the 'X' or the 'Free', since you can search for 'XFree85' and 'XFree87' with no problem. And search terms like 'Linux', 'AOL' and 'Macintosh' are allowed, so at least MSN hasn't simply blacklisted all competitors' keywords as 'porn', but why would they be blocking 'XFree86'?"

This is a man who obviously knows a lot about the Internet. I am not making this up. He wrote a book about it. He has his own blog, his own Web site, and his own online alt.fan newsgroup with its own FAQ. Not only that, he is in a band and writes a syndicated humor column that often covers matters of interest to Slashdot readers. What are you going to ask him? Up to you, as long as you hold it down to one question per post. We'll send Dave 10 of the highest-moderated questions and post his answers as soon as we get them back, after which we're sure many alert readers will have much to add even if they haven't heard about Bennett Haselton's excellent automated Dave Barry column generator.

An unnamed reader writes: "I just noticed that all sites. '*.sourceforge.net' are being blocked by all corporations using SmartFilter including mine. SmartFilter lists all of them as 'MP3' sites. Below is the error I get. How come they do not block Microsoft? I can download an MP3 player from there, too (Media Player does play MP3s)." Here's the error: "Access is restricted to the site (http://www.sourceforge.net/) you requested. Per the firm's Information Security & Privacy Policy, all Internet browsing is monitored and logged. Please contact the Information Security Center at ext 7114 for more information. SmartFilter Control List category MP3 Sites is restricted. " The aptly named SmartFilterWhere tool shows which sites are painted over by SmartFilter's broad brush; in this case, software development site (and Slashdot sister site) SourceForge is blocked by the latest SmartFilter versions -- 3.0, 3.0.1 and 3.1 -- but not version 2. You might also be interested in The Censorware Project's analysis of the efficacy of SmartFilter as applied to Utah schools and libraries, or Peacefire's explanation of how and how well SmartFilter works.

Crowbraid writes: "Well-written column by Margie Boule from the Portland Oregonian about an individual who got tired of getting spam, sued the company for $25 an email, and won." See also Bennett Haselton's anti-spam page, where he has details on "pursuing the anti-spam lawsuits on four separate fronts." (Those lawsuits were mentioned a few months back.)

In the red corner, SafeSurf is the original wacky band of labelling nuts. If you've posted anything to the net without labelling it, they think you need to be sued good and hard, and if it was inappropriate for an 8-year-old you need to go to jail. In the blue corner, MAPS continues to unashamedly blacklist websites for just sharing a network with sites that "support" spam. The fun began when MAPS blacklisted SafeSurf, ensuring millions of TeleGlobe customers were silently kept off the SafeSurf site. The victim has posted a beautiful, pained whine about "stealth censorship" which includes some really awesome metaphors. It's an epic battle of ideologies. Who will win? I say... the audience.

Here's an actual quote from SafeSurf's legislative proposal, I just love this:

"Negligence [failure to label] in the absence of damages may be a civil violation of the rights of the receivers of that data, but it shall not be a criminal offense unless the data is deemed to be harmful to minors. ... Publishers may be sued in civil court by any parent who feels their children were harmed by the data negligently published. The parents shall be given presumption in all cases and do not have to prove that the content actually produced harm to their child..."

Note: since SafeSurf's press release, their site has been taken off the RBL. But for some reason TeleGlobe is still blocking them (click "trace", type "safesurf.com", and wait several minutes for the blocked pings to time out inside TeleGlobe's network). I thought this was supposed to be the realtime blackhole list. Anyway, TeleGlobe is the same ISP that promises it will not "review, censor, or edit the material that is accessible through Teleglobe's network," and adds:

Q. Does Teleglobe support blocking access to ISPs and their non-spamming customers as a method of curtailing spam?

A. No. Teleglobe believes that advocates seeking to punish unwitting collateral ISPs and users who may be tenuously linked to a spam source are acting against the best interests of the Internet community as a whole.

TeleGlobe is one of the few backbones or major ISPs that still uses the RBL to censor websites, since I think AboveNet quit doing it. Anyone know of any others?

Last week, neonzebra wrote us: "In addition to peacefire.org, and thousands of other blacklisted sites (some unjustifiably), the SPAM nazis at Above.net have now added internet software giant Macromedia to the list. Anyone trying to access Macromedia's website through Above.net's backbone will get a 'site not responding' error." And around the same time, aangelis wrote: "It seems that for the last 4 days Macromedia's web servers give back to my browser not even a bit! Are they down? Maybe it is a DNS problem, but nearly twenty people located at Greece, EU told me the same thing!" It wasn't a DNS problem. Last week, in a high-profile example of stealth blocking, Macromedia's website vanished from a significant minority of the internet. The site reappeared Friday, but I think it's worth taking notice of what happened last week anyway. Details below...

This is a sequel to last December's article, MAPS RBL is now Censorware. For the (very) long version of how the RBL works, and how it sometimes fills the same role as "filtering" software, go take a peek.

The short version is that a small group of anti-spam crusaders called MAPS publishes the RBL, which many ISPs subscribe to. Those ISPs block mail to and from addresses on the RBL list.

Some subscribers, notably the backbone provider Above.net, whose CTO is a MAPS co-founder, use the RBL to block not only mail but all internet traffic from IPs listed by RBL. Thus, to cleints of these providers, sites deemed to deliver spam -- or merely deemed spam-friendly -- just drop off the net.

That CTO/co-founder is Paul Vixie, author of Vixie cron and BIND and all kinds of good stuff. He makes some interesting observations about censorship in a 1997 SunWorld interview.

I checked the RBL's servers Thursday night and found that two of Macromedia's IPs were actually blocked. postal.macromedia.com was blocked, which makes sense for stopping spam; presumably that's where the spam emenates from.

But the other IP blocked was www.macromedia.com, which is of course their Web address. Blocking this address, I would assume, stops no spam from reaching anyone's inbox.

What it does do is get Macromedia's attention. Because Above.net blocks all traffic and is a major backbone provider, being put on the RBL effectively takes a site off the net for many users. Taking down a big corporation's website is a good way to show you mean business.

(Above.net's abuse department said I would have to talk to public relations, but their PR contact did not return repeated phone calls.)

I spoke with a Macromedia spokesperson both last week and today. She confirmed that "there were two addresses blocked, one of which resulted in users worldwide not being able to access the website." She also repeated several times that they were on the RBL for their email newsletter "the Edge," saying it "does have an opt-in model, that does not spam."

She also pointed out that "worldwide access to macromedia.com has been restored." That access happened sometime Thursday night or Friday morning. Our Slashdot submissions about the downed site came in on Thursday, and I confirmed the IP numbers' presence on the RBL Thursday during the day.

I've contacted several people at MAPS, but they had no comment and (per their policy) refused to tell me how long those IPs had been on the RBL.

The rationale for the RBL is that it tries to "prevent ... our paying, in money and resources and our own time, to receive and process, or relay, traffic which is nonconsensual in nature." (Their emphasis.) What is "nonconsensual" about reading Macromedia's website? Why was www.macromedia.com on the list?

I'm only running this story because it's Macromedia. After all, one it's of the larger sites on the net, home of Flash animation among other things. If it can be quietly removed from a chunk of the net, who can't? (If you noticed Macromedia missing last week, post a comment!)

Take a moment to go read that stealth blocking statement, issued last week. I signed as a member of the Censorware Project; other signatories were the ACLU, CPSR, EFF, and EPIC. We're concerned that, as the statement says:

ISPs that practice "stealth blocking" are violating consumer protection principles and restricting user choice and freedom in cyberspace.

What do you think?

Last week, neonzebra wrote us: "In addition to peacefire.org, and thousands of other blacklisted sites (some unjustifiably), the SPAM nazis at Above.net have now added internet software giant Macromedia to the list. Anyone trying to access Macromedia's website through Above.net's backbone will get a 'site not responding' error." And around the same time, aangelis wrote: "It seems that for the last 4 days Macromedia's web servers give back to my browser not even a bit! Are they down? Maybe it is a DNS problem, but nearly twenty people located at Greece, EU told me the same thing!" It wasn't a DNS problem. Last week, in a high-profile example of stealth blocking, Macromedia's website vanished from a significant minority of the internet. The site reappeared Friday, but I think it's worth taking notice of what happened last week anyway. Details below...

This is a sequel to last December's article, MAPS RBL is now Censorware. For the (very) long version of how the RBL works, and how it sometimes fills the same role as "filtering" software, go take a peek.

The short version is that a small group of anti-spam crusaders called MAPS publishes the RBL, which many ISPs subscribe to. Those ISPs block mail to and from addresses on the RBL list.

Some subscribers, notably the backbone provider Above.net, whose CTO is a MAPS co-founder, use the RBL to block not only mail but all internet traffic from IPs listed by RBL. Thus, to cleints of these providers, sites deemed to deliver spam -- or merely deemed spam-friendly -- just drop off the net.

That CTO/co-founder is Paul Vixie, author of Vixie cron and BIND and all kinds of good stuff. He makes some interesting observations about censorship in a 1997 SunWorld interview.

I checked the RBL's servers Thursday night and found that two of Macromedia's IPs were actually blocked. postal.macromedia.com was blocked, which makes sense for stopping spam; presumably that's where the spam emenates from.

But the other IP blocked was www.macromedia.com, which is of course their Web address. Blocking this address, I would assume, stops no spam from reaching anyone's inbox.

What it does do is get Macromedia's attention. Because Above.net blocks all traffic and is a major backbone provider, being put on the RBL effectively takes a site off the net for many users. Taking down a big corporation's website is a good way to show you mean business.

(Above.net's abuse department said I would have to talk to public relations, but their PR contact did not return repeated phone calls.)

I spoke with a Macromedia spokesperson both last week and today. She confirmed that "there were two addresses blocked, one of which resulted in users worldwide not being able to access the website." She also repeated several times that they were on the RBL for their email newsletter "the Edge," saying it "does have an opt-in model, that does not spam."

She also pointed out that "worldwide access to macromedia.com has been restored." That access happened sometime Thursday night or Friday morning. Our Slashdot submissions about the downed site came in on Thursday, and I confirmed the IP numbers' presence on the RBL Thursday during the day.

I've contacted several people at MAPS, but they had no comment and (per their policy) refused to tell me how long those IPs had been on the RBL.

The rationale for the RBL is that it tries to "prevent ... our paying, in money and resources and our own time, to receive and process, or relay, traffic which is nonconsensual in nature." (Their emphasis.) What is "nonconsensual" about reading Macromedia's website? Why was www.macromedia.com on the list?

I'm only running this story because it's Macromedia. After all, one it's of the larger sites on the net, home of Flash animation among other things. If it can be quietly removed from a chunk of the net, who can't? (If you noticed Macromedia missing last week, post a comment!)

Take a moment to go read that stealth blocking statement, issued last week. I signed as a member of the Censorware Project; other signatories were the ACLU, CPSR, EFF, and EPIC. We're concerned that, as the statement says:

ISPs that practice "stealth blocking" are violating consumer protection principles and restricting user choice and freedom in cyberspace.

What do you think?

Last week, neonzebra wrote us: "In addition to peacefire.org, and thousands of other blacklisted sites (some unjustifiably), the SPAM nazis at Above.net have now added internet software giant Macromedia to the list. Anyone trying to access Macromedia's website through Above.net's backbone will get a 'site not responding' error." And around the same time, aangelis wrote: "It seems that for the last 4 days Macromedia's web servers give back to my browser not even a bit! Are they down? Maybe it is a DNS problem, but nearly twenty people located at Greece, EU told me the same thing!" It wasn't a DNS problem. Last week, in a high-profile example of stealth blocking, Macromedia's website vanished from a significant minority of the internet. The site reappeared Friday, but I think it's worth taking notice of what happened last week anyway. Details below...

This is a sequel to last December's article, MAPS RBL is now Censorware. For the (very) long version of how the RBL works, and how it sometimes fills the same role as "filtering" software, go take a peek.

The short version is that a small group of anti-spam crusaders called MAPS publishes the RBL, which many ISPs subscribe to. Those ISPs block mail to and from addresses on the RBL list.

Some subscribers, notably the backbone provider Above.net, whose CTO is a MAPS co-founder, use the RBL to block not only mail but all internet traffic from IPs listed by RBL. Thus, to cleints of these providers, sites deemed to deliver spam -- or merely deemed spam-friendly -- just drop off the net.

That CTO/co-founder is Paul Vixie, author of Vixie cron and BIND and all kinds of good stuff. He makes some interesting observations about censorship in a 1997 SunWorld interview.

I checked the RBL's servers Thursday night and found that two of Macromedia's IPs were actually blocked. postal.macromedia.com was blocked, which makes sense for stopping spam; presumably that's where the spam emenates from.

But the other IP blocked was www.macromedia.com, which is of course their Web address. Blocking this address, I would assume, stops no spam from reaching anyone's inbox.

What it does do is get Macromedia's attention. Because Above.net blocks all traffic and is a major backbone provider, being put on the RBL effectively takes a site off the net for many users. Taking down a big corporation's website is a good way to show you mean business.

(Above.net's abuse department said I would have to talk to public relations, but their PR contact did not return repeated phone calls.)

I spoke with a Macromedia spokesperson both last week and today. She confirmed that "there were two addresses blocked, one of which resulted in users worldwide not being able to access the website." She also repeated several times that they were on the RBL for their email newsletter "the Edge," saying it "does have an opt-in model, that does not spam."

She also pointed out that "worldwide access to macromedia.com has been restored." That access happened sometime Thursday night or Friday morning. Our Slashdot submissions about the downed site came in on Thursday, and I confirmed the IP numbers' presence on the RBL Thursday during the day.

I've contacted several people at MAPS, but they had no comment and (per their policy) refused to tell me how long those IPs had been on the RBL.

The rationale for the RBL is that it tries to "prevent ... our paying, in money and resources and our own time, to receive and process, or relay, traffic which is nonconsensual in nature." (Their emphasis.) What is "nonconsensual" about reading Macromedia's website? Why was www.macromedia.com on the list?

I'm only running this story because it's Macromedia. After all, one it's of the larger sites on the net, home of Flash animation among other things. If it can be quietly removed from a chunk of the net, who can't? (If you noticed Macromedia missing last week, post a comment!)

Take a moment to go read that stealth blocking statement, issued last week. I signed as a member of the Censorware Project; other signatories were the ACLU, CPSR, EFF, and EPIC. We're concerned that, as the statement says:

ISPs that practice "stealth blocking" are violating consumer protection principles and restricting user choice and freedom in cyberspace.

What do you think?

Carl Kadie has returned his responses to our interview questions. He covers a wide array of topics regarding computers and academic freedom - my guess is that this interview will answer about 5% of all questions submitted to Ask Slashdot. :)

With Power comes responsibility... (Score:5, Interesting)
by Zachary DeAquila on 02-14-01 02:41 PM EST (#28)

What responsibilities do universiies incur when they have such overbroad AUPs and reserve such powers for themselves? What if, in their browsing through my data, they delete or destroy important information (thesis data or papers or somesuch)? Are they liable for it? What if they 'leak' damaging data either unknowingly or through misunderstanding? Can they be held responsible?

I'm afraid that I know the answers to all these questions and am even more afraid of those answers. So what can be done about it beyond the standard SSH and PGP rhetoric ? Is there a way to make them take responsibility for these actions, preferably a heavy enough responsibility to discourage them from wanting to take these actions in the first place?

Let me start with disclaimers. I'm not a lawyer. The legal matters I discuss are merely my understanding of the law, not real legal advice. Also, I speak for myself, not for the Electronic Frontier Foundation or my employer. For more on these issues look at the Computers and Academic Freedom Archive.

As a practical matter, no rule, regulation, or liability could ever compensate you for something like lost thesis data. Hopefully, the terror you feel just thinking about losing something irreplaceable will motivate you to make multiple backups.

For privacy, however, federal law does offer some protections. The Family Educational Rights and Privacy Act applies to any U.S. school, even high schools, both public and private, that accepts federal money. This is the law that stops schools from announcing your social security number and grades to the world. Schools that disclose personally identifiable information, beyond directory information, can lose their federal funding. Schools generally take this law very seriously. The only common problem is school staff who need to be educated about the law.

Another useful law is the Electronic Communications Privacy Act. This is the law that stops AOL from disclosing your grandma's email. It can also be reasonably interpreted as stopping universities from disclosing student email. It may also protect staff email.

Finally, public universities have obligations beyond federal law. As a government institution, they are bound by the federal constitution and their state constitution. A U.S. government task force says that [Email] monitoring [of government employees] of actual communications and communicators may impinge on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th amendment), as well as on the right to privacy, specifically as set forth in both the Privacy Act and the ECPA. Students are presumably protected at least as much.


University policy (Score:5, Interesting)
by Pacer on 02-14-01 02:43 PM EST (#31)

I lived for two years in University residence and, frankly, my college didn't seem to have much respect for the privacy of students in any regard: all mail came through University-owned mailboxes, and packages had to be picked up at the dormitory desk, staffed by hall RAs -- students with a significant disciplinary function. All telephone service went through the university switchboard. Your room could be searched, by university staff or by police, without your permission and without any sort of warrant. Most tenant rights were violated (for instance, eviction with two weeks' notice any time of year), and now the university informs students' parents of on-campus alcohol or disciplinary violations (these are adults whose academic transcripts cannot be released to parents without a signed waiver).

It is not any surprise to me that fascist user agreements are in place concerning electronic media in light of the general control-oriented attitude of many universities towards their on-campus student populations. Perhaps the problem runs deeper than simple technophobia?

I'm optimistic about the trend. I once looked up the student regulations for my school from 1904 to present. (I've since graduated). Students were once literally treated as children. Now the policies generally respect students as scholars with academic freedom. Academic freedom (which includes freedom of expression, privacy, and due process) for students is guaranteed in the student code of many schools. It is advocated by dozen of important academic organizations. I believe academic freedom principles can be straight forwardly applied to computers and networks. For example, here is what our Draft Statement on Computers and Academic Freedom says about privacy:

"Privacy Principle: Personal files on university's computers (for example, files in a user's home directory) should have the same privacy protection as personal files in university-assigned space in an office, lab, or dormitory (for example, files in a graduate student's desk). Private communications via computer should have the same protections as private communications via telephone."

So, all is wonderful everywhere except for a few aberrations that your free ACLU lawyer can quickly take care of, right? Sadly, no. The struggle for civil liberties and academic freedom never ends. As you suggest, some in authority will always try to assert more and more control. They may never have heard the idea that students should have academic freedom. They may not realize public universities in the U.S. are constrained by the U.S. constitution. They may erroneously believe that federal law doesn't apply if you make students sign a waiver.

So what can you do? Organize and fight! It won't be easy. You'll never win completely. But, you'll likely find friends and allies everywhere from student to faculty to staff. You may find your most important allies among the computer services staff. Many computer staff folks see themselves as true professionals with a professional responsibility to what's morally and legally right, not just what the boss thinks is expedient.

If you are in high school looking at colleges, please read their student code and computer rules before you decide. This will be part of your contract with the university. If you decide not to attend a school because of bad policies, tell them and tell the world.


Linux acceptability (Score:5, Interesting)
by dwbryson on 02-14-01 02:45 PM EST (#42)

Carl- I have fought a battle at my college over Linux being on the network. I told the UTS( Univeristy Technology Services ) that I was a big advocate of Linux and was starting up a Linux User Group on campus. But first I wanted their approval. They swiftly told me that, "You can absolutly not encourage the use of Linux on OUR network, and you should be lucky that we don't ban it on campus." I was completely uphauled by this, and so promptly turned around and tried to get as many people interested as I could in Linux. And eventually started my own LUG. Do they have a right to tell me what OS I can use on their network? They of course support windows, and allow Mac's, but flat out tell me I can't have linux on their network. Do you have any suggestions on what rights I as a user have?

Let me break this into two questions. First, can a university department ban clubs or speech because it doesn't like what they advocate? Generally not. At most schools, the student code protects freedom of speech. At public universities, student speech is also protected by the 1^st amendment. To take one example, the U. of Illinois has student organizations ranging from the International Socialists to the College Republicans. Linux really shouldn't be a problem.

Second, can a University Technology Services group ban a program/OS from the Network? The difficulty is that while it might be legitimate to ban, say, a packet sniffer, it shouldn't be legitimate to stop Scientology students who want to filter their own Internet access on their own PC. How do we distinguish these cases? Legally, at state schools you could try to make a 1^st amendment argument. You could also use freedom of information requests (if applicable) to see if a rule was made for legitimate reasons. These legal battles, however, would be expensive and uncertain.

More effective than a legal approach is a good policy approach. How is good policy made? By getting everyone (students, faculty, and staff) involved in making decisions. And, if that doesn't work, by protesting and publicizing bad decisions. Here is what the Joint Statement on Rights and Freedoms of Students says about students and policy making:

"As constituents of the academic community, students should be free, individually and collectively, to express their views on issues of institutional policy and on matters of general interest to the student body. The student body should have clearly defined means to participate in the formulation and application of institutional policy affecting academic and student affairs. The role of the student government and both its general and specific responsibilities should be made explicit, and the actions of the student government within the areas of its jurisdiction should be reviewed only through orderly and prescribed procedures."

