There’s been a lot in the news about the recent CP80 initiative, and sides have been pretty polarized. I wanted to formulate and write down my stance so I can use it as a reference.

In short, I think it won’t, and shouldn’t work.

CP80 In a Nutshell

In order to keep from putting words in their mouth, I’ll quote right from their website’s front page:

The CP80 Internet Channel Initiative is a simple solution that would put the choice to access or to block Internet pornography back in the hands of individuals and concerned parents, where it belongs.

The solution leverages existing Internet technologies to organize and categorize content on the Web into two Internet channels: the Community Channels (Ports) and the Open Channels (Ports).

The Community Channels would be for all general-purpose content; and the Open Channels would be for adult content, such as pornography. With content organized into channels, an individual or parent could block access to Internet pornography just as easily as he or she could turn-off unwanted cable-TV channels by simply calling their service provider and requesting that the adult channels or Open Channels be shut off.
cp80.org

In short, the effort is a move to separate Internet content into two buckets: Community and “Open” (their happy word for obscene content). They aim to enforce this separation using the government.

Please check out their website for the whole enchilada. It’s a little hard to understand with all the buzzwords and hijacked vocabulary (”solutions”, “channels”, “leveraging”, etc.), but they make a good effort to explain what they’re up to for even the most technically challenged reader.

The Internet is Not TV

It seems that most people want to argue that because TV is regulated by the government, then the Internet should be too. After all, if Janet Jackson gets in trouble, why can’t Internet pornographers?

There are not enough parallels between content delivery via TV and the Internet to draw any sort of metaphorical points. I can’t stress that enough.

The main issue is ease of broadcast. If you want to start up your own evil rogue TV station, how much time and money would you need to invest, from the ground up, in order to be up and running? First, you’d need some high place with a bucket-load of powerful equipment. If you’re going to bend waves that need to travel miles through the air, it takes a lot of power and a lot of expensive equipment. Needless to say, the barrier for entry for TV broadcasting hobbyists is very high.

How much does it take to publish something on the Internet? At absolutely no cost to myself, I can publish content on the Internet in a matter of hours (that includes walking time to the library).

Second is the issue of ease of traceability: how easy is it to track down a publisher? If I ponied up the capital to start my rogue TV station (which of course would broadcast pirated Thundercats from sun down to sun up) it’s horribly easy to locate my installation. Recording the signal strength from three locations is all it would take. A quick triangulation, a stop to the police office, and anyone could have me in cuffs before supper time.

How easy is it to identify someone publishing content on the Internet? Hard enough to keep the spammers from leaving my inbox. Proxy servers allow for middle-man access. Users can login to one machine from another on the other side of the world. Software virii and spyware can remotely or automatically install web servers and deliver content with no human interaction. I can post to my blog from any country in the world.

Because Internet content delivery is so much easier to get into, and so much harder to trace, I don’t see how analogies to television can really be relevant. The usage of the term “channel” by the CP80 group is truly misleading.

Technical Limitations

The CP80 initiative aims to place bad content on an alternate port in order to allow for more effective filtering measures. Kinda makes sense at first glance, but is actually pretty amusing on subsequent glances.

First, it is incredibly common to tunnel a connection in order to get around port-based filtering. When I am on-site with a client, I often find that the over-zealous IT department is blocking all mail traffic. A quick SSH tunnel solves this problem by allowing me to access the “evil” mail traffic using another arbitrary port. This is by no means a technical marvel. In fact, graphical user interfaces exist for this functionality for most platforms already. Port-based filtering is nothing close to bulletproof.

The other interesting thing is that you’re not always in control of what ports point to your system. Most networks have a limited number of Internet-accessible machines. These special machines have routable IP addresses that are world accessible, while your workstation most likely gets handed a translated address. These world-visible machines forward requests to yours in order to make Internet browsing a capability. Basically, what looks like port 80 on the outside may not necessarily be port 80 on the inside.

Also, much of the modern Internet communication comes in streams. While the page you’re now viewing comes in a static package, an instant message from a buddy or a live video (which is becoming more popular) comes live. Content being delivered on any port can change its flavor at any given moment.

I don’t understand why port-based filtering is a valid approach anyway. Any number of different kinds of services can be offered over any port number. You’d think if content was the problem, then a content-based filtering solution would be more effective.

The next technical limitation is impossibility of being able to police the growing amount of content on the Internet today. The rate of growth and the sheer mass of online content makes content segregation (and thus enforcement) and logical impossibility.

