Slashdot Mirror

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

Last month I shared with you some news about the pressure to install blocking software on the Holland library's Internet terminals. I promised to dive into the trenches of the struggle, and report occasionally to Slashdot on what was happening. There's been a lot to report, but more to do. Over the next two weeks I'll catch you up on what's been happening. Today, a peek into the heart of the matter: an open letter to the local Family Research Council, on the flaws of their favorite software. Click for more.

Last Wednesday, the library board opened up its auditorium for two and a half hours for three presentations on blocking software. The local branch of the FRC went first and put SurfWatch through its paces. They showed an unfiltered Internet on the left, SurfWatch on the right, and demonstrated how a search on "breast cancer" was successfully not blocked. Then they put child pornography on the wall of the library auditorium, demonstrating what SurfWatch would block.

For my presentation, I had brought a computer, but asked them if they would mind my demonstrating the software's flaws on their own laptop, to show I had not misconfigured anything. They agreed.

I spent much of my presentation talking about the size of the Internet and why most blocking was done by robots. Then I spent several minutes just listing some of the sites found blocked in some of our earlier studies at the Censorware Project.

Then I turned to the keyboard to illustrate some bad blocks. I ran out of time before getting to most of them. Some I did show but so quickly that many of those watching may not have realized what was going on.

Afterwards, Kimberley Fraser, who gave the Family Research Council presentation, asked me about some of what I'd said. I ended up asking her if I could respond to her in the form of an open letter. She agreed.

Below is that letter.

Dear Ms. Fraser,

As you know, at Herrick District Library last Wednesday night, your group gave a demonstration of SurfWatch's successes and then I showed some of its failures. I went through these failures rather quickly and didn't give the audience much of a chance to see the details of what I was doing.

You asked afterwards if I could provide verification of some of these points of failure, and I am delighted to do so.

First of all, regarding the colossal list of wrongly-blocked sites that I spent so much of my presentation reading, please consult our Web site. These wrong blocks were found in our reports on five other popular blocking packages: X-Stop, Cyber Patrol, WebSENSE, X-Stop again, SmartFilter, and Bess. You will find these reports at http://censorware.org/reports/.

There was some confusion in the question-and-answer period about whether these wrongly-blocked sites were also blocked by SurfWatch. Surely not all, and I have no reason to believe very many of them, are still blocked by SurfWatch or any other software. As I explained, when wrong blocks are publicized, they are usually unblocked quickly to minimize bad press.

Now, regarding the errors of SurfWatch itself. Note that some of its past errors are cataloged at http://peacefire.org/censorware/SurfWatch/. I am not sure whether I found time to describe those erroneous blocks or not.

In any case, here is information that hadn't been reported before. The following are all sites which I had prepared for Wednesday night, not all of which I was able to demonstrate. Please consult with your technical staff and confirm that each of these URLs and searches is wrongly blocked using the same category ("Sex") that you use in your tests and that you would recommend for public libraries.

http://www.gaydaze.com/sstory/curfantasy.html
"Daisies for my Wife," by Harold Roppers, a science fiction short story.

http://censorware.org/essays/sex_lies_jt.html
"Sex, Lies, and Censorware," an essay by my colleague Jim Tyre that is critical of SurfWatch.

http://intertain.com/store/browse.html
The bookstore at Intertain.com. Starting from that Web page, click "Browse," then "Love, Sex and Marriage." All categories of books on that page, 600 books total, are blocked, including books on domestic violence, natural childbirth, and African-American families.

http://www.wap.org/ifaq/sex/marriage.html
"Marriage." A humorous look at marriage through the eyes of children.

http://netdetours.com/archive/sex.html
"Sex and Politics: A historical look at affairs of state." A comparison of the Clinton sex scandal to scandals of other historical figures.

http://www.wwf.org/galapagos/booby.htm
The World Wildlife Foundation maintains information about the animals found on the Galapagos islands. SurfWatch refuses to let us read about the Blue-Footed Booby.

Searches on the following phrases are blocked, on (almost) any search engine:

safe oral sex
testicle cancer
sexually abstain
abstain from sex
sexual abstinence
no sex
Sex, Laws and Cyberspace (book title)
Smart Sex (book title, safe sex guide)
Voyeurism in the French Novel (book title)
Save Sex (title of both book and FRC poster campaign)

http://www.nytimes.com/library/arts/013000tv-voyeurism.html
"Television's New Voyeurism Pictures Real-Life Intimacy." The New York Times looks at shows like "Who Wants To Be a Millionaire." (In the question-and-answer period, one gentleman suggested that this page was blocked for a suggestive photo that appeared in the print edition of the Times. Please confirm that the Web page has no photo.)

http://www.rainbow.ch/chribru/chris/odonnell.htm
A Chris O'Donnell fan page.

http://www.geocities.com/HotSprings/Spa/6834/
"Alternative Healing Resources: A Reference Guide for Balancing Your Mind, Body, and Spirit."

http://www.lesbigay.com/equal_rights/equality.html
"The Equality Project: Dedicated to promoting education and acceptance of all genders, sexualities, races, and religions."

http://www.magiccarpet.com/%7ecgrafe/diamondgallery/
"Diamond Gallery Sports Cards." Baseball and football cards for sale or trade.

http://dir.yahoo.com/Society_and_Culture/Crime/Crimes/Sex_Crimes/Child_Pornography/
Four of the thirteen anti-child pornography sites listed on Yahoo are blocked. "All Against Child Pornography," "Anti Pedophile Network", "Adult Sites Against Child Pornography," and "Defence for Children International."

http://cnn.com/starr.report/
The Starr Report, in every place it appears on the Internet (this URL is just one example).

http://afa.net/Pornography/pornography.html
And finally, the American Family Association, which launched the pro-blocking-software initiative in Holland, is blocked.

I believe your technical staff will confirm what I have found to be true: that all of these are blocked as pornography by your software. Please let me know what your team says. Thank you.

Jamie McCarthy
jamie@slashdot.org

You think your community is conservative? Holland, Michigan, home of the Slashdot Geek Compound, is a conservative community. "Y2K," according to yard signs on my way to last night's library meeting, stands for "Yes 2 King Jesus." Supposedly the city has gone to every Republican presidential candidate but one (Abraham Lincoln). Now the American Family Association has brought mandatory library censorware to a vote on Feb.22, and the measure's opponents have a tough six weeks ahead of them. This is the first time the battle over library filters has come near my community, and my first close look at the grass roots of a First Amendment struggle. Click for more.