Legal Recourse? (Score:5, Interesting)
by CU-Ballistic (rogersj@SPAMSUCKSclemson.edu) on 02-14-01 02:46 PM EST (#45)

I attend a rather well-known University in the South. Of course, they have the requisite "we own you and your data" policy. They state in very explicit terms that they have the right, at any time, to search and confiscate my computer, hard drives, and other media. They say that they also have the right to monitor network traffic, and disable any account which is exhibiting "unusual or excessive" activity. This all seems incredibly arbitrary to me, and worries me very much. My question to you is: Do I have any legal recourse? My main quarrel is that as a first-year student, I am forced to live on campus, and many classes require work to be submitted electronically. Since I am unable to "opt-out" of their heavy-handed policy, do I have any legal recourse if I were to encounter a search-and-seizure situation with the Administration here?

I think I found policy in question. It has both good points and bad points. The good is that it provides for due process via the university's regular channels. Also, it lays out proscribed behavior pretty clearly. Now, to the bad:

• It doesn't say how the policy was formulated and under what authority. Were students involved? Did the university senate give approval? Was there a committee? As far as we can tell from the policy itself, it could be the work of one person without any input from the university community.
• The policy contradicts itself on privacy. It tries to use magic words to make federal law and constitutional requirements disappear. It says: "Students have no expectation of privacy when utilizing university computing resources, even if the use is for personal purposes." The policy for staff says the same thing: "Employees have no expectation of privacy ..." but a few lines before that it correctly acknowledges that "[...] Federal and State statutes protect the privacy of much of the information available on University computer systems." As a general rules, a policy should not contradict itself. (I wonder if researchers are really prohibited from storing human subject and other sensitive data on these computers?) [Editorial note: Federal laws concerning research on human subjects requires that data about such studies be stored securely, with a number of explicit security requirements. If Clemson faculty have no expectation of privacy when using Clemson computers, Clemson is breaking those laws if it conducts any research on human subjects (which it does) and stores the data on Clemson machines.]
• Finally, the policy conflates invading-policy-because-of-an-emergency and invading-it-to-gather-evidence-of-wrong-doing. Any public university and any university that respects academic freedom should distinguish these cases. Here is how the Joint Statement puts it:
  
  "Except under extreme emergency circumstances, premises occupied by students and the personal possessions of students should not be searched unless appropriate authorization has been obtained. For premises such as residence halls controlled by the institution, an appropriate and responsible authority should be designated to whom application should be made before a search is conducted. The application should specify the reasons for he search and the objects or information sought. The student should be present, if possible, during the search. For premises not controlled by the institution, the ordinary requirements for lawful search should be followed."

Finding Balance? (Score:5, Informative)
by PapaZit on 02-14-01 03:59 PM EST (#161)

Here's a shot from "the other side."

I work in Computing Services for a tech-oriented private university. Our usage policies aren't as bad as some, but they definitely give us broad priviledges. We've been through many, many proposed revisions that keep being killed by some combination of faculty, staff or lawyers. The basic problems:

There doesn't seem to be a concise legal way to say "Don't be an asshole and don't break the law," which is all we really want.

It's occasionally necessary for staff to look at private information for technical reasons (reconstructing mail spool after disk crashed, making sure the nifty new backup program actually worked, etc.). We have a huge infrastructure, and if we had to stop and check every time we might accidentally see something, we'd never get anything done unless we made our staff size much larger. We don't have the budget to do that.

Occasionally, the sysadmins will find something really bad during the course of routine work. "Spending a long time in federal prison" kind of bad. We try to keep these sort of events quiet to avoid publicity for the user in case it's not their fault (someone cracked their account, etc). We don't want our users on the evening news, but this'll happen with most "notify lots of people before doing anything" plans.

There are two opposing viewpoints that are both vocal in our community. One says "privacy over all" while the other says "learning and sharing over all". We have quite a few people who make their home directories publicly readable as a sort of protest against the "privacy freaks" (their words). Finding a policy that makes both happy is very difficult.

In light of these constraints (financial and social), how do we give more rights to our users without seriously impeding our ability to do our jobs?

First, I commend you for taking your professional responsibilities seriously. As you know, incidental and emergency exposure of information is a fact of life. Your computers likely contain everything from medical information, to love letters, to evidence of criminal activity. After much debate at the U. of Illinois, with input from all of campus, the University adopted a policy that says in part:

"Network and system administrators are expected to treat the contents of electronic files as private and confidential. Any inspection of electronic files, and any action based upon such inspection, will be governed by all applicable U. S. and Illinois laws and by University policies."

Other schools also respect the privacy of email and files. You can see examples here. For some general tips on making good policy, look here.


I am violating my school's policy by posting this. (Score:4, Interesting)
by SkyIce (dangelo(a)ntplx.net) on 02-14-01 03:47 PM EST (#144)

Take a look at my school's AUP at http://www.exeter.edu/publications/ebook/datavoice video.html . Some interesting quotes:

"No pseudonymous or anonymous messages may be sent. Students should be careful not to give out personal information over the Internet."

"Accessing the accounts and files of others is prohibited."

"Students may be held accountable for their actions while off-campus and thus for messages posted from off-campus accounts."

Academy network resources, including all telephone and data lines, are the property of the Academy. The Academy will, to the extent possible, respect privacy of all account holders on the network. However, the Academy is responsible for investigating possible violations of and enforcing all Academy rules governing the network. Academy network users should, therefore, keep in mind that the Academy reserves the right to access any information stored or transmitted over the network.

But nowhere in it does it mention the search of a personal computer. Somehow, last week, on mere suspicion, my and three other kids' computers were seized and held for a few days while the network administrator attempted to track down the source of network troubles. He ultimately failed, but in the process noticed that I was using a different IP address and hostname other than the one I had been assigned. The case was sent to the discipline committee under "Theft of IP address" and I am now on probation for eight weeks. My dorm room's port was activated "with restrictions" yesterday, and they now want me to e-mail them a list of every program I want to download so that they can verify it. Was this even legal? What can I do to stop something like this from happening in the future?

As a student in a private high school that likely doesn't take any government money, you have few legal protections. As long as they follow their own rules, they can do almost anything they want. Sorry.

Again, I strongly encourage you to read the student code and computer policies of any colleges you are looking at. You'll find critiques of several dozen policies Computers and Academic Freedom Policy Archive. (Hopefully, most of the bad policies in the archive have since been improved.)


Colleges vs Corporations (Score:3, Interesting)
by Chris Brewer (chrisbrewer@paradise.net.nzSPAMBEGONE(TM)) on 02-14-01 02:44 PM EST (#39)

In your opinion, is there any difference between what a student does on the campus network using college owned computers and an employee using the corporate network using the company's computers with regard to who owns the data?

In the U.S., there is a world of difference between employees and students. (I don't know about the law in New Zealand). The work employees do on company equipment generally belongs to the company. Moreover, at work Americans have little privacy protection. (The ACLU has a project on workplace civil liberties.)

Students, on the other hand, are customers of the university, not its agents or employees. Although your grandmother might store a document on AOL's computers, that does not give AOL ownership of the document's copyright. Likewise, while you might research a paper in the University library and store it on a University computer, they gain no ownership rights.


WPI's Acceptible Use Policy (Score:3, Interesting)
by Saint Nobody on 02-14-01 02:50 PM EST (#55)

Personally, i think that WPI has a pretty good AUP, (which is not to say i haven't had problems with netops regarding a few violations, only one of which i was actually responsible for.) it doesn't say that they can read our email personal files and other miscellany, and it requires us not to go poking around.

However, it doesn't say that they can't.

how do you feel about policies like that? It doesn't guarantee our privacy, but it doesn't infringe on it either. Is lack of a guarantee an implicit infringement?

The Joint Statement says that academic freedom "requires" policies that clearly define possible offenses and that are enforced though fair due-process procedures. As you point out, WPI, a private technical institute, leaves a lot unsaid in its computer policy especially about policy enforcement. Are such vague policies OK because we can trust the wisdom of the university staff to do what's right? As much as I respect the professionalism of many computer staff folks, we can't know that the good ones will always be there. To be safe, we must capture some wisdom in policy.

So, what could go wrong? Imagine this nightmare: The WPI computer organization decides to ignore the Institute's regular judicial system with its system of check and balances. The computer org decides to impose punishments on students itself. It guarantees no notice of charges, no hearing, and no appeal procedure.

How likely is this nightmare? IT HAS ALREADY HAPPENED!

Read another WPI policy, the Residential AUP Policy. This policy reminds me of a line from Lewis Carroll's Alice in Wonderland: "No, no," said the Queen: "The sentence first -- the verdict afterwards." Except they don't even bother with the verdict.


Is it because of lawyers? (Score:3, Interesting)
by Wariac on 02-14-01 03:06 PM EST (#83)

Do you think that Schools do this in practice, or is this just a CYA (cover your ass) scenario in case a student does something stupid/illegal. It seems to me in this lawsuit-happy world full of sleazy lawyers that this could be the only way that Schools (or anyone) can avoid being sued into bankruptcy.

In a nutshell, Do the schools implement these policies on thier own accord, or are they usualy done at the request of thier insurer?

Because students are customers of a school and not employees/agents schools generally aren't responsible for their actions. So, if it's not insurers who ask for bad policies where to they come from? It often works like this:

• A student does something obnoxious, but not against any written rules.
• The student is investigated and punished.
• The department that punished the student creates very broad and very vague rules to justify, after the fact, the procedure and punishment already imposed. (For example, see the case of the NCSA.)
• The new policy is run by University legal counsel. Legal counsel checks that it doesn't make any promises or guarantees to students. Counsel doesn't think to check for consistency with other policies or Constitutional requirements.
• Some students, faculty, or staff members finally get to read the policy. Using email, web sites, netnews, newspaper stories, and sometimes even demonstrations on on the Quad/Green, they educate themselves and the University community about legal and academic standards. Everyone starts to see the problems in the first policy.
• A committee is formed of students, faculty, staff, and librarians. They work for a while and create a much better policy.
• The new policy is adopted by the University and replaces the old. (For example, the UIUC privacy policy that grew out of the NCSA policy.)
• Everyone lives happily ever after. (Until the next time a student does something obnoxious but not against any written rules.)

How do you handle bandwidth issues? (Score:2, Interesting)
by Shook (shook@iname.com) on 02-14-01 10:34 PM EST (#261)

I go to a fairly devout Christian U., that has very aggressive censor ware against sex, porn, illegal activities, but that isn't the focus of my question. Unlike many schools, my U. did nothing to block Napster use, and I always found this a little surprising.

When we came back from X-Mas break, Napster was blocked. People moaned and groaned, but it turns out it wasn't even our school's call (though they might have had a say in it) Our school gets its access from a state-wide government-run ISP for educational institutions, and the ISP decided to block Napster, Gnutella, and probably others.

Rather than copyright issues, they cited bandwidth problems. Although, I miss my Napster, I find this hard to argue with. (Theoretically) the network is for educaitonal purposes, and my average dorm-connection speed has doubled since Napster was blocked. But this could easily become a slippery slope, what is to keep them from blocking things like FTP, or Real Audio, both of which I have used for research, but can present bandwidth problems.

How would you suggest balancing to need to reserve bandwidth for serious school-related purposes, and still provide a useful Internet service?

Ten years ago, some schools thought it necessary to ban all games from their computers and networks. (Here is a critique of one such policy.) Now the computer game industry is as big as the movie industry. And, just as you can take film classes in college, so you can take computer game classes. This illustrates the wisdom of a tenet of academic freedom: no authority knows everything that will be important in the future. Therefore, every professor and every student should be free to examine and discuss all questions of interest to them. Schools should do their best to accommodate these explorations. Peer-to-peer systems could be the next big thing. It sounds like the students and professors in your state won't be part of it.

Could there ever be a legitimate reason to ban ALL recreational use of the network? Sure, just as I can imagine a college so resource-poor that it banned all recreational reading in the library, I can imagine a college so resource-poor that it banned all recreational network use. But I won't want to attend such a school.

But, how should needs be balanced when resources require it? I advocate following the model of librarians. They are experts at selecting books based on professional standards and respect for intellectual freedom.

In closing, let me list some resources and ask for some possible help:

• American Civil Liberties Union
• Electronic Frontier Foundation, civil liberties group which works to protect privacy, free expression, and access to new media sources.
• The Foundation for Individual Rights in Education (FIRE), a nonprofit educational foundation devoted to free speech, individual liberty, religious freedom, the rights of conscience, legal equality, due process, and academic freedom on our nation's campuses.
• Peacefire, a nonprofit organization representing the interests of people under 18 in the debate over freedom of speech on the Internet. Peacefire focuses mostly on censorware (Internet content filtering software) in libraries and schools.
• Student Press Law Center, a nonprofit organization provides legal advice to media students and educators on issues related to freedom of the press. Includes advice and news.
• American Association of University Professors, focuses on issues of academic freedom and tenure and campus governance by faculty. Details its programs and policies.
• American Library Association - Office for Intellectual Freedom

Finally, if you go to the Computers and Academic Freedom Archive, my web site, you'll notice it has not been updated for a while. With a job, a family, and new interests, I haven't given the site and issue the attention it deserves. I'd love to get ideas and/or proposals from folks on how to get the Computers and Academic Freedom Project restarted. Thanks.

Carl Kadie
kadie@eff.org
p.s. I'll be on vacation from the 4th to the 11th.

It was supposed to be done by September 30, but Congress finally finished its budget for this year. Because it works best with our sometimes-bizarre legislative system, this year, like every year, hundreds of unrelated measures were rolled up into one massive package and crammed through the door. Your grandchildren may look up at you with a puzzled expression, fifty years from now, and say "grampa" (or gramma), "did you really use an unfiltered internet, back in the olden days? Wasn't that scary? How did you ever survive with all that porn jumping out at you?" If that happens, just sigh, and think back to the olden days -- December2000 -- before censorware became mandatory in public institutions nationwide.

The massive spending bill has been passed by the House and Senate, and President Clinton is expected to sign it soon. Despite some noises from the Clinton administration mildly protesting censorware, the small amendment making it mandatory is not considered to be an important enough issue to veto an entire appropriations bill.

Sen. John McCain (R-Ariz.), a longtime proponent of censorware, introduced the amendment.

As the ACLU says,

Earlier this year, an 18-member commission appointed by Congress rejected the idea of mandating the use of blocking software, which is notoriously clumsy and inevitably restricts access to valuable, protected speech. A wide spectrum of organizations have opposed blocking software mandates, including the American Library Association, the Society of Professional Journalists, the conservative Free Congress Foundation and state chapters of the Eagle Forum and the American Family Association.

"There was an Alice in Wonderland quality to this debate," said Marvin Johnson, a Legislative Counsel with the ACLU's Washington National Office. "With its vote, Congress rejected the advice it asked for from the panel it appointed."

The "wide spectrum of organizations" extends from educators to The New York Times to strongly conservative political/religious groups. For more on the COPA Commission and its recommendations, see our stories from July and August.

Essentially it says that any school or library which receives federal funds to build its network must install censorware. Since these funds are the chief way that poor and middle-income areas bring the internet into public institutions, effectively this means that only rich counties will have the option of an uncensored internet.

The text of the self-declared "Children's Internet Protection Act" is available from CDT. It uses the term "technology protection measure" to describe the software.

In related news, Peacefire, an advocacy group for youth free-speech rights, released a tool to provide one-click disabling of some popular censorware programs.

Meanwhile, the ACLU will be suing to stop this bill from taking effect. This is not a slam-dunk like the CDA was. They're in for a tough fight. Here are three reasons why:

1. The CDA's language was very broad. This bill targets its material precisely: obscenity, child pornography, and "harmful to minors" material. Of course there is no "technology protection measure" in existence which can censor only this material, or even claim to censor only this material.

2. The CDA covered speech. This bill addresses the right to read that speech in a public institution.

3. This bill regulates institutions which are taking public money and how they may use it. Legally, and also in many people's minds, it is more permissable to enact regulations which go against the grain of the Constitution if they are tied to acceptance of public funds.

(The classic example is that the Fourth Amendment protects our homes from unreasonable search and seizure, but when the government provides public housing, it sometimes tries to say that the 4th Amendment does not apply. Same situation, different Amendment.)

Brock Meeks is more optimistic, saying the bill is "doomed." The key issue, I think, will be whether censorware can work. If it does not work, if it cannot work, then the language of the bill is irrelevant; our Congress might as well have demanded a "technology protection measure" to give all our kids 200 IQs and an lifetime supply of free donuts.

When I get in the mood to be optimistic, I think about all the stories we hear from students who are already forced to use this software. It seems like everyone has an anecdote about how they were blocked from doing legitimate research for school.

So maybe if this legislation survives, in ten years, all the kids who grew up with first-hand experience with censorware will start to vote. That's about the only bright side I can see.

For now, Brown v. Board of Education is the example I'm keeping in mind. The Supreme Court, after a half-century of segregated schools, decided that "separate educational facilities are inherently unequal" -- the theory might be OK, but it had failed in practice.

The courts should evaluate the "technology protection measures" by what they do, not by what the law demands they do. The theory might be OK, but in practice, all the technology that I've looked at blocks much more than it should. I'll be hoping for a verdict that reads: "technology protection measures are inherently censorship."

And, hopefully, now -- not after a half-century.

HumpBackB wrote us about the lawsuit that ISP Media3 has filed against MAPS and its Realtime Blackhole List. The RBL, despite blocking only 2% of spam, is widely seen as an effective tool against mail abuse. I'm going to risk life and limb, and say that it has become, instead, just another censorware tool. Here's why.

Media3 has had six of its ClassCs added to the RBL: one in June, and five in November. These 1500 IP numbers are now cut off entirely from the rest of the Internet for any Internet provider who subscribes to the RBL (more on this later).

But making these 1500 IP numbers vanish from the net -- which is exactly what happens for any provider who subscribes to the RBL -- does not stop any spam from getting through. They are not blocked because those servers are sending unsolicited email, or any kind of e-mail for that matter.

Media3's service agreement is more-or-less the same as all responsible, anti-spam providers:

"M3 does not permit the transmission of unsolicited e-mail... Subsequent violations will result in suspension and/or termination of the account without refund of service fees..."

And MAPS does not even allege that a single piece of spam has been sent from any of these 1500 IP numbers. As their press release says:

"Media3 refused to require their Web-hosting customers to stop advertising their Web sites by using unsolicited commercial email..."

Even this fact is in dispute. I spoke with Joe Hayes at Media3, and he told me that the company does not tolerate Web sites which promote themselves through spam.

You can check the RBL evidence file yourself. When a MAPS representative spoke with Joe back in June, he told him that he needed to, not tighten up his sendmail rules, but "terminate the Samco [Web] sites and rewrite his AUP to prohibit the hosting of spamware."

Spamware? Yes. Media3 does host Web sites which sell software that sends bulk e-mail and harvests e-mail addresses. Take a look at MarketingMasters.com. Their IP number is 209.211.253.74, which is in the Media3 ClassC which was blocked in June. You can look them up on the RBL at http://mail-abuse.org/cgi-bin/ lookup?209.211.253.74.

Again, the blocking of that IP number, their Web site, does not stop a single piece of spam from being sent or received. What it does do is punish the folks at MarketingMasters, whose Web site can't be seen by RBL subscribers.

The problem is that MAPS has put every 209.211.253.x IP number on their list. For example, if you look up 209.211.253.169, you'll see exactly the same message and same rationale.

And 209.211.253.169 is not a spam Web site. It's otherwise known as Peacefire.org, a group of young people who are advocates of free speech rights for teenagers, and -- irony alert -- longtime opponents of censorware.

In fact, if you visit their Web site you'll see many reports about how censorware blocks the good as well as the bad. Their latest, "Amnesty Intercepted," shows that sites like Amnesty International Israel and the American Kurdish Information Network are blacklisted as pornographic by overzealous censorware.

Kind of like Peacefire -- and over a thousand other sites -- are blacklisted by MAPS.

Let's be clear about what censorware does. It does not by itself block content. It "only" rates that content as unacceptable for viewing, and it is up to someone -- your parents? your teacher? your ISP? -- to apply its rules to prevent you from seeing that content.

I don't like spam any more than the next person. But I also don't like censorship, and I take a content-neutral view of these things. If someone delivers a product to be used by Alice to block Bob from seeing website because she doesn't like its content, that product is censorware.

And if that product capriciously, unfairly, and deliberately blocks innocent Web sites, then it's not very good censorware.

In this case, the "bad" Web site sells software which could be used to spam. Frankly, compared to Nazi propaganda or bomb-making instructions, it's pretty tame. But that's not important. Standing up for speech I agree with is easy, everybody does it. If you want freedom, you have to stand up for speech you disagree with.

At least with programs like CyberPatrol, SurfWatch, and Net Nanny, when overblocking mistakes are pointed out, they are corrected. But as MAPS admits in its press release and evidence files, the intent here is not to block the actual Web sites (after all, people who want to buy the software will find a way to buy it).

No, the intent is to get the ISP in question to play ball. The fact that a thousand innocent Web sites are censored is, as far as I can tell, irrelevant.

I don't see much difference between this and any other censorware. One difference is that few other censorware packages are actually free. Another is that fewer are so obviously wielding their power as a retaliatory weapon.

And, there's also the fact that the RBL is used by a backbone provider, AboveNet, whose CTO also happens to be a co-founder of MAPS. Peacefire had no idea that it was being censored until it heard from confused would-be readers. At least with traditional censorware, if your connection to a website is blocked, you have some idea of why. Peacefire's readers naturally had no idea whether their packets were traveling over AboveNet's network, and only knew that their connections were being rejected.

