Over the past few weeks, there’s been a lot of news about ComputerCop, a piece of software, usually distributed by the police, or other law enforcement agency. The problem isn’t that ComputerCop doesn’t do what it says it’ll do. Instead the problem is that what it does, it does very very badly.
I’ve been aware of the revelations about ComputerCop since mid-August. Back then, Dave Maass of the Electronic Frontier Foundation found out about the Online Family Safety panel I was going to do at DragonCon, and asked to be on it. Since one of my main reasons for having the panel was ‘Nanny-ware doesn’t work’, I think it’s a great idea. And so those that came to the panel on August 30th, got a first look at the research that went public October 1st.
So let me back up a little, in to the what and why. What was my aim, and why do I think I’m qualified to talk about this?
Well, my qualifications are simple. I’m a highly techie parent, that is young enough to have been on the other side. It’s been a little over 28 years since I got my first computer; I spent a number of years as the person ‘running’ a room full of computers operated by teenagers (it’s hard to explain, but basically I was ‘in charge’ of the class, or the lunchtime free usage period. If need be, I had teacher backing, but I was the expert) at a selective entry school; and I have three children (currently aged 10-17, see right), who have all been around digital devices all their lives.
I’m also a researcher, often at the ‘wild west’ areas of the net, where kids are likely to be where they shouldn’t.
Why did I care? Well frankly, a lot of parents are really badly informed about how things work. Let’s be honest, a lot of politicians, law enforcement, courts and parents haven’t got a clue about technology. It’s become so ingrained that our leaders are so clueless about technology, that jokes about getting the kids to set the VCR did the rounds 20-30 years ago, and even cosmopolitan is doing articles on it.
By far the best example of this is the late Senator Ted Stevens and his “series of tubes” comment (and indeed his whole speech) which is even more worrying when you realise he was in charge of the Senate committee that regulated the internet [in the US]. With this level of general ignorance, it’s not surprising that myths, mis-truths and just generally wrong assumptions are made that, far from making things safer for the younger and more naive amongst us, significantly increase their risk.
ComputerCop is a prime example of this. A piece of software distributed with ringing endorsements from police departments, who many people would believe would be a suitable source to know what’s safe. The reality is that the program is poorly made, and rather than protecting, actively exposes the users to attacks and exploitation.
There’s a good reason for this. Law enforcement now routinely uses online and other digital data as an investigative shortcut. Searching someone’s phone, or using a backdoor/exploit is far easier than building enough of a case to have to go the traditional way of going before a judge and getting a warrant, or making a plea deal for a decryption key. It also means that any fishing trips that are attempted, are more likely to result in something which can be used to file a charge.
All of which explains why there’s been such an outcry from law enforcement over the past month or two, in response to Apple and Android phones going full-encryption capable. As noted in wired, law enforcement has gone nuts panicking that now they won’t have the easy access they had before, and demanding a ‘golden key’ (which is a fancy way of saying ‘backdoor’ or ‘designed exploit’ or ‘master key’) and that to oppose it is somehow ‘unpatriotic’ or that they have something to hide.
Yes, we do. We have our private lives to hide. Living under the unrepenting gaze of the government and its organs is a long-winded description of a police state.
At the same time though, that’s often how children, particularly teenagers, feel when confronted by an over-zealous parent eager to monitor all activities. Just as most adults resent the intrusion by the government into monitoring their daily activities, so too do children when their parents do it, with the same end result. Things get hidden, subverted, and any trust that might have existed is gone. In fact, the Royal College of Psychiatrists have now come to pretty much the same conclusion, issuing new guidelines recently.
So, even if programs like ComputerCop were competently made, the use of it actively undermines its usefulness. To draw a wider example, those that are likely to be monitored by governments often make use of encryption, other devices, or services that subvert the monitoring program – everything from disposable pre-pay cellphones, and public wifi hotspots, to using TOR and PGP/GPG encrypted emails. Or even less seriously, people who are tired of (or paranoid about) copyright infringement notices, are increasingly paying for VPN services to disguise their activity, so that their traffic exits via a node that can’t easily be traced back to their ISP, and thus to them, and there are dozens of providers who have sprung up offering VPN’s that don’t log to cater to them.
What about the other kind of parental software though? The ‘net nanny’ and “cyberpatrol” type software? Well, it’s software installed locally, so not so difficult to circumvent. To again draw a parallel to wider issues, just how well have national court-ordered blocks on certain websites worked? There the ISP impliments a block on systems that can’t be accessed by people, and can’t just be disabled as with a parental control program, so they have to be gotten around. So, do they work?
No. They don’t. One study showed that blocking The Pirate Bay actually increased traffic rather than reducing. It’s an example of what is now called the Streisland effect, but which is well known to psychologists. this desire to ‘see the prohibited’ is even the core point in the Adam and Eve ‘Forbidden Fruit’ story.