The conservative community isn't the only reason that the AFA has chosen the Holland area, in my home state, to be one of its important fronts in the library blocking-software war.

There is an unusual law in the city of Holland that allows any measure to be brought to a ballot vote by petition. This is good in that it brings democracy directly to the people. Unfortunately, if a couple thousand people signed a petition demanding that the mayor must part Lake Michigan or forfeit his salary, that issue would go on the ballot. Democracy doesn't always make sense.

You may have seen press about the Republication presidential candidates campaigning in our fair state. This is because our governor pushed the primary ahead this year, so that we are now one of the first states to cast a ballot for the nominees. Registered Republicans will be going to the polls on Feb.22 to decide which candidate they like best.

Registered Democrats don't get to vote on GOP candidates and largely don't care. But in the city of Holland, thanks to a last-minute petition drive spearheaded by the AFA, there will be one additional issue on the ballot: mandatory blocking software in the city library.

Ironically, the surrounding townships help pay for the same library, but because the petition-to-ballot law applies only in the city, they won't be voting on how their money will be spent.

Holland Republicans, already at the polls to nominate a candidate, will merely have to check one more box. Holland Democrats, assuming for the sake of argument that they exist, will first have to learn that they can vote on Feb.22, and then take the trouble to drive down to the polls for the sole purpose of, as the AFA will surely characterize it, forcing children to look at pornography.

Not that it's quite that simple - the issue surely doesn't break precisely across party lines - but: Ouch! Putting the issue on the ballot on the same day as the Republican primary was a brilliant strategic move. If this is what local politics are all about, maybe I'm glad I haven't gotten involved before.

But if last night's meeting at the library is any indicator, it's not over yet.

The meeting was sponsored by Families for Internet Access, a small Holland group working to oppose library blocking software. Roughly 200 people showed up in the basement of the library to discuss the issue, including at least three Slashdot readers. The large majority were clearly opposed to filters. Luckily, the minority was vocal enough that at least some of their views could be heard, so it wasn't too one-sided.

Don Wildmon, president of the Tupelo, Mississippi-based AFA, says "a community's taxpayers own the local library," and it's going to be interesting to see if that's true. The Holland library has had few problems with inappropriate material to date. The computers in the children's section are not on the net. The internet terminals in the adult section are clustered closely in a well-lit area; patron sessions are limited to 30minutes once per day, and library staff walk through the area frequently to enforce this rule. Even with access restricted to brief sessions, there is almost always a line waiting to use the next computer.

In the four years they've offered internet access, there have been a total of six incidents where a patron had to be removed for causing a disturbance. Of these, only one involved viewing of inappropriate material (it was unclear whether or not this was pornography). To put this in perspective, there were 26,000 patrons who used the internet last year alone.

It seems a bustling, crowded public area in a public library, in front of a big window facing a busy street, is not an environment where people commonly go to look at porn. Imagine that. As one of last night's presenters said, "there is an effective filter in place already, and that is the good people of Holland." It seems clear that censorware is a solution in search of a problem - at least in this community.

But the AFA knows how to look for a problem. The pamphlet that they circulate on library "safety" suggests some ways to determine whether a library has "come under the influence of the American Library Association." The "citizen activist" is urged to "use these helps to learn if your library is a community friend or foe":

"Inquire if your library ... celebrates ALA's 'Banned Books Week.'"

"Search for classic scholarly books. A healthy selection should be available. Suggested titles... Principia Mathematica by Sir Issac Newton." [sic]

"On your library's computer, go to www.yahoo.com or any of the popular Internet search engines. In the search field enter the following: XXX,hardcore,nude"

Are those really the best ways to determine whether a library has a problem with pornography?

Incidentally, I've not gotten confirmation, but the rumor is that the local AFA will be recommending SurfWatch as their filter of choice. In which case, that last suggestion is an interesting one. I purchased and installed SurfWatch on my home computer this weekend, and it blocks me from accessing Yahoo. I still can't figure that out, considering the company that sells it partners with Yahoo.

The AFA has also been claiming support from Sen. John McCain (R-Ariz.). But at Monday night's meeting, he said he can't specifically support the local initiative because he doesn't know what it's all about. In fact, when the AFA's position was described to him, he interrupted to ask what "AFA" stood for.

In the end, it may not matter whether the problem of inappropriate library material exists or is manufactured. The AFA also recommends that its activists "take [their] concerns through the library chain of command," but in Holland, they refused to meet with the library and went straight to the ballot instead. The voters will decide whether censorware gets installed, and the public's chance to learn about the issues may be limited at best.

In the next six weeks I hope to get a "view from the trenches" of Holland's First Amendment struggle, and to bring it to Slashdot. I'll make no bones about the position I take on the issue. I'll try to focus less on why blocking software is a bad idea in libraries - I'll leave it to other websites to explain that - and more on how the memeticwarfare ^[*] is being conducted. I'll be reading all your comments. Check the YRO section, too, for updates not quite important enough for the Slashdot homepage.

Because this month, mandatory library censorware is a hot topic in Holland. Next month, it may be in my home town. And the month after that - yours.

Senator and GOP presidential frontrunner of the week John McCain (R-Ariz.) gave a little talk this afternoon practically in the Geek Compound's back yard. Billed by a local group as a town meeting on censorware, with handouts on "Internet porn filters" passed around beforehand, this roving reporter was dying to find out what would be said. Click for more...

"The internet is going to provide knowledge, information and freedom to people all over the world." - Sen. John McCain

The world-famous Geek Compound is located in Ottawa County, Michigan, not exactly known as a hotbed of controversy and intrigue. But for whatever reason, we are now one of the areas whose libraries are being targeted by would-be censors. Uncaring of a federal court decision declaring censorware in public libraries unconstitutional, the American Family Association and other "pro-family" groups have declared the area a battleground. A small library in a small nearby town has become the first in our fair state to install mandatory censorware on all its internet terminals. And now, the home of Slashdot itself, Holland, is being pressured to do the same at its public library.