(I contacted Paul Vixie to ask about AboveNet and how it uses the RBL, but he refused comment, sending me to AboveNet PR, who didn't get back to me by deadline time.)

Vixie claimed in 1998 that "MAPS volunteers always contact the owner of a site before it's blacklisted." I'm guessing none of the 1,500 blocked Web sites were contacted.

But then, MAPS also advises Web providers:

"If you host Web sites, we suggest that you use one IP per domain so that if spam occurs for one Web site, we don't have to blackhole you or your other customers to block access to the spamming site."

That's exactly what Media3 does -- and exactly what MAPS did.

Oh, and one more difference. The RBL is more successful than any other censorware package. According to Upside, 20,000 companies that control 40% of all e-mail accounts (and, quite possibly, Web sites); that's up from what ZDNet said in 1998, 2000 ISPs that control 30% of Internet destinations.

I can't find much to argue with in Joe Hayes's summary:

"They [MAPS] are blocking very good educational sites, nonprofit organizations, in their attempts to get us to adopt their definitions in their entirety. They've made no bones about hurting people and while Media3 maintains a policy of not allowing unsolicited e-mails, we do not see completely eye-to-eye on MAPS's definitions because they become very encompassing and very broad. While they have a good tool, and I commend them for their efforts to contain e-mail abuse, they're a good thing gone bad and they have basically become the abuser."

And here's a heavily abridged list of the sites that cannot be accessed via AboveNet, or any of the other providers who use the RBL -- just a few of the sites on just one blacklisted ClassC:

• FulfilledLives.com, "the place for women and girls," about spirituality and relationships.
• DesktopHeaven.com, Windows themes, screensavers, wallpaper.
• TownOfCary.org, the official website for the town of Cary, North Carolina.
• StudioZito.com, yet another Web site-designer.
• Crossalizer.de, a music site which points out (in German) that it's a victim of an anti-spam initiative, and thus has moved to Crossalizer.com.
• StrikeMore.com, bowling tips and schedules.
• NewTechWellness.com: "The total balance of wholeness and wellness within the areas of Mind, Body, Family, Society, and Finances in our lives is our goal," OK, whatever.
• ElaineCoffman.com and DianaPalmer.com -- both are authors of romance novels.
  And finally,
• CraftersCommunity.com. "If you are looking for a fun and easy recipe to do with the kids, try these deliciously simple Winter Cookie Pops."

Update, something like an hour later: If you're planning to e-mail me or post a comment saying I don't know what I'm talking about because the RBL only blocks mail traffic, please take a moment to read this 1997 interview. Excerpt:

SunWorld: How do you defend your policy of Blackholing Web services that host spammers' Web sites -- even if the spam itself isn't going through their service?

Vixie: This is the most controversial thing we do because it's censorship of something that isn't spam. It's me saying to some Web provider, because you are renting space to this person [a spammer] who is doing something completely legal, I am going to Blackhole your butt.

For more on the Border Gateway Protocol implementation of the RBL, see this page (thanks to jeffg for the link); for a description of how it drops all packets to blackholed sites, see this message.

Also, Bennett Haselton of Peacefire reports, at 10:58 PM EST:

I just telnetted in to www.peacefire.org and was able to do "ping www.above.net" and "ping home.cnet.com" and "ping www.infoworld.com" despite the fact that that traceroute on all of these sites shows that they are hooked up via above.net.

Peacefire's IP address is still on the RBL, so it looks like AboveNet has, for the time being, temporarily stopped blocking their users from accessing sites on the RBL.

This means that either:
(1) AboveNet has realized the errors of their ways, and is trying to correct them.
(2) AboveNet is trying to cover up the fact that they ever censored their users' Internet access, and they are temporarily opening up the gateway so that people on AboveNet will be able to access Peacefire and will think it is all a hoax.

HumpBackB wrote us about the lawsuit that ISP Media3 has filed against MAPS and its Realtime Blackhole List. The RBL, despite blocking only 2% of spam, is widely seen as an effective tool against mail abuse. I'm going to risk life and limb, and say that it has become, instead, just another censorware tool. Here's why.

Media3 has had six of its ClassCs added to the RBL: one in June, and five in November. These 1500 IP numbers are now cut off entirely from the rest of the Internet for any Internet provider who subscribes to the RBL (more on this later).

But making these 1500 IP numbers vanish from the net -- which is exactly what happens for any provider who subscribes to the RBL -- does not stop any spam from getting through. They are not blocked because those servers are sending unsolicited email, or any kind of e-mail for that matter.

Media3's service agreement is more-or-less the same as all responsible, anti-spam providers:

"M3 does not permit the transmission of unsolicited e-mail... Subsequent violations will result in suspension and/or termination of the account without refund of service fees..."

And MAPS does not even allege that a single piece of spam has been sent from any of these 1500 IP numbers. As their press release says:

"Media3 refused to require their Web-hosting customers to stop advertising their Web sites by using unsolicited commercial email..."

Even this fact is in dispute. I spoke with Joe Hayes at Media3, and he told me that the company does not tolerate Web sites which promote themselves through spam.

You can check the RBL evidence file yourself. When a MAPS representative spoke with Joe back in June, he told him that he needed to, not tighten up his sendmail rules, but "terminate the Samco [Web] sites and rewrite his AUP to prohibit the hosting of spamware."

Spamware? Yes. Media3 does host Web sites which sell software that sends bulk e-mail and harvests e-mail addresses. Take a look at MarketingMasters.com. Their IP number is 209.211.253.74, which is in the Media3 ClassC which was blocked in June. You can look them up on the RBL at http://mail-abuse.org/cgi-bin/ lookup?209.211.253.74.

Again, the blocking of that IP number, their Web site, does not stop a single piece of spam from being sent or received. What it does do is punish the folks at MarketingMasters, whose Web site can't be seen by RBL subscribers.

The problem is that MAPS has put every 209.211.253.x IP number on their list. For example, if you look up 209.211.253.169, you'll see exactly the same message and same rationale.

And 209.211.253.169 is not a spam Web site. It's otherwise known as Peacefire.org, a group of young people who are advocates of free speech rights for teenagers, and -- irony alert -- longtime opponents of censorware.

In fact, if you visit their Web site you'll see many reports about how censorware blocks the good as well as the bad. Their latest, "Amnesty Intercepted," shows that sites like Amnesty International Israel and the American Kurdish Information Network are blacklisted as pornographic by overzealous censorware.

Kind of like Peacefire -- and over a thousand other sites -- are blacklisted by MAPS.

Let's be clear about what censorware does. It does not by itself block content. It "only" rates that content as unacceptable for viewing, and it is up to someone -- your parents? your teacher? your ISP? -- to apply its rules to prevent you from seeing that content.

I don't like spam any more than the next person. But I also don't like censorship, and I take a content-neutral view of these things. If someone delivers a product to be used by Alice to block Bob from seeing website because she doesn't like its content, that product is censorware.

And if that product capriciously, unfairly, and deliberately blocks innocent Web sites, then it's not very good censorware.

In this case, the "bad" Web site sells software which could be used to spam. Frankly, compared to Nazi propaganda or bomb-making instructions, it's pretty tame. But that's not important. Standing up for speech I agree with is easy, everybody does it. If you want freedom, you have to stand up for speech you disagree with.

At least with programs like CyberPatrol, SurfWatch, and Net Nanny, when overblocking mistakes are pointed out, they are corrected. But as MAPS admits in its press release and evidence files, the intent here is not to block the actual Web sites (after all, people who want to buy the software will find a way to buy it).

No, the intent is to get the ISP in question to play ball. The fact that a thousand innocent Web sites are censored is, as far as I can tell, irrelevant.

I don't see much difference between this and any other censorware. One difference is that few other censorware packages are actually free. Another is that fewer are so obviously wielding their power as a retaliatory weapon.

And, there's also the fact that the RBL is used by a backbone provider, AboveNet, whose CTO also happens to be a co-founder of MAPS. Peacefire had no idea that it was being censored until it heard from confused would-be readers. At least with traditional censorware, if your connection to a website is blocked, you have some idea of why. Peacefire's readers naturally had no idea whether their packets were traveling over AboveNet's network, and only knew that their connections were being rejected.

(I contacted Paul Vixie to ask about AboveNet and how it uses the RBL, but he refused comment, sending me to AboveNet PR, who didn't get back to me by deadline time.)

Vixie claimed in 1998 that "MAPS volunteers always contact the owner of a site before it's blacklisted." I'm guessing none of the 1,500 blocked Web sites were contacted.

But then, MAPS also advises Web providers:

"If you host Web sites, we suggest that you use one IP per domain so that if spam occurs for one Web site, we don't have to blackhole you or your other customers to block access to the spamming site."

That's exactly what Media3 does -- and exactly what MAPS did.

Oh, and one more difference. The RBL is more successful than any other censorware package. According to Upside, 20,000 companies that control 40% of all e-mail accounts (and, quite possibly, Web sites); that's up from what ZDNet said in 1998, 2000 ISPs that control 30% of Internet destinations.

I can't find much to argue with in Joe Hayes's summary:

"They [MAPS] are blocking very good educational sites, nonprofit organizations, in their attempts to get us to adopt their definitions in their entirety. They've made no bones about hurting people and while Media3 maintains a policy of not allowing unsolicited e-mails, we do not see completely eye-to-eye on MAPS's definitions because they become very encompassing and very broad. While they have a good tool, and I commend them for their efforts to contain e-mail abuse, they're a good thing gone bad and they have basically become the abuser."

And here's a heavily abridged list of the sites that cannot be accessed via AboveNet, or any of the other providers who use the RBL -- just a few of the sites on just one blacklisted ClassC:

• FulfilledLives.com, "the place for women and girls," about spirituality and relationships.
• DesktopHeaven.com, Windows themes, screensavers, wallpaper.
• TownOfCary.org, the official website for the town of Cary, North Carolina.
• StudioZito.com, yet another Web site-designer.
• Crossalizer.de, a music site which points out (in German) that it's a victim of an anti-spam initiative, and thus has moved to Crossalizer.com.
• StrikeMore.com, bowling tips and schedules.
• NewTechWellness.com: "The total balance of wholeness and wellness within the areas of Mind, Body, Family, Society, and Finances in our lives is our goal," OK, whatever.
• ElaineCoffman.com and DianaPalmer.com -- both are authors of romance novels.
  And finally,
• CraftersCommunity.com. "If you are looking for a fun and easy recipe to do with the kids, try these deliciously simple Winter Cookie Pops."

Update, something like an hour later: If you're planning to e-mail me or post a comment saying I don't know what I'm talking about because the RBL only blocks mail traffic, please take a moment to read this 1997 interview. Excerpt:

SunWorld: How do you defend your policy of Blackholing Web services that host spammers' Web sites -- even if the spam itself isn't going through their service?

Vixie: This is the most controversial thing we do because it's censorship of something that isn't spam. It's me saying to some Web provider, because you are renting space to this person [a spammer] who is doing something completely legal, I am going to Blackhole your butt.

For more on the Border Gateway Protocol implementation of the RBL, see this page (thanks to jeffg for the link); for a description of how it drops all packets to blackholed sites, see this message.

Also, Bennett Haselton of Peacefire reports, at 10:58 PM EST:

I just telnetted in to www.peacefire.org and was able to do "ping www.above.net" and "ping home.cnet.com" and "ping www.infoworld.com" despite the fact that that traceroute on all of these sites shows that they are hooked up via above.net.

Peacefire's IP address is still on the RBL, so it looks like AboveNet has, for the time being, temporarily stopped blocking their users from accessing sites on the RBL.

This means that either:
(1) AboveNet has realized the errors of their ways, and is trying to correct them.
(2) AboveNet is trying to cover up the fact that they ever censored their users' Internet access, and they are temporarily opening up the gateway so that people on AboveNet will be able to access Peacefire and will think it is all a hoax.

Yet another topical censorware report by Bennett Haselton and myself. Is this getting repetitive? It turns out that politicians' websites are being blocked in schools and libraries as inappropriate for viewing by children (and, in many cases, adults). The report, "Blind Ballots", takes a look at two dozen candidates whose campaigns have been censored in our public schools and libraries. One of the products blocks pretty equally across the political spectrum; the other takes a big chunk out of Republicans, Libertarians and conservative third parties. One Republican candidate (so far) has changed his position on filters because of this report.

I took some time over the last few days to sample what kind of political speech is censored by a typical filtering software package. The result is a report released jointly by EPIC (EPIC's copy) and Peacefire (Peacefire's copy). The software this time is N2H2 Bess, and if you're an American K-12 student, there's roughly a one-in-three chance you're forced to surf the net with its 'help.' It bans political speech ranging from campaign finance reform to the Second Amendment to Minnesota newspapers' election coverage.

My favorite block was the Traditional Values Coalition. Can I say "you reap what you sow" or would that just be rude?

In other news:

(an unrelated) Coalition To Promote Voluntary Net Filtering, Standards

"A new coalition of high-tech companies and industry groups is hoping to shift the focus of the national debate over Internet filtering by promoting the value of filtering software as an exclusively voluntary parental tool. ... the Committee on Internet Management and Safety will tout the value of filtering products while at the same time opposing legally mandated filtering."

Did they say "exclusively voluntary"? Good on 'em! Let's have a real debate about the value of this software, so that people can make up their own minds rather than having the government decide what's best for our schools and libraries. A level playing field would be a lot better than what we have now.

Censorware in public institutions? Congress is pushing for it, but the current bill has a surprising opponent: at least one of the censorware makers. A major-brand corporate V.P. is quoted in a recent AP story as saying: "Things that mandate specific technologies probably aren't the best solution here. Let the free market decide...." But the interesting technical story here is yet another statistical analysis by Peacefire. They looked at five popular packages and showed that for every ten appropriately-blocked domain name, there were anywhere from four to forty domain names just randomly censored. Ouch.

The word "Internet" was uttered precisely once in last night's presidential debate, and I don't have to tell you the context. You already know the topic was Columbine, and you already know the Net was being blamed for mass murder. What our Republican candidate failed to mention is that his party's bogeymen, the evil Internet and its evil twin violent entertainment, have brought about a new era of peace. If we really want less violence in our schools, we obviously need more violence on our Internet.

"Columbine spoke to a larger issue, and it's really a matter of culture. It's a culture that somewhere along the line we begun to disrespect life, where a child can walk in and have their heart turn dark as a result of being on the Internet, and walk in and decide to take somebody else's life."
- George W. Bush, presidential debate, October 11, 2000

The term we're looking for is "manufactured crisis." That's what we need to start calling it, this supposed violence in our schools.

I don't need to provide you with more quotes from Bush, Gore, Cheney and especially Lieberman about how disgustingly violent our culture has become. You can't pick up a paper without seeing at least three people moaning about violent movies, the violent internet, and worst of all violent video games. They're infecting the minds of our children, don't'cha know. It'd be the new national pastime if it weren't 200 years old: grumping about those damn kids.

Let's counter disinformation with some real numbers. Here's an annotated timeline showing the increase in violent imagery, and the corresponding decrease in actual violence.

1993
Students' nonfatal violent crimes: 1,438,200.
Victims of violent crime per 1,000 population, all ages: 49.1.

Let's consider 1993 our baseline year, the pre-Doom year. That blockbuster was not released until December 1993, so I think we are safe to assume that it did not begin darkening hearts until 1994 or later. By the end of 1993, the internet's two million host machines include 500 webservers.

Demolition Man, Kalifornia and Falling Down are in the theaters.

1994
Students' nonfatal violent crimes: 1,424,200: a 1% decrease from the previous year.
Victims of violent crime per 1,000 population, all ages: 51.2: a 4% increase from the previous year.

In 1994, shareware Doom, downloadable from the evil internet, shatters existing gaming records. Its bloody graphics and Satanic imagery shock and offend many who are easily shocked and offended. In an era where 200,000 is a great-selling title, 1994 sees the first of fifteen million gamers who download and play Doom.

Meanwhile, the web grows at an annual rate of 341,000%, becoming the 2nd-most popular type of data; among the three million machines on the net, there are too many webservers to count.

The movies Pulp Fiction, Timecop, True Lies, Children of the CornIII, and the politicans' favorite Natural Born Killers are all released in 1994.

1995
Students' nonfatal violent crimes: 1,290,000: a 9% decrease from the previous year.
Total under-18 murderers: 2,169.
Victims of violent crime per 1,000 population, all ages: 46.1: a 10% decrease from the previous year.

In 1995, the web becomes the most popular internet service among the net's four million machines. Shareware Doom continues to rack up downloads. Doom II: Hell On Earth, released last October, takes over as the violentest game ever, with an initial release of half a million units.

The Basketball Diaries, Braveheart, Se7en, and Die Hard3 are released.

1996
Students' nonfatal violent crimes: 1,134,400: a 12% decrease from the previous year.
Total under-18 murderers: 1,683: a 22% decrease from the previous year.
Victims of violent crime per 1,000 population, all ages: 41.6: a 10% decrease from the previous year.

1996 is a banner year for violent images. Doom II continues on its track to eventually sell two million copies. Duke Nukem 3D, aimed at the young teenage male market, gives our nation's young boys a healthy mix of strippers, jokes, and mass slaughter with machine guns. Soon after, the breakthrough title Quake offers unprecedented visual accuracy: blood, gore, and murder are now illustrated with detail that makes Doom and Duke Nukem look cartoony.

Scream is released in theaters to tremendous success, along with Broken Arrow, CrowII, Sling Blade, and the excellent Fargo. Meanwhile, there are now 9 million hosts on the net.

The effects of all that horrible media violence in 1996 appear in 1997's statistics...

1997
Students' nonfatal violent crimes: 1,055,200: a 7% decrease from the previous year.
Total under-18 murderers: 1,457: a 13% decrease from the previous year.
Victims of violent crime per 1,000 population, all ages: 38.8: a 7% decrease from the previous year.

In 1997, there are 16 million hosts on the net. At year's end, QuakeII is released, and is quickly banned in Germany for its even-more-realistic violence. And Con Air, Face/Off, Starship Troopers, and Scream2 are released in theaters.

1998
Total under-18 murderers: 1,169: a 20% decrease from the previous year.
Victims of violent crime per 1,000 population, all ages: 36.0: a 7% decrease from the previous year.

In 1998, Quake II hits its sales stride and begins corrupting young minds. Grand Theft Auto, one of the more vilified and censored video games, is released. The web crosses the 300-million-page mark.

Brace yourself for the movie list: Lethal Weapon4, Saving Private Ryan, American HistoryX, Lock, Stock and Two Smoking Barrels, Ronin, Urban Legend, Blade, and the crappy remake of Psycho hit the theaters.

The result?

1999
Victims of violent crime per 1,000 population, all ages: 32.1: an 11% decrease from the previous year.

There it is. In the four years between the release of Doom and Quake II, the number of killers under the age of 18 in this country plummeted. A drop of 46% in just four years is nothing short of astonishing.

Long-term graphs are even more valuable. Click through to these, they're small and quick:

• The homicide rate, 1900-1998. We are experiencing the longest and steepest sustained dropoff in violence since the Great Depression.
• Homicide offenders grouped by age, 1976-1998. The number of teenage killers is steadily falling.
• Average age of homicide offenders, 1976-1998. The average age of the American killer has been rising since 1993.

Last month, I watched CNN as my friend Bennett Haselton got grilled opposite Sen. Jeff Sessions (R-Ala.). After CNN's introduction telling us what to think - cutting straight from footage of Doom to footage of crying Columbine students - the Senator explained how violent games cause children to commit violent actions. He wants to keep dangerous weapons like Quake away from our kids.

That's how the Senator - who voted against secure handgun storage, and twice against child safety locks - positioned himself as our noble defender of children.

How do the posturing panderers justify their crisis-du-jour? How'd we end up with the phantom of media-created child violence as a major election issue, while violence plummets?

The facts speak for themselves. If seeing violence has any effect on children's actions, it obviously makes them calm and peaceful.

So here's the slogan for my campaign: our kids deserve the best in first-person shooters. In my America, every family will have free movie tickets, 300 megatexels, and low-ping broadband. Let's put an end to frame rates under 30Hz. For our country - for our safety - we can leave no child behind.

(Sources: US DOJ 1, 2, 3; OJJDP 1, 2, 3; FBI UCR; Blues News; crime.org; poynter.org.)

Our readers from a year ago may remember the series we did examining the attempt to force censorware into Holland's libraries. (Holland, Michigan is the home of the Slashdot Geek Compound, such as it is.) In February, voters rejected that attempt. But to quote Poltergeist II, "they're ba-ack." Thanks to a new Michigan law, all of our libraries have to address the question of minors and the internet -- and blocking software is, to many, the natural solution. I went to the Holland library's open board meeting on Tuesday night; here's what's up.

By the way, if you're wondering why you should care about Holland, Michigan: this is going to happen at your local library -- and other public institutions -- soon. It probably has already happened at your local schools. The Holland area is fairly conservative, so it's been at the forefront, but the issue will work its way around the country (and in fact the world) in due time.

Before I describe what happened at the board meeting Tuesday evening, I should put the meeting itself into context.

A small but vocal minority has been pushing for library filters since late last year. At that time, the effort was begun by the American Family Association, with the Family Research Council and a local group stepping in to do the heavy lifting.

