Summary of previous work on filtering and rating mechanisms

Filtering and rating mechanisms

1. Introduction

The Internet can be the best and the worst way quickly to gather or share information among individuals or organisations.  It is also a convenient way to chat with people that live far from you, as if they were next door.

But that is the good side of it. Many threats are also hidden in the huge domain of the Internet. Sites displaying hate, violence, intolerance, pornography, etc are numerous and can easily be reached by mistake or without much effort. Newsgroups and chat rooms dealing with such topics as well as illegal activities such as paedophilia and terrorism are also within reach of young users with a little skill.

Adults browsing the internet can end up displaying items on their computer screen that they were not looking for, as well as being confronted with rude or inappropriate language while chatting or sharing their experience within newsgroups. Adults can use their common sense to avoid unpleasant sites and moderate their curiosity in case of serious doubt.

By contrast, children haven’t such experience of real life and are pushed on by their natural curiosity. Therefore they are especially at risk while browsing or chatting unsupervised. They can reach sites that aren’t suitable for them or, even worse, come in contact with nasty people that they’d be better to avoid talking to. Their lack of experience can also induce them to divulge ‘private’ or ‘sensitive’ information, like their age, address, telephone number or their parents’ credit card number to unknown persons.

The parents obviously can’t control all their children’s activities while they surf on the net. The older the children get, the more difficult it becomes for parents to control their teenagers’ Internet access.

That’s why some commercial firms, some Internet Service Providers (ISPs) or some parents’ groups decided to design programmes able to filter out potentially unwanted sites, avoid dangerous encounters and keep sensitive data confidential.

2. How can objectionable contents be avoided?

In principle, four different ways of “blocking” undesired information can be used.

No list

The designer of the programme can draw up a ‘no list’ which contains a series of sites’ names that should be avoided. Those lists are usually first drawn up automatically by computers and then fine-tuned manually. The fine-tuning is often necessary because most of the ‘no lists’ originate from the US and an adaptation to other local languages or cultural specifities proves necessary. The sites present on the ‘no list’ can also be put into categories (sex, drugs, violence, etc) so that the user of a secured web browser can decide for himself (or for his/her children) what contents should be ruled out. ‘No lists’ need regular updating. They can be situated on the user’s computer or they can be located on a remote server.

Real-time filtering

The filtering programme can carry out a real-time analysis of the textual content of a certain Internet page. A similar process, but more complicated, involves scanning the picture content of a page. Real-time analysis prevents a page containing any unwanted text or picture to be (further) displayed. In some cases, the full site containing the ‘offending’ page is prevented from being displayed.  This is the only type of filter that is also able to monitor data being entered into your computer and information such as telephone numbers, credit card numbers, etc to be sent out on the net while chatting and so effectively avoid disclosure.

The drawbacks of these systems are that with poorly designed systems:

• The display of harmless selected pages can be slowed down.

• An offending page can be partially displayed before the filter encounters the taboo word or picture.

Site labelling

In this procedure, the owner of a certain site voluntarily gives a label to his web pages using a technology called PICS (Parental Internet Content Selection). Basically, a web manager can choose to rate their pages according to various categories (violence, nudity, etc) and for varying degrees of severity within these categories. In order to get a universally accepted rating the pages have to be submitted to one of several vetting bodies such as  ICRA or SafeSurf, for approval, which stops anyone falsely rating. A number of systems, with ICRA -Internet Content Rating Association - (ex-RSACi) and SafeSurf as market leaders, can work together. They can decipher the PICS ratings and allow, or not, the display of a web page on the computer screen according to the credential level that has been set.

Both Internet Explorer and Netscape incorporate PICS technology so they can implement this type of rating system. Latest versions of Internet Explorer (IE) can be set for ICRA and SafeSurf. Older versions of IE (eg IE 5.5 without updates) only have the option for ICRA and it is still labelled RSACi - but it works satisfactorily on ICRA rated pages. Only some versions of Netscape can be set up for ICRA and SafeSurf.

Both ICRA and SafeSurf categorise the sites and also apply severity levels within these categories. Using settings in the browser, a parent can ‘tune’ the filtering as desired. Rated sites can then be filtered, or not filtered, according to the chosen criteria.  A certain level of security is thus achieved, provided that the adult user has activated the settings in his/her browser.

The failings of these systems are:

• Very few web sites use it and it is not used by people deliberately trying to offend users - thus it is not an effective filter.
• To overcome this latter problem the user can set it to also block all pages that have not used the rating system - but because so few people use it -this effectively blocks almost the entire Internet! (In 1999 ICRA claimed that 120,000 sites had been rated, this is an insignificant number).
• It does not deal with other Internet issues (Newsgroups, etc).

However, as a component part of the overall plan to filter the Internet effectively, these rating systems do have a part to play.

Walled-gardens

Besides those ‘real’ filters, there’s also another way to prevent children’s access to unwanted unsuitable sites. This method, called a ‘walled-garden’, is as simple as it is effective: it uses a ‘yes list’. Any attempt to access a site not on this list is simply denied. This method is the safest for use with small children: only the scaled-down version of the Internet appears to them and they don’t even suspect that the majority of it is kept well hidden from them.

As these dedicated browsers are not filtering anything, but just allowing access to a well-secured part on the Internet, these software packages have been left out of the studies carried out on filtering software so far. The ‘yes list’ can be located on the user’s computer or at a remote server, the latter system is sometimes operated by an ISP.  The walled-garden principle can’t be used with older children who want to search the Internet for documentation purposes.