Politics is of course a war of ideas, and in any war there is the inevitable arms race. Sen. McCain was possibly the first to bring the issue directly to the Congress, with his S.97 introduced a year ago. But Elizabeth Dole was the first to make the subject a campaign issue, as is illustrated by the pro-censorware pamphlet:

"...libraries should install computer software that blocks access to pornographic sites on the Internet...the measure also should apply to computers used by adults." - ABC NEWS, June 28, 1999

After Dole dropped out, the issue languished for a while until, in a campaign hard-pressed for issues of substance, it was revived. Steve Forbes is quoted:

"I proudly support AFA-Michigan and the citizens of Holland in seeking a reasonable, common sense standard to what children have the opportunity to view in a public library." - Dec. 20, 1999

And McCain's latest quote came while stumping in South Carolina:

"Every school and library should be required to buy filters...to keep out materials that are not suitable for children the same way in which the library board filters printed materials for the library." - Dec. 22, 1999

It's a no-lose issue for politicians. In the race to see who can come out more in favor of children, facts get left by the side of the road.

Here's the strange thing: this open forum meeting, which the AFA hoped would be about internet porn, ended up being about everything except internet porn. McCain spoke briefly, and only for a few minutes did he discuss blocking technology. In the lengthy question-and-answer period, there were only two questions about censorware. One of them was mine, and neither was in support of his position.

My question was about blocking software and openness. I stopped short of grabbing the mike and shouting "open-source the censors!" but that was the general idea.

One of the major concerns that free-speech advocates have about censorware is that its blacklists, or blocking lists, are hidden. The list of URLs and such that are actually blocked by their software is protected by copyright law and by encryption.

It's an end-run around the First Amendment. The government could never step into a library and censor information from the National Academy of Clinical Biochemistry. Or GayDaze, a non-pornographic online soap opera about gay men and a lesbian. Or any of the thousands of unfairly blocked sites that have been uncovered.

The end-run is to allow an unaccountable third party to put these blocks in place - hidden - and then for the government to mandate their use.

I briefly set up this paradox for Sen. McCain and then asked: "Do you believe that software installed in public schools and libraries should be open to public scrutiny?"

I didn't set it up quite as well as I just have; I figured that since he was the sponsor of S.97, "a bill to require the installation and use by schools and libraries of a technology for filtering or blocking," he might quickly grasp my point. But he didn't appear to be familiar with the fact that the blacklists are encrypted, and answered a different question.

But when I rephrased the question, his answer was that he "would strongly advocate full disclosure."

If the Senator - or anyone else in a policymaking position - is reading this, I would follow that up by saying:

Great!

But the software we're talking about doesn't do this. There is only one commercial package on the market that has an open blacklist. It is not popular and is almost never given as a preferred option for libraries and schools. The software that the AFA wants to install in Holland's libraries has a carefully-encrypted blacklist.

It's only because of the (arguably illegal) efforts of muckrakers that we know anything at all about this software. The AFA, Filtering Facts, and other pro-censorware groups endorsed a product called X-Stop in August 1997. Family Friendly Libraries called it "technology that will block ALL porn sights and ONLY porn sights" [sic], and rejoiced that a technology had "achieved 100% success." But their encrypted blacklist was decrypted and exposed shortly thereafter. Unsurprisingly, the product did not live up to its marketing hyperbole. In October 1997, the endorsements shriveled and disappeared as quickly as they'd come.

The product was the same. Only our knowledge about it had changed.

McCain calls for "community standards" to be applied to each public library. But no censorware offers checkboxes for "rural Kansas" vs. "New York City" blocking. They are all one-size-fits-all. And because we can't look under the hood, nobody has any idea what size that is.

If we're going to use third parties to censor our public libraries, let's make sure they let us see what they're doing.

That's what I would have said to the Senator if I'd had a microphone of my own.

Finally, I have to say that I was impressed by the student in the balcony, a high-school student at my guess, who - after listening to the standard recap of Columbine and the standard attack on the media for giving the murderers Doom and the internet - stood up to state his case. He said that he looked at how the Columbine murderers were being described by the media and by McCain, and the description sounded a lot like himself. He played violent video games and spent time on the internet and he wasn't afraid to say so. That took guts.

McCain's plan for kids like this is twofold: first, to fund a study of "very intelligent people" to determine once and for all whether there is a link between media violence and real violence. And second, to protect parents' rights: "your parents need to know what you're doing on the internet," he told the high-school student, so that they could all sit down as a family and discuss whether it was appropriate.

I hope that kid knows about Peacefire.

Tonight, there will be a meeting on censorware at the Holland library which we hope will include both sides of this issue. Watch for a report tomorrow.

[An unfinished version of this story was accidentally posted Monday evening, and several Slashdot reader comments were lost. I apologize for the mistake. -Jamie]

Senator and GOP presidential frontrunner of the week John McCain (R-Ariz.) gave a little talk this afternoon practically in the Geek Compound's back yard. Billed by a local group as a town meeting on censorware, with handouts on "Internet porn filters" passed around beforehand, this roving reporter was dying to find out what would be said. Click for more...

"The internet is going to provide knowledge, information and freedom to people all over the world." - Sen. John McCain

The world-famous Geek Compound is located in Ottawa County, Michigan, not exactly known as a hotbed of controversy and intrigue. But for whatever reason, we are now one of the areas whose libraries are being targeted by would-be censors. Uncaring of a federal court decision declaring censorware in public libraries unconstitutional, the American Family Association and other "pro-family" groups have declared the area a battleground. A small library in a small nearby town has become the first in our fair state to install mandatory censorware on all its internet terminals. And now, the home of Slashdot itself, Holland, is being pressured to do the same at its public library.

Politics is of course a war of ideas, and in any war there is the inevitable arms race. Sen. McCain was possibly the first to bring the issue directly to the Congress, with his S.97 introduced a year ago. But Elizabeth Dole was the first to make the subject a campaign issue, as is illustrated by the pro-censorware pamphlet:

"...libraries should install computer software that blocks access to pornographic sites on the Internet...the measure also should apply to computers used by adults." - ABC NEWS, June 28, 1999

After Dole dropped out, the issue languished for a while until, in a campaign hard-pressed for issues of substance, it was revived. Steve Forbes is quoted:

"I proudly support AFA-Michigan and the citizens of Holland in seeking a reasonable, common sense standard to what children have the opportunity to view in a public library." - Dec. 20, 1999

And McCain's latest quote came while stumping in South Carolina:

"Every school and library should be required to buy filters...to keep out materials that are not suitable for children the same way in which the library board filters printed materials for the library." - Dec. 22, 1999

It's a no-lose issue for politicians. In the race to see who can come out more in favor of children, facts get left by the side of the road.

