From: Anonymous <nobody@replay.com>
To: cypherpunks@EINSTEIN.ssz.com
Message Hash: 5a8d1d40201ecdeea4f0d11c9cbfdbd0f0da0e42b8a1c5b091c0922fe7101440
Message ID: <199812210032.BAA10005@replay.com>
Reply To: N/A
UTC Datetime: 1998-12-21 01:06:01 UTC
Raw Date: Mon, 21 Dec 1998 09:06:01 +0800
From: Anonymous <nobody@replay.com>
Date: Mon, 21 Dec 1998 09:06:01 +0800
To: cypherpunks@EINSTEIN.ssz.com
Subject: FW: PRIVACY Forum Digest V07 #21(excerpt)
Message-ID: <199812210032.BAA10005@replay.com>
MIME-Version: 1.0
Content-Type: text/plain
Snip from the latest Privacy Forum Digest on commercial filtering software
for enterprises, encryption and "criminal skills".
cheers,
C.G.
--
A Navigo Farmer
> -----Original Message-----
> From: privacy@vortex.com [SMTP:privacy@vortex.com]
> Sent: Sunday, December 20, 1998 4:58 PM
> To: PRIVACY-Forum-List@vortex.com
> Subject: PRIVACY Forum Digest V07 #21
>
> PRIVACY Forum Digest Sunday, 20 December 1998 Volume 07 : Issue
> 21
>
[...]
>
> Date: Wed, 16 Dec 98 12:25 PST
> From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
> Subject: Privacy Discussions Classified as a "Criminal Skill"
>
> Greetings. Is discussing privacy in the PRIVACY Forum a criminal skill?
> According to one widely used commercial web filtering tool, the answer was
> yes! The controversy over software to block access to particular sites,
> based on perceived content, has been continuing to rage. Attempts to
> mandate the use of such software in environments such as libraries and
> schools have raised a variety of serious concerns. In addition to fairly
> straightforward freedom of speech issues, another factor revolves around
> how accurate (or inaccurate) these filtering systems really are.
>
> I've now seen firsthand that errors by a filtering system can indeed be
> quite
> serious, an event that seems to certainly validate some of these concerns.
> But there is something of a silver lining to the story, as we'll see
> later.
>
> I recently was contacted by someone at a large corporation, who was trying
> to reach the PRIVACY Forum web site, which is constantly being referenced
> by
> individuals and commercial, educational, government, and other sites
> around
> the world. This person was upset since whenever they attempted to reach
> the http://www.vortex.com site and domain that hosts the PRIVACY Forum,
> their web software blocked them, informing them that the block was in
> place
> due to the site being categorized as containing "criminal skills."
>
> As the webmaster for the vortex.com domain, this certainly came as news to
> me. The message they received didn't give additional information--they
> didn't even know exactly where it came from. It was apparent though, that
> the entire organization was probably blocked from reaching the PRIVACY
> Forum, since the filtering software in question was affecting a main
> firewall system.
>
> After a number of phone calls and discussions with the system
> administrator
> for that organization, the details began to emerge. The company was
> running
> a filtering software package from Secure Computing Corporation of San
> Jose,
> California. This package received weekly updates of blocked sites in a
> wide
> variety of categories, one of which was "criminal skills."
>
> The administrator had no idea what rationale was used for these decisions,
> they just pulled in the list each week and applied it. He immediately
> placed
> vortex.com on a local exception list so that it would no longer be blocked
> to
> their users.
>
> I then turned my attention to Secure Computing. After a number of calls,
> I
> found myself speaking with Ken Montgomery, director of corporate
> communications for that firm. He confirmed the information I had already
> received. The filtering product in question ("SmartFilter") was
> apparently
> not being marketed to individuals, rather, it was sold to institutions,
> corporations, etc. to enforce filtering policies across entire entities.
> The product covers a wide range of information categories that users of
> the
> software can choose to block. He said that the majority of blocked sites
> were in categories involving pornography, where there was (in his opinion)
> no question of their not belonging there.
>
> The "criminal skills" category reportedly was broadly defined to cover
> information that might be "of use" to criminals (e.g. how to build bombs).
