Censorware articles round-up

So why not check out the IF2K "click through" feature and see if it, in your opinion, actually answers the issue of having adults have to ask for access.

There is no question that CIPA is a bad law, poorly conceived, vaguely drafted and weirdly interpreted. But there it is - the only question is when you and Karen are going to stop fighting a lost battle and get on to fighting one which you have a chance of winning.

It is entirely possible that with your expertise you could make a substantial contribution to implementing filtering products with the least possible damage to intellectual freedom. And yes, I know no filter is perfect and they will all overblock constitutionally protected speech. And I know that this is inherent in the technology; but that does not mean that significant improvements cannot be made.

Umm, which battle ("chance of winning") was that? It's too late for me to get rich peddling snake-oil. Besides, if I wanted to be a scammer, I'd sell technology-stock mutual funds, that's much easier work.

All blacklist-based censorware is essentially identical at the core, with very minor differences in terms of blacklist trade-offs. It's almost entirely a matter of marketing.

There is no way to have an automatically created minimal CIPA blacklist, since the legal categories require human judgment as to various kinds of "merit".

As I say, if humans argue over this, how is a computer expected to do it?

I fear you misunderstand me - it's not that I refuse to make better censorware on moral grounds. Rather, it's that there is no technical solution to the social problem and I'm not going to become a snake-oil salesman.

But I rue the fact that the snake-oil sellers got rich in the bubble, and I devoted so much effort to free-speech work, which has been so unhappy for my life.

I'll respond at greater length over at the library filter blog.

The technical issue is certainly real. The Congressional hypocrites knew little and cared less about the technical issues. SCOTUS came up with the not particularily brilliant "turn it off" solution to 1st Ammendment concerns. The FCC has, at least, had the grace to limit the damage by requiring a good faith rather than absolute standard for compliance.

The old adage that the perfect is the enemy of the good kicks in. Coming up with a filtering alternative which is transparent, editable, provides the block list to the users and lets library patrons "click through" the filter to the content is a start. IF2K has gone that far. Did I mention about a fifth the price?

Now the issue is to convince libraries to look past the marketing to their essential values. You and Karen can help.

The issue is not the program which carries out the censoring (not "filtering", censoring) of the person (not of content, but the user, a person)

That is fairly simple to write, and a much-invented wheel.

The problem is the blacklist. This is where the snake-oil arrives.
See my page about Open Censorware issues.

Seth,

I think we agree more than we disagree here. The "blacklist" issue divides into two distinct streams: the secret, encrypted, uneditable, "who the hell knows what's on it" blacklist vs. the transparent, unencrypted, editable blacklist.

The secret list, as the Copyright Office pointed out in your huge DMCA win, makes the evaluation of any filter with a secret list impossible.

You don't have to endorse a single product to point this basic fact out.

The filtering market is crowded with companies who don't want their customers to know what their blacklists contain - and, as your experience underscores, this is usually because the lists are so remarkably bad.

Keeping the snakeoil out requires people with established, anti-censorware credentials engaging at a technical and philosophical level.

Over at Karen's site you suggest that a "click through" feature may not comply with CIPA. Now that's interesting. My reading of the FCC's earlier ruling suggests that the compliance requirement is "good faith". A click through screen which provides an initial block and states something like,

"This site is blocked per CIPA. The Supreme Court of the United States has stated that if you are an adult (over 17) you have a right to override this block. If you are an adult click here. If you believe this site is blocked incorrectly, click here.

If you are 17 or under you are in violation of library internet use policy if you click on any link intended for adults."

