Slashdot Mirror
Schools, Filtering Companies Blocking Google SSL
An anonymous reader in the UK writes "Over the past several weeks we've discussed the rolling out of Google SSL search. Now an obstacle to the rollout has arisen, much to the frustration of school students and teachers alike. Content filter vendors have decided to block all Google SSL traffic — which also blocks access to Google Apps for Education. Google is working to appease these vendors. The questions at the heart of this situation are: Does a company (school, government) have a right to restrict SSL traffic so it can snoop your data, or does an individual have a right to encrypted Internet facilities? And, is the search data you create your data, or is it your employer's (school's)? IANAL but blocking SSL search seems at odds with the UK Data Protection Act, because some local governments here may be using the very same filtering service for their employees. It would also seem to go against the spirit of FIPS in the US (though I appreciate that federal standards are separate from schools in the States)."
SSL has always been tricky for those filtering appliances. If you deny it, you prevent things like legitimate credit card orders for, say, classroom supplies - or checking a bank account balance regarding a paycheck. If you allow it, kids/employees will just use one of the dozens of SSL proxy sites.
And the nature of SSL is it's pretty much all-or-none.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Uh... Yes, a company perfectly has that right. No, if you are using an employer/school-provided connection, you have no rights outside the conditions of access you agreed to when you accepted employment/enrollment. (As it relates to internet access, anyway.)
If you want "Free with a capital F" access, you need to get it yourself, not assume that someone else is going to provide it for you.
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
It's not about snooping as much as it is about being able to bypass the filtering function. The fact that a student could use the secure search to access www.porn.com[NSFW!] does not mean that the sysadmin is watching their every move online.
A school has a duty of care to students, part of this is monitoring their internet communication to ensure nothing is happening which could potentially be of harm to the student. Perhaps this is overkill for college students but it's definitely required for younger children.
It's their computers and their networks, so they can do whatever they want. Still, if you deny Google the right to encrypt on your network, Google still has the right to deny you any or all of their services. Teachers like to call that "natural consequences...
Screw the schools / filter companies. If the schools do not want free services, that's their choice.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
I hate to tell these schools how to turn into a police state, but if they really want to monitor Google SSL traffic, this is the right way to do it:
1. Install a trusted root certificate in all client browsers (they do control their client computers, right?)
2. Man in the middle all SSL traffic through a transparent proxy, which masquerades as Google SSL traffic and redirects from https://www.google.com/ to http://www.google.com./
Don't just block all SSL traffic. If you truly have a legitimate reason to monitor users search queries and application traffic, then you already control their client PCs (right?) and can do this in a semi-legitimate way. If not, don't bother blocking it because your users will be up in arms with pitchforks and torches.
"When the president does it, that means it's not illegal." - Richard M. Nixon
I graduated from highschool in 2008; every few months the county would roll out a new filtering system designed to block myspace/facebook/sourceforge/other questionable stuff. It would take the tech students about 15 minutes to figure out either a new workaround or modify an old one to get around the new filter. This would then filter down to the technologically illiterate kids in a about a month, prompting the release of a new blocking system. Repeat process. The end use of this was we wound up running an apache server off a flash drive on one machine which everyone would ssh to locally using firefox's proxy settings and that "server" would connect to a home server which acted as the gateway. Kids will find a way around it, so I doubt it will work for long in schools.
Orwell was an optimist.
Does a company (school, government) have a right to restrict SSL traffic so it can snoop your data,
They have a right to restrict what protocols and port numbers are allowed to be used on their network, as a matter of policy.
They have a right to implement technical measures to assist in enforcing policy, even if those technical measures are so draconian that they prevent some things that are technically allowed by policy.
They have a right to do this, by virtue of it being their network.
does an individual have a right to encrypted Internet facilities? And, is the search data you create your data, or is it your employer's (school's)?
An individual does not have a right to use encryption.
A user has a right to install encryption software that they own on their computer that they own.
