In order to remain CIPA complaint, schools need to track the search side as well.

A new encrypted search site from Google has raised concerns among schools.

A new encrypted search feature that internet search giant Google Inc. rolled out last month is causing problems for schools, which say the service keeps them from complying with the Children’s Internet Protection Act (CIPA) and could put their federal e-Rate funding at risk.

The service lets users search the web in a way that can’t be tracked by employers or internet service providers. Google launched a beta version of the service May 21 to give users more control over the searches they make; the company has come under fire from privacy groups in recent months for how it handles sensitive information.

But in accommodating privacy advocates, Google ironically has angered K-12 education technology officials, many of whom are now blocking access not only to Google’s encrypted search page but also Gmail and Google Docs. That could be a problem for Google, which is competing with Microsoft in supplying free software for communicating and collaborating online to schools.

The encrypted search feature, which can be accessed at https://www.google.com, uses Secure Sockets Layer (SSL) connections to encrypt information that travels between a user’s computer and the service, meaning that a user’s search terms and search results pages cannot be intercepted by a third party on the network. Searches also are not archived in the web browser’s history and won’t appear in the auto fill during a subsequent search.

While some people believe this new encrypted capability will help advance users’ privacy, especially those living in China, K-12 schools—which use third-party filters to monitor student and faculty conduct online—are saying the service might cripple their use of Google and its products.

The reason is simple: Schools must comply with CIPA to receive federal e-Rate funding. Without the ability to monitor student and faculty searches, schools no longer can be considered CIPA compliant, many say.

Although Google’s encrypted search can’t deliver SSL-protected images or maps at this time, video results will appear and can be viewed through the encrypted search. The company said it is working on providing image and map search results in the near future as more web sites and services provide SSL options.

And though encrypted search still allows third-party software to record and/or block web sites that users click on once they’ve conducted a search, the encrypted search has the ability to block third parties if the user clicks on an “https://,” or SSL-protected, web site.

An example of an encrypted search might look like this: A user visits https://www.google.com and searches for “pornography.” Google then encrypts the query and returns the search results. However, when the user clicks on a search result, that result would be blocked by the school’s internet filter … unless it’s a site that is too new to appear in the filter’s list of blocked web sites, or it’s an encrypted HTTPS web site—such as a pornography-related eCommerce site.

In response to schools’ concerns, Google spokesperson Kat Eller told eSchool News the company is “aware that encrypted search can create difficulties for some educational institutions. … We’re very sorry for the inconvenience and are working to identify a solution as fast as possible. An imperfect and temporary fix is to enable our SafeSearch lock feature.”

SafeSearch automatically tells the Google search engine to filter out any pornographic or explicitly adult-related web sites from the search results. Eller said that by using a domain-level cookie, the SafeSearch lock is preserved even when students or faculty use Google’s encrypted search.

But school technology experts say there’s a way around SafeSearch.

“With standard HTTP Google searches, our filter is able to enforce the SafeSearch setting, regardless [of] what the user has set,” said Darryl LaGace, chief information and technology officer for the San Diego Unified School District (SDUSD), a large urban district with 132,000 students. “With HTTPS, that ability is defeated, [because] filters can no longer see inside the HTTP packet.”

Grant Gutstadt, security administrator in information technology for SDUSD, explained that it would be easy for a user either to delete the cookie or open a private browsing session—a feature of Internet Explorer 8.

“If all of your computers were in Active Directory, there could be the means of restricting those options through Group Policy. But since we are a large district of up to 60,000 computers across our wide area network, and a majority of those are Macs, we would not able to push this policy,” Gutstadt said.

Although a school’s web filters can block access to HTTP sites delivered through an encrypted search, the service still presents many problems for schools.

“In many cases, the content that needs to be restricted can be viewed without leaving Google’s encrypted search,” said Rob Chambers, chief technology officer for Lightspeed Systems, a company that provides network security and internet content control services to roughly 2,000 school districts in the United States.

“One example of this is video and image searching. Image searching is not currently available; however, Google has said they will be adding it. Video searching is currently available. Encrypted searching for adult content that schools must restrict results in video thumbnails that otherwise would have been blocked. This will be even worse once image searching is enabled.”

Another problem is that CIPA requires schools to monitor and log all web activity, so they can provide adequate reports should a faculty member or student be found accessing inappropriate material, said Jerry Jones, director of computer, network, and telecommunications support for the Sacramento County Office of Education, which serves nearly 238,000 students.

“Our web filtering software logs all search requests on the standard Google web site,” Jones said. “This information is not used unless there is reasonable suspicion that someone is misusing the internet, after which we can perform a thorough search to determine whether the activity was permissible or a violation of our acceptable-use policy. The Google encrypted search encrypts all data sent to the Google search engine servers, preventing our web filter software from logging any of this activity—which prevents our agency from being fully CIPA compliant.”

Jones said that while the risk of losing e-Rate funding is bad enough, CIPA is in place mainly to protect student safety. He explained that if a school allowed encrypted search, safety consequences could arise.

For instance, “a child predator [who] has contact with students in an educational setting could theoretically search for child pornography without the IT staff ever knowing about it,” he said. “Since there are thousands of new web sites that are created daily, it would be impossible for our filter to have categorized all of them in order to block them before they show up in the Google search engine. … Worst of all, none of this activity would be recorded, and therefore it would be undetectable to IT or human resources staff who are responsible for monitoring the network usage of staff and students, putting our students at risk.”

