Screenshot from ironic Daily Mail web page, credit http://ontoberlin.blogspot.ca/2013/07/three-concerns-about-camerons-porn-plans.html

It’s too easy for politicians to make promises. Throughout the 20th century and right through the 21st to the present day, politicians around the world have made promises in order to win elections or get re-elected that have ended up broken six months or two years later. It’s that sort of political campaigning and media handling that probably contributes to the general public becoming jaded about politics.

This past July, British Prime Minister David Cameron promised to roll out a program to block pornographic material on the web unless individual adult citizens opt-out. Most politicians don’t have any sort of background in computer science or information technology. Does Mr. Cameron have advisors who do? If he does, does he understand what his technical advisors say to him?

One thing most of us who work in IT learn quickly is that we can’t speak in technical jargon and concepts and be understood by typical end users. It doesn’t matter if our end users are consumer technical support clients or corporate executives. When consumers don’t understand us, they might mess up their home PC or their smartphone. When corporate executives don’t understand us, they might cancel or underfund IT department projects that are necessary to keep their company running properly and securely.

What if my end user was the political leader of a nation of over 63 million, the United Kingdom of Great Britain and Northern Ireland? What would I tell him?

I’ve put in years in general consumer tech support. Hundreds of parents over the years have asked me, “How can I protect my children from content on the web that I don’t want them to see?”

One of the first things I’d explain to them is that whitelisting is much easier than blacklisting. They may know a number of domain names for websites with pornographic content or other sorts of content that they believe is inappropriate for their children. Most of the parents I’ve advised believe if they just blacklist those domain names from their web browser or a web blocking program in their operating system, they can prevent their kids from seeing porn and other adult content on the web.

Do those parents have any idea of how much pornography there is on the web? If they were blocking all the domain names that get registered for pornographic websites every single day, that number would be in the thousands, at least. And that doesn’t even include the hundreds of thousands or millions of pornographic websites that are currently operational. Many new porn sites use the .xxx top level domain, but most don’t.

So, I’d advise those parents to whitelist only. I’d ask them, do you know the domain names for the websites your kids like to visit that you’re okay with? If so, whitelist them. Then, add new domains to your whitelist when you discover new websites that pass your parental check.

But even when doing that, they’ll still run into significant problems from time to time. Their child could go to Google (do any kids use DuckDuckGo?) to do a web search for their schoolwork. It doesn’t matter what they search for, their search string could be something completely innocuous like “frog species in Australia.” Chances are, the vast majority of the search results will lead to domain names they haven’t whitelisted. D’oh!

If that’s how a parent chooses to manage a child’s web access, maybe school-related Google searches should be done in the parent’s user account, while their parent watches what the child is doing.

And what about social networking sites like Facebook, Twitter, Instagram, or SnapChat? (I hear kids these days love SnapChat. But I’m 30 years old, I’m ancient! So, I have no first-hand experience of the site.) Most parents these days let their kids have accounts on social networking sites, regardless of the site’s policies or EULA (End User License Agreement.) If they whitelist the domain names associated with their kids’ favorite social networking sites, they still can’t block content on those sites that they may not want their kids to see. If they look for tech support from those services, they’ll be told that their kids’ social networking can’t be filtered for them, because by signing up their kids agreed that they were at least 13, 14, or 18 years old. “You should just watch what your kids are doing. If another user harasses your kids, you can report the post or message.”

Well, more and more kids are doing their social networking from the smartphones and tablets their parents buy for them. Most parents aren’t tech-savvy enough to configure their child’s mobile device to block content they don’t want their kids to see. And even when parents are tech-savvy, configuring a mobile device to block porn and other objectionable content is a very fallible system!

Mr. Cameron might sense that many British parents complain about how difficult it is to filter the web for their children. So, maybe their government can do the hard work for them, and maybe that can ensure that voters mark an “X” for their Conservative MPs in the next election.

Under Mr. Cameron’s proposed plan, internet users will need to “opt out” of having a web filter, via their ISP.

What do we know about how Cameron’s government will filter porn and other content that isn’t considered family friendly? Not very much, so far.

Cameron has said that conventional ISPs and British mobile services such as Vodafone and O2 shouldn’t allow “technical obstacles” to impede his web filtering plans. But, technical obstacles could impede, regardless of what Cameron wants! That reminds me of the time I heard a very minor American politician talk about wanting to change the laws of gravity. Anyone who did okay in science class at school can tell you that no human being can change the laws of physics.

Cameron will have to have as many conventional and mobile ISPs in Britain as possible devote a lot of time, money, energy, and resources to dynamically filter web porn. As of this writing, he hasn’t suggested sending those ISPs government funds for the extra expenses they’ll likely incur. Those ISPs will probably have to hire staff to dedicate to those operations. Sure, it’s job creation, but for what?

Lee Maguire of Britain’s Open Right Group says that in his experience, web filters could never distinguish “between sites that seek to titillate and those with frank discussion of sexuality.”

Sex education exists in British schools because puberty is inevitable for British teens. Most British teens will have sex and those who don’t will probably have sex before they turn 30. Many British educators sensibly realize that it’s better to educate kids about condoms and contraception than to expect kids to abstain, with no knowledge about how to prevent pregnancy and the spread of STIs.

It would be nice if British teens could supplement their sex education with useful information that’s online. Many teens find sex education in class awkward, and won’t ask the questions they may have. It may be easier for them to search for information on the web, without having to directly deal with other human beings.

Because no technical details have been released yet about how Cameron’s web filtering would work, we can only speculate about what it is exactly that he wants British ISPs to do.

Domain level blocking, as I explained before, is like playing a massive, confusing game of “Whack-A-Mole.” Great numbers of domain names are registered every single day. Many more become inactive, or become registered to another entity. A surprising number of domain names linked to porn websites don’t have useful strings like “porn,” “sex,” “fetish,” or “erotica.” And blocking the .xxx top level domain only blocks a minority of porn sites.

Blocking web pages with certain keywords in their code can be hopeless, too. A massive number of scientific and health-related web pages contain words like “sex,” “penis,” “homosexual,” “vagina,” and “breast,” among countless other keywords that could be used in porn or other content that parents may not want their kids to see.

Wikipedia co-founder Jimmy Wales criticized Cameron’s plan. “When Cameron uses the example of pedophiles who are addicted to internet porn—all that those plans would do is require them to opt in. It’s an absolutely ridiculous idea that won’t work… Billions has been wasted shopping on ordinary people’s data in a fruitless search for terrorists. We should be devoting a significant proportion of that to dealing with the real criminal issues online, stealing credit card numbers, hacking into sites… that is going to take an investment in real, solid police work.”

The Open Rights Group says that Cameron doesn’t only want to block pornography, but other objectionable content such as pro-anorexia sites, violence, alcohol, and smoking.

When web filters have been implemented in schools and public libraries, there have been complaints about church websites being blocked because of references to wine and anti-smoking websites being blocked because of references to tobacco.

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute's proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.

If Cameron’s web filtering program works on the content level, this very page would probably be blocked.

Adult consumers could “opt out” of the web filtering program via their ISPs. But the Open Rights Group says that consumers tend to accept defaults, and that Cameron’s “nudge theory” takes that as a given to try to influence people’s decisions.

Cameron proposes that the web filtering program would take affect by late 2014, for newly registered mobile and ISP accounts.

If I was in a British household with ISP level filtering, I could easily get around it by using free proxy servers and VPNs.

Good luck, Prime Minister. You’re going to need it.

References