A user does not necessarily have the right to transmit data over a network, that they have encrypted using software.
Especially not if that data also belongs to the school/employer (proprietary sensitive info)
In all cases; a school/employer has a right to say: either you connect using non-SSL, or you choose to refrain from connecting.
Of course from a security POV, SSL is probably better, as long as the organization controls the keys and manages ciphers used
Good. I hope these idiot school administrators get their systems are well and thoroughly pwnd when they search the web and get infected by some drive-by malware. They deserve all the pain they get for this idiocy!
Have the option to do SSL interception and filtering? The filter we use at my school lets us publish (through GP) a SSL cert. We can basically set up a man in the middle attack and filter that way.
When did these filtering services start blocking _all_ SSL? When I was in highschool three years ago the filter my school used didn't. I set up a couple of my own SSL proxies. That was the best way to do it - the larger, more well-known web proxies tended to get blocked within a month of going up. Sometimes within a few days.
As a sysadmin for a school district, I don't give a flying fsck about "someone's data". My job is to implement our filtering policy. As we can't tell if SSL-encrypted search pages contain banned content, we block them.
This whole article is just the rantings of an idiot who thinks they know more than they do.
I hate to break it to you, but you are not at school for fun, you are there to get your learn on. Students should very well be monitored at school to make sure they doing what they are assigned. Computer monitoring shouldn't just be filtering (that is mostly liability issues) but the teacher walking around seeing what is going on. Computers at school are there for educational purposes, not for you to dick around on.
Now once you go home, well then the school is welcome to fuck off. It's your own time, you do as you please. But at school you are on their time.
This happens with companies too. Friend of mine works at General Dynamics doing work on the military's future communication system. Good deal of it is classified, unsurprisingly. This imposes several restrictions on him. He can't have a phone with a camera at work, he either has to have a no camera phone or leave his phone with security. Also they are fine with him accessing the outside world, he can IM and so on they don't expect him to work every second, but it all has to be unencrypted. So telnet is actually permitted but SSH is not. Reason is all around monitoring for classified data. They want ti make sure it isn't being leaked.
When you are on school time, you do what the school assigns you to do. That means listening to your teacher and doing lessons, not writing private letters. Wait till you are home, then write the letter.
..sure, in the US, schools have the right and perhaps the duty to block SSL searches. On the other hand, the behavior of both the censors and the censorware providers argues strongly for the idea that censors are scum of the earth.
In the US all schools receiving E-Rate funds (federal funding for electronics and communications) are required to follow CIPA guidelines for filtering and monitoring student traffic. So, making Google Search SSL pretty much makes that impossible meaning we have to block it. I am grateful that Google is creating a workaround since we are about to migrate to Google Apps ourselves.
I've never understood or comprehended, for that matter, why people/employees/students, ect. think they have rights on a controlled government or educational internet-enabled network. Quite honestly, if you're doing things like online purchases, bill paying, senseless surfing, looking at soft-porn, chatting, facebooking, tweeting, ect. at school or work on a fairly regular basis several times a day, and you somehow are pissed because your rights are infringed? You're delusional and should go read your network agreement policy again. If you, as an employee or student, are that security conscious of your local big brother system administrator being told to troll logs and give web reports to upper management, then use good common sense. People shouldn't be using these networks for anything other than business as usual IMHO. Anything else, is just subject to interpretation against you. This isn't new people, it's the way shit works now.
As a system administrator, I deal with these same dilemmas on a daily basis and all I have to say is: Yes, I have an easier way to get away with things like this, however, I'm still held just as accountable as Joe Typist down the cube row. Everyone knows about ethics and morals just as much as they know absolutely every thing you do on a digital device these days is logged, recorded and stored somewhere. So keep your personal business... at home unless it's absolute emergency, your cable bill is past due or you flat don't give a shit.
Students these days could be surfing wherever they feel like using their smartphones.
I wonder what the purpose, effectiveness, relevance of these filtering policies is, particularly
given the above consideration.
The purpose can't really be to protect the students from the content anymore. That's no longer
practical given web-surfing phones & personal netbooks that use the cell network.
So what is the purpose? Just to protect the schools from legal liability and lambasting
by the prude faction?
Where are we going and why are we in a handbasket?
I've been wondering for awhile when someone would respond to SSL inspection by proxy servers by making a proxy server package that sits on the internet, tunneling HTTPS over innocuous-looking HTTP traffic. It would be inefficient (especially if the text/HTML looked more or less real) but I don't see why it wouldn't work.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
At least so far, the Great Firewall is not blocking Google SSL.
... how many people seem to think it's fine to snoop people's data and implement various kinds of censorship under the pretext of blocking porn (also, there's no porn produced or consumed in the US or UK, honest!).
"I love my job, but I hate talking to people like you" (Freddie Mercury)
I work in IT for a public school district, and to get any federal subsidy (eRate) they must filter their internet connection. Not optional, and very, very few school districts can jstify not filtering their internet connection AND making up the 40% subsidy they would be giving up without filtering.
SSH traffic is very, very hard to filter effectively, so many districts turn it off, simply block SSH traffic for kids period. We allow it for faculty accounts, and several times a year we have to reset a faculty user's password when the kids learn it (teacher accounts aren't blocked).
Once kids figure out they can get to facebook by using the https URL, the district really doesn't have a choice...
Ken
On a publicly funded school campus, second amendment rights apply. In California in particular, privacy laws apply. I work on a CSU campus as a network analyst. We are not permitted to keep any logs that can link any individual user to any particular destination ip address. We are not permitted to keep outbound firewall logs or any inbound logs that relate to outbound state initiation. We are certainly not permitted to intercept or block encrypted communications in anyway that would otherwise normally be allowed. This applies equally to staff, faculty and students.
You're delusional and should go read your network agreement policy again.
Seems to me like you're the one who is delusional. People can comply with whatever the censorship policy of the local gestapo university is and still use SSL to protect their privacy. But perhaps this will lead to some investigation regarding the use of snooped student/employee data, doesn't sound too legal to me ...
This isn't new people, it's the way shit works now.
That's what some people would like us to swallow, but it convinces only the dumbest of us. It ain't the way shit works unless you let it happen, sheeple. :-/
"I love my job, but I hate talking to people like you" (Freddie Mercury)
I've never understood system/network administrators that get a thrill out of restricting what users can do outside of preventing operational difficulties. I could care less what users do unless they're disrupting service in some way or another. The network is not the right place to enforce human behavior.
Schools should just pull internet access. Yes, I know, it's a useful tool for all of us. But it provides no real help in school. You're supposed to be learning what's in the book, not what slash dots opinion on the subject is. Yes, have computers in the school for word processing, programming, art, etc... But they do not need internet access. In fact, if I were in charge of building a modern school I'd make sure the entire school were a Faraday cage so cellphones would be dead inside it as well.
If schools are anything like mine, the computer science department requires a $50 "computer access fee" for each computer science course in which you enroll. This would technically constitute payment for services, so a question I have here is if such a mandatory fee is imposed on access to lab machines, do they still have the right to force no SSL traffic? If so, do ISPs have the right to block your SSL traffic to certain websites since in both cases you can technically make the case that you're paying for service. I see this as a nasty can of worms.
Also, many companies or organizations need to be able to prove that no confidential information leaves the network due to regulatory compliance. If this is the case, I'd much rather know that something like my medical history or credit information isn't going to leave the company, than let the employees there encrypt their google searches or facebook access. I'm for as much anonymity on the internet as anyone here, but if you work in a place of business that needs to protect patient/customer information, I'd rather my information stay safe than you be able to bank while at work.
I am very pro SSL and encryption in general. People have an inherent right to privacy and the argument that wanting privacy implies having something (criminal or unsavory) to hide is just bullshit. I do not like having my web surfing habits snooped or other tricky marketing gimmicks. If I want to use a Google SSL proxy, then I should be able to. If I want to use GNUPG to encrypt my email, I can and will. Even though I use the internet for legal means, I don't want Uncle Sam categorizing my activity and mining it.
Sorry, that should have been first amendment.
You have a right to government provided systems because you paid for them and they are for the public good. They are there to be used by everyone without discrimination. Without good reason to the contrary, it is wrong to deny access to tax-funded resources. It is a bad idea for governments to get into the filtering game. Filtering is subjective to the values of the people doing the filtering. If it is a public good, and someone using it isn't involved in destructive or illegal behavior, it should be allowed.
We generally don't police public resources other than for safety, protection, and practical reasons. When is the last time you have heard of someone getting a ticket specifically for using roads to go to a strip club? Although there is a large minority of people who are against that behavior, it is your right since it is for public use. Not everyone has the same values so it is not possible to define a fair usage policy. Of course school rules that are intended only to keep order and promoting a learning environment are reasonable, but this is can be applied to all kinds of activity, not just computer and Internet.
If you're in a school and your traffic is being filtered, then you aren't talking to the right people.
UTF-8: There and Back Again
You forgot to add
Submit to my AUTH-OR-IT-Y!
I was the tech director of a school district for 13 years. I've run schools with very restrictive Internet filters and everything in between to schools with no restrictions at all. What I've found over the years is that the more you restrict the Internet the more the school's grade average goes up, and the nicer the students are to deal with. Our schools consisted of about 75% to 100% of the classes,depending on the school, being delivered though distance learning courses. If you give the kids open access to the Internet 90% of the kids will just chat, play games and watch non educational videos all day every day. They get away with this by leaving a window with their school work up and when the teachers comes to check on them they bring it to front, or by making the offending browser window very very small, so that you can't tell without looking very closely that they aren't doing your work. Left unchecked, at the end of the year, 90% of the students would need to be held back a grade. A couple of side effects of kids that aren't on task is they tend to have very bad classroom behavior that disturbs the students that are trying to stay on task, and most of the time wasters the kids like to use are also HUGE bandwidth hogs, so you end up having to buy 10X the Internet connection that you actually need for the school to function, which only deprives the school of much needed funds that could better be spend on something else.
The extreme other side of the coin, and the way the school is currently running is to completely block the Internet except for a select few websites that the school needs for their distance learning courses. There are some "research" or "library" computers that the kids need special permission to use when they need to look things up for papers and such. By blocking everything, the grade average of the entire schools district has shot up to record highs, and the classrooms are a lot more quiet and easier to control.
When it comes down to it, schools are a closed environment that is specially designed for education. When you introduce distractions into that environment that level of education that the kids are getting goes down significantly. It's not a matter of free speech or the school snooping in on private things, it's a matter of making sure that your kids get a certain level of education.
As for using school computers for personal activities and the school snooping in on them... you weren't supposed to use the computers for personal activities at all. Everyone, teachers and students alike, sign off on the school's computer use policy at the beginning of every year, and I don't know of a school that doesn't require one in some form. We didn't give the teachers computers so that they could maintain contact with their family while they were supposed to be working, and we didn't give the students computers so that they could keep in touch with all their friends on facebook. To argue that it is violating their rights not to be given unfettered Internet access would be like arguing that the school should provide every student with a cell phone so that they could keep in touch with their family and perhaps call people for help on research for papers... even if you could figure out a good reason to give students a cell phone, it would ultimately be a complete flop and a total distraction for an education environment.
In a traditional school, the students time on a school provided computer would be a lot less and therefore a lot less of noticeable
on their overall grades, but the problems are still there.
All that being said, I am completely against any kind of censorship when it comes to my personal Internet, or anyone else's personal Internet, but when you get into a school/business environment, it's no longer YOUR Internet and the owners of the Internet connection can do with it what they like... you have to remember, they don't HAVE to give Internet access at all, and whining that they are blocking access to things that are not in keeping with the task at hand... well maybe you should think about what you are saying before you start whining. After all, you are probably 1 step away from being expelled/fired, and the block is their way protecting you from yourself.
Was that before or after you had to google that?
The problem is you can get your ass sued off if you don't. Children access porn at a school, you can bet you are fucked.
We use Sophos web proxies that can decrypt ssl traffic using their own ssl cert we install in the browsers on our school's pc's. It automatically skips any banking sites, and doesn't cache data it only scans for threats over ssl which are becoming more common.
There's already the "it's their network, they can do what they want." This is, technically true. However, do you really want to work for a company that has nothing better to do than snoop on your use of the computer, versus I don't know, actually doing business? Or how about sending your kids to a school that worries about if your kid can hack your systems to see boobies, instead of teaching them something. Hell, if my kids can hack the computers to see boobies, well I guess they're learning computer skills, which is more than the standard curriculum.
tl;dr: Just because you *can* doesn't mean you *should*.
Check back further up in this thread. At least two people have described how to hiijack incoming SSL connections. I don't understand the details, but they are setting up a transparent proxy that intercepts the SSL connection and substitutes their own certificate to the user's browser.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
SSH over port 80 is awesome. Try blocking that without disrupting your network.
Porn's an emergency.
Not only that, but coupled with httptunnel, their only option is to start wholesale blocks of IP ranges.
Deep packet inspection, anything that doesn't contain a GET/POST or whatever just gets quietly dropped..
Over https no less.
Luckily, such agreements don't trump the law. At least here, they would be in much trouble if they tried to pull a stunt like MITM'ing HTTPS connections and logging the content.
Dilbert RSS feed
I've never understood or comprehended, for that matter, why people/employees/students, ect. think they have rights on a controlled government or educational internet-enabled network.
If it's a government-funded educational network, I think I have a right to use it for education, including for Google Apps over SSL. That's what the government's funding it for.
Arguably, because I pay the ISP they have a responsibility to not tamper with my communications. That said, I have *no* expectation that they won't intercept them. That's why we use encryption, after all.
In a school or office environment, I generally don't directly pay for the net connection. It is provided via some other entity and I have the choice of using it under whatever rules they offer, or not using it at all.
> The questions at the heart of this situation are: Does a company (school, government) have a
> right to restrict SSL traffic so it can snoop your data, or does an individual have a right
> to encrypted Internet facilities?
No, the question at the heart of this situation is does a school/government/employer have a right to monitor your activity while using their equipment. Everyone pretty much answered that one a decade ago: Yes they do. That ship has already sailed. I get so tired of numbnut crypto weenies running around waving their magic pixie dust thinking it changes everything. Nope. If they have the right to monitor you can't wave your crypto weenie and say "Neener neener, you can't stop me!" and expect no reaction from the system/the man/whatever. They aren't going to be all like, "Oh noes, they have crypto so the rules don't apply to them; they can do whatever they want. We are so powerless against it's awesomeness. Wwwaaahh!" No, they are going to open up the crypto or ban/block your use of it. And this is news how? Even news for nerds?
Democrat delenda est
Maybe they did you a favor forcing you to learn all of that.
It's really sad to see how many people here think that it's ok that employers/schools/whatever is monitoring what they are doing. I never realized how common policies like these seem to be in the US. Here in Scandinavia, this would be practically unheard of and probably against several laws. No matter what equipment you are using, nobody should have the right to view your data! Well, at least now I know it's not only places like China and Iran that are buying those content filters :)
In Finland, there was a local town that tried to block its employees from using Facebook, claiming it was using too much of their network resources. Well, all hell broke loose in the newspapers and they unblocked it within a matter of days saying it was a mistake. The company I'm working for encourage social networking sites, saying its important to make connections. Of course this doesn't mean that you spend half of your working day there, but as long as you are doing your job, why should they care what you are doing? Not to mention that snooping on data would be against several laws. It's really sad to see how many people here are defending these things.
listen to (or read the transcript) of Security Now episode #293 http://www.grc.com/securitynow.htm#243 . The discussion goes into detail about how governments can compel CAs to issue intermediate level CA certs, and the implications of doing so.