Here's the strange thing: this open forum meeting, which the AFA hoped would be about internet porn, ended up being about everything except internet porn. McCain spoke briefly, and only for a few minutes did he discuss blocking technology. In the lengthy question-and-answer period, there were only two questions about censorware. One of them was mine, and neither was in support of his position.

My question was about blocking software and openness. I stopped short of grabbing the mike and shouting "open-source the censors!" but that was the general idea.

One of the major concerns that free-speech advocates have about censorware is that its blacklists, or blocking lists, are hidden. The list of URLs and such that are actually blocked by their software is protected by copyright law and by encryption.

It's an end-run around the First Amendment. The government could never step into a library and censor information from the National Academy of Clinical Biochemistry. Or GayDaze, a non-pornographic online soap opera about gay men and a lesbian. Or any of the thousands of unfairly blocked sites that have been uncovered.

The end-run is to allow an unaccountable third party to put these blocks in place - hidden - and then for the government to mandate their use.

I briefly set up this paradox for Sen. McCain and then asked: "Do you believe that software installed in public schools and libraries should be open to public scrutiny?"

I didn't set it up quite as well as I just have; I figured that since he was the sponsor of S.97, "a bill to require the installation and use by schools and libraries of a technology for filtering or blocking," he might quickly grasp my point. But he didn't appear to be familiar with the fact that the blacklists are encrypted, and answered a different question.

But when I rephrased the question, his answer was that he "would strongly advocate full disclosure."

If the Senator - or anyone else in a policymaking position - is reading this, I would follow that up by saying:

Great!

But the software we're talking about doesn't do this. There is only one commercial package on the market that has an open blacklist. It is not popular and is almost never given as a preferred option for libraries and schools. The software that the AFA wants to install in Holland's libraries has a carefully-encrypted blacklist.

It's only because of the (arguably illegal) efforts of muckrakers that we know anything at all about this software. The AFA, Filtering Facts, and other pro-censorware groups endorsed a product called X-Stop in August 1997. Family Friendly Libraries called it "technology that will block ALL porn sights and ONLY porn sights" [sic], and rejoiced that a technology had "achieved 100% success." But their encrypted blacklist was decrypted and exposed shortly thereafter. Unsurprisingly, the product did not live up to its marketing hyperbole. In October 1997, the endorsements shriveled and disappeared as quickly as they'd come.

The product was the same. Only our knowledge about it had changed.

McCain calls for "community standards" to be applied to each public library. But no censorware offers checkboxes for "rural Kansas" vs. "New York City" blocking. They are all one-size-fits-all. And because we can't look under the hood, nobody has any idea what size that is.

If we're going to use third parties to censor our public libraries, let's make sure they let us see what they're doing.

That's what I would have said to the Senator if I'd had a microphone of my own.

Finally, I have to say that I was impressed by the student in the balcony, a high-school student at my guess, who - after listening to the standard recap of Columbine and the standard attack on the media for giving the murderers Doom and the internet - stood up to state his case. He said that he looked at how the Columbine murderers were being described by the media and by McCain, and the description sounded a lot like himself. He played violent video games and spent time on the internet and he wasn't afraid to say so. That took guts.

McCain's plan for kids like this is twofold: first, to fund a study of "very intelligent people" to determine once and for all whether there is a link between media violence and real violence. And second, to protect parents' rights: "your parents need to know what you're doing on the internet," he told the high-school student, so that they could all sit down as a family and discuss whether it was appropriate.

I hope that kid knows about Peacefire.

Tonight, there will be a meeting on censorware at the Holland library which we hope will include both sides of this issue. Watch for a report tomorrow.

[An unfinished version of this story was accidentally posted Monday evening, and several Slashdot reader comments were lost. I apologize for the mistake. -Jamie]

Our interview guests this week are American Jim Tyre and Australian Irene Graham. Both are long-time, well-known online free speech and anti-censorware activists; links from Monday's call for questions can tell you all about them. Anyway, here are their answers to your questions. They'll tell you everything you ever wanted to know about censorware and why it's not a good thing. There are also a lot of good tips about online and political activism in general contained in their answers; you may want to read this to pick up on those even if censorware and free speech aren't your personal "hot button" issues. (mucho more below)

1) Censorship: problem or symptom?
by Signal 11
I believe censorship is a result of various groups / countries wanting to protect their cultural identity (which includes their social taboos). The second thing I want to put forward is the fact that the internet is a culture-neutral medium - it breaks down the traditional geographical barriers that seperate us from other countries. Witness cultural exchange programs, founded under the premise that communication == exchange of ideas. That generally promotes a "blending effect" (for lack of a better description) between cultures.

My question is simple: in light of this, attacking censorware is only attacking the symptom, not the cause. What solutions do you believe are reasonable for accomodating the concerns of these groups? Going one step further, should they be accomodated?

Jim:
You're correct that censorware is only a symptom there is a reason why, for example, every year librarians and others "celebrate" Banned Books Week but I'm not certain that I agree with the premise that the Internet is a culture-neutral medium, particularly in the context of a censorship discussion.

To some cultures, whether national or here in the U.S., every advance in technology has been a threat. Planes, trains and automobiles have changed many cultures, and so has or will the Internet. In many nations, the Internet itself is a threat, which is why some try to keep it out completely, or to allow it only under highly controlled circumstances. A content-free Internet would be culturally neutral, but an Internet which includes hundreds of sites about The Satanic Verses can hardly be considered neutral to many in Tehran or Islamabad.

In the context of the Internet, any attempt to accommodate a particular group is fraught with danger. (Some) parents were concerned with what their kids might be exposed to, so censorware was developed for home use. But the moralists were not satisfied, so laws like the CDA were enacted. When it was struck down, in part because censorware was touted as a less restrictive alternative, legislators pounced and introduced legislation (still pending) requiring the use of censorware in certain schools and libraries, not just for children, but for adults as well. And of course, as discussed in YRO, there are renewed multinational efforts to revitalize and impose PICS.