The FRC is still playing the dominant role. In fact, Tuesday night, the AFA representative actively distanced the organization from the issue, probably because it has earned its reputation as an extremist group.

Since February, the push has been for communication with the library board: "community input" has been big. Since all board meetings legally must be open to the public anyway, it's never been entirely clear to me what the problem was. The board did form a committee, which met on several occasions with filtering supporters -- the few who showed up -- and educated themselves about their options.

But the pro-filter crowd and the media have been attacking the library for not doing more to engage the community in dialogue. In one recent headline, the city's Mayor, formerly anti-filter, was described as "ripping [the library board's lack of] public input." Ouch.

In fact, the FRC representative Tuesday night apologized at length for the pressure tactics -- even though, in most of the media reports I've seen, her comments were relatively mild.

Just a week ago, she was quoted as saying she:

"...doesn't think a Sept. 12 forum will be sufficient to solicit public input, with attendance limited to 200 people and less than two hours set aside for public comment.

"She said those restrictions will limit the amount of input the board can receive."

That's been the concern all these months; that's what's been keeping the library board awake worrying. Every board meeting has been completely open to the public, and the only issue was how many people the fire marshal would allow in, and how long the community would be allowed to outpour its concerns.

In fact, when the meeting started -- the one and only meeting that's been publicized as a forum for the airing of Holland's views -- fewer than 45 people showed.

Some more trickled in, some trickled back out later after less than two hours of public comment. A total of just over 60 people showed up, about half of whom spoke (excluding the boardmembers and the media, including the toddlers, not that the toddlers did much of the speaking).

The Family Research Council's representative saved her statements for late in the meeting, telling her group's supporters how important it was that they came out, and to hang in there because they were only at the halfway point. Her closing comments were encouragement to those supporters: "we're getting closer and closer, glory God, we will not quit until we get this thing right ... c'mon you people, there's two more hours, get up here and talk for yourselves."

As if that was the signal to wind things down, only a few more people stood to speak. There was a period of questions, which took a while because the lawyer fielded most of them, and then the meeting adjourned almost an hour ahead of schedule.

Three thousand people in the Holland area get the FRC's newsletters; roughly 1% bothered to come.

Why the lack of interest?

Part of the reason, to be sure, is that Holland is sick of the issue; they went through a long campaign early this year.

But another part is that blocking software is not nearly as popular as the vocal minority would have us believe. An AP article "Most parents shun net filters" suggests that just one parent in three uses censorware.

And even that seems large, to some. The latest issue of the American Family Association Journal has an article titled "Low percentage of Christians using Internet filtering shows ignorance of the dangers." They claim that "Seven out of 10 Christians have Internet access -- but only one out of 10 has filtered Internet access."

(Keep in mind, too, that when the AFA says "Christians," they mean conservative Christians, presumably more likely to use censorware.)

Parents simply have better choices when it comes to protecting their children. Education and communication are the most effective tools (the only effective ones, I would argue, in many cases). And they're cheaper too: at least, a library in Hudsonville, near Holland, recently spent $20,000 on card-based censorware (not including maintenance fees) for four computers. The city of Grand Rapids, Michigan, just voted to spend $85,000.

And it takes a sneaky kid about ten seconds to completely bypass the $20,000 system. I know; I did it myself, and spent a while browsing a completely unfiltered internet.

But it's political pressure that installs such systems, not necessarily actual demand. Holland's library has taken a great deal of heat for not holding meetings which only a tiny fraction of the community seems interested in. Of course it's easy to use hindsight, but it's my guess that holding the meetings earlier and more often would have taken the lid off the child-size pressure cooker; everyone would have felt better. That's something to consider for the next community faced with this issue.

And speaking of demand, only about 100 patrons at Hudsonville have signed up for the internet cards. The system was installed under pressure from local conservative organizations; others, like that in Grand Rapids, will be installed thanks to a new Michigan law.

That law, Public Act 212, takes effect in our fair state on October1 and in effect, according to the Holland library's lawyer, makes it illegal for minors to use the internet. It demands that terminals for those 17 and under be "restricted from receiving" material "harmful to minors" (that's the underage equivalent of illegal obscenity). No software can guarantee such a restriction, of course, unless it executes the shutdown command.

In fact, it was recommended that the adults' terminals be not only shielded for privacy, but placed so that no minor might walk by and catch a glimpse of something harmful.

So the line seems pretty clearly drawn. How it will play out in reality remains to be seen.

You've probably figured out by now that I'm opposed to blocking software. Before the end of the month, I'll look at what alternatives a library might adopt -- too late for Michigan libraries, but perhaps not too late for yours. There are many choices to be made between the simplistic extremes of "filters" and "nofilters," some of which protect our right to free expression more than others.

Unfortunately, you won't see such alternatives in the traditional media. When filter supporter Tish Fackler pulled out her air filters, she gave a little laugh and said "looks like I'm going to be on TV tonight." Then she held up her meaningless props and delivered the soundbite that was on TV that night. I'll try to keep it a little more real than that.

Snatch Freedom writes "Peacefire has discovered a way to block censorware using Akamai's servers. For example you can see Yahoo! using http://a1.g.akamaitech.net/6/6/6/6/www.yahoo.com/. C|Net had a story about. Censorware cannot block akamai; that will piss off all the advertising people. Akamai says (in the cnet story) that they are not in the filtering business and they won't block anything. The makers of ``Bess'' wan't Akamai to filter it but Akamai says no. "

Snatch Freedom writes "Peacefire has discovered a way to block censorware using Akamai's servers. For example you can see Yahoo! using http://a1.g.akamaitech.net/6/6/6/6/www.yahoo.com/. C|Net had a story about. Censorware cannot block akamai; that will piss off all the advertising people. Akamai says (in the cnet story) that they are not in the filtering business and they won't block anything. The makers of ``Bess'' wan't Akamai to filter it but Akamai says no. "

If you're looking for a political issue that will advance freedom, support the growth and innovation of technology, support younger geeks (and adults) who depend on libraries for access to the Net and Web, and also strike a blow against the Luddites who dominate Congress and media, there's a great cause for you: your local library needs some help. Enlightened educators and librarians are seeking help in blocking imminent federal legislation that would require the installation of filtering software on all school and library computers connected to the Net.

This provision ought to be called "The Local Net Censorship Act" -- and it's close to becoming law. Lawmakers in both the House and the Senate approved a final version late last week, agreeing on a compromise approach containing elements of separate plans passed in the two chambers earlier this year. It would require all schools and libraries to install filtering software regulating the content available to any computers purchased with Federal money, blocking child pornography, obscenity and materials deemed harmful to minors. Schools and libraries would also be required to develop Net use policies that address minors' online access to "inappropriate" materials.

Much of the tech culture was asleep at the switch when the Digital Millennium Copyright Act was passed, giving corporations unprecedented control of American intellectual property, and is now paying for its apathy. This law could increase liability for schools and libraries, give local politicians and religious crazies a significant new weapon to ban access in public institutions to material they consider offensive or inappropriate.

Representatives are already lining up to lengthen the list of sites and subjects considered "inappropriate." Sen. John McCain of Arizona is pushing his own filtering provision in the Senate, where an amendment by Sen. Rick Santorum of Pennsylvania has just added the further requirement that communities be able to provide input about blocking other "inappropriate" Web sites that mention bomb-making, drugs or other topics.

As most of the people reading this know, blocking and filtering programs are arbitrary and wildly ineffective. While savvy users can easily bypass them, these filters hide from most users vast amounts of legitimate information along with so-called "offensive" content. This law is a license for every political interest group to keep subjects they don't like out of local libraries and schools. The victims would be kids with nowhere but libraries to go for Net access. Most filtering programs are censorship technology, pure and simple, but at the same time less effective than simple adult or parental supervision. They are not justified by any meaningful statistics regarding children and the Internet -- perhaps because there really aren't any.

Instead of tying the hands of educators and librarians, government should be doing everything possible to ensure that as many kids as possible have free access to the Net and the Web, because it will be vital to their social, educational and economic opportunities. Laws like this demonstrate how profoundly and dangerously ignorant of technology most of our elected leaders are, and how vulnerable to their ignorance the tech culture is.

The National Education Association is fighting the law -- the still nameless legislation is attached to legislation funding the Labor, Health and Human Services and Education departments. The American Library Association is in on the fight, too, since the bill would for the first time force public libraries to follow the same access policies as schools. But hardly anyone in Congress will dare defend "pornography" and "offensive" material.

"For a library, it's a different ball game," a spokeswoman for the ALA told The New York Times. "If you have to filter any machine a child may use, in a library, you'd have to filter every computer. It disregards age-appropriate levels." This means older children, teenagers and adults would be arbitrarily censored by any local community that didn't like a particular kind of Web site or subject matter, from abortion information to anything resembling sexual imagery. And kids in schools would be subject to even more controlled than they already are.

Libraries -- and local communities -- already have the freedom to establish controls ranging from increased supervision to some kinds of filtering if they wish. Most libraries and schools also have the ability to block sites if they are deemed dangerous and offensive. There is absolutely no reason for Congress to make censorship technology universal and required by law. The federal provision would further complicate Net access issues for libraries, since their environments are less controlled than a public school. Libraries are open to all ages, including adults -- who have a First Amendment right to access a broader range of materials on the Net than the proposed congressional filtering arrangement would allow. Libraries also fear that the law would expose libraries to a wave of new lawsuits demanding they filter -- in accordance with federal law -- any site that could be considered "inappropriate" or "offensive" by any elements of any local community. Passage of this law would force local libraries to radically increase filtering of the Net.

Most of us don't need to go to the library for Net access, but millions of people -- mostly kids -- do. They are entitled to some kinds of First Amendment protection as well as we are. This is a dangerous law, one which injects federal moral guardians directly into the issue of Net access. History tell us this is an awful idea. If you're in the mood to contact your local congressman or woman, this is a great reason to do it. For further information, you can also contact the National Education Association and the American Library Association.

Note: If you're looking for factual evidence to help bolster your arguments against the encroachment of filters, jamie also suggests checking out The Censorware Project, Peacefire and the GLAAD report on filter discrimination.

At 11:30 AM PDT today, Bennett Haselton of Peacefire is scheduled to begin speaking to the COPA Commission. The occasion is their third and final hearing on the subject of blocking software, aka censorware. Our highly hilarious report on the second hearing may still be fresh in your memory; this time around, Bennett takes on the products FamilyClick, CyberSentinel, and SurfWatch.

The reports themselves make for the most interesting reading; I'll just summarize them here:

FamilyClick

The following sites were blocked on the "18 or older" setting, in other words, the software thinks they were too violent, pornographic, hateful, etc. to be seen even by adults:

• AIDS Day 1997: China Responds to AIDS;
• Diccionario del VIH/SIDA (a dictionary of AIDS-related terms, in Spanish);
• Camp Sussex (a summer camp for low-income children);
• Triangles and Tribulations, an essay on the persecution of gay men and woman in Nazi Germany;
• "Homosexuality: Fact and Fiction", from the Christian Research Journal;
• genealogy of Alice Ficken (her last name means "fuck" in German).

and sodomy laws, pro-family protests of pornography, a defense of Wicca, etc.

Cyber Sentinel

The software's PR blurb says: "At the core of the technology is an advanced recognition engine developed by Security Software Systems engineers (patent pending). This proprietary engine is very fast, very low overhead, and is very accurate."

Blocked sites include:

• CNN.com homepage (because of the story headline "Naples museum exposes public to ancient erotica");
• searches for the term "COPA" on CNet, Wired, Time, and USAToday (because each results page had at least one filthy headline, such as "Back to court for Net porn law");
• The American Family Association (the right-wing group pushing for censorware in libraries and schools, including those surrounding the Slashdot Geek Compound);
• biographies of COPA Commission members Stephen Balkam and Donna Rice Hughes - because they both graduated "magna cum laude" (think about it);
• and, my favorite, the list of papers presented at the COPA Commission!

SurfWatch

This was a more interesting test; Peacefire took a sampling of 1,000 domains from the beginning of the .com zone file, and tested which ones that SurfWatch blocked. (Yours truly wrote the one-liner perl script to find sites that respond to ping; for that, Bennett almost named me co-author before I talked him down from his caffeine high.)

SurfWatch claims that it "adds over 400 new sites to the database every day, while also removing sites that no longer exist on the Internet or that have changed content. Our site database is the most accurate and reliable filtering you can find."

Of the 147 domains blocked, most (96) were clearly "under construction" and were ignored for the test. Of the remaining 51 blocked domains, 42 of them, or 82%, were erroneous blocks.

The 42 supposedly pornographic sites include:

• A-1 Dog Grooming and Kennels;
• American Builders;
• Waterbeds Online;
• A-1 Diamond Limousine;
• Poxy Coat;
• A-Antiques.com.

SurfWatch, for the record, is the software that the American Family Association (see above) and Family Research Council tried to force the Geek Compound's local library to install, earlier this year.

At 11:30 AM PDT today, Bennett Haselton of Peacefire is scheduled to begin speaking to the COPA Commission. The occasion is their third and final hearing on the subject of blocking software, aka censorware. Our highly hilarious report on the second hearing may still be fresh in your memory; this time around, Bennett takes on the products FamilyClick, CyberSentinel, and SurfWatch.

The reports themselves make for the most interesting reading; I'll just summarize them here:

FamilyClick

The following sites were blocked on the "18 or older" setting, in other words, the software thinks they were too violent, pornographic, hateful, etc. to be seen even by adults:

• AIDS Day 1997: China Responds to AIDS;
• Diccionario del VIH/SIDA (a dictionary of AIDS-related terms, in Spanish);
• Camp Sussex (a summer camp for low-income children);
• Triangles and Tribulations, an essay on the persecution of gay men and woman in Nazi Germany;
• "Homosexuality: Fact and Fiction", from the Christian Research Journal;
• genealogy of Alice Ficken (her last name means "fuck" in German).

and sodomy laws, pro-family protests of pornography, a defense of Wicca, etc.

Cyber Sentinel

The software's PR blurb says: "At the core of the technology is an advanced recognition engine developed by Security Software Systems engineers (patent pending). This proprietary engine is very fast, very low overhead, and is very accurate."

Blocked sites include:

• CNN.com homepage (because of the story headline "Naples museum exposes public to ancient erotica");
• searches for the term "COPA" on CNet, Wired, Time, and USAToday (because each results page had at least one filthy headline, such as "Back to court for Net porn law");
• The American Family Association (the right-wing group pushing for censorware in libraries and schools, including those surrounding the Slashdot Geek Compound);
• biographies of COPA Commission members Stephen Balkam and Donna Rice Hughes - because they both graduated "magna cum laude" (think about it);
• and, my favorite, the list of papers presented at the COPA Commission!

SurfWatch

This was a more interesting test; Peacefire took a sampling of 1,000 domains from the beginning of the .com zone file, and tested which ones that SurfWatch blocked. (Yours truly wrote the one-liner perl script to find sites that respond to ping; for that, Bennett almost named me co-author before I talked him down from his caffeine high.)

SurfWatch claims that it "adds over 400 new sites to the database every day, while also removing sites that no longer exist on the Internet or that have changed content. Our site database is the most accurate and reliable filtering you can find."

Of the 147 domains blocked, most (96) were clearly "under construction" and were ignored for the test. Of the remaining 51 blocked domains, 42 of them, or 82%, were erroneous blocks.

The 42 supposedly pornographic sites include:

• A-1 Dog Grooming and Kennels;
• American Builders;
• Waterbeds Online;
• A-1 Diamond Limousine;
• Poxy Coat;
• A-Antiques.com.

SurfWatch, for the record, is the software that the American Family Association (see above) and Family Research Council tried to force the Geek Compound's local library to install, earlier this year.

At 11:30 AM PDT today, Bennett Haselton of Peacefire is scheduled to begin speaking to the COPA Commission. The occasion is their third and final hearing on the subject of blocking software, aka censorware. Our highly hilarious report on the second hearing may still be fresh in your memory; this time around, Bennett takes on the products FamilyClick, CyberSentinel, and SurfWatch.

The reports themselves make for the most interesting reading; I'll just summarize them here:

FamilyClick

The following sites were blocked on the "18 or older" setting, in other words, the software thinks they were too violent, pornographic, hateful, etc. to be seen even by adults:

• AIDS Day 1997: China Responds to AIDS;
• Diccionario del VIH/SIDA (a dictionary of AIDS-related terms, in Spanish);
• Camp Sussex (a summer camp for low-income children);
• Triangles and Tribulations, an essay on the persecution of gay men and woman in Nazi Germany;
• "Homosexuality: Fact and Fiction", from the Christian Research Journal;
• genealogy of Alice Ficken (her last name means "fuck" in German).

and sodomy laws, pro-family protests of pornography, a defense of Wicca, etc.

Cyber Sentinel

The software's PR blurb says: "At the core of the technology is an advanced recognition engine developed by Security Software Systems engineers (patent pending). This proprietary engine is very fast, very low overhead, and is very accurate."

Blocked sites include:

• CNN.com homepage (because of the story headline "Naples museum exposes public to ancient erotica");
• searches for the term "COPA" on CNet, Wired, Time, and USAToday (because each results page had at least one filthy headline, such as "Back to court for Net porn law");
• The American Family Association (the right-wing group pushing for censorware in libraries and schools, including those surrounding the Slashdot Geek Compound);
• biographies of COPA Commission members Stephen Balkam and Donna Rice Hughes - because they both graduated "magna cum laude" (think about it);
• and, my favorite, the list of papers presented at the COPA Commission!

SurfWatch

This was a more interesting test; Peacefire took a sampling of 1,000 domains from the beginning of the .com zone file, and tested which ones that SurfWatch blocked. (Yours truly wrote the one-liner perl script to find sites that respond to ping; for that, Bennett almost named me co-author before I talked him down from his caffeine high.)

SurfWatch claims that it "adds over 400 new sites to the database every day, while also removing sites that no longer exist on the Internet or that have changed content. Our site database is the most accurate and reliable filtering you can find."

Of the 147 domains blocked, most (96) were clearly "under construction" and were ignored for the test. Of the remaining 51 blocked domains, 42 of them, or 82%, were erroneous blocks.

The 42 supposedly pornographic sites include:

• A-1 Dog Grooming and Kennels;
• American Builders;
• Waterbeds Online;
• A-1 Diamond Limousine;
• Poxy Coat;
• A-Antiques.com.

SurfWatch, for the record, is the software that the American Family Association (see above) and Family Research Council tried to force the Geek Compound's local library to install, earlier this year.

At 11:30 AM PDT today, Bennett Haselton of Peacefire is scheduled to begin speaking to the COPA Commission. The occasion is their third and final hearing on the subject of blocking software, aka censorware. Our highly hilarious report on the second hearing may still be fresh in your memory; this time around, Bennett takes on the products FamilyClick, CyberSentinel, and SurfWatch.

The reports themselves make for the most interesting reading; I'll just summarize them here:

FamilyClick

The following sites were blocked on the "18 or older" setting, in other words, the software thinks they were too violent, pornographic, hateful, etc. to be seen even by adults:

• AIDS Day 1997: China Responds to AIDS;
• Diccionario del VIH/SIDA (a dictionary of AIDS-related terms, in Spanish);
• Camp Sussex (a summer camp for low-income children);
• Triangles and Tribulations, an essay on the persecution of gay men and woman in Nazi Germany;
• "Homosexuality: Fact and Fiction", from the Christian Research Journal;
• genealogy of Alice Ficken (her last name means "fuck" in German).

and sodomy laws, pro-family protests of pornography, a defense of Wicca, etc.

Cyber Sentinel

The software's PR blurb says: "At the core of the technology is an advanced recognition engine developed by Security Software Systems engineers (patent pending). This proprietary engine is very fast, very low overhead, and is very accurate."

Blocked sites include:

• CNN.com homepage (because of the story headline "Naples museum exposes public to ancient erotica");
• searches for the term "COPA" on CNet, Wired, Time, and USAToday (because each results page had at least one filthy headline, such as "Back to court for Net porn law");
• The American Family Association (the right-wing group pushing for censorware in libraries and schools, including those surrounding the Slashdot Geek Compound);
• biographies of COPA Commission members Stephen Balkam and Donna Rice Hughes - because they both graduated "magna cum laude" (think about it);
• and, my favorite, the list of papers presented at the COPA Commission!

SurfWatch

This was a more interesting test; Peacefire took a sampling of 1,000 domains from the beginning of the .com zone file, and tested which ones that SurfWatch blocked. (Yours truly wrote the one-liner perl script to find sites that respond to ping; for that, Bennett almost named me co-author before I talked him down from his caffeine high.)

SurfWatch claims that it "adds over 400 new sites to the database every day, while also removing sites that no longer exist on the Internet or that have changed content. Our site database is the most accurate and reliable filtering you can find."

Of the 147 domains blocked, most (96) were clearly "under construction" and were ignored for the test. Of the remaining 51 blocked domains, 42 of them, or 82%, were erroneous blocks.

The 42 supposedly pornographic sites include:

• A-1 Dog Grooming and Kennels;
• American Builders;
• Waterbeds Online;
• A-1 Diamond Limousine;
• Poxy Coat;
• A-Antiques.com.

SurfWatch, for the record, is the software that the American Family Association (see above) and Family Research Council tried to force the Geek Compound's local library to install, earlier this year.

There's a boatload of censorware news today, enough for two or three Slashdot stories -- but to conserve electrons, we're bringing it to you all in one easy-to-download package. First, Peacefire has a report on the accuracy of intelligent skin-tone-scanning software, one month after its company said they'd have it working in a month. And since the CEO of ClickSafe spoke at the COPA Commission meeting yesterday, Peacefire ran a check to see how many COPA-related sites its AI blocks. Finally, Waldo Jaquith has a report from the meeting itself which should be sobering but cracked me up anyway. Pay attention, everyone, these are the folks who are going to censor your Internet.

The Child Online Protection Act, passed late last year and then struck down early this year, is still under appeal. Colloquially it's known as "CDAII." Part of what the Act does is establish a Commission that meets every so often -- the Commission's website has details on its mandate and so on.

(Update, a few minutes later: make that "injunctified," or whatever one says for a law against which an injunction has been applied, instead of "struck down." Sorry; IANAL.)

Speaking at the Commission meeting yesterday and today were the CEOs of several major censorware companies. Among them was Michael Stephani, whose company Exotrope makes a product called BAIR.

BAIR

BAIR checks images as they download onto your computer, and claims to be able to tell the difference between pornography and other types of images. The "AI" in its acronym stands for artificial intelligence, running on supercomputers.

When the Wired story on BAIR came out last month (a story "borrowed" from Peacefire -- I'm not going to get into it), Wired quoted the company as saying "they plan to fix the errors within the next month." What errors?

"BAIR incorrectly blocked photographs of Yellowstone, the Baltimore waterfront, Snoopy, boats, sunsets, dogs, vegetables and even a Wired News staff meeting.

"It rated as acceptable for minors -- even on the most restrictive setting -- explicit images of oral sex, anal sex, group sex, masturbation, and ejaculation."

That was one month ago. How's BAIR doing now?

Peacefire retested the same 50 pornographic images that they'd used last month (which presumably BAIR's programmers would have paid extra-special attention to). Their new report finds that, instead of zero, the number of blocked images is now: 34. I've got a great slogan for them: "now your children can only see 32% of the web's oral sex, anal sex, group sex, masturbation, and ejaculation."

One's respect for these programmers is dampened a little, though, because there's more to Peacefire's report. It seems, in a random sample of 50 photos of people's faces, BAIR blocked ... how many? ... 34.

Maybe that slogan should be: "now your children can only see 32% of the web," period.

It's wonderful to live in a world where artificial intelligence offers limitless possibilities. Its website suggests that "Because Artificial Intelligence can be taught to recognize a variety of patterns," -- oh, OK -- "our BAIR can be taught to evaluate other categories such as violence or illegal activities. The BAIR is currently undergoing training in these areas to provide additional filtration selections."

ClickSafe

Richard Schwartz, CEO of ClickSafe, also spoke yesterday at the COPA Commission meeting. Just for kicks, Peacefire decided to try out their spiffy AI software too.

Insert marketblurb here: "...by combining cutting-edge graphic, word and phrase-recognition technology, ClickSafe has achieved accuracy rates of over 99% (according to recent sample tests). ClickSafe can precisely distinguish between appropriate and inappropriate sites (e.g. sites related to issues such as breast cancer will not be blocked)."

What Peacefire did was test this software against the website of the COPA Commission itself, and related sites such as those of speakers or Commission members. They found that blocked pages included:

• The Child Online Protection Act itself, in original and amended form;
• The COPA Commission FAQ;
• Biographies of Commission members Stephen Balkam and John Bastian;
• Bio of Commission member and famed anti-porn crusader Donna Rice Hughes, as well as AppendixA from her book Kids Online: Protecting Your Children in Cyberspace;
• A list of technologies the Commission examines;
• The scope of what the Commission is called upon to do;
• A service agreement from a little company called Network Solutions, whose rep chairs COPA's meetings;
• "About the ICRA" (the makers of RSACi, "a simple, yet effective rating system for web sites which both protected children and protected the rights of free speech");
• Bible study tools: "We hope these free resources foster a desire for Christians to learn more about the Bible, deepening their relationship with God" unless they're using censorware;
• The American Family Association (a conservative Christian group that is trying to force censorware into public libraries, including those surrounding the Slashdot Geek Compound);
• The ACLU, the EFF, and the Center for Democracy and Technology;

and so on.

When I spoke with Bennett about this, he commented that the strange thing was that these flaws are so easy to find; you'd think someone would have run these simple tests already. If anyone reading wants to get their name in Slashdot (and other news media too), censorware is a gold mine of untested misinformation. Buy a product, design a solid unbiased test for it, run the test, and send us what you find. Repeat until the whole world has a clue.

The COPA Commission Meeting

The following is an account of yesterday's COPA Commission meeting, by Waldo Jaquith. Keep in mind that this meeting's purpose, according to the Scope & Timeline Proposal which is blocked by ClickSafe, is to study filtering and blocking software to learn what to recommend in its report to Congress late this year.

Folks,

For more information on the COPA Commission, see http://www.copacommission.org/. (Unless your network has ClickSafe installed, in which case you shouldn't bother.) There is an agenda for this meeting, and there are bios for most people, as well as the prepared speeches for many of the below folks. I've tried to be objective.

Oh, screw that. There's nothing objective about it. But I've tried to give useful facts, quote accurately, etc.

The whole affair, which was scheduled to start at 9:30am, didn't actually start until 10:15am. Which was good, because I didn't get there until 9:45. Although the event was being held at the University of Richmond's Jepson Alumni Center, the room felt like your basic hotel meeting room. Bad carpet, ugly chairs, poor lighting. There were enough chairs to seat about 100 people, but only 35 people were in attendance. Directly in front of the two columns of chairs was a table with chairs, facing away from the audience. This table was for people asked to testify before the COPA Commission. On the other side of that table was a long table, at which was seated the commission, all sixteen members. The result was that the people testifying, who did most of the talking, could only be recognized by the backs of their heads by the audience.

Chairman Donald Telage called the meeting to order and introduced the first panel, who was to speak for approximately 45 minutes on the topic of client-side filters. This panel included Gordon Ross, the President and CEO of Net Nanny, Mark Smith, the President of BrowseSafe, Susan Getgood, the VP and General Manager of Cyber Patrol, and Richard Schwartz, the CEO of Opportunity-America (ClickSafe.com).

Gordon Ross kicked things off with a tremendously boring ten minute speech about how client-side filters work. The only interesting comment that he made was his belief that "consumers should have the ability to analyze each and every site in the database..." [...because his product Net Nanny is the only one of the 150 censorware packages on the market that allows oversight of its blacklist. -ed] He also kicked off the First Amendment references, which nearly every speaker throughout the day would spend some time talking about, but not really saying very much.

Mark Smith from BrowseSafe occupied the next few minutes, giving a rambling speech in which he discussed censorware as if it were some far-off and idyllic concept.

"Most products focus on either client-side- or server-side-based technology. What would happen if the benefits of each could be brought together to provide the user with a new, more flexible and powerful way of surfing the web? What if every sub domain of every site had been categorized and classified by its content? Wouldn't you agree that everyone could benefit from that combination of technology? Of course you would? Now let's walk across the street to the front porch of the family of the home and try to view it from the parent's perspective. What if parents were able to determine what the child sees? What would it be like if e-mail, instant messaging, chat and other computer tools could be also controlled?"

Then, although the topic was client-side filters, he rambled on for several minutes about PlanetGood, a website that was probably unfamiliar to many in the room. He used the site's name in every single sentence for several minutes. And, naturally, he closed talking about "our forefathers" and "these inalienable rights that our forefathers entrusted to us and many of them died for."

Susan Getgood from Cyber Patrol kept things short and sweet, and took the "I'm a new mother and want to protect my children" approach. She muddled the definition of censorship somewhat, saying that "[s]ome critics confuse censorship, which is imposed by the government, with technology that a family or school can choose to use and then set to implement an individual policy." Our school system isn't a part of the government?

Richard Schwartz of ClickSafe.com touted his product nearly as much as Mark Smith promoted the mysterious "PlanetGood." He also described a system that his company has developed that sounds very much like Exotrope's BAIR. "Fleshtone has a very unique set of features [...] Through a combination?of a set of sophisticated algorithms it can establish if something is pornographic. [...] Justice Potter Stewart lives within our system, because he knows it when he sees it. It works, it's been tested out, it's over 99% effective." "We can distinguish between chicken breast and sexy breast." "A consortium of Portuguese and Australian pornographers had been hijacking people off of different sites, including the Harvard Law Review site into their pornographic sites. And then you have to reboot your computer in order to get out."

After the four had testified, we moved into the commission Q&A session. (No questions would be allowed from the audience.) A few interesting questions, answers, and comments cropped up during this portion.

Richard Schwartz, only half kidding, proposed a tax on Internet pornography.

Commissioner Gregory L. Rohde asked Richard Schwartz if his image filter could tell the difference between art and pornography. Astoundingly, Schwartz replied that it could.

Commissioner Jerry Berman asked if there were any plans to create an organization that could provide objective reviews of censorware products to help parents decide what to buy. Gordon Ross said that this had been tried a few years back with SIFT (?), and that it didn't work out.

After a short break, we began the second panel, which addressed server side filtering. Testifying was Kevin Fink, N2H2's CTO; Sunil Paul, Chairman of Brightmail; Stephen Boyles of Library Guardian (Swifteye); Michael Stephani, President and CEO of Exotrope; Ginny Wydler, Director of Standards and Policy at AOL; and Tim Robertson, CEO of FamilyClick.

The first person to say anything interesting was Michael Stephani, who made some fairly interesting claims. He said that their blacklist of sites included four million sites, and that their image-recognition software, BAIR, is 99.8% percent effective. Stephani bragged that it blocked 1 out of 6 general images and 96 out of 100 pornographic images. He pointed out (perhaps rightly) that image filtering is the only real way to filter out pornography, and also that client-side filtering would so go the way of the dodo, given the proliferation of Internet appliances. It wasn't long before he got all 'God bless America' and 'think of the children,' and eyeballs could be heard rolling throughout the room.

As Commissioners asked questions of the panel, Chairman Donald Telage admitted that he wasn't aware that client-side filters were able to use a blacklist. He was under the impression that they could only filter. I had flashbacks from the Napster hearings last week ("Can't you track their intellectual property address?")

Out of the blue, Karen Talbert asked the panel for a show of hands regarding their respective products' ability to work with high-speed connections. Obviously, everybody's hands went up.

How do these people get on the commission?

When given half a chance, Stephani got all "think of the children, my god, won't somebody think of the children?" again. He also bragged that Exotrope has a new, not-yet-released product that filters IM [AOL Instant Messaging -ed.] and even detects innuendo. Stephani said that they just got a contract to install this program on 30,000 school servers. Continuing his spectacular Old Faithful of shit, he cheerfully envisioned a time in the future when there would be "photonic switches" that would maintain a complete blueprint of everything that every user had ever done on-line. Christ, that's frightening. Stephani said that they'd spent $6.5MUS developing BAIR, and went on to point out the coincidence that Peacefire released the report showing that BAIR was 0% effective on the same day that their servers went down. Perhaps he was implying that Peacefire members hacked the server, perhaps that we were taking advantage of them, or perhaps he was just laughing at the circumstances.

There was no promised audience Q&A. That's probably because the whole event ran well over when it was supposed to end. Lacking a better approach, I rushed up to the ebullient Stephani with a copy of the newest BAIR report in hand. Although he was already talking to a reporter, he stopped when he saw my nametag ("Waldo L. Jaquith, Peacefire") and looked a little surprised. He, as well as his sidekick PR guy, enthusiastically introduced themselves. We talked for a few minutes, during which time I said that BAIR appears to suck less than many other censorware programs. But I was still fundamentally opposed to all of them. Between this and the revised report, Stephani was my new best friend. Several other people came forward to read nametags and shake hands, but I continued to talk to Stephani and the reporter, Drew Clark from Technology Daily.

Ten minutes later, when I walked out, I felt a little baffled. Stephani behaved towards me as if Peacefire had just given him the most glowing review that BAIR had ever gotten. This, despite my repeatedly pointing out that Peacefire is fundamentally opposed to filters, always will be, and BAIR is simply rather effective at performing the task that we hate.

I was disappointed that a few major points were never brought up during the discussions:

• Server-side censorware (especially that which is housed with each website) will always be a severe privacy violation, because it needs data on the user in order to establish what information to provide.
• Client-side censorware is doomed to fail because children know more about computers than their parents. The parent has to trust that little Suzy won't uninstall Cyber Patrol. But if Suzy can be trusted, why bother with Cyber Patrol?
• Internet censorship is impossible. The Internet is so large that it's a waste of time, so let's all stop. Gated community models, like AOL, Compuserve and such, are a far better way to provide a "safe" experience for kids.
• The concerns about children's wellbeing presented during the meeting mirror those that parents, since the beginning of time, have always had for their children. How can I keep my child safe when I'm not watching him? How do I know what my child is doing if I'm not around? How do I keep my children from hearing / seeing / saying bad things? Censorware makes no more sense than installing a v-chip in little Suzy's head. Get over it.

In a nutshell, I'm not sure what, if anything, was established at this meeting. It's clear that most of the Commissioners knew every little to start off with, and their opinions are being formed on what amounts to a series of sales pitch sprinkled with god-and-country references, a la mega blowout carpet sales around Independence Day. I'm glad COPA was struck down. Let's get on with our lives.

Best,
Waldo

There's a boatload of censorware news today, enough for two or three Slashdot stories -- but to conserve electrons, we're bringing it to you all in one easy-to-download package. First, Peacefire has a report on the accuracy of intelligent skin-tone-scanning software, one month after its company said they'd have it working in a month. And since the CEO of ClickSafe spoke at the COPA Commission meeting yesterday, Peacefire ran a check to see how many COPA-related sites its AI blocks. Finally, Waldo Jaquith has a report from the meeting itself which should be sobering but cracked me up anyway. Pay attention, everyone, these are the folks who are going to censor your Internet.

The Child Online Protection Act, passed late last year and then struck down early this year, is still under appeal. Colloquially it's known as "CDAII." Part of what the Act does is establish a Commission that meets every so often -- the Commission's website has details on its mandate and so on.

(Update, a few minutes later: make that "injunctified," or whatever one says for a law against which an injunction has been applied, instead of "struck down." Sorry; IANAL.)

Speaking at the Commission meeting yesterday and today were the CEOs of several major censorware companies. Among them was Michael Stephani, whose company Exotrope makes a product called BAIR.

BAIR

BAIR checks images as they download onto your computer, and claims to be able to tell the difference between pornography and other types of images. The "AI" in its acronym stands for artificial intelligence, running on supercomputers.

When the Wired story on BAIR came out last month (a story "borrowed" from Peacefire -- I'm not going to get into it), Wired quoted the company as saying "they plan to fix the errors within the next month." What errors?

"BAIR incorrectly blocked photographs of Yellowstone, the Baltimore waterfront, Snoopy, boats, sunsets, dogs, vegetables and even a Wired News staff meeting.

"It rated as acceptable for minors -- even on the most restrictive setting -- explicit images of oral sex, anal sex, group sex, masturbation, and ejaculation."

That was one month ago. How's BAIR doing now?

Peacefire retested the same 50 pornographic images that they'd used last month (which presumably BAIR's programmers would have paid extra-special attention to). Their new report finds that, instead of zero, the number of blocked images is now: 34. I've got a great slogan for them: "now your children can only see 32% of the web's oral sex, anal sex, group sex, masturbation, and ejaculation."

One's respect for these programmers is dampened a little, though, because there's more to Peacefire's report. It seems, in a random sample of 50 photos of people's faces, BAIR blocked ... how many? ... 34.

Maybe that slogan should be: "now your children can only see 32% of the web," period.

It's wonderful to live in a world where artificial intelligence offers limitless possibilities. Its website suggests that "Because Artificial Intelligence can be taught to recognize a variety of patterns," -- oh, OK -- "our BAIR can be taught to evaluate other categories such as violence or illegal activities. The BAIR is currently undergoing training in these areas to provide additional filtration selections."

ClickSafe

Richard Schwartz, CEO of ClickSafe, also spoke yesterday at the COPA Commission meeting. Just for kicks, Peacefire decided to try out their spiffy AI software too.

Insert marketblurb here: "...by combining cutting-edge graphic, word and phrase-recognition technology, ClickSafe has achieved accuracy rates of over 99% (according to recent sample tests). ClickSafe can precisely distinguish between appropriate and inappropriate sites (e.g. sites related to issues such as breast cancer will not be blocked)."

What Peacefire did was test this software against the website of the COPA Commission itself, and related sites such as those of speakers or Commission members. They found that blocked pages included:

• The Child Online Protection Act itself, in original and amended form;
• The COPA Commission FAQ;
• Biographies of Commission members Stephen Balkam and John Bastian;
• Bio of Commission member and famed anti-porn crusader Donna Rice Hughes, as well as AppendixA from her book Kids Online: Protecting Your Children in Cyberspace;
• A list of technologies the Commission examines;
• The scope of what the Commission is called upon to do;
• A service agreement from a little company called Network Solutions, whose rep chairs COPA's meetings;
• "About the ICRA" (the makers of RSACi, "a simple, yet effective rating system for web sites which both protected children and protected the rights of free speech");
• Bible study tools: "We hope these free resources foster a desire for Christians to learn more about the Bible, deepening their relationship with God" unless they're using censorware;
• The American Family Association (a conservative Christian group that is trying to force censorware into public libraries, including those surrounding the Slashdot Geek Compound);
• The ACLU, the EFF, and the Center for Democracy and Technology;

and so on.

When I spoke with Bennett about this, he commented that the strange thing was that these flaws are so easy to find; you'd think someone would have run these simple tests already. If anyone reading wants to get their name in Slashdot (and other news media too), censorware is a gold mine of untested misinformation. Buy a product, design a solid unbiased test for it, run the test, and send us what you find. Repeat until the whole world has a clue.

The COPA Commission Meeting

The following is an account of yesterday's COPA Commission meeting, by Waldo Jaquith. Keep in mind that this meeting's purpose, according to the Scope & Timeline Proposal which is blocked by ClickSafe, is to study filtering and blocking software to learn what to recommend in its report to Congress late this year.

Folks,

For more information on the COPA Commission, see http://www.copacommission.org/. (Unless your network has ClickSafe installed, in which case you shouldn't bother.) There is an agenda for this meeting, and there are bios for most people, as well as the prepared speeches for many of the below folks. I've tried to be objective.

Oh, screw that. There's nothing objective about it. But I've tried to give useful facts, quote accurately, etc.

The whole affair, which was scheduled to start at 9:30am, didn't actually start until 10:15am. Which was good, because I didn't get there until 9:45. Although the event was being held at the University of Richmond's Jepson Alumni Center, the room felt like your basic hotel meeting room. Bad carpet, ugly chairs, poor lighting. There were enough chairs to seat about 100 people, but only 35 people were in attendance. Directly in front of the two columns of chairs was a table with chairs, facing away from the audience. This table was for people asked to testify before the COPA Commission. On the other side of that table was a long table, at which was seated the commission, all sixteen members. The result was that the people testifying, who did most of the talking, could only be recognized by the backs of their heads by the audience.

Chairman Donald Telage called the meeting to order and introduced the first panel, who was to speak for approximately 45 minutes on the topic of client-side filters. This panel included Gordon Ross, the President and CEO of Net Nanny, Mark Smith, the President of BrowseSafe, Susan Getgood, the VP and General Manager of Cyber Patrol, and Richard Schwartz, the CEO of Opportunity-America (ClickSafe.com).

Gordon Ross kicked things off with a tremendously boring ten minute speech about how client-side filters work. The only interesting comment that he made was his belief that "consumers should have the ability to analyze each and every site in the database..." [...because his product Net Nanny is the only one of the 150 censorware packages on the market that allows oversight of its blacklist. -ed] He also kicked off the First Amendment references, which nearly every speaker throughout the day would spend some time talking about, but not really saying very much.

Mark Smith from BrowseSafe occupied the next few minutes, giving a rambling speech in which he discussed censorware as if it were some far-off and idyllic concept.

"Most products focus on either client-side- or server-side-based technology. What would happen if the benefits of each could be brought together to provide the user with a new, more flexible and powerful way of surfing the web? What if every sub domain of every site had been categorized and classified by its content? Wouldn't you agree that everyone could benefit from that combination of technology? Of course you would? Now let's walk across the street to the front porch of the family of the home and try to view it from the parent's perspective. What if parents were able to determine what the child sees? What would it be like if e-mail, instant messaging, chat and other computer tools could be also controlled?"

Then, although the topic was client-side filters, he rambled on for several minutes about PlanetGood, a website that was probably unfamiliar to many in the room. He used the site's name in every single sentence for several minutes. And, naturally, he closed talking about "our forefathers" and "these inalienable rights that our forefathers entrusted to us and many of them died for."

Susan Getgood from Cyber Patrol kept things short and sweet, and took the "I'm a new mother and want to protect my children" approach. She muddled the definition of censorship somewhat, saying that "[s]ome critics confuse censorship, which is imposed by the government, with technology that a family or school can choose to use and then set to implement an individual policy." Our school system isn't a part of the government?

Richard Schwartz of ClickSafe.com touted his product nearly as much as Mark Smith promoted the mysterious "PlanetGood." He also described a system that his company has developed that sounds very much like Exotrope's BAIR. "Fleshtone has a very unique set of features [...] Through a combination?of a set of sophisticated algorithms it can establish if something is pornographic. [...] Justice Potter Stewart lives within our system, because he knows it when he sees it. It works, it's been tested out, it's over 99% effective." "We can distinguish between chicken breast and sexy breast." "A consortium of Portuguese and Australian pornographers had been hijacking people off of different sites, including the Harvard Law Review site into their pornographic sites. And then you have to reboot your computer in order to get out."

After the four had testified, we moved into the commission Q&A session. (No questions would be allowed from the audience.) A few interesting questions, answers, and comments cropped up during this portion.

Richard Schwartz, only half kidding, proposed a tax on Internet pornography.

Commissioner Gregory L. Rohde asked Richard Schwartz if his image filter could tell the difference between art and pornography. Astoundingly, Schwartz replied that it could.

Commissioner Jerry Berman asked if there were any plans to create an organization that could provide objective reviews of censorware products to help parents decide what to buy. Gordon Ross said that this had been tried a few years back with SIFT (?), and that it didn't work out.

After a short break, we began the second panel, which addressed server side filtering. Testifying was Kevin Fink, N2H2's CTO; Sunil Paul, Chairman of Brightmail; Stephen Boyles of Library Guardian (Swifteye); Michael Stephani, President and CEO of Exotrope; Ginny Wydler, Director of Standards and Policy at AOL; and Tim Robertson, CEO of FamilyClick.

The first person to say anything interesting was Michael Stephani, who made some fairly interesting claims. He said that their blacklist of sites included four million sites, and that their image-recognition software, BAIR, is 99.8% percent effective. Stephani bragged that it blocked 1 out of 6 general images and 96 out of 100 pornographic images. He pointed out (perhaps rightly) that image filtering is the only real way to filter out pornography, and also that client-side filtering would so go the way of the dodo, given the proliferation of Internet appliances. It wasn't long before he got all 'God bless America' and 'think of the children,' and eyeballs could be heard rolling throughout the room.

As Commissioners asked questions of the panel, Chairman Donald Telage admitted that he wasn't aware that client-side filters were able to use a blacklist. He was under the impression that they could only filter. I had flashbacks from the Napster hearings last week ("Can't you track their intellectual property address?")

Out of the blue, Karen Talbert asked the panel for a show of hands regarding their respective products' ability to work with high-speed connections. Obviously, everybody's hands went up.

How do these people get on the commission?

When given half a chance, Stephani got all "think of the children, my god, won't somebody think of the children?" again. He also bragged that Exotrope has a new, not-yet-released product that filters IM [AOL Instant Messaging -ed.] and even detects innuendo. Stephani said that they just got a contract to install this program on 30,000 school servers. Continuing his spectacular Old Faithful of shit, he cheerfully envisioned a time in the future when there would be "photonic switches" that would maintain a complete blueprint of everything that every user had ever done on-line. Christ, that's frightening. Stephani said that they'd spent $6.5MUS developing BAIR, and went on to point out the coincidence that Peacefire released the report showing that BAIR was 0% effective on the same day that their servers went down. Perhaps he was implying that Peacefire members hacked the server, perhaps that we were taking advantage of them, or perhaps he was just laughing at the circumstances.

There was no promised audience Q&A. That's probably because the whole event ran well over when it was supposed to end. Lacking a better approach, I rushed up to the ebullient Stephani with a copy of the newest BAIR report in hand. Although he was already talking to a reporter, he stopped when he saw my nametag ("Waldo L. Jaquith, Peacefire") and looked a little surprised. He, as well as his sidekick PR guy, enthusiastically introduced themselves. We talked for a few minutes, during which time I said that BAIR appears to suck less than many other censorware programs. But I was still fundamentally opposed to all of them. Between this and the revised report, Stephani was my new best friend. Several other people came forward to read nametags and shake hands, but I continued to talk to Stephani and the reporter, Drew Clark from Technology Daily.

Ten minutes later, when I walked out, I felt a little baffled. Stephani behaved towards me as if Peacefire had just given him the most glowing review that BAIR had ever gotten. This, despite my repeatedly pointing out that Peacefire is fundamentally opposed to filters, always will be, and BAIR is simply rather effective at performing the task that we hate.

I was disappointed that a few major points were never brought up during the discussions:

• Server-side censorware (especially that which is housed with each website) will always be a severe privacy violation, because it needs data on the user in order to establish what information to provide.
• Client-side censorware is doomed to fail because children know more about computers than their parents. The parent has to trust that little Suzy won't uninstall Cyber Patrol. But if Suzy can be trusted, why bother with Cyber Patrol?
• Internet censorship is impossible. The Internet is so large that it's a waste of time, so let's all stop. Gated community models, like AOL, Compuserve and such, are a far better way to provide a "safe" experience for kids.
• The concerns about children's wellbeing presented during the meeting mirror those that parents, since the beginning of time, have always had for their children. How can I keep my child safe when I'm not watching him? How do I know what my child is doing if I'm not around? How do I keep my children from hearing / seeing / saying bad things? Censorware makes no more sense than installing a v-chip in little Suzy's head. Get over it.

In a nutshell, I'm not sure what, if anything, was established at this meeting. It's clear that most of the Commissioners knew every little to start off with, and their opinions are being formed on what amounts to a series of sales pitch sprinkled with god-and-country references, a la mega blowout carpet sales around Independence Day. I'm glad COPA was struck down. Let's get on with our lives.

Best,
Waldo

There's a boatload of censorware news today, enough for two or three Slashdot stories -- but to conserve electrons, we're bringing it to you all in one easy-to-download package. First, Peacefire has a report on the accuracy of intelligent skin-tone-scanning software, one month after its company said they'd have it working in a month. And since the CEO of ClickSafe spoke at the COPA Commission meeting yesterday, Peacefire ran a check to see how many COPA-related sites its AI blocks. Finally, Waldo Jaquith has a report from the meeting itself which should be sobering but cracked me up anyway. Pay attention, everyone, these are the folks who are going to censor your Internet.

The Child Online Protection Act, passed late last year and then struck down early this year, is still under appeal. Colloquially it's known as "CDAII." Part of what the Act does is establish a Commission that meets every so often -- the Commission's website has details on its mandate and so on.

(Update, a few minutes later: make that "injunctified," or whatever one says for a law against which an injunction has been applied, instead of "struck down." Sorry; IANAL.)

Speaking at the Commission meeting yesterday and today were the CEOs of several major censorware companies. Among them was Michael Stephani, whose company Exotrope makes a product called BAIR.

BAIR

BAIR checks images as they download onto your computer, and claims to be able to tell the difference between pornography and other types of images. The "AI" in its acronym stands for artificial intelligence, running on supercomputers.

When the Wired story on BAIR came out last month (a story "borrowed" from Peacefire -- I'm not going to get into it), Wired quoted the company as saying "they plan to fix the errors within the next month." What errors?

"BAIR incorrectly blocked photographs of Yellowstone, the Baltimore waterfront, Snoopy, boats, sunsets, dogs, vegetables and even a Wired News staff meeting.

"It rated as acceptable for minors -- even on the most restrictive setting -- explicit images of oral sex, anal sex, group sex, masturbation, and ejaculation."

That was one month ago. How's BAIR doing now?

Peacefire retested the same 50 pornographic images that they'd used last month (which presumably BAIR's programmers would have paid extra-special attention to). Their new report finds that, instead of zero, the number of blocked images is now: 34. I've got a great slogan for them: "now your children can only see 32% of the web's oral sex, anal sex, group sex, masturbation, and ejaculation."

One's respect for these programmers is dampened a little, though, because there's more to Peacefire's report. It seems, in a random sample of 50 photos of people's faces, BAIR blocked ... how many? ... 34.

Maybe that slogan should be: "now your children can only see 32% of the web," period.

It's wonderful to live in a world where artificial intelligence offers limitless possibilities. Its website suggests that "Because Artificial Intelligence can be taught to recognize a variety of patterns," -- oh, OK -- "our BAIR can be taught to evaluate other categories such as violence or illegal activities. The BAIR is currently undergoing training in these areas to provide additional filtration selections."

ClickSafe

Richard Schwartz, CEO of ClickSafe, also spoke yesterday at the COPA Commission meeting. Just for kicks, Peacefire decided to try out their spiffy AI software too.

Insert marketblurb here: "...by combining cutting-edge graphic, word and phrase-recognition technology, ClickSafe has achieved accuracy rates of over 99% (according to recent sample tests). ClickSafe can precisely distinguish between appropriate and inappropriate sites (e.g. sites related to issues such as breast cancer will not be blocked)."

What Peacefire did was test this software against the website of the COPA Commission itself, and related sites such as those of speakers or Commission members. They found that blocked pages included:

• The Child Online Protection Act itself, in original and amended form;
• The COPA Commission FAQ;
• Biographies of Commission members Stephen Balkam and John Bastian;
• Bio of Commission member and famed anti-porn crusader Donna Rice Hughes, as well as AppendixA from her book Kids Online: Protecting Your Children in Cyberspace;
• A list of technologies the Commission examines;
• The scope of what the Commission is called upon to do;
• A service agreement from a little company called Network Solutions, whose rep chairs COPA's meetings;
• "About the ICRA" (the makers of RSACi, "a simple, yet effective rating system for web sites which both protected children and protected the rights of free speech");
• Bible study tools: "We hope these free resources foster a desire for Christians to learn more about the Bible, deepening their relationship with God" unless they're using censorware;
• The American Family Association (a conservative Christian group that is trying to force censorware into public libraries, including those surrounding the Slashdot Geek Compound);
• The ACLU, the EFF, and the Center for Democracy and Technology;

and so on.

When I spoke with Bennett about this, he commented that the strange thing was that these flaws are so easy to find; you'd think someone would have run these simple tests already. If anyone reading wants to get their name in Slashdot (and other news media too), censorware is a gold mine of untested misinformation. Buy a product, design a solid unbiased test for it, run the test, and send us what you find. Repeat until the whole world has a clue.

The COPA Commission Meeting

The following is an account of yesterday's COPA Commission meeting, by Waldo Jaquith. Keep in mind that this meeting's purpose, according to the Scope & Timeline Proposal which is blocked by ClickSafe, is to study filtering and blocking software to learn what to recommend in its report to Congress late this year.

Folks,

For more information on the COPA Commission, see http://www.copacommission.org/. (Unless your network has ClickSafe installed, in which case you shouldn't bother.) There is an agenda for this meeting, and there are bios for most people, as well as the prepared speeches for many of the below folks. I've tried to be objective.

Oh, screw that. There's nothing objective about it. But I've tried to give useful facts, quote accurately, etc.

The whole affair, which was scheduled to start at 9:30am, didn't actually start until 10:15am. Which was good, because I didn't get there until 9:45. Although the event was being held at the University of Richmond's Jepson Alumni Center, the room felt like your basic hotel meeting room. Bad carpet, ugly chairs, poor lighting. There were enough chairs to seat about 100 people, but only 35 people were in attendance. Directly in front of the two columns of chairs was a table with chairs, facing away from the audience. This table was for people asked to testify before the COPA Commission. On the other side of that table was a long table, at which was seated the commission, all sixteen members. The result was that the people testifying, who did most of the talking, could only be recognized by the backs of their heads by the audience.

Chairman Donald Telage called the meeting to order and introduced the first panel, who was to speak for approximately 45 minutes on the topic of client-side filters. This panel included Gordon Ross, the President and CEO of Net Nanny, Mark Smith, the President of BrowseSafe, Susan Getgood, the VP and General Manager of Cyber Patrol, and Richard Schwartz, the CEO of Opportunity-America (ClickSafe.com).

Gordon Ross kicked things off with a tremendously boring ten minute speech about how client-side filters work. The only interesting comment that he made was his belief that "consumers should have the ability to analyze each and every site in the database..." [...because his product Net Nanny is the only one of the 150 censorware packages on the market that allows oversight of its blacklist. -ed] He also kicked off the First Amendment references, which nearly every speaker throughout the day would spend some time talking about, but not really saying very much.

Mark Smith from BrowseSafe occupied the next few minutes, giving a rambling speech in which he discussed censorware as if it were some far-off and idyllic concept.

"Most products focus on either client-side- or server-side-based technology. What would happen if the benefits of each could be brought together to provide the user with a new, more flexible and powerful way of surfing the web? What if every sub domain of every site had been categorized and classified by its content? Wouldn't you agree that everyone could benefit from that combination of technology? Of course you would? Now let's walk across the street to the front porch of the family of the home and try to view it from the parent's perspective. What if parents were able to determine what the child sees? What would it be like if e-mail, instant messaging, chat and other computer tools could be also controlled?"

Then, although the topic was client-side filters, he rambled on for several minutes about PlanetGood, a website that was probably unfamiliar to many in the room. He used the site's name in every single sentence for several minutes. And, naturally, he closed talking about "our forefathers" and "these inalienable rights that our forefathers entrusted to us and many of them died for."

Susan Getgood from Cyber Patrol kept things short and sweet, and took the "I'm a new mother and want to protect my children" approach. She muddled the definition of censorship somewhat, saying that "[s]ome critics confuse censorship, which is imposed by the government, with technology that a family or school can choose to use and then set to implement an individual policy." Our school system isn't a part of the government?

Richard Schwartz of ClickSafe.com touted his product nearly as much as Mark Smith promoted the mysterious "PlanetGood." He also described a system that his company has developed that sounds very much like Exotrope's BAIR. "Fleshtone has a very unique set of features [...] Through a combination?of a set of sophisticated algorithms it can establish if something is pornographic. [...] Justice Potter Stewart lives within our system, because he knows it when he sees it. It works, it's been tested out, it's over 99% effective." "We can distinguish between chicken breast and sexy breast." "A consortium of Portuguese and Australian pornographers had been hijacking people off of different sites, including the Harvard Law Review site into their pornographic sites. And then you have to reboot your computer in order to get out."

After the four had testified, we moved into the commission Q&A session. (No questions would be allowed from the audience.) A few interesting questions, answers, and comments cropped up during this portion.

Richard Schwartz, only half kidding, proposed a tax on Internet pornography.

Commissioner Gregory L. Rohde asked Richard Schwartz if his image filter could tell the difference between art and pornography. Astoundingly, Schwartz replied that it could.

Commissioner Jerry Berman asked if there were any plans to create an organization that could provide objective reviews of censorware products to help parents decide what to buy. Gordon Ross said that this had been tried a few years back with SIFT (?), and that it didn't work out.

After a short break, we began the second panel, which addressed server side filtering. Testifying was Kevin Fink, N2H2's CTO; Sunil Paul, Chairman of Brightmail; Stephen Boyles of Library Guardian (Swifteye); Michael Stephani, President and CEO of Exotrope; Ginny Wydler, Director of Standards and Policy at AOL; and Tim Robertson, CEO of FamilyClick.

The first person to say anything interesting was Michael Stephani, who made some fairly interesting claims. He said that their blacklist of sites included four million sites, and that their image-recognition software, BAIR, is 99.8% percent effective. Stephani bragged that it blocked 1 out of 6 general images and 96 out of 100 pornographic images. He pointed out (perhaps rightly) that image filtering is the only real way to filter out pornography, and also that client-side filtering would so go the way of the dodo, given the proliferation of Internet appliances. It wasn't long before he got all 'God bless America' and 'think of the children,' and eyeballs could be heard rolling throughout the room.

As Commissioners asked questions of the panel, Chairman Donald Telage admitted that he wasn't aware that client-side filters were able to use a blacklist. He was under the impression that they could only filter. I had flashbacks from the Napster hearings last week ("Can't you track their intellectual property address?")

Out of the blue, Karen Talbert asked the panel for a show of hands regarding their respective products' ability to work with high-speed connections. Obviously, everybody's hands went up.

How do these people get on the commission?

When given half a chance, Stephani got all "think of the children, my god, won't somebody think of the children?" again. He also bragged that Exotrope has a new, not-yet-released product that filters IM [AOL Instant Messaging -ed.] and even detects innuendo. Stephani said that they just got a contract to install this program on 30,000 school servers. Continuing his spectacular Old Faithful of shit, he cheerfully envisioned a time in the future when there would be "photonic switches" that would maintain a complete blueprint of everything that every user had ever done on-line. Christ, that's frightening. Stephani said that they'd spent $6.5MUS developing BAIR, and went on to point out the coincidence that Peacefire released the report showing that BAIR was 0% effective on the same day that their servers went down. Perhaps he was implying that Peacefire members hacked the server, perhaps that we were taking advantage of them, or perhaps he was just laughing at the circumstances.

There was no promised audience Q&A. That's probably because the whole event ran well over when it was supposed to end. Lacking a better approach, I rushed up to the ebullient Stephani with a copy of the newest BAIR report in hand. Although he was already talking to a reporter, he stopped when he saw my nametag ("Waldo L. Jaquith, Peacefire") and looked a little surprised. He, as well as his sidekick PR guy, enthusiastically introduced themselves. We talked for a few minutes, during which time I said that BAIR appears to suck less than many other censorware programs. But I was still fundamentally opposed to all of them. Between this and the revised report, Stephani was my new best friend. Several other people came forward to read nametags and shake hands, but I continued to talk to Stephani and the reporter, Drew Clark from Technology Daily.

Ten minutes later, when I walked out, I felt a little baffled. Stephani behaved towards me as if Peacefire had just given him the most glowing review that BAIR had ever gotten. This, despite my repeatedly pointing out that Peacefire is fundamentally opposed to filters, always will be, and BAIR is simply rather effective at performing the task that we hate.

I was disappointed that a few major points were never brought up during the discussions:

• Server-side censorware (especially that which is housed with each website) will always be a severe privacy violation, because it needs data on the user in order to establish what information to provide.
• Client-side censorware is doomed to fail because children know more about computers than their parents. The parent has to trust that little Suzy won't uninstall Cyber Patrol. But if Suzy can be trusted, why bother with Cyber Patrol?
• Internet censorship is impossible. The Internet is so large that it's a waste of time, so let's all stop. Gated community models, like AOL, Compuserve and such, are a far better way to provide a "safe" experience for kids.
• The concerns about children's wellbeing presented during the meeting mirror those that parents, since the beginning of time, have always had for their children. How can I keep my child safe when I'm not watching him? How do I know what my child is doing if I'm not around? How do I keep my children from hearing / seeing / saying bad things? Censorware makes no more sense than installing a v-chip in little Suzy's head. Get over it.

In a nutshell, I'm not sure what, if anything, was established at this meeting. It's clear that most of the Commissioners knew every little to start off with, and their opinions are being formed on what amounts to a series of sales pitch sprinkled with god-and-country references, a la mega blowout carpet sales around Independence Day. I'm glad COPA was struck down. Let's get on with our lives.

Best,
Waldo

There's a boatload of censorware news today, enough for two or three Slashdot stories -- but to conserve electrons, we're bringing it to you all in one easy-to-download package. First, Peacefire has a report on the accuracy of intelligent skin-tone-scanning software, one month after its company said they'd have it working in a month. And since the CEO of ClickSafe spoke at the COPA Commission meeting yesterday, Peacefire ran a check to see how many COPA-related sites its AI blocks. Finally, Waldo Jaquith has a report from the meeting itself which should be sobering but cracked me up anyway. Pay attention, everyone, these are the folks who are going to censor your Internet.

The Child Online Protection Act, passed late last year and then struck down early this year, is still under appeal. Colloquially it's known as "CDAII." Part of what the Act does is establish a Commission that meets every so often -- the Commission's website has details on its mandate and so on.

(Update, a few minutes later: make that "injunctified," or whatever one says for a law against which an injunction has been applied, instead of "struck down." Sorry; IANAL.)

Speaking at the Commission meeting yesterday and today were the CEOs of several major censorware companies. Among them was Michael Stephani, whose company Exotrope makes a product called BAIR.

BAIR

BAIR checks images as they download onto your computer, and claims to be able to tell the difference between pornography and other types of images. The "AI" in its acronym stands for artificial intelligence, running on supercomputers.

When the Wired story on BAIR came out last month (a story "borrowed" from Peacefire -- I'm not going to get into it), Wired quoted the company as saying "they plan to fix the errors within the next month." What errors?

"BAIR incorrectly blocked photographs of Yellowstone, the Baltimore waterfront, Snoopy, boats, sunsets, dogs, vegetables and even a Wired News staff meeting.

"It rated as acceptable for minors -- even on the most restrictive setting -- explicit images of oral sex, anal sex, group sex, masturbation, and ejaculation."

That was one month ago. How's BAIR doing now?

Peacefire retested the same 50 pornographic images that they'd used last month (which presumably BAIR's programmers would have paid extra-special attention to). Their new report finds that, instead of zero, the number of blocked images is now: 34. I've got a great slogan for them: "now your children can only see 32% of the web's oral sex, anal sex, group sex, masturbation, and ejaculation."

One's respect for these programmers is dampened a little, though, because there's more to Peacefire's report. It seems, in a random sample of 50 photos of people's faces, BAIR blocked ... how many? ... 34.

Maybe that slogan should be: "now your children can only see 32% of the web," period.

It's wonderful to live in a world where artificial intelligence offers limitless possibilities. Its website suggests that "Because Artificial Intelligence can be taught to recognize a variety of patterns," -- oh, OK -- "our BAIR can be taught to evaluate other categories such as violence or illegal activities. The BAIR is currently undergoing training in these areas to provide additional filtration selections."