Nevertheless, when countries and governments, with all their might and resources, can’t make it work, despite spending significant sums on experts to try and implement them, how can a parent expect to do any better with some off-the-shelf commercial software? the answer is, they can’t. The programs only work on those who aren’t likely to really push them, or those too young to challenge them – effectively working on the honor system.
In that respect it’s just like abstinence-based sex education, which is so effective it reversed a downward trend in teen pregnancies, meaning that the idea that hiding information about it prevents the action is fundamentally wrong. It ends up focusing on it being bad, and not why it’s bad,
And above all else, the main thing most of these programs ignore, is that the biggest threat these days, is not searching for pornography, it’s the ability to make it themselves. That little lens, in every cellphone for almost the last 10 years, is by far the biggest risk factor out there. It has the potential to risk so much, by revealing so much, that can’t be easily taken back.
So what is effective?
The traditional piece of advice that was trotted out here – keep the family computer in a family room, not a bedroom – is now showing its age. With laptops and mobile devices (even gameboys have had cameras and internet access for the last 5 years) now ubiquitous amongst kids of all ages, it’s just plain outdated.
Pretty much the same things as with everything else, be it smoking, drinking, or whatever. The first key ingredient is communication. Then there has to be some level of trust, but at all times, remember that heavy-handed enforcement or a prohibition-like state never works.
First and foremost, communicate with your children. Explain the risks and dangers as you see them, and that means first of all identifying the risks accurately. Your (and your kids) biggest worries are malware, closely followed by your children’s immaturity and lack of good judgement. People targetting them out of the blue on the internet isn’t going to happen – its one of those incredibly rare things like Terrorism, or Ebola, that you shouldn’t waste your time with.
Teach them about privacy. Facebook has privacy settings – use them. Unless you want random people ogling swimsuit pics (and that goes for you too parents! Be aware of what you upload and tag). Show them how to turn off geotagging (because that photo of the family pet doing something cute/funny can give away your address, plus 99% of the time you don’t need it) and most of all, show them the news stories about ‘Fappening’, about the Snapchat leak, and about Anthony Weiner. There’s no such thing as a photo that can’t be shared.
Teach them data security. Don’t reuse the same password everywhere. don’t install random programs, and point out that spam is spam. Put an ad-blocker on to deal with malicious ads that attempt to hijack browsers (because kids will go to the kind of sites that have them, if they want to, as we said above).
Likewise, any computer you don’t own and didn’t install is a threat. Schools and rent-to-own companies are a significant source of laptops used by children these days, but both both same the same concern – it’s their hardware not yours, so they want to protect their investment. In at least one well publicised case, school officials have activated webcams in school issued laptops and observed students partially dressed. It did this using remote monitoring software, which is supposedly only activated when the equipment was reported stolen, but can be used at will. Rent-to-own companies often have similar software on the computers they ‘sell’, for the same reason. Nor are they always so harmless – this software is extremely similar to malware better known as a RAT (Remote Administration Tool) which have been used to blackmail people. If you don’t need a laptop’s camera, cover it with some tape, and at the very least close it when not in use.
Above all else, don’t give them admin access on the computer. Doesn’t matter how good or knowledgeable they are (or you think they are) there’s a single very good reason for it. It becomes two-factor authorisation for anything important. Many scams and deceptions are based on either momentum or the lure of imminent gratification. By making them have to stop to come find you to grant the access, you’ve given them a pause moment, vital for good judgement. By the same token, as parents you need to keep your passwords to yourself, and not let them know it.
Finally, show an interest. It sounds silly, and obvious, but it’s also the thing most parents fail to do, and of those that do, many go overboard (which again pushes kids into hiding stuff). By showing an interest, you’re more likely to know what they’re doing, because they’re going to tell you, and you won’t need to snoop, and they can help you learn about new things going on at the same time. It’s part of a practice called ‘Being a Parent’.
And that, in reality, is why people install the kinds of parental software like NetNanny or CyberSitter, or ComputerCop – because they don’t want to spend the time and effort to be an actual parent. This kind of attitude was exemplified by one Alabama Sheriff who earlier this month reacted to the criticisms of ComputerCop by saying “There are some parents out in Columbine Colorado, if they had this kind of software, things would have turned out differently.” It kinda completely ignores that Harris and Klebold kept physical journals, not online one, but that ComputerCop, had it been in use then, would have told them nothing the parents couldn’t have already guessed from the bomb-making/testing and gun purchasing, if they’d been involved.
Which draws things back to a single main theme. There are no shortcuts out there, no software you can use to give you peace of mind. The only way to be a good parent in the Internet age, is TO BE A GOOD PARENT. The internet is just another thing for kids to use to get in trouble, like guns, drugs, alcohol, prescription medication, or just about anything else. That’s why the solution is exactly the same as well. Anyone that relies on software to do something they should do themselves, is cheating themself, and is directly causing the very problem they thought they were solving.
Want to keep your kids safe online? It’s as simple (and s hard) as being a concerned, involved and active Parent.