Responding to concerns from education technology officials, internet search giant Google Inc. has moved its encrypted search feature to a new domain name, from https://www.google.com to https://encrypted.google.com. The move is intended to let schools block Google’s encrypted search feature without having to block the company’s other services, too—but some ed-tech officials say it’s not a viable solution to the problem.
Google in May released a new encrypted search feature, which lets internet users hide their search queries from third parties. The service uses Secure Sockets Layer (SSL) connections to encrypt information that travels between a user’s computer and Google’s search engine, meaning that a user’s search terms and search results pages cannot be intercepted by any third-party software on the network. Searches also are not archived in the web browser’s history and won’t appear in the auto fill during a subsequent search.
Educators in school systems using Google services, such as Gmail and Google Apps for Education, worried that the new encrypted search feature would keep them from complying with the Children’s Internet Protection Act (CIPA) and put their federal e-Rate funding at risk. They said the service forced them to make a difficult choice: Block access to all of Google’s features, including Google Apps, or risk forfeiting CIPA compliance. (See “Google’s encrypted search creates problems for schools.”)
To address these concerns, Google has moved the domain name for its encrypted search to https://encrypted.google.com. On the Official Google Enterprise Blog, a post titled “An update on encrypted web search in schools” stated that Google moved its encrypted search “to a new hostname in order to better serve school partners and users.”
“The site functions in the same way,” according to the post. “However, if school network administrators decide to block encrypted searches on https://encrypted.google.com, the blocking will no longer affect Google authenticated services like Google Apps for Education.”
That’s not entirely true, said Jerry Jones, director of computer, network, and telecommunications support for the Sacramento County, Calif., Office of Education.
“Encrypted.google.com appears to use the same IP addresses as the rest of the Google services, so just having a different domain name will not meet our needs,” Jones said. “We need the IP addresses of their encrypted search to be different as well.”
Google says schools can simply “block the DNS [Domain Name System] resolutions of the encrypted.google.com hostname, and not attempt to inspect HTTPS packets. … Before a browser even tries to make a connection to https://encrypted.google.com, it has to resolve the IP address of that hostname. We expect schools to block that initial resolution.”
But Jones and some other ed-tech officials say they prefer to filter inappropriate web sites based on IP addresses instead of domain names. As long as Google’s encrypted search shares the same IP addresses as the company’s other services, the new domain name won’t matter, they say.
Andrea Bennett, executive director of the California Educational Technology Professional Association, agreed with Jones.
Though Bennett said she’s impressed with Google’s attention to the problems its encrypted search has created for schools, and said that Google has “responded well to the education community’s concerns,” she noted that the domain name change is not very helpful.
“While this is an improvement, it is not perfect,” Bennett said. “Using DNS to block is not secure enough, because students know how to get around it by using the actual IP address. We have been told that Google continues to work with the vendor community to develop a more stringent solution, and we appreciate that.”
The issue is important not only for schools, but also for Google, which is competing with Microsoft in supplying free, cloud-based software to schools for communicating and collaborating online.