Jul 232013
 

Sign me up for the perv’s list … I won’t trust a politician to come up with a sensible method of censorship, and neither should you.

Ignoring the civil liberties thing: That politicians with a censorship weapon will tend to over use it, to the eventual detriment of legitimate debate.

How is Cameron’s censorship thing supposed to work? It appears nobody has a clear idea. Probably not even Cameron himself.

It seems to be two separate measures :-

  1. Completely block “extreme” porn: child abuse images, and “rape porn”. Oddly enough, he also claimed that “50 Shades of Grey” would not be banned although there are those who categorise it as rape porn. Interestingly this is nothing new as child abuse images have been blocked for years ineffectively.
  2. An “optional” mechanism for blocking some other mysterious category of porn – the “family filter” mechanism.

Now it all sounds quite reasonable, but firstly let’s take a look at the first measure. Blocking child abuse images sounds like a great idea … and indeed it is something that is already done by the Internet Watch Foundation. Whilst their work is undoubtedly valuable – at the very least it prevents accidental exposure to child abuse images – it probably doesn’t stop anyone who is serious about obtaining access to such porn. There are just too many ways around even a country-wide block.

Onto the second measure.

This means that anyone with an Internet connection has to decide when signing up whether they want to be “family friendly” or if they want to be added to the government’s list of perverts … or possibly the ISP’s list of perverts. Of course, how quickly do you think that list will be extracted and leaked? I’m sure the gutter press is salivating at the thought of getting hold of those lists to see what famous people opt to get all the porn; the same gutter press that won’t be blocked despite publishing pictures that some might say meet the criteria for being classified as porn (see Page 3).

And who decides what gets onto the “naughty list” of stuff that you have to sign up as a perv to see? What is the betting that there will be lots of mistakes?

As we already block access by default to “adult sites” on mobile networks, I have already encountered this problem. Not as you might imagine, but whilst away on a course I used an “app” to locate hostelries around my location. On clicking on the link to take me to a local pub’s web site to see a few more details, I was blocked. The interesting thing here is that the app had no problems telling me where the pub was, but the pub’s web site was blocked. Two standards for some reason?

And there are plenty of other examples of misclassification such as Facebook’s long running problem with blocking access to breast feeding information, hospitals having to remove censorship products so that surgeons could get to breast cancer information sites, etc. I happen to work in a field where sales critters are desperate to sell censorship products, and I’m aware that many places that do install such products have the endless fun of re-classifying sites.

And finally, given this is all for the sake of the children, who thinks that children will come up with ways to get around the “family filter” anyway? It is almost impossible to completely censor Internet access without extreme measures such as pulling the entire country off the Internet – even China with it’s Great Firewall is unable to completely censor Internet activity. Solutions such as proxies, VPN access, and Tor all make censorship impossible to make totally effective. If you are thinking that this is all too technical for children, you are sorely mistaken … for a start it does not take many children able to figure this stuff out as they will distribute their knowledge.

This not to say that a censorship mechanism that you control is not a sensible idea. You can select what to censor – prevent the children getting access to information about the Flying Spaghetti Monster, but block access to other religious sites, etc. And such a product has to be network-wide, to prevent someone plugging in an uncensored device; such as using the OpenDNS FamilyShield (although I have never used it, I believe it to be a good product from independent reports). Of course even DNS blocking can be worked around, but it’s a reasonable effort.

Aug 312011
 

I became aware of this story through an article on The Register – to summarise the facts, a woman bought what turned out to be a stolen laptop, and whilst using it to conduct a certain kind of webchat with her boyfriend, an employee of Absolute Software used previously installed software on the stolen laptop to ‘grab’ several items of data including screenshots of the webchat session.

Even if someone unintentionally using a stolen laptop cannot expect reasonable levels of privacy (and the Judge doesn’t believe that their privacy should have been breached), ordinary human decency should have been enough to exclude the naked pics. Anyone involved in the security world (including IT security) should be aware that anyone using a stolen laptop may well not be the person who stole the laptop and may be guilty of no more than stupidity by buying a stolen laptop.

Such stupidity deserves punishment, but the loss of the laptop is punishment enough – having naked pics of yourself passed around a bunch of geeks and then shown to the police is going just a little too far. And what about the boyfriend ? He didn’t have anything to do with the stolen laptop, so why were Absolute Software stealing naked pics of him?

Once you have a timestamp and a network address of the stolen laptop, that is sufficient in almost all cases to identify who to talk to about the laptop. Grabbing screenshots of a webcam chat is merely prurient voyeurism of the same order of magnitude as setting up network webcams in a shop changing room.

But there is more to this than just the salacious details of the kind of pictures captured. Who owns the data on that laptop ? Well all of the data on the laptop at the time it was stolen surely belongs to the owner of that laptop (unless of course they have been stealing data themselves!), but any data created since then does not. And that surely includes screenshots of what activities are shown on screen.

If Absolute Software had chosen to activate the webcam to grab pictures of the person using the laptop rather than grab screenshots, they would have been on slightly less shaky ground because they would then be creating data and not stealing data. And of course they would not have grabbed a naked pic of an entirely innocent man! However they should also have the decency to ensure that any images they grabbed didn’t contain an ‘unusual’ amount of skin exposed.

Plus of course by grabbing any sort of image from a webcam could put the employees of Absolute Software at risk of creating and viewing child porn – not everyone engaged in ‘adult’ webchats is necessarily over the age of consent!