3. Where can filtering or blocking software be obtained?

Once again, four ways of getting blocking software exist:

• Browsers


Although not very well known by the vast majority of the users, both Netscape and IE include the PICS filtering application. As explained above, it works together with the self-labelling of the sites according to the RSACi system (now superseded by the newer version of it: ICRA). Safe Surf is now supported by the latest version of IE.  To repeat, the use of the filtering system is simply triggered by a suitable setting of the browser’s options. The settings can be overridden if an adult wants to surf freely on the net. This option is free and there’s no update necessary.


• Search engines


The majority of the users ignore it, but the search engines can also include a (family) filtering system. It has only to be turned ‘on’ to prevent unwanted contents being displayed on the computer. This ‘on’ setting can be overridden with a suitable password. Again, adults can surf without any restriction if they want to. However, if children are let on the Internet alone, the default security setting should be left on ‘high’. This option is also free and equally doesn’t require any update from the consumer’s side.


• Internet Service Provider subscription


Some ISPs offer this as part of the overall subscription so there is no extra charge for using it.  In the UK, AOL and Compuserve both offer this option as part of the monthly subscription.  Other ISPs may charge extra for the service.

Alternatively, ISPs exist exclusively to provide filtered content to children only; companies such as Kidsnet in the UK and SafeExplorer in Canada. ISPs such as these may supply either walled garden or filtered content, as required, according to age. With these systems, the ‘yes list’ or ‘no list’ are on the ISP’s server and so there is no need to install any extra software or files on the user’s computer.


• Software packages


They can be either bought over the Internet or in retail outlets. A few can also be obtained as Freeware over the Internet for no cost.  When the product is paid for, it can come in a physical package (a box containing a CD) sold in a shop or downloaded from the Internet for a specific fee (to be paid using a credit card). The free software is usually downloaded directly from the Internet.

In most of the cases, the potential user can download a fully operational trial version of the software, install it on his/her computer and decide whether he/she wants to buy it at the expiry of the test period.

These packages have to be installed on the user’s computer. The user is usually responsible for the maintenance of the list(s), that can usually be directly updated every now and then from the producer's site through the Internet connection. Very often the list updates are free for a period of time and have only to be paid for after this.

More recent versions use a variety of extra tools to aid filtering. These include word lists to detect unsuitable pages that may not be in the ‘no’ URL list and intelligent agents that analyse page content. Another recent development in some of these products is the location of the ‘no list’ on a remote server rather on the user’s computer. Although this might seem to be a Proxy server, it is in fact being used in a slightly different way; URL requests are ‘bounced’ off the server rather than passing through it. This prevents any loss in speed of surfing that a true proxy server would cause. The software on the computer then does the filtering.

4. Previous work concerning Internet filtering

The risks encountered by the children while surfing on the Internet have been the centre of concerns for many individuals and organisations, private or governmental, in the recent years.

Some parents’ committees have expressed their fears about their children regarding the Internet and some of them have started to design pieces of software aimed at giving parents more confidence in the security of the system.  Also some commercial firms have undertaken to build filtering software.

The European Commission also devoted much attention to the deployment of a definite policy in this domain. The EC, under the ‘Internet Action Plan’, funded and still funds several studies that help lead to safer use of the Internet by children.

Among them:

• The IDATE project.
  
  This was a preparatory action for running the Safer Internet Action Plan. This project team carried out a pan-European Internet users’ survey and highlighted the limitations of the filtering tools.
• The Benchmarking of filtering and software project
  
  This document has been prepared by Tom Jackson from ISPRA (Italy). It was inspired by the IDATE project which showed that filtering tools were not reliable and that the assessment or measurement of the blocking efficiency (or inefficiency) were intricate matters. The relative performance of the filter in blocking harmful content was dissected into various evaluation components (blocking effectiveness, over-blocking sensitivity, security integrity, operational integrity, configurability, customisability and usability).
  
  NB: this benchmarking work has been extensively used to enhance the original draft test programme used by Conseur for the evaluation of the performances of commercial and free-to-use filtering software as part of the CISA project’s own contribution to the Internet Action Plan.
• The ONCE (ON-Line Children’s’ Education) project.
  
  This project seeks a dual goal of safety awareness and education of children, together with their parents or teachers, in order to establish safe behaviour when surfing on the Internet.

Some governmental or standardisation bodies have done research in that field too:

In America: COPA Commission on online Child Protection http://www.copacommission.org/report/

In Europe: INCORE Internet Content Rating for Europe www.incore.org

In Europe: ANEC has called for effective standards for Internet filtering (see their document “Consumer Requirements for Information and Communication Technology (Part II) “Specific Requirements: Internet.)

And finally, many Consumers’ Associations around the world have carried out extensive testing on filtering software and/or the different ways to make children’s Internet navigation safe.

All these studies showed that most of the available filters had loopholes, filtered too blindly or inadequately and/or irritatingly delayed surfing on the Internet.

All studies also insisted on the fact that children should be aware of the dangers they could encounter while browsing on the net and that both parental educational effort and guidance were insufficient to build this awareness.

Philippe Lecocq (November 2001)
Supervising Project Officer for the project “Internet Filtering”
CONSEUR – Brussels (plecocq@test-achats.be)
EU Internet Action Plan