ClickSafe

Richard Schwartz, CEO of ClickSafe, also spoke yesterday at the COPA Commission meeting. Just for kicks, Peacefire decided to try out their spiffy AI software too.

Insert marketblurb here: "...by combining cutting-edge graphic, word and phrase-recognition technology, ClickSafe has achieved accuracy rates of over 99% (according to recent sample tests). ClickSafe can precisely distinguish between appropriate and inappropriate sites (e.g. sites related to issues such as breast cancer will not be blocked)."

What Peacefire did was test this software against the website of the COPA Commission itself, and related sites such as those of speakers or Commission members. They found that blocked pages included:

• The Child Online Protection Act itself, in original and amended form;
• The COPA Commission FAQ;
• Biographies of Commission members Stephen Balkam and John Bastian;
• Bio of Commission member and famed anti-porn crusader Donna Rice Hughes, as well as AppendixA from her book Kids Online: Protecting Your Children in Cyberspace;
• A list of technologies the Commission examines;
• The scope of what the Commission is called upon to do;
• A service agreement from a little company called Network Solutions, whose rep chairs COPA's meetings;
• "About the ICRA" (the makers of RSACi, "a simple, yet effective rating system for web sites which both protected children and protected the rights of free speech");
• Bible study tools: "We hope these free resources foster a desire for Christians to learn more about the Bible, deepening their relationship with God" unless they're using censorware;
• The American Family Association (a conservative Christian group that is trying to force censorware into public libraries, including those surrounding the Slashdot Geek Compound);
• The ACLU, the EFF, and the Center for Democracy and Technology;

and so on.

When I spoke with Bennett about this, he commented that the strange thing was that these flaws are so easy to find; you'd think someone would have run these simple tests already. If anyone reading wants to get their name in Slashdot (and other news media too), censorware is a gold mine of untested misinformation. Buy a product, design a solid unbiased test for it, run the test, and send us what you find. Repeat until the whole world has a clue.

The COPA Commission Meeting

The following is an account of yesterday's COPA Commission meeting, by Waldo Jaquith. Keep in mind that this meeting's purpose, according to the Scope & Timeline Proposal which is blocked by ClickSafe, is to study filtering and blocking software to learn what to recommend in its report to Congress late this year.

Folks,

For more information on the COPA Commission, see http://www.copacommission.org/. (Unless your network has ClickSafe installed, in which case you shouldn't bother.) There is an agenda for this meeting, and there are bios for most people, as well as the prepared speeches for many of the below folks. I've tried to be objective.

Oh, screw that. There's nothing objective about it. But I've tried to give useful facts, quote accurately, etc.

The whole affair, which was scheduled to start at 9:30am, didn't actually start until 10:15am. Which was good, because I didn't get there until 9:45. Although the event was being held at the University of Richmond's Jepson Alumni Center, the room felt like your basic hotel meeting room. Bad carpet, ugly chairs, poor lighting. There were enough chairs to seat about 100 people, but only 35 people were in attendance. Directly in front of the two columns of chairs was a table with chairs, facing away from the audience. This table was for people asked to testify before the COPA Commission. On the other side of that table was a long table, at which was seated the commission, all sixteen members. The result was that the people testifying, who did most of the talking, could only be recognized by the backs of their heads by the audience.

Chairman Donald Telage called the meeting to order and introduced the first panel, who was to speak for approximately 45 minutes on the topic of client-side filters. This panel included Gordon Ross, the President and CEO of Net Nanny, Mark Smith, the President of BrowseSafe, Susan Getgood, the VP and General Manager of Cyber Patrol, and Richard Schwartz, the CEO of Opportunity-America (ClickSafe.com).

Gordon Ross kicked things off with a tremendously boring ten minute speech about how client-side filters work. The only interesting comment that he made was his belief that "consumers should have the ability to analyze each and every site in the database..." [...because his product Net Nanny is the only one of the 150 censorware packages on the market that allows oversight of its blacklist. -ed] He also kicked off the First Amendment references, which nearly every speaker throughout the day would spend some time talking about, but not really saying very much.

Mark Smith from BrowseSafe occupied the next few minutes, giving a rambling speech in which he discussed censorware as if it were some far-off and idyllic concept.

"Most products focus on either client-side- or server-side-based technology. What would happen if the benefits of each could be brought together to provide the user with a new, more flexible and powerful way of surfing the web? What if every sub domain of every site had been categorized and classified by its content? Wouldn't you agree that everyone could benefit from that combination of technology? Of course you would? Now let's walk across the street to the front porch of the family of the home and try to view it from the parent's perspective. What if parents were able to determine what the child sees? What would it be like if e-mail, instant messaging, chat and other computer tools could be also controlled?"

Then, although the topic was client-side filters, he rambled on for several minutes about PlanetGood, a website that was probably unfamiliar to many in the room. He used the site's name in every single sentence for several minutes. And, naturally, he closed talking about "our forefathers" and "these inalienable rights that our forefathers entrusted to us and many of them died for."

Susan Getgood from Cyber Patrol kept things short and sweet, and took the "I'm a new mother and want to protect my children" approach. She muddled the definition of censorship somewhat, saying that "[s]ome critics confuse censorship, which is imposed by the government, with technology that a family or school can choose to use and then set to implement an individual policy." Our school system isn't a part of the government?

Richard Schwartz of ClickSafe.com touted his product nearly as much as Mark Smith promoted the mysterious "PlanetGood." He also described a system that his company has developed that sounds very much like Exotrope's BAIR. "Fleshtone has a very unique set of features [...] Through a combination?of a set of sophisticated algorithms it can establish if something is pornographic. [...] Justice Potter Stewart lives within our system, because he knows it when he sees it. It works, it's been tested out, it's over 99% effective." "We can distinguish between chicken breast and sexy breast." "A consortium of Portuguese and Australian pornographers had been hijacking people off of different sites, including the Harvard Law Review site into their pornographic sites. And then you have to reboot your computer in order to get out."

After the four had testified, we moved into the commission Q&A session. (No questions would be allowed from the audience.) A few interesting questions, answers, and comments cropped up during this portion.

Richard Schwartz, only half kidding, proposed a tax on Internet pornography.

Commissioner Gregory L. Rohde asked Richard Schwartz if his image filter could tell the difference between art and pornography. Astoundingly, Schwartz replied that it could.

Commissioner Jerry Berman asked if there were any plans to create an organization that could provide objective reviews of censorware products to help parents decide what to buy. Gordon Ross said that this had been tried a few years back with SIFT (?), and that it didn't work out.

After a short break, we began the second panel, which addressed server side filtering. Testifying was Kevin Fink, N2H2's CTO; Sunil Paul, Chairman of Brightmail; Stephen Boyles of Library Guardian (Swifteye); Michael Stephani, President and CEO of Exotrope; Ginny Wydler, Director of Standards and Policy at AOL; and Tim Robertson, CEO of FamilyClick.

The first person to say anything interesting was Michael Stephani, who made some fairly interesting claims. He said that their blacklist of sites included four million sites, and that their image-recognition software, BAIR, is 99.8% percent effective. Stephani bragged that it blocked 1 out of 6 general images and 96 out of 100 pornographic images. He pointed out (perhaps rightly) that image filtering is the only real way to filter out pornography, and also that client-side filtering would so go the way of the dodo, given the proliferation of Internet appliances. It wasn't long before he got all 'God bless America' and 'think of the children,' and eyeballs could be heard rolling throughout the room.

As Commissioners asked questions of the panel, Chairman Donald Telage admitted that he wasn't aware that client-side filters were able to use a blacklist. He was under the impression that they could only filter. I had flashbacks from the Napster hearings last week ("Can't you track their intellectual property address?")

Out of the blue, Karen Talbert asked the panel for a show of hands regarding their respective products' ability to work with high-speed connections. Obviously, everybody's hands went up.

How do these people get on the commission?

When given half a chance, Stephani got all "think of the children, my god, won't somebody think of the children?" again. He also bragged that Exotrope has a new, not-yet-released product that filters IM [AOL Instant Messaging -ed.] and even detects innuendo. Stephani said that they just got a contract to install this program on 30,000 school servers. Continuing his spectacular Old Faithful of shit, he cheerfully envisioned a time in the future when there would be "photonic switches" that would maintain a complete blueprint of everything that every user had ever done on-line. Christ, that's frightening. Stephani said that they'd spent $6.5MUS developing BAIR, and went on to point out the coincidence that Peacefire released the report showing that BAIR was 0% effective on the same day that their servers went down. Perhaps he was implying that Peacefire members hacked the server, perhaps that we were taking advantage of them, or perhaps he was just laughing at the circumstances.

There was no promised audience Q&A. That's probably because the whole event ran well over when it was supposed to end. Lacking a better approach, I rushed up to the ebullient Stephani with a copy of the newest BAIR report in hand. Although he was already talking to a reporter, he stopped when he saw my nametag ("Waldo L. Jaquith, Peacefire") and looked a little surprised. He, as well as his sidekick PR guy, enthusiastically introduced themselves. We talked for a few minutes, during which time I said that BAIR appears to suck less than many other censorware programs. But I was still fundamentally opposed to all of them. Between this and the revised report, Stephani was my new best friend. Several other people came forward to read nametags and shake hands, but I continued to talk to Stephani and the reporter, Drew Clark from Technology Daily.

Ten minutes later, when I walked out, I felt a little baffled. Stephani behaved towards me as if Peacefire had just given him the most glowing review that BAIR had ever gotten. This, despite my repeatedly pointing out that Peacefire is fundamentally opposed to filters, always will be, and BAIR is simply rather effective at performing the task that we hate.

I was disappointed that a few major points were never brought up during the discussions:

• Server-side censorware (especially that which is housed with each website) will always be a severe privacy violation, because it needs data on the user in order to establish what information to provide.
• Client-side censorware is doomed to fail because children know more about computers than their parents. The parent has to trust that little Suzy won't uninstall Cyber Patrol. But if Suzy can be trusted, why bother with Cyber Patrol?
• Internet censorship is impossible. The Internet is so large that it's a waste of time, so let's all stop. Gated community models, like AOL, Compuserve and such, are a far better way to provide a "safe" experience for kids.
• The concerns about children's wellbeing presented during the meeting mirror those that parents, since the beginning of time, have always had for their children. How can I keep my child safe when I'm not watching him? How do I know what my child is doing if I'm not around? How do I keep my children from hearing / seeing / saying bad things? Censorware makes no more sense than installing a v-chip in little Suzy's head. Get over it.

In a nutshell, I'm not sure what, if anything, was established at this meeting. It's clear that most of the Commissioners knew every little to start off with, and their opinions are being formed on what amounts to a series of sales pitch sprinkled with god-and-country references, a la mega blowout carpet sales around Independence Day. I'm glad COPA was struck down. Let's get on with our lives.

Best,
Waldo

In this episode of slashback, there's more on NanoStuff, censorship in various forms and venues, and further proof that the word "upstart" uttered or tapped in computer journalism regarding Linux is ever so much twaddle. You have been warned.

Sorry, but the print doesn't get any smaller. If the recent release of the Foresight Institute's nanotech guidelines intriguing to you, you might want to check out the new forum for nanotech advances and issues. bento writes: "From the press release: "I'm happy to report that one of Foresight's long-term goals -- to have a way to meet online that truly works -- is now a reality at http://nanodot.org. We think of this site as our daily newspaper -- all the news that's fit to "print" -- combined with a continual Nanoschmooze discussion. No login is needed to read the site." For those who are interested in nanotechnology's social and technological implications, this site should prove a great resource in finding out what's up in the field of nanotechnology."

One man's trash is other people's trash, too. psxndc writes: "FGNOnline has the scoop about the Interactive Entertainment Merchants Association unveiling new packaging options for PC Games at their annual conference. It brings up the point about games with large documentation not fitting into smaller DVD-type Keep Cases, but wasn't the digital revolution supposed to cut down if not eliminate the need for paper in the first place?? Most game-box contents are a jewel-cased CD, some docs, some ads, and a whole lot of unused space? Why?" Well, in the bad old days of the CD longbox (which are not that long ago), the most commonly cited reasons for the box of mostly-air were 1) the space is helpful for marketing purposes (pictures and blurbs and artwork, oh my!) and 2) everyone's favorite eupehmism for shoplifting, "shrinkage." Probably the same rules apply; game makers want to "stand out on the shelf." But if CDs can handle the switch, I bet games can, too.

How will the children survive? CuriousGeorge113 writes: "In a major decision today, a Federal Appeals Court has struck down COPA (The Children's Online Protection Act). According to this ACLU Press Release, a federal appeals court has deemed the law unconstitutional in nature and 'impossible to establish one "community standard" by which Internet speech could be governed.' You can also see the official court case here."

And in news that can only be called related ... Rude Turnip writes: "It looks like Mattel, one of the most despised toy companies discussed on Slashdot, is sellling off its notorious Cyber Patrol censorware. Cyber Patrol's parent company, The Learning Co., which is also owned by Mattel, is being sold off separately. Mattel said they would like to concentrate on their "core competency" of toys. The lucky buyer of Cyber Patrol is the British firm, JSB Software Technologies, PLC, who paid $100 million. With people like Jamie McCarthy out there fighting these purveyours of censorship and great sites like peacefire.org, I bet JSB will soon realize they paid just a little too much :-)" Maybe it's just not a sellers market; the article indicating that Cyber Patrol was to be sold went up a few months ago.

In six years, Tux will be driving. xannax writes: "I just bought a new IWILL VD133 motherboard, and after the usual setup and such, popped in the configuration cdrom - and was suprised to see a Linux kernel boot up on the monitor. When the cd boots, it gives users without an fdisk'ed partition a chance to make disks for board and chipset config; but the neat thing is the use of Linux for the cd. I mean, two years ago, when I wore my "Penguin Power" t-shirt, most of the attention I got was from hockey fans. But just as the logo on the shirt has faded from repeated washing, the exact opposite has happened to the visibility of the Linux OS; it's gone from hackers and nerds only to mainstream. Great to see a company with a reputation like IWILL use Linux in this fashion."

Come sirrah Jack Straw! MrM writes: "An IDG.net story on CNN says that in the face of increasing pressure from privacy groups, business groups and Internet service providers (ISPs), the U.K. government is backing away from some of the more controversial aspects of its e-mail surveillance bill currently under consideration in the House of Lords." The controversy is mostly over little things like, oh, (from the article) "Under the provisions of the RIP bill, the U.K. government -- specifically the Home Office and its head, the Home Secretary -- can demand encryption keys to any and all data communications with a prison sentence of two years for those who do not comply with the order."

In this episode of slashback, there's more on NanoStuff, censorship in various forms and venues, and further proof that the word "upstart" uttered or tapped in computer journalism regarding Linux is ever so much twaddle. You have been warned.

Sorry, but the print doesn't get any smaller. If the recent release of the Foresight Institute's nanotech guidelines intriguing to you, you might want to check out the new forum for nanotech advances and issues. bento writes: "From the press release: "I'm happy to report that one of Foresight's long-term goals -- to have a way to meet online that truly works -- is now a reality at http://nanodot.org. We think of this site as our daily newspaper -- all the news that's fit to "print" -- combined with a continual Nanoschmooze discussion. No login is needed to read the site." For those who are interested in nanotechnology's social and technological implications, this site should prove a great resource in finding out what's up in the field of nanotechnology."

One man's trash is other people's trash, too. psxndc writes: "FGNOnline has the scoop about the Interactive Entertainment Merchants Association unveiling new packaging options for PC Games at their annual conference. It brings up the point about games with large documentation not fitting into smaller DVD-type Keep Cases, but wasn't the digital revolution supposed to cut down if not eliminate the need for paper in the first place?? Most game-box contents are a jewel-cased CD, some docs, some ads, and a whole lot of unused space? Why?" Well, in the bad old days of the CD longbox (which are not that long ago), the most commonly cited reasons for the box of mostly-air were 1) the space is helpful for marketing purposes (pictures and blurbs and artwork, oh my!) and 2) everyone's favorite eupehmism for shoplifting, "shrinkage." Probably the same rules apply; game makers want to "stand out on the shelf." But if CDs can handle the switch, I bet games can, too.

How will the children survive? CuriousGeorge113 writes: "In a major decision today, a Federal Appeals Court has struck down COPA (The Children's Online Protection Act). According to this ACLU Press Release, a federal appeals court has deemed the law unconstitutional in nature and 'impossible to establish one "community standard" by which Internet speech could be governed.' You can also see the official court case here."

And in news that can only be called related ... Rude Turnip writes: "It looks like Mattel, one of the most despised toy companies discussed on Slashdot, is sellling off its notorious Cyber Patrol censorware. Cyber Patrol's parent company, The Learning Co., which is also owned by Mattel, is being sold off separately. Mattel said they would like to concentrate on their "core competency" of toys. The lucky buyer of Cyber Patrol is the British firm, JSB Software Technologies, PLC, who paid $100 million. With people like Jamie McCarthy out there fighting these purveyours of censorship and great sites like peacefire.org, I bet JSB will soon realize they paid just a little too much :-)" Maybe it's just not a sellers market; the article indicating that Cyber Patrol was to be sold went up a few months ago.

In six years, Tux will be driving. xannax writes: "I just bought a new IWILL VD133 motherboard, and after the usual setup and such, popped in the configuration cdrom - and was suprised to see a Linux kernel boot up on the monitor. When the cd boots, it gives users without an fdisk'ed partition a chance to make disks for board and chipset config; but the neat thing is the use of Linux for the cd. I mean, two years ago, when I wore my "Penguin Power" t-shirt, most of the attention I got was from hockey fans. But just as the logo on the shirt has faded from repeated washing, the exact opposite has happened to the visibility of the Linux OS; it's gone from hackers and nerds only to mainstream. Great to see a company with a reputation like IWILL use Linux in this fashion."

Come sirrah Jack Straw! MrM writes: "An IDG.net story on CNN says that in the face of increasing pressure from privacy groups, business groups and Internet service providers (ISPs), the U.K. government is backing away from some of the more controversial aspects of its e-mail surveillance bill currently under consideration in the House of Lords." The controversy is mostly over little things like, oh, (from the article) "Under the provisions of the RIP bill, the U.K. government -- specifically the Home Office and its head, the Home Secretary -- can demand encryption keys to any and all data communications with a prison sentence of two years for those who do not comply with the order."

Your calendar works fine. This episode of Slashback hits midweek instead of Saturday because we'd like to keep our facts straight and your mind alert. So (read more) below for assorted updates on everything from GRAND LARCENY to THE DONUT CRISIS. Actually, those are still secret, but the things we can tell you are below.

Tell me again why my motherboard needs it own OS? Goatbert writes: "Penguin Hardware has posted an interview with John Tsai, head of ABIT's Gentus department. He goes into ABIT's future open source plans and what they plan to do about accusations of GPL violations."

Lifestyles of the young and precocious. PerlDiver writes: "The 'Programming for Kids' thread reminded me of this, and I thought it was worth a story of its own. Former Xerox PARC researcher Ken Kahn has created an amazing tool for teaching kids how to program. Even very young children (old enough to know their letters and numbers) can be started on object-oriented programming with ToonTalk, an animated programming kit that introduces such advanced concepts as recursion, object methods, and functions in a fully visual, direct-manipulation, non-notation-based way. Kids learn by playing with an on-screen toolbox, robots (methods), birds (message passing channels), and bombs (memory deallocation :-). I saw Ken give a ToonTalk demo a few years ago and I was blown away by it. It looks great... sort of PeeWee's Playhouse meets Lego."

Mirror, mirror on the wall -- damn, where was I? Warrior writes "GameSpy was able to get some in-depth information on the closing of Looking Glass Studios by talking to LGS game designer Tim Stellmach. He gave us some good explanations of what happened and who owns what."

Oh, as long as you say it, I guess it's OK! Remember the trouble between CyberPatrol and Network Associates' 'ultra-secure' Gauntlet firewall? The ever-prolific Anonymous Coward wrote us with an interesting bit to sprinkle in that wound: "Peacefire tricked several "parental control" software vendors into revealing their double standards through an amusing gambit: they took anti-gay quotes from several large, well-funded organizations (e.g. Focus on the Family) and put them on "bait" pages on various free Web hosting systems. Then they submitted those pages to the censorware companies as objectionable hate speech which ought to be filtered, and the companies obligingly added them to the blacklists. Next, they submitted the home pages from which they got the quotes. But apparently it's not hate speech if it's on the home page of a political organization with a large legal department ..."

The wheels of government creak ever slowly. teddyfu writes "I found this link regarding the EU's decision to oepn up crypto exports. It seems that decision has only been *postponed*; hopefully the decision will still be made, just at a later date."

Who dares provide House Atriedes with ADSL? Craig E. Engler writes "The first trailer for the SciFi Channel's upcoming miniseries Frank Herbert's Dune has been posted online. ... The site also has the latest news about the miniseries (which has wrapped principal photography and is now in post-production) as well as photos, notes from the director's assistant, and more."

latcarf writes: "The article here reports what happened in the American heartland when a councilman raised a fuss over filtering at the local public library. In this case, the forces of reason prevailed because the library had policies and procedures for casual monitoring of internet use and because the librarian, who had to defend the rejection of filters, was well informed. While the article doesn't say it, the librarian's information about the problems with filters came, in no small part, from SlashDot discussions. This is just another example of Slashdot's important contribution to the social discourse." Heh. I don't know what the poster is basing his statement on, but it sure would be nice to think the information in places like Slashdot, Peacefire and censorware.org was useful in this particular case.

