Created on 3 June 2015
Some major search service providers (including Google and Microsoft) have recently announced changes to the way they return (or will shortly be returning) search results, including image searches.
These changes will move search results behind SSL encryption. This means that all search results will then be served using ’https’ (with the secure padlock shown in web browsers).
Search service providers such as Google have stated that they are doing this in order to make searching the web more secure by preventing search terms, results and login information from being intercepted by others. Encrypting all transactions between search services and their users ensures they cannot easily be accessed by other individuals and organisations.
Whilst this change does make searching more secure, it impacts on the ability of schools and other organisations with a duty of care in relation to children’s access to the internet to filter web content and search terms effectively in order to block access to inappropriate and harmful content. The change makes it impossible for filtering solutions to continue to filter search queries and results as they have to date, which means that the risk of inappropriate search results being returned is much higher. It also makes it more difficult to flag the use of inappropriate or concerning search terms in schools.
In some cases this could present a safeguarding issue, as it means it is now more likely that inappropriate material could appear in search results. Whilst there has always been the possibility of this occurring (as no filtering system can ever be 100% effective 100% of the time), this change means that the possibility of inappropriate content bypassing filters has increased, unless significant engineering changes are made to filtering systems’ underlying technologies and methods of operation.
In summary there are four options that schools can consider in response to this issue:
Schools considering options 1 and/or 2 are advised to discuss the issue amongst key stakeholders within the school to ensure that the risks are fully understood and any additional training or other measures required are put in place. This will most likely require the update and refresh of school IT acceptable use policies and user education practices.
Schools considering options 3 and/or 4 should, in the first instance, contact their filtering solution provider and ascertain what capabilities the solution may have. Links to some providers of filtering solutions to schools that offer SSL interception functionality are provided at the end of this document.
Some additional points which schools may wish to consider and raise with filtering solution, broadband service or technical support providers include:
To find out more about the issues discussed in this paper, schools are should contact their provider of filtering and/or broadband services. In many instances this will be a local authority or regional broadband consortium (RBC)
Schools may re-use this material, providing that The Education Network is acknowledged.