My view is that this is CIPA compliant via the FCC "good faith" criteria and does minimal harm to the 1st Ammendment rights of adult library users. It's a bit cheeky; but it is a solution which can be adopted in good faith.

the fact is that CIPA is a remarkably dumb law which is needlessly expensive to comply with and which creates all sorts of barriers to adults exercising their constitutional rights. Unfortunately, it made it throught Congress and the Supreme Court. So now libraries need advice on the best work around solutions. While some can refuse to filter on principle and give up their E-Rate funding, why should they have to? It should be possible to provide good faith CIPA compliance without doing huge damage to intellectual freedom. But to do that people like you and Karen have to help the libraries sort the filters out. And you have to let the libraries know that there are real alternatives to the David Burt view of filtering.

For both practical (time) reasons, and legal reasons related to child pornography risks, no single person can fully evaluate a censorware blacklist. Attempting to construct such an open censorware blacklist via an Open Source process, does not work. This is due to costs, and that nobody can just take on the task of being a "child pornography checker" (as the saying goes, anyone who wants to do this, shouldn't be allowed to do it!)

However, the effort I have done regarding exposing snake-oil, is not supported either financially or legally. As I keep saying, that makes it unsustainable.

IF2K is not a solution. Jay, honestly, it's not because Karen or I won't push it. It's that it doesn't address the problem, which is the blacklist. There's plenty of Open Source proxy servers which will do exactly what IF2K does, including "privoxy", which I use myself for ad-blocking. It even has a click-through feature for when it makes mistakes (and it does).

I am very dubious that click-through qualifies as "good faith". Per Souter's comment in his CIPA dissent:

".. if the "lawful purposes" criterion means anything that would not subsume and render the "bona fide research" criterion superfluous, it must impose some limit on eligibility for unblocking, ..."

After all: What use is a censorware which doesn't censor???

I believe a minimal approach, requiring the government to specify the blacklist, would be a fruitful legal attack on CIPA. However, I am not a lawyer, and cannot bring this case.

If you follow my blog, you will know that I am pretty much marginalized in terms of press-reach. I cannot make libraries know anything.

The blacklist issue largely disappears if a) the list is available to the user, b) it is editable by the user. No blacklist is perfect, but if the imperfections are hidden behind encryption there is no way to evaluate, much less fix, the problems.

Open Source is, for exactly the reasons you mention, not really viable for a commercial grade filter. It takes more than a black list to make a usable filter.

Your view on the click through is interesting. My reading of the Supreme Court decision and the FCC rules suggests that the Supreme Court recognized that adult library patrons had, as a right, unfettered access to the net. The objective vis a vis adult patrons is to have censorware which does not, in fact, censor 1st ammendment protected material.

The click through feature is a minimally intrusive means of letting a patron know that the material they requested is, according to the library's internet terms of use, only available to adult patrons. It is a speed bump rather than a wall.

Now it may be objected that the average 13 year old porn hound will just click through. But if he does he will be in violation of the acceptable use policies and liable to have his library internet priviledges revoked.

Nothing that I have seen in CIPA suggests that the good faith of a filtering attempt can be attacked merely because an underage patron, in contravention of the library's internet use policy, manages to circumvent the filter. If, for example, an underage patron signs onto an offsite, uncensored server and accesses porn that way, CIPA does not suggest that the library's CIPA certification is suddenly invalidated.

In practice a good faith attempt will balance the legal right of an adult library user to unfiltered access against the requirement that children not have such access and against the staff and other costs assocciated with giving the adult patron the access he or she is entitled to. A soft block such as "click through" would, prima facie, meet the good faith standard.

(Of course, if kids clicking through became a significant problem, more restricitive configurations might have to be used. And here, again, the concept of good faith allows a graduated response to compliance.)

The child porn dillema is a problem. However, as viewing child porn is illegal in itself, the solution is to call the police. If a patron - adult or child - is viewing child pornography they are committing a crime. This is not a filtering issue, it is a criminal matter and should be handled that way by the library.

A minimal approach could be a useful one for a library or library association which wished to attack CIPA. But to take such an approach you have to have user configurable and editable filtering software. Which IF2K is.

