Most people believe when they purchase an enterprise grade filter that is used to protect minors from harmful content on the internet, that its going to do exactly what the label says. They believe that the device will protect their children from the deep dark corners of the Internet. These filters do in-fact, cost an enormous amount of money, not only for the device, but also the on-going subscription. So they should work, shouldn't they?
Yes they do work, but not quite how you would think they work. If you refer to my previous blog entry about the death of next generation firewalls, you will find that the Internet is embracing full encryption. That encryption, combined with SSL pinning (effectively breaking decryption methods) should be changing how we think about filtering.
Today, a SSL secured websites and services are ether black or white. There is no grey. You can no longer filter a SSL service that utilizes SSL pinning by keywords, and sub pages. You ether get it all, or you get none of it. This is the world, in which K12 and other organizations must rely on the website or service to provide a acceptable content filter for their service. If they do not provide a way to filter objectionable content, then you have two choices, allow all of it or allow none of it.
What does that mean? Well, in short, you ether lock the Internet down tight like Fort Knox, making it nearly unusable. Or you move on to a different way of thinking. Yes, you need to change the way you think.
Filtering has never been, and never will be a 100% technological solution. There is no possible way completely prevent filter avoidance. And there never has been. Ask any middle or high school student, they can not only explain how to bypass the filter in the school, they can show you. So the only answer to this problem is the same answer we used 20 years ago: supervision.
20 years ago, kids didn't look at pornography on the computer at school, they brought magazines. There was no technological solution to prevent that; No way to scan them at the door for objectionable material; No way to prevent them from bringing it with them. The only solution we had to stop it, was to supervise. Contrary to popular belief this has not changed. Supervision remains the only way to enforce acceptable use policies and the only way to effectively keep minors safe online.
So, why do we have filters at all? Well, filters do a great service. They help keep minors safe. They are an effective measure in this process. Essentially filters should keep minors safe from unintentional access to objectionable material (most of the time). But they will in no way ever keep minors safe from intentional access to objectionable material. It is simply a technological impossibility.
Because of that, K12 school and other organizations that protect minors should adopt the 70/30 Rule of Internet Filtering. Filtering is 70% supervision, and 30% technology. Filtering companies will continue to do all that is possible to build better filters, but in the end, the majority of the responsibility must rest on responsible adults to supervise online activities. Any other filtering policy is a total fallacy.