📄 rfc2057.txt
字号:
RFC 2057 Source Directed Access Control November 1996
4.3 World Wide Web (WWW).
Fast becoming the most well known method of communicating on the
Internet, the "World Wide Web" offers users the easy ability to
locate and view a vast array of content on the Internet. The Web
uses a "hypertext" formatting language called hypertext markup
language (HTML), and Web "browsers" can display HTML documents
containing text, images, and sound. Any HTML document can include
links to other types of information or resources anywhere in the
world, so that while viewing an HTML document that, for example,
describes resources available on the Internet, an individual can
"click" using a computer mouse on the description of the resource and
be immediately connected to the resource itself. Such "hyperlinks"
allow information to be accessed and organized in very flexible ways,
and allow individuals to locate and efficiently view related
information even if the information is stored on numerous computers
all around the world.
Unlike with USENET newsgroups, mail exploders, FTP, and gopher, an
operator of a World Wide Web server does have some ability to
interrogate a user of a Web site on the server, and thus has some
ability to screen out users. An HTML document can include a fill-in-
the-blank "form" to request information from a visitor to a Web site,
and this information can be transmitted back to the Web server. The
information received can then be processed by a computer program
(usually a "Common Gateway Interface," or "CGI," script), and based
on the results of that computer program the Web server could grant or
deny access to a particular Web page. Thus, it is possible for some
(but not all, as discussed below) World Wide Web sites to be designed
to "screen" visitors to ensure that they are adults.
The primary barrier to such screening is the administrative burden of
creating and maintaining the screening system. For an individual Web
site to create a software system capable of screening thousands of
visitors a day, determining (to the extent possible) whether a
visitor is an adult or a minor, and maintaining a database to allow
subsequent access to the Web site would require a significant on-
going effort. Moreover, as discussed above with regard to electronic
mail, the task of actually establishing a Web visitor's identity or
"verifying" a credit card would require a significant investment of
administrative and clerical time. As there is no effective method to
establish identity over the Internet, nor is there currently a method
to verify credit card numbers over the Internet (and given the
current cost of credit card verifications done by other means), this
type of identification process is only practical for a commercial
entity that is charging for access to the Web information.
Bradner Informational [Page 16]
RFC 2057 Source Directed Access Control November 1996
Beyond the major administrative burden that would be required for a
Web site host to comply with the Communications Decency Act, there
are two additional problems presented by the Act. First, many Web
publishers cannot utilize computer programs such as CGI scripts to
process input from a Web visitor. For example, I have been informed
that the major online services such as America Online and Compuserve
do not allow their customers to run CGI scripts or other processes
that could be a significant drain on the online services' computers
as well as a potential security risk. Thus, for this category of Web
publisher, the Communications Decency Act works as a ban on any
arguably "indecent" or "patently offensive" speech. It is impossible
for this category of Web publisher to control access to their Web
sites.
Moreover, even for Web publishers who can use CGI scripts to screen
access, the existence of Web page caching on the Internet can make
such screening ineffective. "Caching" refers to a method to speed up
access to Internet resources. Caching is often used at one or both
ends of, for example, a transatlantic or transpacific cable that
carries Internet communications. An example of caching might occur
when a Internet user in Europe requests access to a World Wide Web
page located in the United States. The request travels by
transatlantic cable to the United States, and the Web page is
transmitted back across the ocean to Europe (and ultimately to the
user who requested access). But, the operator of the transatlantic
cable will place the Web page in a storage "cache" located on the
European side of the cable. Then, if a second Internet user in
Europe requests the same Web page, the operator of the transatlantic
cable will intercept the request and provide the page from its
"cache" (thereby reducing traffic on the transatlantic cable). This
type of caching typically occurs without the awareness of the
requesting user. Moreover, in this scenario, the original content
provider is not even aware that the second user requested the Web
page--and the original content provider has no opportunity to screen
the access by the second user. Nevertheless, the original content
provider risks prosecution if the content is "adult" content and the
second requester is a minor. The use of caching web servers is
rapidly increasing within the United States (mostly to help moderate
the all too rapid growth in Internet traffic), and thus can affect
entirely domestic communications. For example, a growing number of
universities use caching web servers to reduce the usage of the link
to their Internet service provider. In light of this type of
caching, efforts to screen access to Web pages can only at best be
partially effective.
Bradner Informational [Page 17]
RFC 2057 Source Directed Access Control November 1996
In light of the existence of Web page caching on the Internet, it
would be extremely difficult if not impossible to for someone
operating a World Wide Web server to ensure that no minors received
"adult" content.
Moreover, for those Web page publishers who lack access to CGI
scripts, there is no possible way for them to screen recipients to
ensure that all recipients are over 17 years of age. For these
content providers, short of not supporting World Wide Web access to
their materials, I know of no actions available to them that would be
reasonably effective at preventing minors from having access to
"adult" files on a World Wide Web server. Requiring such screening
by these Web publishers to prevent minors from accessing files that
might be "indecent" or "patently offensive" to a minor would have the
effect of banning their speech on the World Wide Web.