Firefox should make it easier for the users and admins to provide encrypted connection. Also it looks like it is possible for a browser to do quite a bit more, than just show a stupid lock on top of the address bar. Allowing a secure connection over port 80 rather than 443 could be a start. Getting certificate from a site and then comparing the site address to the certificate to make sure that there is no discrepancy is another. I am sure more things can be thought of, but as was said in this thread just a little while ago FF should not make it super difficult for site admins to run self-signed certificates. Do not make it more difficult than it already is to run a site with ssl on and you'll see many sites implement encrypted connections with self signed certs. Then the sites could also publish their fingerprint on the main/home page and explain to the users how to check that the cert they are using is correct.
Browsers can do so much more to educate the public and help the Internet to become more secure through encryption but they chose to follow a bizarre pattern of making it look like a plain text connection is less of a problem than a connection with a self signed certificate it is not funny at all.
You can't handle the truth.
Pedantic: you do have a right to complain, just as you have a right to complain that the sun rises each day or the sky is blue.
The UN Convention on the Rights of the Child http://www2.ohchr.org/english/law/crc.htm Articles 13 to 16 forbid snooping. Kids have rights! Blocking SSL during class time might be ok though.
At first face, there is no issue with the Data Protection Act 1998: the computer and network belongs to the school (or university) and there is no "right of access" to the Internet. The situation might be different if staff or students were obliged to use the school's computers to access certain resources that required the sharing of personal data. Examples might be registration or HR systems run by a third party. The seventh data protection principle requires that:
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
The Act goes on to say that:
"Having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to... the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage as are mentioned in the seventh principle..."
The usual interpretation of this requirement with respect to web traffic is that HTTPS/SSL is required for the transmission of personal data. In fact, this has been an explicit requirement for public authorities in the UK since the high profile loss of data by HM Revenue & Customs in 2007.
Therefore, in the specific circumstance where a public authority required the sharing of personal data electronically by its staff or clients, it is likely that blocking HTTPS/SSL would lead to a breach of the Act.
We instruct all our clients (mostly schools) to block 443 by default, and make exceptions only to sites when they are needed by staff. We recommend they put in a system where the staff must request access to HTTPS sites specifically in writing, and justify their need.
99% of the HTTPS sites they "need" to get to are for personal shopping, personal banking, personal email, and personal portfolio management. Hardly necessary for them to be attending to the needs of their students.
The IT staff who utilize our filters have thanked us many times over for this approach. It creates oversight of public employees in a public institution where one is desperately needed.
This is a non-issue, mostly.
If you want to filter traffic, and maintain any level of control, first block all internet traffic from computers. Then set up filtering proxys on the application level, for the protocols you want to grant access to. Yes, that means that when a 10 year old hacks your squid-guard machine, she'll be able to steal teachers credit card numbers. But then 8 year olds already had them, because they'd installed hardware keyloggers on a few select pcs...
The fact that it's possible to block/manipulate plaintext protocols is just a bug -- not a feature. Just look at all the sites that still use plain http for login.
You'd still need to monitor for unauthorized wireless lans, student cellphones etc. Most schools I know of don't allow students to use cellphones in class, I see no reason why SSL-traffic shouldn't be limited/filtered in order to provide fewer distractions during class.
Have the firewalls open up all traffic during breaks/lunch hour and/or the application proxies enable xmmp during those times -- or have a simple front end for each vlan/subnet (ie: classrom) where the teacher can select between no-filtering/blacklists+content filter/whitelists.
