Created on 3 June 2015


Some major search service providers (including Google and Microsoft) have recently announced changes to the way they return (or will shortly be returning) search results, including image searches.

These changes will move search results behind SSL encryption. This means that all search results will then be served using ’https’ (with the secure padlock shown in web browsers).


Why are search providers doing this?

Search service providers such as Google have stated that they are doing this in order to make searching the web more secure by preventing search terms, results and login information from being intercepted by others. Encrypting all transactions between search services and their users ensures they cannot easily be accessed by other individuals and organisations.


What does this mean for searching the internet in schools?

Whilst this change does make searching more secure, it impacts on the ability of schools and other organisations with a duty of care in relation to children’s access to the internet to filter web content and search terms effectively in order to block access to inappropriate and harmful content. The change makes it impossible for filtering solutions to continue to filter search queries and results as they have to date, which means that the risk of inappropriate search results being returned is much higher. It also makes it more difficult to flag the use of inappropriate or concerning search terms in schools.

In some cases this could present a safeguarding issue, as it means it is now more likely that inappropriate material could appear in search results. Whilst there has always been the possibility of this occurring (as no filtering system can ever be 100% effective 100% of the time), this change means that the possibility of inappropriate content bypassing filters has increased, unless significant engineering changes are made to filtering systems’ underlying technologies and methods of operation.


What can schools do?

In summary there are four options that schools can consider in response to this issue:

  1. Continue to use the SSL search services now offered by providers without any changes to filtering solutions. Schools choosing this option should be aware that more inappropriate material could now be delivered to users as a consequence.
  2. Change search service provider. This may offer a seemingly simpler short-term solution, though it is important to acknowledge that more and more service providers may change the delivery of their search facilities similarly, and as such in the longer term it may not be an effective solution.
  3. If Google is your school’s primary search tool, ensure that Google’s SafeSearch is applied to search results. This could be enabled by either your filtering solution or local DNS. It is important to recognise that SafeSearch does not offer the same level of granularity and control over filtering (for example, the ability to differentiate filtering by class, year group or role) that schools will currently enjoy via their discrete filtering solutions. This therefore increases the risk of inappropriate search results, including images, being returned and displayed to learners.
  4. Add or activate ‘SSL interception’ functionality to filtering solutions, meaning the filtering solution can intercept, decrypt and filter search results. In order to perform ‘SSL interception’, schools typically need to make changes to the devices that use the filtering solution (as it needs to decrypt, analyse, and then re-encrypt all traffic using a security certificate). This certificate needs to be deployed to all computers and devices that browse via the school’s filtered internet connection.


Schools considering options 1 and/or 2 are advised to discuss the issue amongst key stakeholders within the school to ensure that the risks are fully understood and any additional training or other measures required are put in place. This will most likely require the update and refresh of school IT acceptable use policies and user education practices.

Schools considering options 3 and/or 4 should, in the first instance, contact their filtering solution provider and ascertain what capabilities the solution may have. Links to some providers of filtering solutions to schools that offer SSL interception functionality are provided at the end of this document.


Some additional points which schools may wish to consider and raise with filtering solution, broadband service or technical support providers include:

  • Filtering solutions capable of intercepting SSL packets should also be capable of detailing and documenting specifically what SSL traffic will be intercepted and what will not (e.g. a school may wish to exempt banking or shopping transactions from SSL interception).
  • In schools where SSL interception is selected as the best option, the process should be discussed with the technical support team to ensure everyone is aware of the steps to be taken to ensure the continuing protection of learners and staff.
  • Schools may also want to make parents aware of the general issue and also the school’s chosen option; this provides transparency and demonstrates that schools are exercising their duty of care.
  • Parents may want to make changes to their home systems too as a result, and schools may be able to support them in doing so.


To find out more

To find out more about the issues discussed in this paper, schools are should contact their provider of filtering and/or broadband services. In many instances this will be a local authority or regional broadband consortium (RBC)

Useful links & further advice:

Schools may re-use this material, providing that The Education Network is acknowledged.

Share This