A new encrypted search feature that internet search giant Google Inc. rolled out last month is causing problems for schools, which say the service keeps them from complying with the Children’s Internet Protection Act (CIPA) and could put their federal e-Rate funding at risk.
The service lets users search the web in a way that can’t be tracked by employers or internet service providers. Google launched a beta version of the service May 21 to give users more control over the searches they make; the company has come under fire from privacy groups in recent months for how it handles sensitive information.
But in accommodating privacy advocates, Google ironically has angered K-12 education technology officials, many of whom are now blocking access not only to Google’s encrypted search page but also Gmail and Google Docs. That could be a problem for Google, which is competing with Microsoft in supplying free software for communicating and collaborating online to schools.
The encrypted search feature, which can be accessed at https://www.google.com, uses Secure Sockets Layer (SSL) connections to encrypt information that travels between a user’s computer and the service, meaning that a user’s search terms and search results pages cannot be intercepted by a third party on the network. Searches also are not archived in the web browser’s history and won’t appear in the auto fill during a subsequent search.
While some people believe this new encrypted capability will help advance users’ privacy, especially those living in China, K-12 schools—which use third-party filters to monitor student and faculty conduct online—are saying the service might cripple their use of Google and its products.
The reason is simple: Schools must comply with CIPA to receive federal e-Rate funding. Without the ability to monitor student and faculty searches, schools no longer can be considered CIPA compliant, many say.
Although Google’s encrypted search can’t deliver SSL-protected images or maps at this time, video results will appear and can be viewed through the encrypted search. The company said it is working on providing image and map search results in the near future as more web sites and services provide SSL options.
And though encrypted search still allows third-party software to record and/or block web sites that users click on once they’ve conducted a search, the encrypted search has the ability to block third parties if the user clicks on an “https://,” or SSL-protected, web site.
An example of an encrypted search might look like this: A user visits https://www.google.com and searches for “pornography.” Google then encrypts the query and returns the search results. However, when the user clicks on a search result, that result would be blocked by the school’s internet filter … unless it’s a site that is too new to appear in the filter’s list of blocked web sites, or it’s an encrypted HTTPS web site—such as a pornography-related eCommerce site.
In response to schools’ concerns, Google spokesperson Kat Eller told eSchool News the company is “aware that encrypted search can create difficulties for some educational institutions. … We’re very sorry for the inconvenience and are working to identify a solution as fast as possible. An imperfect and temporary fix is to enable our SafeSearch lock feature.”
SafeSearch automatically tells the Google search engine to filter out any pornographic or explicitly adult-related web sites from the search results. Eller said that by using a domain-level cookie, the SafeSearch lock is preserved even when students or faculty use Google’s encrypted search.
But school technology experts say there’s a way around SafeSearch.
“With standard HTTP Google searches, our filter is able to enforce the SafeSearch setting, regardless [of] what the user has set,” said Darryl LaGace, chief information and technology officer for the San Diego Unified School District (SDUSD), a large urban district with 132,000 students. “With HTTPS, that ability is defeated, [because] filters can no longer see inside the HTTP packet.”
Grant Gutstadt, security administrator in information technology for SDUSD, explained that it would be easy for a user either to delete the cookie or open a private browsing session—a feature of Internet Explorer 8.