BelchSpeak

I can't believe that came from your mouth!

Belch.ComCyberPolitics

TSA Implements Content Filtering; Right Wing Blogs Panic

A memo reached the desks of reporters at CBSNews detailing plans to implement content blocking for TSA employees.  Among the standard porn, criminal and gaming content was a line item for “controversial commentary” sites.  To me that means that hate sites or bulletin boards might get blocked.  To Ed Morrissey at HotAir, it means that some bureaucrat might be deciding to block HotAir, and how dare they?!

So lets take a look at what is really going on at TSA, what they will most likely implement, and describe who is the arbiter of what gets blocked and what doesn’t.

TSA, if they are like most large enterprises, will filter web traffic most likely with a proxy server such as Bluecoat.  In reality, there will be several Bluecoat servers distributed across their disparate gateways- whether this is organized by region or business group is up to the network architects.

Smaller organizations might be able to rely on webfiltering plugin software at the firewalls, such as Websense, but in enterprise networks where the bandwidth approaches Gig speeds and greater, the firewalls work overtime to simply maintain state tables and can’t be bothered to do additional services such as content filtering.

When web filtering first began back in the 90’s, URL’s and IP addresses were simply blocked outright.  This domain of Belch.Com, which predated most web filtering companies, was usually on the blacklist because, well, there were burps on the site, so the site was classified as “tasteless.” 

As more and more sites began to share IP addresses, simply blocking IP addresses were no longer an option.  Blocking URLs at the domain level was also no longer an option as more and more subdivided content began to live on domains.  Think about Blogger.Com, for instance.  While the majority of blogs on that domain are harmless, there are several hosted blogs that contain content that many organizations would like to block.  So each site on the Internet would have to be categorized, rated, verified, and placed into a policy.

And now its not just URLs that get blocked.  Phishing sites, malicious content strings, known malware download sites, malformed URLs and other security related content gets blocked now too, so those keywords and strings also have to be added to the filtering policy.

Those policies are then downloaded on a daily, hourly, or even live basis to the appliances distributed around the world.  Local administrators can choose which menu items they want blocked, and with a check of a box, entire portions of the Internet become unavailable to the users of the network.

But what if a site gets misclassified?  Is there a danger of having conservative blogs mislabeled and blocked outright?  Not likely.  Content filtering providers walk a careful line and completely understand that if their product fails to deliver what it says it does, they lose sales. 

So who decides the classification?  When web filtering first began, it was a human effort.  People actually sat in a room going through a list of uncategorized URLs to toss them into their category buckets.  Total drudgery.  Now computer programs mostly pick content and classify sites, whether they use keyword analysis or image recognition software to identify, say, pornography.  Any sites that the computer can’t decide on goes to a human analyst who decides how to classify the site using strict corporate rating guidelines.

Finally, most content filtering sites utilize customer and end user feedback to get sites reclassified if they were accidentally filtered or if the content has changed since the original rating.  So don’t think of content filtering as an attack on “controversial sites.”  Think of it as a reputation score by a company that survives and thrives by getting their classification right the first time.

And Doug Powers writing for Michelle Malkin thinks this is goodbye too.

Dr. Jones

Do not talk about fight club. Oops.

Leave a Reply

Your email address will not be published. Required fields are marked *