al live: filtering: the man in the middle
TRANSCRIPT
![Page 1: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/1.jpg)
THE MAN IN THE MIDDLEERATE, FILTERING, AND CYBER-SECURITY
Office for Intellectual FreedomAmerican Library Association
Sept. 15, 2016
![Page 2: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/2.jpg)
The issue
• New money!• ALA’s history with filtering• Cybersecurity issues• The FCC• Questions
![Page 3: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/3.jpg)
The panelists• Bob Bocher, Fellow, ALA's Office for Information Technology
Policy
• Doug Archer, Peace Studies and Global Affairs librarian at University of Notre Dame’s Hesburgh Libraries
• Michael Robinson, Chair of the ALA's Intellectual Freedom Privacy Subcommittee and Head of Systems at the Consortium
Library at the University of Alaska Anchorage's Consortium Library
• Deborah Caldwell-Stone, Deputy Director of the ALA’s Office for Intellectual Freedom
• Moderator: Jamie LaRue, Director, ALA’s Office for Intellectual Freedom
![Page 4: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/4.jpg)
Bob Bocher• Fellow, ALA Office for Information Technology Policy • Wisconsin State Library E-rate and Broadband Support Team
![Page 5: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/5.jpg)
E-rate and Filtering: An Overview
• E-rate provides discounts of 20-90% on:– Telecommunication services (Category 1)
– Internet access (Category 1)
– Internal connections (Category 2)
• Filtering mandated by CIPA applies to:– Internet access– Internal connections– But not telecommunications
![Page 6: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/6.jpg)
Impact of 2014 FCC E-rate Reforms• Focus on broadband – 62% of libraries had <10Mbps– 41% of libraries had insufficient
broadband– POTS discounts phased-out
• Increase funding from $2.4 to $3.9 billion– Ensures all applications are funded• Past fund limits meant no internal
connections were funded
High-speed broadband is critical for 21st century libraries. With it patrons can participate in the digital world. --FCC E-rate Order
It is in the national interest to increase funding for library broadband capacity. -- ALA comments to FCC
![Page 7: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/7.jpg)
E-rate Reforms And Filtering
• Lost: POTS discounts • Gained: Sufficient funding • Result: Some libraries may review
use of filters• OITP working with SLD, FCC– Review CIPA requirements• Focus on ways to disable filter
– CIPA summary in July 21 SLD News Brief
FCC rules when to disable the filter would likely be overbroad and imprecise, potentially chilling speech. We leave this to the local library. --FCC CIPA regulations, April 2001.
![Page 8: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/8.jpg)
Doug Archer• Peace Studies and Global Affairs
librarian at University of Notre Dame’s Hesburgh Libraries
![Page 9: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/9.jpg)
ALA & Filters -- THEN
• ALA opposed filters in libraries because they– Over blocked constitutionally protect speech– Under blocked their stated target
• ALA opposed CIPA– Facial challenge: unconstitutional on its face– SCOTUS: constitutional if unblocking possible• Only required blocking of images (plus a policy)• Only if one wanted federal funds
![Page 10: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/10.jpg)
ALA & Filters -- NOW
• ALA still “cannot” recommend filters– Filters continue to over and under block– See: Batch, Kristen R. Fencing Out Knowledge.
ALA OITP & OIF, Policy Brief No. 5, June 2014 • ALA supports libraries that don’t filter• ALA understands that some libraries feel that
they must filter– For local considerations (e.g., local politics)– For the money (e.g., need it to have any access)
![Page 11: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/11.jpg)
Minimizing the Negatives
• If a library feels that it must use filters,ALA recommends that it:
– Do its best to minimize the impact of filters by• Selecting the most flexible filter possible• Maintaining as much local control as possible• Using the lowest settings possible
– That is, block as little as possible consistent with CIPA– Do not be tempted to block “offensive” content
just because it’s easy to do
![Page 12: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/12.jpg)
Michael Robinson• Chair of the ALA's Intellectual Freedom
Privacy Subcommittee and • Head of Systems at the Consortium Library at
the University of Alaska Anchorage's Consortium Library
![Page 13: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/13.jpg)
The Man in the Middle
Unfiltered
Filtered
Browser Filter
Website
Website
Browser
![Page 14: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/14.jpg)
Techniques for Content Filtering
• Block or allow based on domain name or URL– i.e. blacklists or whitelists
• Block or allow protocols / ports– http, https, ftp, ssh, proxies, streaming, etc
• Inspect content of web page to block or allow– Keywords, phrases, or patterns in content– Types of embedded content (media, scripts, etc)– Source of embedded content (e.g. YouTube)– Metadata of embedded content (e.g. jpg name)
![Page 15: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/15.jpg)
HTTPS
• Encrypts communication between browser and website
• Contents of the web page is encrypted• Domain name is unencrypted• But rest of URL path is encrypted, i.e. what
specific section, page or file is requested
https://somewebsite.com/
![Page 16: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/16.jpg)
HTTPS
Unfiltered
Filtered
Browser
Filter
Website
Website
Browser
Encrypted Content
Encrypted Content & URLs
![Page 17: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/17.jpg)
HTTPS & Content Filtering
• Block or allow based on domain name or URL– i.e. blacklists or whitelists
• Block or allow protocols / ports– http, https, ftp, ssh, proxies, streaming, etc
• Inspect content of web page to block or allow– Keywords, phrases, or patterns in content– Types of embedded content (media, scripts, etc)– Source of embedded content (e.g. YouTube)– Metadata of embedded content (e.g. jpg name)
![Page 18: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/18.jpg)
HTTPS Decryption
Unfiltered
Filtered
Browser Filter
Website
Website
Browser
Encrypted
Encrypted Content
Encrypted
![Page 19: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/19.jpg)
HTTPS Decryption
• Filter presents certificates pretending to be requested HTTPS website
• Activities on supposedly secure websites can now be monitored, inspected and logged– Financial, commercial, legal, medical, educational– Usernames, passwords, account numbers, PII
• Technically qualifies as a Man-in-the-Middle Attack although that is not the intent
![Page 20: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/20.jpg)
Movement to Encrypt the Web
• Recent study 50% of Web encrypted• Presents challenges to content filtering– HTTPS “breaks” filtering– But decryption compromises privacy & security
• Optics are bad for libraries– Is filtering only on domain name good enough?– If decryption is enabled, what does user notification
look?We can see and record all your activities on secure websites but promise we won’t do anything bad
![Page 21: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/21.jpg)
Deborah Caldwell-Stone• Deputy Director of the ALA’s Office for
Intellectual Freedom
![Page 22: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/22.jpg)
What CIPA Requires
• the filter must be set to block visual images that are obscene or child pornography.
Adults
• the filter must be set to block visual images that are obscene, child pornography or harmful to minors.
Minors
![Page 23: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/23.jpg)
What CIPA Does NOT Require
Blocking access to narratives or other text-based material.
Blocking access to controversial viewpoints or subjects.
Blocking access to social media sites or search tools.
Tracking or monitoring users' web surfing habits.
![Page 24: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/24.jpg)
Defining Illegal Speech
Two categories of speech receive no First Amendment protection:
• Obscenity• Child pornography
A third category of protected speech for adults is unprotected for persons under 17
• "harmful to minors" or "obscene as to minors"
![Page 25: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/25.jpg)
The Federal Communications Commission is responsible for implementing and enforcing the provisions of CIPA.
• The FCC has given libraries wide latitude on how to implement CIPA's requirements.
• Enforcement is a civil, administrative matter – not a criminal proceeding.
![Page 26: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/26.jpg)
“Maximum Flexibility”
• "We have attempted to craft our rules in the most practical way possible, while providing libraries with maximum flexibility. We conclude that local authorities are best situated to choose the technology measures and Internet safety policies most appropriate for their communities.”
• Allows libraries that must filter opportunities to innovate within the boundaries of the CIPA statute
![Page 27: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/27.jpg)
Panelist comments?
![Page 28: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/28.jpg)
Audience questions
![Page 29: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/29.jpg)
Summary
• E-rate changes may give some libraries incentive to review the filtering issue
• Money is good.• Values are forever.
![Page 30: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/30.jpg)
Resources• SLD CIPA Information --and -- July 21, 2016 CIPA News Brief
– http://www.usac.org/sl/applicants/step05/cipa.aspx – http://www.universalservice.org/sl/tools/news-briefs/preview.aspx?id=709
• State E-rate Coordinators for Libraries– http://www.ala.org/advocacy/e-rate-state-coordinators
• Batch, Kristen R. Fencing Out Knowledge: Impacts of the Children's Internet Protection Act 10 Years Later. Policy Brief No. 5, June 2014. ALA Office for Information Technology Policy and ALA Office for Intellectual Freedom. – http://connect.ala.org/files/cipa_report.pdf
• Filters and Filtering – http://www.ala.org/advocacy/intfreedom/filtering
• Internet Filtering: An Interpretation of the Library Bill of Rights – Adopted June 30, 2015, by the ALA Council.– http://www.ala.org/advocacy/intfreedom/librarybill/interpretations/internet-filtering
• This slide deck and related resources:<hyperlink here>
![Page 31: Al Live: Filtering: The Man in the Middle](https://reader034.vdocuments.net/reader034/viewer/2022042907/587100bb1a28ab5f528b6df3/html5/thumbnails/31.jpg)
QUESTIONS?