If you're using Microsoft Internet Explorer running on Microsoft Windows, turn off Javascript now. Your cookie file is readable by any hostile website. Or, if you'd like to see the security hole in action, leave Javascript on and check it out: "Open Cookie Jar." (read more)

Peacefire webmaster Bennett Haselton is on a roll. After discovering yesterday's Hotmail hole, today he's published his discovery that MSIE's Javascript contains a bug that allows any hostile website to obtain your cookies.

Essentially the bug is that MSIE's Javascript is not very smart about determining which domain you're coming from. If the URL you're looking at has its "/" characters replaced by the hex representation "%2f", it can be fooled into thinking your path is actually a very long machine name. Because it interprets that path wrongly, a well-placed ".yahoo.com" in the URL can make Javascript think it should be using Yahoo's cookies - and Javascript can be told to deliver those cookies back to the hostile server.

Bennett and I believe the bug is confined to the Javascript code in MSIE, but we have not done extensive testing to determine this. For now, at least, we believe turning off Javascript will be sufficient to eliminate this security hole.

Or, you could migrate to another browser or operating system...

We have only tested this with IE 5, and Windows 95/98. Reports of success or failure with other versions would be welcome.

After Bennett explained to me how this works, I wrote a short CGI script to demonstrate what lurks in cookie files. Instead of silently stealing your private information and squirreling it away for later use, it echoes that information back to you (and then forgets it, of course). Updated: That script has been rewritten by and is now hosted at securityspace.com. For best results, first go log into amazon.com, type your zip code into hollywood.com, and visit playboy.com. Then go visit securityspace's general info page and click the "click here."

Newsbytes and CNET have picked up this story and have good writeups.

If you're using Microsoft Internet Explorer running on Microsoft Windows, turn off Javascript now. Your cookie file is readable by any hostile website. Or, if you'd like to see the security hole in action, leave Javascript on and check it out: "Open Cookie Jar." (read more)

Peacefire webmaster Bennett Haselton is on a roll. After discovering yesterday's Hotmail hole, today he's published his discovery that MSIE's Javascript contains a bug that allows any hostile website to obtain your cookies.

Essentially the bug is that MSIE's Javascript is not very smart about determining which domain you're coming from. If the URL you're looking at has its "/" characters replaced by the hex representation "%2f", it can be fooled into thinking your path is actually a very long machine name. Because it interprets that path wrongly, a well-placed ".yahoo.com" in the URL can make Javascript think it should be using Yahoo's cookies - and Javascript can be told to deliver those cookies back to the hostile server.

Bennett and I believe the bug is confined to the Javascript code in MSIE, but we have not done extensive testing to determine this. For now, at least, we believe turning off Javascript will be sufficient to eliminate this security hole.

Or, you could migrate to another browser or operating system...

We have only tested this with IE 5, and Windows 95/98. Reports of success or failure with other versions would be welcome.

After Bennett explained to me how this works, I wrote a short CGI script to demonstrate what lurks in cookie files. Instead of silently stealing your private information and squirreling it away for later use, it echoes that information back to you (and then forgets it, of course). Updated: That script has been rewritten by and is now hosted at securityspace.com. For best results, first go log into amazon.com, type your zip code into hollywood.com, and visit playboy.com. Then go visit securityspace's general info page and click the "click here."

Newsbytes and CNET have picked up this story and have good writeups.

If you're using Microsoft Internet Explorer running on Microsoft Windows, turn off Javascript now. Your cookie file is readable by any hostile website. Or, if you'd like to see the security hole in action, leave Javascript on and check it out: "Open Cookie Jar." (read more)

Peacefire webmaster Bennett Haselton is on a roll. After discovering yesterday's Hotmail hole, today he's published his discovery that MSIE's Javascript contains a bug that allows any hostile website to obtain your cookies.

Essentially the bug is that MSIE's Javascript is not very smart about determining which domain you're coming from. If the URL you're looking at has its "/" characters replaced by the hex representation "%2f", it can be fooled into thinking your path is actually a very long machine name. Because it interprets that path wrongly, a well-placed ".yahoo.com" in the URL can make Javascript think it should be using Yahoo's cookies - and Javascript can be told to deliver those cookies back to the hostile server.

Bennett and I believe the bug is confined to the Javascript code in MSIE, but we have not done extensive testing to determine this. For now, at least, we believe turning off Javascript will be sufficient to eliminate this security hole.

Or, you could migrate to another browser or operating system...

We have only tested this with IE 5, and Windows 95/98. Reports of success or failure with other versions would be welcome.

After Bennett explained to me how this works, I wrote a short CGI script to demonstrate what lurks in cookie files. Instead of silently stealing your private information and squirreling it away for later use, it echoes that information back to you (and then forgets it, of course). Updated: That script has been rewritten by and is now hosted at securityspace.com. For best results, first go log into amazon.com, type your zip code into hollywood.com, and visit playboy.com. Then go visit securityspace's general info page and click the "click here."

Newsbytes and CNET have picked up this story and have good writeups.

Ancipital noted that a new hotmail hole has sprung up. This one is, like the ILUVYOU bug, a VBS macro attachment that must be executed by people with very (ok, who does this, huh? I mean, viewing a gif or clicking a URL, but running a strange program? The mind boggles).

Brian Ristuccia writes, "It looks like the ACLU has decided to help Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, three folks who were running mirror sites of the recently released Cyber Patrol paper and decoding software, respond to the subpoena and confusing e-service messages that have been sent to them via e-mail by Cyber Patrol's law firm."

Links:

• Declan McCullagh's Archive of Case Related Documents
• ACLU Press Release

Text of the ACLU's Press Release:

FOR IMMEDIATE RELEASE
Friday, March 24, 2000

NEW YORK -- The American Civil Liberties Union will enter a Boston court this Monday to argue that a ban on a program allowing users to decode the Internet blocking software Cyber Patrol constitutes a "classic prior restraint on speech" in violation of the U.S. Constitution.

The Cyber Patrol controversy is but the latest round in a heated debate over flaws in so-called filtering software that both "overblocks" non-pornographic Web sites on subjects like Super Bowl XXX and fails to block many sites parents may not deem appropriate for their children.

In legal papers filed with the court today, the ACLU said that Cyber Patrol's lawsuit is unnecessary because the company can easily block their customers from accessing any Web site or page on which the decoding program appears, whereas some of the Web sites may be out of the jurisdiction of the court.

Acting on behalf of three U.S. Web site operators who posted "mirror" copies of the decoding program, the ACLU said their free speech rights would be violated if the court granted the company's request for a preliminary injunction against the Swedish and Canadian creators of the program.

"Under Cyber Patrol's logic, I'd be breaking the law if I bought a Ford Mustang and looked under the hood," said Chris Hansen, a senior ACLU staff attorney and lead counsel in the case. "I don't think it is asking too much for Cyber Patrol and other software companies to tell the American public exactly what their software blocks, especially when Congress wants to force both children and adults to use it."

Last Friday, March 17, U.S. District Judge Edward F. Harrington granted a 10-day temporary restraining order against the creators of the program. Cyber Patrol then sent subpoenas to the ACLU's clients, suggesting that they would be bound by that order and any future court bans.

In addition, at least one American reporter has confirmed receipt of subpoena from Cyber Patrol ordering him to reveal the name of "each and every person who produced, received, viewed, downloaded or accessed" the decoding program from his site.

The Web site operators, Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, each said that they posted the decoding program as a form of political protest against Cyber Patrol's legal actions and against "censorware" in general. Their Web sites can be found at: www.peacefire.org (Haselton), www.fmp.com (Haisley) and www.waldo.net (Jasquith).

"We thought it would be educational for some politicians, who are recommending blocking software for use in every school in the country, to see the mistakes that the codebreakers found in Cyber Patrol's list," said Haselton, 21, operator of Peacefire.org, a Web site he founded specifically to defend the free-speech interests of people under 18 on the Internet.

Haselton said that Peacefire recently decrypted the lists of sites blocked by two other programs -- I-Gear and X-Stop -- and found that they had error rates between 68 and 76 percent for blocking pages in the educational ".edu" domain.

Haselton, Jasquith, and Haisley are represented as "nonparties" to the Cyber Patrol lawsuit by Hansen of the national ACLU, Sarah Wunsch, an attorney with the ACLU of Massachusetts, David Sobel, general counsel for the Electronic Privacy Information Center based in Washington, and Jessica Littman, a visiting professor of law at New York University.

In 1998, a federal district judge said that forcing adults to use blocking software like Cyber Patrol in public libraries "offends the guarantee of free speech." Last month, a proposal aimed at forcing a Michigan public library to install Web filtering software on computers was defeated by voters.

"With Congress renewing efforts to mandate use of such flawed software in public schools and libraries, the Cyber Patrol battle only serves to emphasize that information on what is blocked must be made available to consumers, let alone libraries and schools," Hansen said.

The hearing in Microsystems Software, Inc. V. Scandinavia Online, IslandNet.com, Eddy L.O. Jansson and Matthew Skala, Civil Action No.00-10488-EFH, will take place on Monday, March 27, at 2:00 p.m. in U.S. District Court in Boston.

The ACLU's opposition to motion for preliminary injunction in the case is online at http://www.aclu.org/court/cyberpatrol_motion.html. The motion to quash subpoenas is online at http://www.aclu.org/court/cyberpatrol_quash.html.

Cyber Patrol is a subsidiary of toy company giant Mattel Inc., which is publicly traded on the New York Stock Exchange.

Brian Ristuccia writes, "It looks like the ACLU has decided to help Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, three folks who were running mirror sites of the recently released Cyber Patrol paper and decoding software, respond to the subpoena and confusing e-service messages that have been sent to them via e-mail by Cyber Patrol's law firm."

Links:

• Declan McCullagh's Archive of Case Related Documents
• ACLU Press Release

Text of the ACLU's Press Release:

FOR IMMEDIATE RELEASE
Friday, March 24, 2000

NEW YORK -- The American Civil Liberties Union will enter a Boston court this Monday to argue that a ban on a program allowing users to decode the Internet blocking software Cyber Patrol constitutes a "classic prior restraint on speech" in violation of the U.S. Constitution.

The Cyber Patrol controversy is but the latest round in a heated debate over flaws in so-called filtering software that both "overblocks" non-pornographic Web sites on subjects like Super Bowl XXX and fails to block many sites parents may not deem appropriate for their children.

In legal papers filed with the court today, the ACLU said that Cyber Patrol's lawsuit is unnecessary because the company can easily block their customers from accessing any Web site or page on which the decoding program appears, whereas some of the Web sites may be out of the jurisdiction of the court.

Acting on behalf of three U.S. Web site operators who posted "mirror" copies of the decoding program, the ACLU said their free speech rights would be violated if the court granted the company's request for a preliminary injunction against the Swedish and Canadian creators of the program.

"Under Cyber Patrol's logic, I'd be breaking the law if I bought a Ford Mustang and looked under the hood," said Chris Hansen, a senior ACLU staff attorney and lead counsel in the case. "I don't think it is asking too much for Cyber Patrol and other software companies to tell the American public exactly what their software blocks, especially when Congress wants to force both children and adults to use it."

Last Friday, March 17, U.S. District Judge Edward F. Harrington granted a 10-day temporary restraining order against the creators of the program. Cyber Patrol then sent subpoenas to the ACLU's clients, suggesting that they would be bound by that order and any future court bans.

In addition, at least one American reporter has confirmed receipt of subpoena from Cyber Patrol ordering him to reveal the name of "each and every person who produced, received, viewed, downloaded or accessed" the decoding program from his site.

The Web site operators, Waldo L. Jaquith, Lindsay Haisley and Bennett Haselton, each said that they posted the decoding program as a form of political protest against Cyber Patrol's legal actions and against "censorware" in general. Their Web sites can be found at: www.peacefire.org (Haselton), www.fmp.com (Haisley) and www.waldo.net (Jasquith).

"We thought it would be educational for some politicians, who are recommending blocking software for use in every school in the country, to see the mistakes that the codebreakers found in Cyber Patrol's list," said Haselton, 21, operator of Peacefire.org, a Web site he founded specifically to defend the free-speech interests of people under 18 on the Internet.

Haselton said that Peacefire recently decrypted the lists of sites blocked by two other programs -- I-Gear and X-Stop -- and found that they had error rates between 68 and 76 percent for blocking pages in the educational ".edu" domain.

Haselton, Jasquith, and Haisley are represented as "nonparties" to the Cyber Patrol lawsuit by Hansen of the national ACLU, Sarah Wunsch, an attorney with the ACLU of Massachusetts, David Sobel, general counsel for the Electronic Privacy Information Center based in Washington, and Jessica Littman, a visiting professor of law at New York University.

In 1998, a federal district judge said that forcing adults to use blocking software like Cyber Patrol in public libraries "offends the guarantee of free speech." Last month, a proposal aimed at forcing a Michigan public library to install Web filtering software on computers was defeated by voters.

"With Congress renewing efforts to mandate use of such flawed software in public schools and libraries, the Cyber Patrol battle only serves to emphasize that information on what is blocked must be made available to consumers, let alone libraries and schools," Hansen said.

The hearing in Microsystems Software, Inc. V. Scandinavia Online, IslandNet.com, Eddy L.O. Jansson and Matthew Skala, Civil Action No.00-10488-EFH, will take place on Monday, March 27, at 2:00 p.m. in U.S. District Court in Boston.

The ACLU's opposition to motion for preliminary injunction in the case is online at http://www.aclu.org/court/cyberpatrol_motion.html. The motion to quash subpoenas is online at http://www.aclu.org/court/cyberpatrol_quash.html.

Cyber Patrol is a subsidiary of toy company giant Mattel Inc., which is publicly traded on the New York Stock Exchange.

A few weeks ago we ran Keep It Legal to Embarrass Big Companies , detailing Peacefire's decryption of X-Stop's blacklist. Then just a few days ago, we noted that CyberPatrol's encrypted list had also been cracked. Well, Mattel, the maker of CyberPatrol and a Big Company, decided it didn't like to be embarrassed -- so it's filing suit against the coders in Canada and Sweden. In addition to demanding the removal of the decryption utility, Mattel is also seeking the logfiles of the Swedish ISP that hosts the decryption utility, to identify everyone who has downloaded it to date. Update: 03/16 6:50 PM EDT by J : Today's news was filled with Mattel's PR lies about their suit. Analysis follows.

Update: 03/16 6:50 PM EDT by J : The problems started with the AP story (cited above). The decryption software posted by the activists was described as "a method for kids to deduce their parents' password and access [pornographic] Web sites."

This was the spin that Mattel's PR people put on the story. They surely didn't want the news media reporting that activists had posted software that exposes their secret, hidden blacklist to the light of day. That wouldn't sound so good - it might get people to ask "why are these blacklists encrypted at all?"

Instead, Mattel's PR decided to say that the decryption software allows kids to view pornography. Predictable - this is the same smear that's always dragged out - but the media swallowed it uncritically. (The AP story was repeated on cnet, and everywhere else that uses the AP feed.)

Even the normally-critical Declan McCullagh wrote a story for Wired whose opening sentence was corporate propaganda. "Toy-maker Mattel has sued two programmers who revealed how to circumvent its CyberPatrol blocking software." Thankfully, the rest of his article gave the full story.

Mattel is not upset about CPHack's minor feature of circumventing the program when installed. Peacefire has been distributing their own instructions to disable Cyber Patrol for months now, and hasn't been sued. (They're pretty simple instructions, too.)

Mattel is upset that people can see the flaws in their software which were previously hidden by encryption. They want to continue selling bad software and will use the full force of law to prevent you from learning how bad it is. Legal papers have already been served and the proceedings will presumably begin shortly. Stay tuned - and don't trust press releases.

A few weeks ago we ran Keep It Legal to Embarrass Big Companies , detailing Peacefire's decryption of X-Stop's blacklist. Then just a few days ago, we noted that CyberPatrol's encrypted list had also been cracked. Well, Mattel, the maker of CyberPatrol and a Big Company, decided it didn't like to be embarrassed -- so it's filing suit against the coders in Canada and Sweden. In addition to demanding the removal of the decryption utility, Mattel is also seeking the logfiles of the Swedish ISP that hosts the decryption utility, to identify everyone who has downloaded it to date. Update: 03/16 6:50 PM EDT by J : Today's news was filled with Mattel's PR lies about their suit. Analysis follows.

Update: 03/16 6:50 PM EDT by J : The problems started with the AP story (cited above). The decryption software posted by the activists was described as "a method for kids to deduce their parents' password and access [pornographic] Web sites."

This was the spin that Mattel's PR people put on the story. They surely didn't want the news media reporting that activists had posted software that exposes their secret, hidden blacklist to the light of day. That wouldn't sound so good - it might get people to ask "why are these blacklists encrypted at all?"

Instead, Mattel's PR decided to say that the decryption software allows kids to view pornography. Predictable - this is the same smear that's always dragged out - but the media swallowed it uncritically. (The AP story was repeated on cnet, and everywhere else that uses the AP feed.)

Even the normally-critical Declan McCullagh wrote a story for Wired whose opening sentence was corporate propaganda. "Toy-maker Mattel has sued two programmers who revealed how to circumvent its CyberPatrol blocking software." Thankfully, the rest of his article gave the full story.

Mattel is not upset about CPHack's minor feature of circumventing the program when installed. Peacefire has been distributing their own instructions to disable Cyber Patrol for months now, and hasn't been sued. (They're pretty simple instructions, too.)

Mattel is upset that people can see the flaws in their software which were previously hidden by encryption. They want to continue selling bad software and will use the full force of law to prevent you from learning how bad it is. Legal papers have already been served and the proceedings will presumably begin shortly. Stay tuned - and don't trust press releases.

In the wake of recent announcements by Peacefire that they'd decrypted the secret block lists employed by two brands of censoring software, the "encryption" used by another major brand of software, Cyber Patrol, (produced by a company repugnant enough to advertise the increase in sales after Australia passed national censorship legislation), has also been broken. Matthew Skala and Eddy L O Jansson report in an in-depth essay about the practical difficulties encountered when undertaking this task. Their announcement follows.

Their announcement:

"March 11, 2000 - ANNOUNCEMENT

Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing undesirable Internet content, has been reverse engineered by youth rights activists Eddy L O Jansson and Matthew Skala. A detailed report of their findings, titled "The Breaking of Cyber Patrol(R) 4", with commentary on the reverse engineering process and cryptographic attacks against the product's authentication system, has been posted on the World Wide Web at this address:

http://hem.passagen.se/eddy1/reveng/cp4/cp4break.html

The abstract of the report:

Several attacks are presented on the "sophisticated anti-hacker security" features of Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing Internet content considered harmful. Motivations, tools, and methods are discussed for reverse engineering in general and reverse engineering of censorware in particular. The encryption of the configuration and data files is reversed, as are the password hash functions. File formats are documented, with commentary. Excerpts from the list of blocked sites are presented and commented upon. A package of source code and binaries implementing the attacks is included.

Eddy L O Jansson
srm_dfr@hotmail.com
http://hem.passagen.se/eddy1/index.html

Matthew Skala
mskala@ansuz.sooke.bc.ca
http://www.islandnet.com/~mskala/"

KnobDicker writes "Wired News reports Symantec is pressuring the ISP that hosts the Peacefire anti-censorware organization." Peacefire's founder, Bennett Haselton, wrote a decryptor for Symantec's software's blacklist and posted just that. His tests found that 76% of its .edu blocks were incorrect and that the software violates its privacy policy. Symantec's response? Threaten a lawsuit. But Peacefire isn't backing down. More below...

Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.

The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.

While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)

So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).

Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.

You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.

The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.

Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.

And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."

KnobDicker writes "Wired News reports Symantec is pressuring the ISP that hosts the Peacefire anti-censorware organization." Peacefire's founder, Bennett Haselton, wrote a decryptor for Symantec's software's blacklist and posted just that. His tests found that 76% of its .edu blocks were incorrect and that the software violates its privacy policy. Symantec's response? Threaten a lawsuit. But Peacefire isn't backing down. More below...

Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.

The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.

While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)

So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).

Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.

You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.

The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.

Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.

And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."

KnobDicker writes "Wired News reports Symantec is pressuring the ISP that hosts the Peacefire anti-censorware organization." Peacefire's founder, Bennett Haselton, wrote a decryptor for Symantec's software's blacklist and posted just that. His tests found that 76% of its .edu blocks were incorrect and that the software violates its privacy policy. Symantec's response? Threaten a lawsuit. But Peacefire isn't backing down. More below...

Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.

The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.

While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)

So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).

Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.

You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.

The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.

Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.

And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."

KnobDicker writes "Wired News reports Symantec is pressuring the ISP that hosts the Peacefire anti-censorware organization." Peacefire's founder, Bennett Haselton, wrote a decryptor for Symantec's software's blacklist and posted just that. His tests found that 76% of its .edu blocks were incorrect and that the software violates its privacy policy. Symantec's response? Threaten a lawsuit. But Peacefire isn't backing down. More below...

Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.

The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.

While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)

So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).

Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.

You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.

The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.

Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.

And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."