With Google’s regular search engine, such search queries would be logged and reportable and would appear during a “suspicious search queries” report that runs nightly, Jones said. But with encrypted search, it is impossible to “see” what a person has been looking for, should he or she be charged with a crime or suspected of nefarious activity.

One possible solution for schools would be to block access to all HTTPS sites—but that would mean potentially blocking web sites used to purchase products for school use, sites that require encryption to protect login information, banking web sites, health-care sites, or any web system that legitimately needs to encrypt data because it contains users’ personal information.

Another solution would be to block HTTPS sites on the Google domain, and that’s what many schools have chosen to do. But that means other popular SSL-protected Google services used by schools—including Gmail and Google Docs for Education—no longer are accessible, either.

“Google’s encrypted implementation uses the same certificate information for encrypted Google searching as for Google Apps or Gmail,” said Lightspeed’s Chambers. “From the internet gateway, where CIPA-required content filters reside, this causes all of these sessions to look the same.”

He continued: “There are schools that had planned to implement Google Apps for their districts this summer that have now put these projects on hold until a resolution is in place. Many schools that were using Google Apps had to block access to these services soon after the encrypted site was released, which understandably is frustrating to many educators and students who had been relying on these services for lessons and projects.”

LaGace said several SDUSD schools “have begun to rely on Google Apps as a means to collaborate with students, parents, and the community. Google’s timing couldn’t be worse as we come upon the end of a school year.”

Andrea Bennett, executive director of the California Educational Technology Professional Association, said it “seems counter to the company’s relationship with the education community to create such a situation.”

SDUSD has been blocking Google’s encrypted search since June 3—meaning the district has been without eMail, Docs, or calendars for more than a week.

According to a Google Certified Teachers listserv, an SDUSD employee said his or her principal told the faculty to sign up for Yahoo or Hotmail accounts to use for the rest of the year.

“It is not the district’s intention or desire to block access to Gmail and/or Google Apps,” said LaGace. “We are only interested in blocking access to [Google’s] beta secure search. … Though we recognize the hardships this is causing both students and teaching staff at various schools and charters within the district network, the bottom line is the district has no alternative but to prevent student access to explicate material. … We’re hoping Google soon realizes they have created a tremendous conflict for all school districts that jeopardizes schools using Google Apps. Every school district across the country is going to have to deal with this same decision.”

Although his county heavily relies on features that Google makes available free of charge or for little cost to educational agencies, Jones said it might decide to block access to the Google web site altogether to fully enforce its AUP and to keep children as safe as possible.

“It was very disconcerting for me to see not only this new direction [Google] is taking [putting privacy above all else], but also what appears to be a complete disregard of what I feel are valid objections by those who work in education,” he said. “If Google really wanted to find a middle ground, they could easily move their encrypted search to specific IP addresses on the internet that only provide this feature. That would allow educational agencies … to block access to those IP addresses if we do not feel that an encrypted search is necessary for our agency.”

Lightspeed Systems says it is taking measures to help schools deal with the new encrypted search.

The company has just completed a software change that it is now testing for release. The change would allow schools to decide by groups of users where to block the encrypted searching. For example, schools would have the option of blocking encrypted search for students, but not for staff.

According to a spokesperson for M86 Security, another company that helps schools with CIPA compliance, though M86 also cannot block Google’s SSL search without blocking Gmail and Google Docs, the company’s Secure Web Gateway can help filter within SSL search.

“This is an issue for all solutions that either are deployed out-of-band, in which they don’t look at the traffic, or those that are unable to de-encrypt SSL traffic,” said M86’s spokesperson. “For customers who require the ability to filter Google SSL search and are looking for more granular control over SSL traffic, M86 provides a Secure Web Gateway product which can be deployed inline or in a transparent mode. … The M86 Secure Web Gateway can decrypt SSL traffic and will ensure that the traffic over SSL is filtered.”

According to LaGace, SDUSD has contacted Google to voice its concern.

“We have been in direct communication with Google since this new search was launched, and we have been frustrated with the responses we have received so far,” he said. “The following Google response falls far short of acceptable for a school district responsible for managing the internet safety of 132,000 students: ‘We want you to know that we do recognize the problem and Google is in the process of escalating the issue with our search team.’ … ‘Your concerns have stimulated discussion here, but the decision was to not make any changes at this time.’”

In a post to Google’s official blog on June 14, Google Enterprise President Dave Girourard had this to say about the matter:

“We’re working hard to address this issue as quickly as possible, and in a few weeks we will move encrypted search to a new host name—so schools can limit access to SSL search without disrupting other Google services, like Google Apps for Education. Longer term, we are exploring other options, like moving authentication to its own host name so that we can return encrypted search to https://www.google.com.”

Girouard concluded: “Safety and security matter to Google, and we are committed to working with our partners in education so that we help keep students safe and secure on the internet.”

Links:

Google encrypted search

Lightspeed Systems

M86 Security

Sacramento County Office of Education

San Diego Unified School District

California Educational Technology Professional Association


Note to readers:

Don’t forget to visit the Securing Your Campus from the Inside Out resource center. Today’s technology-rich schools face a growing number of threats to physical security as well as network security. Protecting student information and sensitive data and preserving students’ peace of mind in classrooms and on campus can be a daunting task. Go to:

Securing Your Campus from the Inside Out