History has shown that it is a fundamental mistake to believe that censors can be accommodated. If one wants to preserve a cultural identity, the way to do it is to inculcate the positive values of that identity, not to pretend that other cultures do not exist.

2) What can we do?
by Ex-NT-User
It seems the majority of governments that are instituting censorship legislation are doing this "behind their populations backs". And certainly without majority support of the people they govern over. Mailing/calling our representatives doesn't seem to help much since they just blow us off for special interest groups.

So what can we as individuals do prevent this? What other avenues can we take?

Irene:
I think one of the problems is that many politicians see the people on the Net as being a special interest group, so which special interest group should they listen to? Some politicians, for example, claim that people on the Net don't care about protecting children - you'd think no-one on the Net had kids if you didn't know better.

The problem of changing such perceptions is exacerbated by the tendency of people on the Net to do anything they can by email and not being willing to devote a little time to understanding the political processes involved.

So there's not just a question of what individuals can do, but what they shouldn't do. Here's some examples to explain what I mean from the recent anti-censorship campaign in Australia...

Some people set up email lists to automatically send the same message to all Australian politicians - it sounded like a great idea and heaps of well-intentioned people used these. The problem was, apparently, that many people sent rude, abusive emails. This is not the way to get one's point across and encourages the view that people on the Net are different from "ordinary" people. At the same time, the politicians who were already opposing the Bill received messages abusing them. Unfortunately, this encourages them to say "why bother?" - why shouldn't they support the pro-censorship lobby who quite likely aren't rude and say thank you?

During the campaign here, I rang the offices of my "representatives" who happened to be members of the opposition party just to say thanks for opposing the Bill. The staffers who answered the phone practically fell over themselves thanking me for bothering to call - they were so, so tired of the abusive emails and calls from people who hadn't even bothered to check what their policy was.

At one stage in the campaign here, it was reported that filter rules had been added to the Parliamentary email system, to give politicians the option of filtering anything about the Net censorship Bill into a separate folder. They were receiving too much email, which was interfering, apparently, with their ability to find email on other topics.

Another issue is that computers make it arguably too easy to just copy and paste texts that the cyber-liberties groups issue as suggestions, or that someone else has written. Standard texts are generally given little credence by politicians - they see it as just part of a campaign, too easy, from someone who doesn't care enough to bother writing their own views.

As well, there's the problem that many people don't even know what's going on. They don't read the newspapers regularly, certainly not the IT sections, and in Australia the TV news didn't mention the Bill until -after- the Senate approved it. Talk to people "in the streets" and you're likely to find even though they're not on the Net yet, they comprehend well enough to know the proposed legislation is silly, but hadn't heard about it. The spam problem has also made it quite difficult to get alerts out to a large portion of the Net community - those who don't subscribe to anti-censorshiop news/mail lists but who would be horrified to know what's happening in the halls of Parliaments.

So I think there's probably more don'ts than dos:

• discourage people from bulk emailing politicians,
• Discourage use of standard texts - and spend time writing in your own words,
• write snail mail or send faxes or phone up - in that order - don't email,
• ask for an opportunity to meet to discuss the matter - you've more chance of succeeding with this if your letter makes clear that you can provide useful information and are capable of rational, not emotional, discussion,
• find out what your representatives' views are before you contact them, or ask, or say something like "if you believe .... then....", don't assume what they know or think,
  
• respond to government inquiries, Senate Committee inquiries and the like. Don't leave this just to organisations and don't just write saying basically "I agree with [insert cyber-liberties group name]'s submission". Regrettably, this immediately marks you as just part of a "special interest" group,
• send thank you letters, or call to say thanks, when appropriate,
• talk to people off the Net about the Net - this is really important in terms of offsetting the power of the traditional media and the scare stories they love to distribute,
• write to newspaper/magazine editors etc when you see Net scare stories, and also write to them about why sensible stories are relegated to IT section (this happens in Australia more often than not, where they're mostly only seen by the already converted),
• read up on how to lobby politicians - there are books about this as well as Net resources such as:

Aust: http://www.zeta.org.au/~aldis/lobby.html
USA: http://www.neosoft.com/vtw/cda-lobby.html

Another idea is the "Adopt a Politician" efforts that have been undertaken in some areas. Individuals offer to help a politician learn about a particular Net issue - or the Net in general - before the next round of silly legislation hits their desk. Of course, not all politicians want to learn, but some do.

And:

"Never doubt that a small group of thoughtful, committed people can change the world. Indeed, it is the only thing that ever has." - Margaret Mead.

3) Free speech in other countries
by /
As more countries' citizens get exposed to the internet and to the ideas of unbridled free expression, do you see further local pushes to enshrine free-speech protections in their charters or constitutions? Or do you see technology being harnessed to keep the masses in check as it has or millennia?

Irene:
I'd like to think the former, but I fear the latter's more likely.

Speaking from an Australian perspective, I think mere access to the Net has changed a lot of peoples' views about the supposed merits of censorship. When people see the potential for being jailed for saying something on a mailing list that they can say without fear off-line, what censorship is suddenly looks entirely different. No longer is it something that only applies to film distributors, publishers and the like.

Knowledge that people in other countries aren't subject to the same level of censorship can certainly encourage and bolster opposition to it. We had a case, http://rene.efa.org.au/censor/rabelais.html, in Australia recently where the student editors of a university journal were prosecuted for publishing an article called "The Art of Shoplifting". The judge said something like "nowhere in the world" would they be allowed to publish it. Someone on the Net knew that wasn't correct and drew relevant information to the defence team's attention which helped in their decision to appeal. Although they lost the appeal, a lot of attention was drawn to the case, surprisingly even in the traditional media - it seemed everyone was opposed to the prosecution. Eventually the prosecution dropped the charges. The law's still in place, but maybe the politicians etc who called for the students' scalps so to speak will think twice in future. I think the Net made a difference in this case in several ways - easier access to relevant information and knowledgeable people overseas and as a medium for communicating what was happening.

In short, it's becoming much more difficult for governments to justify their policies by saying "nowhere in the world" etc because ordinary individuals can more easily find out it isn't true. Not only that, they can read about, and discuss, why other countries have different policies and make up their own minds about what's best.

That is, of course, frightening to governments, so there's undoubtedly a severe risk of "technology being harnessed to keep the masses in check as it has for millennia". Many people saying no to censorship is the only thing that's even likely to stop it happening.

The question is, who'll win the race? Censorware developers claiming to have the "perfect" censorware seeking government contracts and/or industry contracts "encouraged" by government? Or increasing numbers of people on the Net getting informed and deciding to make their views known to politicians?

The "Internet industry's" reaction to government demands for censorship can also present problems as we're seeing in Australia right now. Government enacts legislation saying ISPs must block sites on government demand or face large fines. The Internet Industry Association (IIA) comes up with a way around the technical problems for them, that will make their life easier. IIA represents 60 of the some 700 ISPs in Australia but their recently approved Code of Practice for ISPs is now effectively law applicable to all ISPs.

The IIA Code requires that ISPs "provide for use, at a charge determined by the ISP, an Approved Filter" to each customer. So we're going to have users paying for censorware whether they want it or not. The IIA says that some ISPs will provide it for free, but the censorware vendors obviously won't give it to ISPs free. Even if the ISPs don't charge for it separately, they'll include the cost in Net access fees. There's no requirement for ISPs to offer users their choice of censorware, or provide any warnings as to the shortcomings of the filter, yet IIA claims this forced provision of censorware "empowers" the user.

Although users don't have to install or use the censorware, there's several potential censorship problems and I'll mention just one here.

ISPs complain about "clueless" requests for technical help from users. I've no doubt they do get such calls and that they take up a lot of their time. But what will happen when they start getting calls from those people who want to install the censorware (I assume there'll be some) but who have problems doing so? It will be an extremely undesirable outcome of the law if the ISPs incorporate censorware in their registration process/disk so it's automatically installed on a user's computers with the defaults set to block=on. Many people won't want to use censorware and a lot of these programs are very difficult to uninstall. Will ISPs themselves know how to do that, or give any sort of priority to customers trying to get rid of something the government requires the ISPs to provide? Will the censorware block access to the few (if any) web pages around that explain how to remove it? This scenario may not happen, but it's certainly possible some ISPs could do this. As it is, many people don't know the questions they should ask before opening an account with an ISP and this Code seems likely to make the problem worse for unknowledgeable people.

The Australian government has, for the moment anyway, dropped its requirement that ISPs block overseas content at the server level, probably because of a combination of massive public opposition and the industry etc pointing out that it's not "technically and commercially feasible" at present. Some of the censorware vendors tell the government it is and/or soon will be. Government mandated provision of censorware to every Australian Internet user will certainly place a great deal of extra money in the pockets of censorware suppliers - money that may well be used for developing censorware more suitable for installation on ISPs servers or backbones. I don't think the threat of censorship facilitated by technology is over in Australia yet, it may just be on hold. The Code of Practice ISPs have to comply with by law can be changed quite easily.

So, looking at the Australian experience for example, it's difficult to say whether access to the Net will lead to further local pushes to enshrine free-speech protections in law, or whether technology will be harnessed to keep the masses in check. There are numerous governments far more repressive than Australia's and technology being harnessed is obviously more of a threat in countries that don't claim to be democratic. One thing I am sure of is that anyone who promotes the development of censorware as a means of staving of government censorship either has rocks in their head, or doesn't know how repressive some governments can be. If you build tools that facilitate censorship, some governments will use them.

4) A proposal
by dclydew
It is obvious that "censorware" is a fatally flawed tool. Using technical solutions for social issues doesn't work. However, it's also clear that many parents don't want a T-1 full of porn available to their child every Monday through Friday. So I'd like feedback on the following proposal:

In areas where minors have access to public internet services (school/libraries), they would be given an account. This account would be accessible via a smart "library" card. The account is identified by account# only. These account#'s are logged along with sites that are visited by minor. At the request of a parent/gaurdian, a report can be generated so that they can determine if their child is acting within the acceptable boundaries set by the family unit. No one else would be permitted to use this reporting tool. This takes censorship out of the hands of everyone except the people legally responsible for the minor.

I belive that this approach removes all unnecessary layers of argument and leaves us with one question:

Should anyone (parents/gaurdians included) have the right to control what their child sees/hears/views for entertainment/etc. ?

This question obviously has a precedence: Children under 18 are not permitted to purchase pornography, tobacco, etc. However, a parent could permit their child to have such things. Perhaps by purchasing the items for the minor.

Please give me your thoughts....

Jim:
To be honest, my first thought is Orwell's 1984, or perhaps even some of David Brin's writings. You've just made it legal for the government to keep tabs on every Internet site visited by every minor, so long as the minor is using a government machine (public schools and libraries are a part of the government). Those who know me know that I'm not ultra-paranoid about government, but giving this much data to the government frightens me. I recognize that your intent is that the data only be made available to the parent or legal guardian, but can you think of a meaningful guarantee that it can't be misused? As I write this, I can't. (I suppose a script could be written which would automatically encrypt the data only to the parent's PGP public key or similar, but I'm thinking in terms of what would work for the vast majority, not just a fairly small minority.)

Now suppose, hypothetically, that rock-solid guarantees could be made. Where, and how, do you draw the age line? The actual age of majority differs somewhat among the states, but let's assume it is 18. Should a 17 year old be scrutinized as closely as a 9 year old? What if the 9 year old is particularly mature, the 17 year old particularly immature? And by the way, some states grant far more independent rights to minors than do most states or the federal government. For example, in California and Florida, a first trimester pregnant 14 year old has exactly the same right to an abortion as does a first trimester pregnant 30 year old no parental consent or judicial approval is required. (The U.S. Constitution sets minimum standards for individual rights; the states can not drop below the federal minimums, but they can, and some do, recognize more rights as a matter of independent state law.) If a 14 year old California girl has a right to an abortion without parental consent, would you give the parent access to the log of abortion-related web sites the girl has visited?

Then one gets to discrimination based on medium. In most public libraries, an unattended 15 year old can pull any book he or she wants off the shelves and read it cover to cover without the parent ever knowing. Should the rules be different if the text of that same book happens to be on the Internet?