The Web page caching described above contributes to the difficulty of
determining with specificity the number of visitors to a particular
Web site. Some Web servers can count how many different Web clients,
some of which could be caching Web servers, requested access to a Web
site. Some Web servers can also count how many "hits"--or separate
file accesses--were made on a particular Web site (a single access to
a Web page that contains a images or graphic icons would likely be
registered as more than one "hit"). With caching, the actual number
of users that retrieved information that originated on a particular
Web server is likely to be greater than the number of "hits" recorded
for the server.
5.0 Client-end Blocking
As detailed above, for many important methods of communication on the
Internet, the senders--the content providers--have no ability to
ensure that their messages are only available to adults. It is also
not possible for a Internet service provider or large institutional
provider of access to the Internet (such as a university) to screen
out all or even most content that could be deemed "indecent" or
"patently offensive" (to the extent those terms can be understood at
all). A large institution could at least theoretically screen a
portion of the communications over the Internet, scanning for example
for "indecent" words, but not pictures. Such a screening program
capable of screening a high volume of Internet traffic at the point
of its entry into the institution would require an investment of
computing resources of as much as one million dollars per major
Internet information conduit. In addition it would be quit difficult
to configure such a system to only control the content for those
users that are under-age recipients, since in many cases the
information would be going to a server within the university where
many users, under-age and not, would have access to it.
Bradner Informational [Page 18]
RFC 2057 Source Directed Access Control November 1996
Based on my experience and knowledge of the Internet, I believe that
the most effective way to monitor, screen, or control the full range
of information transmitted over the Internet to block undesired
content is at the client end--that is, by using software installed in
the individual user's computer. Such software could block certain
forms of incoming transmissions by using content descriptive tags in
the messages, or could use content ratings developed by third parties
to select what can and cannot be retrieved for display on a user's
computer.
6.0 Tagging Material
I am informed that the government in this action may advocate the use
of special tags or flags in electronic mail messages, USENET
newsgroup postings, and World Wide Web HTML documents to indicate
"adult" material. To my knowledge, no Internet access software or
World Wide Web browsers are currently configurable to block material
with such tags. Thus, the headers and flags the government may
advocate is currently an ineffective means to ensure the blocking of
access by minors to "adult" material. Even in a predictable future
where there are defined standards for such tags and there are
readably available browsers that are configurable to make use of
those tags, a content provider--e.g., a listserv or Newsgroup poster
or a Web page author--will have little power to ensure that the
client software used to receive the postings was in all cases
properly configured to recognize these tags and to block access to
the posting when required. Thus I feel that the tagging that may be
proposed by the government would in fact not be "effective" in
ensuring that the poster's speech would not be "available to a person
under 18 years of age," as the Communications Decency Act requires.
Although I strongly support both voluntary self-rating and third-
party rating (as described in the preceding paragraph), I do not feel
that the use of tags of this type would satisfy the speaker's
obligation to take effective actions to ensure that "patently
offensive" material would not be "available" to minors. Furthermore,
since it is impossible to embed such flags or headers in many of the
documents currently made available by anonymous FTP, gopher and the
World Wide Web without rendering the files useless (executable
programs for example), any government proposal to require the use of
tags to indicate "adult" material would not allow the continued use
of those methods of communication for speech that might be deemed
"indecent" or "patently offensive."
With the exception of electronic mail and e-mail exploders all of the
methods of Internet communications discussed above require an
affirmative action by the listener before the communication takes
place. A listener must take specific action to receive
communications from USENET newsgroups, Internet Relay Chat, gopher,
Bradner Informational [Page 19]
RFC 2057 Source Directed Access Control November 1996
FTP, and the World Wide Web. In general this is also true for e-mail
exploders except in the case where a third party subscribes the user
to the exploder list. These communications over the Internet do not
"invade" a person's home or appear on a person's computer screen
unbidden. Instead, a person must almost always take specific
affirmative steps to receive information over the Internet.
7.0 Acknowledgment
I owe a great deal of thanks to John Morris of Jenner and Block, one
of the law firms involved in the CDA challenge. Without his
extensive help this document would not exist, or if it did, it would
be even more scattered.
8.0 Security Considerations
To be actually able to do the type of content access control that the
CDA envisions would require a secure Internet infrastructure along
with secure ways to determine the minor status of potential
reciepiants around the world. Developing such a system is outside of
the scope of this document.
9.0 Author's Address
Scott Bradner
Harvard University
1350 Mass Ave.
Cambridge MA 02138 USA
Phone: +1 617 495 3864
EMail: sob@harvard.edu
Bradner Informational [Page 20]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -