ecreational browsing at work meets its match

Nearly everyone agrees that children's access to dangerous or questionable material on the Net is a problem. The evidence is solid that the products most directly aimed at solving it, the blocking and filtering programs that some call "censorware," are seriously flawed.

Inappropriate use of the Net in the workplace is a different sort of problem entirely -- yet most of the suppliers tackling it rely on the same tried-but-untrue approaches still doggedly pursued by the home censorware industry.

Finally a better solution to the misuse of business networks may have appeared.

The Internet's global nature and the First Amendment to the US Constitution gang up on those who try to forbid the online distribution of inappropriate, dangerous, or simply embarrassing content. If you can't block it at the source (that's called "prior restraint") and you can't block it enroute (ISPs are common carriers), then you have to block it at the destination. Logical, but hard to implement. Watchdog organizations such as the Censorware Project and Peacefire document both the structural failures of the filtering vendors to keep up with the Web's growth and the implementation failures of their software solutions.

The problems of the home-filtering industry came to the fore last week when two programmers published an article (here's another source) titled The Breaking of Cyber Patrol 4. The programmers, a Canadian and a Swede, told how they had reverse-engineered this widely used filtering package to uncloak its encrypted list of blocked sites.

The revealed list caused considerable embarrassment for Microsystems Software Inc., publisher of Cyber Patrol, because it exposed the product's shortcomings and its mysterious, arbitrarily overzealous filtering. (To be fair, Cyber Patrol's blocking lists don't look as bad as those of some other censorware programs; at least there is no discernable political bias.)

Microsystems Software went to court last Thursday and obtained an injunction against the two foreign developers, claiming that their software allows kids to bypass parental filtering. This is not at all what CPHack does, but perhaps the censorware company was too embarrassed to go after the programmers for revealing their secret list. How the judge expects to enforce an injunction against two foreign nationals, let alone against the numerous "mirror" sites that have popped up around the globe, is another puzzler.

Despite all of its drawbacks in practice, there is a certain logic to a filtering/blocking approach when the goal is to keep certain materials off the screens of children. The problems caused by unrestricted Internet access in the workplace are very different. They are essentially management problems, and applying a technological solution -- filtering software overseen by an IT department -- isn't necessarily the best approach to solving them. Yet many of the companies that make home filtering software also sell versions of their products for the workplace. Examples are SafeNet Pro, SurfWatch @ Work, and surfCONTROL.

Blocking access to certain Web sites in the workplace makes employees grumpy. Even if they have no particular desire to surf for porn on their employer's time, they may well resent being treated like children. They may even spend time working to outwit the censoring software -- not the sort of workplace attitude any sane employer wants to foster.

A young Colorado company, eSniff, has introduced the first product that takes a radically more sensible approach to managing workplace Internet usage. eSniff sells a box that plugs into the company's network. It silently monitors all traffic and flags instances of potential problem activity, saving copies on a secured disk. Managers can view the exact material that employees were viewing when a problem was detected. eSniff's patent-pending software performs linguistic and mathematical analysis of network traffic and flags management concerns in areas such as racism, porn, trading, resignation, acquisition, confidential material, shopping, and sports. eSniff monitors not just Web usage, but also intranet traffic, email, chat, ftp, telnet, print jobs, and proprietary protocols.

eSniff's CEO, Tom Donahue, told me that once a company installs an eSniff box and tells employees that inappropriate Internet usage will be monitored, problems of abuse dry up almost immediately. Donahue claims that the payback time for an eSniff installation, considering only gains in employee productivity, can be measured in weeks or even days. An increase in network security and a decrease in legal liability improve the picture even further.

The eSniff 100 is a headless Linux/Intel box meant to be installed in a secure location, such as a locked closet. All interaction with the box is done via password-protected Web forms; in a future version this traffic will be secured with SSL encryption. The product supports the English language in its first release. Spanish, Japanese, German, and French versions are in the works. Refreshingly, eSniff does not shrink from revealing what the product costs: $7999, plus $1600 per year for maintenance and upgrades.