I am not sure I agree with your assessment of your press reach. But I am sure that it does not matter. The informed discussion of filtering within the library community is conducted by a relatively small group of participants but viewed by many. Your reputation as an anti-censorware warrior lends what you say a great deal of weight within the small circle who have been following the filtering wars.

By participating in the sorting process you can bring a technically qualified, battle hardened intelligence to bear on the competing products. We know you are not going to like any of them - what would be interesting are your views on which were least worst. Which did the least damage to intellectual freedom.

I wish I could think of a way for you to make a bit of money doing this work. I can't I'm afraid. But, realistically, the ALA is going to have to come up with some solutions and, frankly, they could do worse than to hire you to consult.

The blacklist secrecy is just one part of the overall problem. Then comes the sheer mass of it. Who is going to evaluate a huge number of URLs, constantly changing? This can't be hand-waved away. And it has to be a "good-faith" effort, remember, one can't just throw a few sites on it.

The blacklist is the hard part. The censor-the-user program is the easy part. Again, there are already Open Source programs which do this, and they'refine because it's such a simple operation. Again, IF2K does nothing that isn't already done by such programs, or easily added.

There is no right to view child pornography, for anyone, no matter how old theyare. I believe that you, as do many people, are rewriting the law into the morepalatable and tractable idea (to adults) of restricting only minors. But the law is very clear that it applies to adults as well.

Stevens addresses this very point:

"Unless we assume that the statute is a mere symbolic gesture, we must concludethat it will create a significant prior restraint on adult access to protected speech."

Calling it a "speech bump" strikes me as exactly what Stevens talks about as assuming a "mere symbolic gesture" - and hence not supportable.

Regarding "least worst", I feel like I'm Amnesty International being asked to deliver a report on the least worst form of torture. In this post-9/11 world, that doesn't even sound insane (that someone would think it's a good idea). I can hear the pitch, why should some innocent suffer broken bones, if electric shocks to the genitalia do no permanent damage? Wouldn't it be good to prove that needles under the fingernails don't work any better than controlled suffocation? Maybe this makes clearer the problem of having an Amnesty-"recommended" torture.

The ALA will not do anything that could be construed as recommending one censorware over another, and rightly so, for precisely the peril of having it be declared an endorsement.

A couple of quick points -

On child porn - my point is that filtering is not the required answer. Viewing child pornography is illegal period. Thus a police rather than filtering matter. I have no intention of presumptively rewriting this law. I just want to be clear that it in no way is a filtering issue.

On your Amnesty analogy - as I wrote over at the library filter blog - the better example is a doctor refusing to treat a landmine victim because he or she is opposed to war and all its consequences.

The imposition of CIPA was a rather craven political decision which has a disproportionate impact on libraries in poorer areas who cannot afford to decline Erate payments. By refusing to even consider the differences between various filtering products you and Karen simply ensure that the snakeoilers win.

Moreover, they win with encrypted lists, annual subscriptions and utterly opaque filtering methods.

I agree with you that the ALA is showing every sign of dodging an issue which directly effects all of its public library members. Which may well be why many of its members are wondering whether to continue their memberships.

The ALA should own this issue. They should set out standards and annouce which products in their view meeet those standards. If the ALA had the guts to do this it would provide the de facto "good faith" standards for library filtering and it would be able to set these from the perspective of maximizing intellectual freedom.

If the ALA's standards were set rigorously - beginning with full disclosure of the blacklist - filtering vendors would have little choice but to meet those standards if they wanted a piece of the library market. But, by shying away from standard setting, the ALA is leaving the field open for the David Burts of this world to declare their products CIPA compliant and sell, sell, sell.

The only defence is for people like you and Karen to get on with the none too pleasant task of sorting through the filters. If you don't and if the ALA doesn't, the censorware people will win by dint of marketing campaigns which have nothing at all to do with the very real intellectual freedom issues raised by the requirement to filter.