> He had no explanation as to why my domain had been placed in that list,
> since by no stretch could any materials that are or have ever been
> there fall into such a categorization. He did discover that the
> classification of my domain had occurred over a year ago (meaning
> other sites could have been receiving similar blocking messages for
> that period of time when trying to access the PRIVACY Forum) and
> that the parties who had made the original classification were no longer
> with their firm--so there was no way to ask them for their rationale.
> (All of their classifications are apparently made by people, not
> by an automated system.)
>
> However, it seems likely that the mere mentioning of encryption may have
> been enough to trigger the classification. The administrator at the
> organization that had originally contacted me about the blocked access,
> told
> me that the main reason they included the "criminal skills" category in
> their site blocking list was to try prevent their users from downloading
> "unapproved" encryption software. This was a type of information that he
> believed to be included under the Secure Computing "criminal skills"
> category (the "logic" being, obviously, that since criminals can use
> encryption to further their efforts, encryption is a criminal skill). He
> also admitted that he knew that their users could still easily obtain
> whatever encryption software they wanted anyway, but he had to enforce the
> company policy to include that category in their blocking list.
>
> As PRIVACY Forum readers may know, no encryption software is or ever has
> been distributed from here. The topic of encryption issues does certainly
> come up from time to time, as would be expected. For the mere *mention*
> of
> encryption in a discussion forum to trigger such a negative categorization
> would seem to suggest the fallacy of blindly trusting such classification
> efforts.
>
> Mr. Montgomery of Secure Computing initially suggested that it was up to
> their customers to decide which categories they wanted to use in their own
> blocking lists--he also stated that as a company they were opposed to
> mandatory filtering regulations. I suggested that such determinations by
> their customers were meaningless if the quality of the entries in those
> categories could not be trusted and if errors of this severity could so
> easily be made. I felt that this was particularly true of a category with
> an obviously derogatory nature such as "criminal skills"--the
> ramifications
> of being incorrectly placed into such a category, and then to not even
> *know* about it for an extended period of time, could be extreme and very
> serious.
>
> To their credit, my argument apparently triggered a serious discussion
> within Secure Computing about these issues. I had numerous subsequent
> e-mail and some additional phone contacts with Mr. Montgomery and others
> in their firm concerning these matters. First off, they apologized
> for the miscategorization of vortex.com, and removed it from the
> "criminal skills" category (it was apparently never listed in any
> other of their categories).
>
> Secondly, they have agreed with my concerns about the dangers of such
> miscategorizations occurring without any mechanism being present for sites
> to learn of such problems or having a way to deal with them. So, they
> will
> shortly be announcing a web-based method for sites to interrogate the
> Secure
> Computing database to determine which categories (if any) they've been
> listed under, and will provide a means for sites to complain if they feel
> that they have been misclassified. They've also suggested that their hope
> is to provide a rapid turnaround on consideration of such complaints.
>
> While by no means perfect, this is a step forward. I would prefer a more
> active notification system, where sites would be notified directly when
> categorizations are made. This would avoid their having to
> check to see whether or not they've been listed, and needing to keep
> checking back to watch for any changes or new categorizations. If more
> filtering software companies adopt the Secure Computing approach, there
> would be a lot of checking for sites to do if they wanted to stay on
> top of these matters. Secure Computing feels that such notifications are
> not practical at this time. However, their move to provide some
> accountability to their filtering classifications is certainly preferable
> to
> the filtering systems which continue to provide no such facilities and
> operate in a completely closed environment.
>
> So, we make a little progress. The PRIVACY Forum and vortex.com are no
> longer miscategorized and have been removed from all Secure Computing
> block
> lists. Secure Computing was polite and responsive in their
> communications with me, and will establish the system discussed above in
> reaction to my concerns. Web filtering of course remains a highly
> controversial topic with many serious negative aspects, but we see that
> when
> it comes to dealing with the complex issues involved, it would be a
> mistake
> to assume that all such filters all created equal.
>
> --Lauren--
> Lauren Weinstein
> Moderator, PRIVACY Forum
> http://www.vortex.com
>
[...]
>
Return to December 1998
Return to “Anonymous <nobody@replay.com>”
1998-12-21 (Mon, 21 Dec 1998 09:06:01 +0800) - FW: PRIVACY Forum Digest V07 #21(excerpt) - Anonymous <nobody@replay.com>