Parents have the right, perhaps even the duty, to raise their children as best they can, to try to instill in them a moral code, whatever that code might be. If the parents choose to home school, that is their right, but if the parents let their children go out into the world, as most do, they do so knowing full well that their children will see/hear/read/do things which the parents will never know about, hoping that the children's upbringing will serve them well. Why should exposure to the Internet be different from everything else to which the minor is exposed?

Incidentally, proposals like yours have been considered and rejected both by pro-censorship types and by anti-censorship types. The pros don't want anyone, and particularly not minors, to have access to certain kinds of information. The antis don't want government assisting restrictive parents. What the so-called silent majority would say is anyone's guess.

5) Rhetoric of anti-censorship
by H3lldr0p
What arguments have you used to try and persuade people that censorware is not an acceptable answer to whatever problem they are currently having with the world at large?

I ask for two reasons. I have been a fan of Bradbury for some time and will always suggest that everybody needs to read _Fahrenheit 451_, but I have also recently read Ken Burke's "Rhetoric of Hitler's 'Battle.'" He argues therein that _Mein Kamf_ should not be censored on the grounds that history might repeat itself if we are unaware of what has gone on before.

Jim:
As a preliminary note, I am not familiar with Burke's work, but absolutely I oppose censoring Mein Kampf, or any other work I find extremely distasteful. And I say this as a Jewish person who had a number of ancestors exterminated in the Holocaust.

What works? One thing I've learned in more than twenty years as a lawyer is that you have to tailor your approach, consistent with that which is verifiably true, to your intended audience, while (hopefully) adding in something new and unexpected. For example, in our early reports, we at The Censorware Project stressed what we sometimes call collateral damage or overblocking -- wrongful bans of innocuous and valuable sites. This emphasis worked fabulously in our early reports, such as our first report on X-Stop in October 1997. Not only did the usual suspects take notice, but groups such as Filtering Facts and Family Friendly Libraries, which previously had specifically endorsed X-Stop, abandoned it like rats fleeing a sinking ship.

But while the point remains as valid today as it was then, more people have heard it before and say, in effect, "tell me something new." So in our most recent report on Bess, done about five months ago, we did exactly that, in part because a major focus of Bess is schools instead of public libraries.

In K-12 schools, you would think that the primary focus would be on blocking hard core sex sites, so we opened some eyes when we reported, based on our tests of real proxies actually in use in a number of schools, that Bess did not block HardCoreSex.com, as well as lots of other porn sites, most of which were not new - and we did not spend a great deal of time searching extensively for unblocked porn sites. In other words, while showing plenty of examples of the usual overblocking, we added in the new (for our reports) element of meaningful underblocking, a more attention-getting point to those who don't care about overblocking, because "It's for the children."

Not coincidentally, our Bess report was released on the day of the IPO of N2H2, Inc., the company which makes Bess. The stock price plummeted on the first day, and continued to do so for a good long while after, though it has since rallied. Whether there was a cause and effect is an exercise I will leave to market analysts and Slashdot readers.

One point which has to be emphasized, particularly if addressing a new product: there is no magic bullet, nor will there be absent a quantum leap in artificial intelligence technology. Each new product, and even each new release of an existing product, comes to the market with an almost teflon-like quality, magically cleansed of the foibles of its predecessors, because so many want to believe that censorware can do what the vendors claim it can do. It isn't so.

6) How much is too much?
by zantispam
I for one dislike censorship in all of it's forms. However, does government demand it?

Let me explain a bit...

Ok, here in the US, we have a right to free speech. Conversely, we have no right to be heard. What this means is that it's theoretically ok for me to say "I think that Clinton is a green donkey!". It also means that no one has to hear what I just said. Whether it be a function of censorship, or just because most people think I'm nuts, my view has not been heard. Nowhere am I guaranteed this right.

The problem with this is that it makes censorchip `legal', in a way. The [insert favorite agency to pick on here] can choose not to grant my right to be heard, and that's (unjustly, IMHO) ok.

My question is: Does government, in any form, require censorship to function? Put another way, do we necessarily have to give up our right to be heard by choosing to live in any type of society? Put a third way, is the right to be heard equal to the right to privacy (unlawful search and siezure).

Jim:
An important distinction needs to be made here, and that is where you want to be heard. If you want me to hear you while I am in my private home, you can't barge into my home, uninvited, in order to make sure that I hear you. Similarly, if a parent chooses to use censorware on their home computer in an attempt to protect or isolate a child, you can't force your Internet speech onto that home computer.

But while "censorship" can be used with a broader meaning, your reference to a favorite agency leads me to believe that you are talking about censorship by the government. If that is the case, then your premise is largely incorrect. There is a substantial body of case law dealing with so-called public forums, and their offshoot, limited public forums. There are exceptions to every rule (I did say that I'm a lawyer, didn't I?), but generally speaking, if the government makes available a public forum, it can not deny your right to be heard based on the content of your speech, so long as the speech itself is not unlawful (shouting "fire" in a crowded theater is the usual example). A public library is not constitutionally required to offer any Internet connections at all, but if it does provide access, it cannot discriminate based on the desirability of the speech, particularly with adult listeners. As a private citizen, I can decide that I only want to "hear" comments on slashdot which are scored 3 or better, but the government cannot decide that for me.

Of course, while I may have a right to have my lawful Internet speech heard in a wired library, this does not mean that I have a right to equal time with cnn.com. If their site gets more views than mine, c'est la vie.

You might be able to tell that I've been struggling a bit with your question, and it just occurred why - you really aren't talking about censorship at all if, at long last, I'm getting the question. In the narrow sense, it is censorship if the government prevents or deters me from speaking or you from hearing me. In a broader sense, it is censorship if any third person (or software imposed by a third person) prevents or deters me from speaking or you from hearing me. But it is not censorship at all, using any common meaning of the word, if I decide, of my own volition, that I simply do not want to hear what you have to say. Contrary to what at least one person has written, censorware opponents do not want to force anyone to read that which they do not want to read. Sorting information, deciding what is important to us, what is not, is something we do constantly, on and off of the Internet.

That is entirely different from someone else, and particularly the government, blocking you from information which you do want to read.

7) censorship, apathy, and the general population
by Requiem
How can we attempt to show the general population that censorship is not a good thing? It seems that people accept the spoonfed excuse of "it's for your own good"; how can we get people to think critically about the situation and come to their own conclusions?