Just for fun, let’s say the Internet never changed. Ever. Let’s also say there’s only 200 million sites you need to make sure are “clean.” Some recent estimates would place estimates closer to twice that number, but I want to give CP80 a fighting chance.

If you wanted to process this fake, low-ball estimate, static Internet in a year, you’d need to work through nearly 550,000 sites per day. That’s 380 sites per minute.

Okay, let’s say that you only have to categorize things that people complain about. The problem with this approach is that it puts a great amount of strain on an already strained judicial system. Mix in the fact that Internet content publishing is extremely easy and hard to trace, and you’ve got an enforcement situation that is just as impossible.

Philosophical Problems

I think the biggest philosophical problem with CP80’s approach is this: who decides what is bad? The Internet is a global community, and trying to police it with American values isn’t going to work. In a similarly recent (and failed) effort, the Internet Engineering Task Force (IETF) responded to a plea to categorize content by domain name:

Saudi Arabia, Iran, Northern Nigeria, and China are not likely to have the same liberal views as, say, the Netherlands or Denmark. Saudi Arabia and China, like some other nations, extensively filter their Internet connection and have created government agencies to
protect their society from web sites that officials view as immoral. Their views on what should be included in a .sex domain would hardly be identical to those in liberal western nations.
IETF, RFC 3675

Besides that fact that every nation has different beliefs (and they have every right to believe differently than we might), every family and person has different beliefs. I don’t need Uncle Sam to tell me what’s right and wrong anymore than Saudi Arabia does, and I like it that way.

Besides, mixing all these beliefs and agendas in some government agency is only going to make content categorization choices harder.

Another interesting point made by the IETF is that seemingly inappropriate content that is actually very helpful might be placed out of view because of differing values. I think it’s inappropriate for my children to view material on birth control and certain details of AIDS prevention right now, but I wouldn’t deem either subject appropriate for all time, for everyone.

The second main issue is the empowering of government officials to decide what I get to publish and where. I have no idea why people want to give the government that sort of power. What if I want to offer my views on the gay/lesbian lifestyle? Would that get marked as inappropriate? The legal nightmare CP80 might cause would probably push many right out of the blogosphere.

It seems to me that one underlying motive people have in supporting CP80 is that it empowers parents to protect their children against pornography. I don’t think is necessarily the case. First, I’ve already discussed a few reasons why port-based filtering is ineffective from a security and reliability standpoint. The main philosophical ire this measure draws, however, is that it asks the United States government to put a bulletproof safeguard against immoral material in my home.

I thought that was my job.

First, no filter will ever keep a determined young person from viewing what they’re after. Filth will always be available, either through technical or social circumvention. Second, as a parent, it is my responsibility to educate and warn my children. Placing an adamantine barrier between them and wrong choices would only make them weak and ignorant. If you want to eliminate negative influences on your children, you’ll probably need to move underground.

If, on the other hand, you want to deploy a safeguard that protects them from accidental exposure, those tools are readily available without the philosophical and technical baggage that CP80 will bring with it.

Alternate Approaches

First, I want to say that I’m not particularly smart, and I don’t pretend to know all the answers. That said, I don’t think I have to have a better idea about eliminating porn on the Internet to know that CP80 is a bad one.

I think any effective measure needs to be privately or (ideally) community based. Commercial content filters are already available that restrict access based on:

• Object analysis: adult-oriented web counters and other services used by the site
• URL
• Keywords and phrases
• Port :)

These software packages also allow for filtering on a number of protocols and ports including FTP, IRC, IM, Newsgroups, Peer-to-peer, and email. Most offer detailed reporting, personalized user profiles, time limits, personal information guards, and more.

Most sell for around $40. That’s going to be much less costly per family than CP80. Australia seems to think this is a better approach.

There are also a number of open source efforts underway to fight the growing tide of filth on the Internet. Some are standards based approaches to community tagging, and others are efforts to provide free tools for filtering:

• PICS, an effort by the W3C to standardize metadata for filtering
• DansGuardian, a free Internet Proxy web server. Filters web access using updated blacklists and content-based filters.
• SquidCache, and open source cache server used in proxy situations
• SpamAssassin, a free email filtering tool.
• Naomi, free internet content filter
• K9, free internet content filter
• ScrubIT, a free DNS-based filter. Just switch your DNS servers. (Thanks Utah_Dave)

And though it isn’t really an open-source or free effort, solid, loving parenting is the most effective porn filter you can get your hands on these days. I can’t stress that enough. Its what keeps me out of trouble these days.

Please don’t support CP80. Besides being wrong, it won’t work.