Unfortunately, regarding child pornography, censorware is currently a legally required answer. It's a major element of the CIPA law. That can't just be waved away. To say the issue should be handled by the police is simply a policy recommendation. The law is now, that it's a police matter, and a presumptive censorship requirement involving libraries.

The doctor analogy, treatment, would be providing tools to library readers to circumvent censorware (treating the "civilians" who run afoul of it). Oppositely, imagine some organization such as "Doctors Without Borders" preparing a report to the Army about the relative merits of which landmines the military should purchase. Are the landmines which jump up a little, in order to produce head and chest wounds, better than the ones which concentrate on maiming limbs? After all, so the reasoning would go, since the military is going to buy these anyway, why not have doctor's opinions as to the "least worst" landmines?

In my view, such a report wouldn't help. It would just mean being used as a pawn, especially by whatever land-mine maker came out ahead.

No censorware-maker would comply with any sort of minimum library standards, which would be having an open blacklist containing a good-faith effort to have only arguably illegal material. Not a huge pile of junk and everyone else sort it out. Not roll-your-own. But compliance with strict legal standards. It's far more profitable, for much less effort, to sell snake-oil.

And remember, I've quit censorware investigations, because I don't have support and it's too much legal risk. They did win, or I was "taken out" by my own "side", depending on how you look at it.

"No censorware-maker would comply with any sort of minimum library standards, which would be having an open blacklist containing a good-faith effort to have only arguably illegal material. Not a huge pile of junk and everyone else sort it out. Not roll-your-own. But compliance with strict legal standards. It's far more profitable, for much less effort, to sell snake-oil."

At the moment IF2K is doing pretty much what you are suggesting no censorware company would do: our blacklist of porn sites is open.

Now, as to illegal, the CIPA requirement is not about illegal sites - it is about sexually explicit images which may or may not be legal for adults to view. So a CIPA driven blacklist will contain lots of legal - for adults - material. Nature of that beast I'm afraid.

The child porn question is a huge flaw in the structure of CIPA, which is, frankly, one of worst drafted pieces of legislation I have had the misfortune to read. You are quite right to keep hammering away at it; but it is not only the filter vendor's problem. Remember that the libraries have to self-certify under CIPA which means, ultimately, the wording of the statute requires them to state that they are blocking children's access to sites which it is illegal to access to determine content. That's some catch that Catch 22.

We may be beating the analogies to death but my answer to the doctors' issue is that so long as you see the issue as landmines (prima facie all bad things) your position stands; but if you shift the question to recomendations for the most humane way of controlling territory it is rather weakened.

Rolls of concertina wire and checkpoints beat the heck out of randomly scattered mines: fewer fatalities and injuries, more precise control.

My point is that the libraries need technically competent advice which coming from people whose intellectual freedom credentials are completely sound. My further point is that there can and should be standards set which reflect the intellectual freedom agenda of the ALA. If the major "censorware" companies don't want to comply, so what. There will be plenty of second tier companies delighted to adapt their filters to the library standard. They'll get the business and the non-complying snakeoilers will be shut out.

I doubt IF2K's blacklist follows strict legal standards. And note "harmful-to-minors" is not legally the same as "pornography".

Note CIPA forbids "visual depictions" of child pornography and obscenity for everyone, of all ages. Then it also forbids "visual depictions" of harmful-to-minors for minors. This last category is legal for adults, so people tend to focus on it, as it's the popular argument. But it is only one component of CIPA. There must be a "good faith" effort to address the other components too.

I would say in terms of analogy that the corresponding strategy is then adopting an approach of insisting the government specify the blacklist. That's my policy recommendation. But I recognize nobody wants to hear it.

Again, the work required to properly evaluate censorware is too legally risky for me nowadays.

Contrary to myth, the ALA has no actual control over any library. Even if they "endorsed" one censorware, the others are free to obtains whatever customers they can with their own marketing machine. This reduces the ALA's efforts to merely if the endorsement is worth what is necessary to obtain it. And the answer will be 'no'.