For good arguments about *why* a school might want to filter/restrict traffic see: http://yro.slashdot.org/comments.pl?sid=1693516&cid=32649110
All this talk about "having rights" is completely inane. If you're on a school computer or network (or work, or the library), you use it under their terms. Simple.
If their terms are they can block, snoop, etc and those terms are unacceptable, then don't use that network. Assume you're being watched and act accordingly.
What is SSL?
Fata viam invenient.
I've never understood or comprehended, for that matter, why people/employees/students, ect. think they have rights on a controlled government or educational internet-enabled network.
Shouldn't someone who lives at school have the same rights in the dorm room that he rents that anyone else has in an apartment?
Yes, have computers in the school for word processing, programming, art, etc... But they do not need internet access.
So the English teacher has assigned a persuasive speech on a controversial topic as the term project. (The middle school I went to assigned one of these a year.) This requires research about the pro and con arguments that goes beyond the limited paper holdings of the school's library.
Many of those kids will go home and browse porn there instead.
Unless school is home, specifically a dormitory on campus.
Comment removed based on user account deletion
I set my transparent proxy to force legitimate HTTP methods only. Not a problem.
Change is certain; progress is not obligatory.
I don't think network privacy laws have anything to do with firearms ownership.
We're not talking about renter's rights.
When the student is renting from the school, we are talking about renter's rights.
RTFA much?
Which of the five linked articles makes it clear that students' ability to access the Internet from dormitories is not in question?
This country (America) is so retarded when it comes to nudity. We rather say "NO! Don't look at that!" then explain what it is you are looking at it.
Second Amendment rights apply?
You're delusional and should go read your network agreement policy again.
Network agreement policies aren't law. And even their terms are often enforced by a legal system, you can't sign away some rights (legally-speaking) no matter how hard you try, and no matter how awesome you believe your contracting powers to be. Clauses in otherwise legally-binding contracts are invalidated all the time for this reason.
Why do we still make this fuss about computers?
My Uni specifically stated you can browse ANYTHING so long as it's legal and you have to stop or move if someone says it offends them. That was for all public workstations.
I worked for the IT at my Uni and found out how well they took advantage of AD policies and really locked down those computers as to make it very hard for someone to get virii installed. Computers were also automatically re-imaged once per week. That was cool. Central server would weekly execute a script to force the computers to reboot and the PXE server switched to a new image and re-imaged the machines. Helped to keep the computers running well.
Thank you, that is precisely what I meant.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
Google: "What gives anyone the right to view your search results... Thats our job dam it!"
Exactly why is it okay to invade people's privacy and demand the right to snoop on searches and censor the results just because the people in question happen to be students or pupils?
Now that is the real question!
If you are afraid of students finding nasty stuff (or looking for it) - educate them! - Don't censor them! - Teach them to handle real life and the stupid people it it. Yes, there's nazis, pedophiles, hate speech and p0rn out there, and it's impossible not to encounter it somewhere somehow. Teach them to be critical and not trust anyone out there.
That's the better way, the way it is handled in more civilized countries... ;)
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Comment removed based on user account deletion
"school/business environment, it's no longer YOUR Internet and the owners of the Internet connection can do with it what they like" - by Fone626 (6793) on Monday June 21, @11:23PM (#32649110)
Per my subject-line, YOU (or your school district for that matter) DO NOT "OWN" IT - the taxpayers of that area do (& that's these kids' parents + others who pay taxes in order for YOU to have a job, period).
---
"well maybe you should think about what you are saying before you start whining." - by Fone626 (6793) on Monday June 21, @11:23PM (#32649110)
Perhaps YOU should do the same? See the above, and what's next below...
---
"you have to remember, they don't HAVE to give Internet access at all" - by Fone626 (6793) on Monday June 21, @11:23PM (#32649110)
Then on the converse, WE as tax paying citizenry don't have to give you a job, either... get it?
APK
P.S.=> Get ALL of that above, through your head, CIVIL SERVANT! apk