Mike Slinn
Mike Slinn

Towards A Child-Safe Information Appliance

Last modified 1996-08-11.

Securing Peace of Mind

Part 2 of 2

In the previous article I painted the background image regarding the Internet and children. I mentioned some of the positive reasons for wanting your children to have access to the Internet, and also described some of the scary things and people that you would want to protect your children from.

Yes, there are products that you can buy that can censor the information coming into your computer while connected to the Internet. Some of these products can also enforce a schedule of when your child can use the computer, and restrict their ability to use certain software programs and/or change your computer's setup. Right now, I’d like to speak philosophically and introduce a useful (and free!) technique that you can use to ensure that your kids can surf the net without your needing to hover around them.

Two Fundamental Rules of Security

I have worked as a software engineer for over twenty years, and for a time sold security products and services for companies going on-line on the Internet. I learned two important rules of security which are important to your child's safety, when on-line and everywhere else in life.

Security Rule #1: Don't Talk About It

Makes sense, doesn’t it? If you put a sign on your door saying “Our house is monitored by a security system”, that might deter casual break and entry attempts. If you then attend a party, and after having too much to drink you tell a total stranger exactly where your motion detectors are, which doors and windows have sensors, and where the weak points of your system are, then you have just invited that person or their accomplices to visit you one day when no-one else is home. In short, you have compromised your security system by giving out important details. This same warning can be applied to keeping your child safe from the dangers on the Internet. Once you set up security measures, don’t tell your child about them, or even mention that security measures exist! In this situation, you'll protect them more effectively if they don’t know that you have limited what they are exposed to.

Yes, this means that I do believe that there are some things you should not tell your children, for their own protection. With regards to computer security, anything you do towards restricting their access or monitoring their activity should not be discussed in front of them. If they must know something, tell them as little as possible. Try to present the limited information in such a manner so as not to arouse their curiosity – perhaps don’t let on that you are limiting their information, just tell them that is how the machine works, that it can’t do any more. Don’t give them the challenge of trying to circumvent the limits which are there for their own safety.

Of course, other life circumstances should not be approached this way. There are many things in life where children should be armed with as much information as possible for their own protection. For example, they should know as much as possible about how to cross the street, and where to play safely. You would want them to understand at a very deep level exactly what you mean, and why, and the potential seriousness of even one mistake – then you would want to ensure that they were supervised when crossing the street until they were mature enough to do so on their own.

Regarding what to tell your child about the nasty aspects of the Internet, I’d like to suggest an approach something like guidelines for sex education. Don’t make a big deal of it. You’ll know by their questions what they are ready to hear. When they ask about something, they are ready to know the answer to their question. Don’t mention the dangers on the Internet, unless and until your child raises the subject. Eventually, they WILL ask (because they’ll hear it on the news, or from a friend or relative), and at this time you MUST tell them what’s out there, and that you have taken steps to safeguard them from the nastiness out there. Again, don't be too specific.

Security Rule #2: Disallow Anything That Isn't Specifically Allowed

Batten down the hatches! This rule may sound draconian or fascist, but I found that enforcing this rule was a really good way of walking clients through security audits of their computer networks. It makes one think through what their intentions are as they go through the process of justifying each communications pathway to and from the internet.

You need to control which of your software programs your children can use, what information is allowed to be accessed, and what information is allowed to be sent out. The Internet gives you and your children the ability to have a two-way communication with anyone in the planet.

You can use many different kinds of software to access the Internet. On my Windows computer I have an e-mail product (Eudora), a Web browser (Netscape), two different Internet Relay Chat (IRC, for short) programs (NSCHAT and WinIRC), an FTP program (WS_FTP32) and a telnet program (Trumpet Telnet). I can run them all at once, using a single phone line connected to my Internet Access Provider. Each program works differently, and offers your child (or you!) different dangers.

E-mail is a way to communicate with other people. You (or your child) can order products with a credit card over the internet (Yikes! Don't let your child know what your credit card number is!). What if your child becomes pen pals with an adult who poses as a child, and they turn out to be pedophiles? You certainly don't want your child to be able to transmit your phone number or address over the Internet, or even the name of their school! Many Web browsers (like Netscape or Mosaic) have e-mail built-in. You might consider disabling it or limiting what information can go in a message. According to the First Rule of Security, I should not tell you how to do that in this article. Please see the end of this article for how to contact me in private for further details.

Web browsers such as Netscape are usually used as a method of viewing information (pictures and text), although they can transmit information back via fill-out forms. Probably your major concern here should be the type of information that your children can access. According to the Second Law of Security, you should ‘bless’ certain URLs as being known to be safe, and make it impossible for your child to point the browser anywhere else.

Such an ‘electronic playpen’ has the advantage that you only let the browser read from information sources that you have previously approved. The disadvantage is that that you must set up the browser for your children first, and if they have a valid reason for wanting to visit another URL, you must ask them to leave the room while you include the new URL in the list of allowable places to visit. This method doesn’t lend itself to a long list of URLs, but on the positive side it doesn’t require any additional software. According to the First Rule of Security, listed above, I should not describe any more details here.

Unfortunately, most commercial products do not enforce the Second Rule of Security. Instead, they attempt to block actions and access to information which is on a ‘disallowed list’, and let anything else happen freely. This is how loopholes occur. If you consider that the number of URLs appearing on the Internet is currently doubling every month, you can see how futile the task of attempting to blacklist all the inappropriate URLs is.

However, you can take action here, and you don’t need to buy any more software for this simple do-it-yourself procedure. Please contact me for details. It doesn't work with all Internet software, just Web Browsers like Netscape. Hopefully this oversight will be addressed in the near future.

IRC programs are the least desirable ones for children to have access to. Their main use seems to be the distribution of pornography or ‘sex talk’. Don’t install this type of software. Unfortunately, it’s quite easy to use, and almost certainly the first thing a new user of IRC will encounter is an IRC session concerning pornography.

FTP software is useful for obtaining programs (with or without virus infections), text files, and images (like pornography). FTP is built into most Web browsers, and can be disabled. Stand-alone FTP software is also available. Once a kid has access to FTP, they can download any software program they wish, and can defeat your security by installing it! Don’t let children know anything about FTP, and make sure you disable it!

Telnet is a ‘dumb terminal’ emulator. It can perform most of the above tasks, but it requires a lot of computer knowledge. I don't think that even gifted children will be able to do much with telnet unless they are coached by another computer whiz. Don't stay awake at night worrying about this program.

We Haven’t Got Robotic Baby-sitters Yet!

...And maybe we don't want them, either. Just because you may have heard of a product called 'Net Nanny', don't think for a moment that you shouldn't keep tabs on your children's use of computers and/or the Internet. Spend time with them! Remember, software is a social phenomenon, and so are values. If you don't impart your values, they won't grow up with them.

< 1/2