Irene:
I'm not at all sure that people do accept "it's for your own good". In my experience, people in favour of censorship are usually worried about the effect seeing or knowing something will have on _other_ people. They're usually quite confident of their own ability to critically analyse information and decide for themselves whether or not it's a good idea to act on it, and of their own ability to control their own children (usually anyway). It's what other people, or other people's children, will do that worries them.

Try reversing that - saying to such people that _other_ people approve of censorship because they're worried about that person's inability to cope with information and you could have quite an interesting conversation. This won't work with everyone, but it will make some people start to think about their assumptions.

The American Library Association's site contains some useful information about motivations for censorship and tactics.

One thing that can make people start to question the merits of censorship is to make them aware of what's censored. The problem with censorship is most people have no idea - they never see what's censored - so they assume it's really really bad stuff (whatever that is in their view).

The banning of the shoplifting article I mentioned earlier was quite useful in this regard in Australia. Although it was banned in print, someone put it on the Web. A lot of people who read it couldn't believe there were laws that could put people in jail for distributing it - they saw it as intended humour, satire (not the best literary work but all the same). The law was made to look more ridiculous when one of the judges included the whole article in his decision upholding the ban on it. The Court decision, including the article, was published on the Web.

The Net's very helpful in this regard. When, say, a film's banned or cut, one can usually find a detailed review of it, or people overseas talking about in newsgroups or wherever. Governments' claims that banning is necessary to protect society etc. sound very silly when it's known that the film was released uncut in numerous other countries and there's no reports of any harm being caused.

It only takes a few examples of what's banned outright, or cut from films, to make some people start questioning their previous certainty that "government knows best."

With regard to the people who believe studies have proven that viewing something causes violence or whatever, about the only thing you can do is to learn about the research and studies for yourself so you can speak knowledgeably and argue about it if necessary. A section of my web site contains useful information and links in this regard.

8) Legal question.
by Weezul
Frequently censorware seems to target anti-censorship (sites/people) as much as they target porn (this was especially a problem in Australia). What can be done about this?

Are there laws in the U.S. or Australia that would allow people who censor anti-censorship sites to be sued?

Irene:
I don't know of any Australian anti-censorship sites targeted by censorware. If you have details I'd be interested in hearing about it.

In Australia, it's doubtful such sites/people would have much redress other than defamation, and proof of damage would be difficult. Same applies to ordinary user sites. A business blocked by censorware could consider an action for defamation, or deceptive business practices under the Trade Practices Act.

Jim:
Targeting anti-censorship sites is a problem here in the U.S. as well (Irene has answered about Australia). The Censorware Project, Peacefire and The Ethical Spectacle are among many anti-censorship sites which have been banned at various times by the censorware makers. (Interestingly, pro-censorware/censorship sites such as Filtering Facts and The American Family Association have been blacklisted as well.)

There is no specific law which would allow the owner of a blocked anti-censorship site to sue the censorware maker. Censorship, in the legal sense, involves state action, but there is no state action involved in the mere fact that a censorware vendor has added an anti-censorship site to its blacklist. However, there are at least three instances in which the owner of a wrongfully blocked site might be able to sue a censorware vendor or user.

First, if the censorware is being used in a public institution such as a public library, the site owner may well have standing to sue the institution for blocking the constitutionally protected speech at the site. In the Loudoun County, Virginia Public Library lawsuit, the action was commenced by library patrons, but the ACLU intervened on behalf of content providers whose sites were blocked in the library. The Library Board tried to argue that the providers had no standing to intervene, but the Court disagreed.

Second, one needs to look at the blocking category being used to block the site. The ACLU, for example, has been blocked by some vendors under the category "activist" or similar. Certainly I don't condone such blacklisting, but the categorization is factually correct. On the other hand, suppose that the site is miscategorized by the censorware vendor as a porn site instead of an activist one. (If you think that is ludicrous, read a mini-essay I wrote earlier this year.) Some have posited that the censorware vendor might be liable for libel. I would not bring such an action I defend those sued for libel, regardless of whether I agree with their particular speech but I do expect that the owner of some site wrongfully blocked as a porn site will test the waters.

Third, under either federal law or the laws of various states, there may be a claim for consumer fraud or false and misleading advertising if the vendor bans sites under incorrect categories. Most of the vendors have wonderful sounding statements on their sites about how carefully they make their lists and check them twice, but virtually every serious investigation of censorware has shown such statements to be utterly false. In some states, a remedy under this theory may be available only to customers who purchased the censorware in reliance on the false representations, but in other states, such as mine (California), virtually any member of the public could bring such an action.

----------

Next week we have *two* interviews to celebrate the year's end: First, L0pht Heavy Industries, with answers Friday. And in a separate "bonus" interview post Monday we'll be collecting questions for Jon "Maddog" Hall about Linux in the next century; Jon's answers will run Saturday (for obvious symbolic reasons). Enjoy!

This week's interview topic might almost be called "Censorware: Threat or Menace." Our guests are both experienced anti-censorship activists; Jim Tyre is a founding member of the U.S.-based group , The Censorware Project and is also closely allied with Peacefire.org; Irene Graham is a Board Member of Electronic Frontiers Australia (EFA), an on-line civil liberties group (not related to EFF) who also maintains this site. Chosen questions will be forwarded to Jim and Irene Tuesday. Their answers will be posted Friday.

Trepidity informed us that the Senate unamimously passed a spending bill with the "CDA II" amendments attached to it. These would make allowing children to view "harmful" material a crime. The amendments would also require schools and libraries to install censorware on all computers accessible to minors. If the bill were to pass the House and be signed into law, the American Civil Liberties Union and Electronic Frontier Foundation have vowed to have it overturned like they did with the first CDA. Click below to read more... But the cool thing about this, is that it apparently contradicts WIPO. Now some of you may know that Einstein had great difficulties persuading his friend Goedel to swear that he would abide by the American constitution (necessary to become a US citizen) because it was logically inconsistent. If 2 contradictory laws are passed, are both invalidated? Or does it become a lawyer free-for-all?

All in all, both measures are quite amazing: WIPO can even render cookie managing software such as Junkbusters illegal, and CDA reduces the freedoms of those who cannot afford their own internet connection, instead of ensuring that children learn to think critically about what they encounter.