Bradburn et al v. North Central Regional Library District
Filing
32
DECLARATION by Paul Resnick in Support re 28 MOTION for Summary Judgment filed by North Central Regional Library District. (Attachments: # 1 Exhibit Exhibit A, Pages 13-28, # 2 Exhibit Exhibits B & C, Pages 29-43, # 3 Exhibit Exhibits D & E, Pages 44-67)(Adams, Thomas)
<![CDATA[
Bradburn et al v. North Central Regional Library District
Doc. 32 Att. 3
Exhibit D
Decl of Resnick
Page 44
Dockets.Justia.com
Introduction
i was asked by attorneys representing the North Central Regional Library District ("NCRL") to write this report and present testimony concerning it to the extent necessary. I agreed. Although I do not engage in litigation consulting as my primary means of earning income, I am being paid for this engagement at the rate of $400 per hour.
I was asked to explain how the NCRL filtering software works. I was also asked to assess the methods used in study of error rates in the fitering software NCRL uses as reported by Mr. Haselton. I was also asked to conduct a study of my own if I thought it would yield greater insight into whether the NCRL filters block more than the content they intended to block. I did conduct such a study, and report on the methods and results in this document.
I have also reviewed the report prepared by Bennett Haselton for purposes of
the NCRL litigation. I had two main concerns with the study reported by Mr. Haselton. First, I was those that NCRL concerned that the set ofURLs he tested might not be representative of library patrons actually visit. He selected a random sample of all possible domains. It seemed to me likely that library patrons would tend to visit more popular destinations than a random sample. For example, neither google.com nor yahoo.com appear in his random sample, but would almost certainly be viewed by library patrons. It also seemed to me likely that the blocking software would make fewer errors on more popular sites, because the Fortinet company that NCRL contracts with to provide the blocking service would invest more effort in correctly classifying more popular sites. Both these intuitions were born out in the results of the study I conducted.
Second, I was concerned with the reliability ofMr. Haselton's classification ofURLs. He did the classification based on loosely defined criteria, without any check on the his assessments (no second rater or inter-rater reliability or test-retest reliability of reliability check). This is contrary to the accepted practice in the social sciences when trying to turn subjective human assessments into an objective, repeatable measure. In our test, using more rigorous methods, we were stil not able to achieve perfect reliability in our categorization ofurls, suggesting that Mr. Haselton's classification may have been
even more error-prone.
Personal Background
i am a Professor at the University of
Michigan School oflnformation. In 2002, I conducted an assessment of the error rates on health-related websites of several commercial Internet filters. That study was published in lAMA, the flagship peerthe American Medical Association. Appendix 1. A subsequent paper journal of reviewed abstracting what we had learned about methods for conducting tests of filtering software was published in the Communications of the ACM, the flagship publication distributed to the Association for Computing Machinery. Appendix 2. More details of all members of my qualifications can be found in Appendix 3.
Decl of Resnick
Page 45
Dr. Derek Hansen is an Assistant Professor at the University of Maryland. He served as a research assistant on the 2002 study of Internet fiters, where he was responsible for rating a large number of web sites based on whether they contained health information or
not, and whether they contained pornography or not. Subsequently, as part of project at the University of
his Ph.D.
Michigan, he again had to develop a classification system for a corpus of texts (email messages and web pages). Though unrelated to fitering or pornography, that project gave him additional experience in creating a reliable his qualifications can be categorization scheme and instructions for raters. More details of found in Appendix 4.
Michael Hess has a master's degree from the University of Michigan School of Information. He has significant experience as a database and system administrator. He wrote the scripts for processing log files and created a web-based tool that allowed the raters to look at a large number of URLs and enter their assessments of them through a his qualifications can be found in Appendix 5. web-based form. More details of
How NCRL's Filters Work
that NCRL has installed a FortiGate firewall/proxy unit, sold by the Fortinet company, in each of its branch libraries. The FortiGate is a small laptop computer. My understanding is that all piece of hardware, smaller than a typical computers in all of the branches access the Internet by connecting through these FortiGate units, in the maner that I describe below.
i have been told by NCRL staff
What Happens When a Patron Fetches a Page
To understand how the FortiGate affects the Internet activity of an NCRL patron, it is helpful to consider the sequence of steps that occur behind the scenes, invisible to an NCRL patron, each time a patron tries to visit a web page. A visit may be initiated either by directly entering a URL into the toolbar, by selecting a bookmarked favorite from a menu, or by following a link from another page. Regardless of how a visit to a web site is initiated, the same sequence of events occurs in the background. Fortinet provides the following diagram on its website to explain how its filtering works. My explanation is based on the explanation Fortinet provides to accompany the diagram on its website, with significant elaboration to explain terms that may not be familiar to non-technologists.
Decl of Resnick
Page 46
FortiGuard Web Filtering Service
. R..ei. ues..ied Web Site
4b~3il
INTERNET
3b.. / .,';:'
~ /'4ii
2
1"
.5
~,.~.,.I;
. ':,:.~ . .:~it.. . . I';".'
,,.1
.'~~
. .' '. ..... i End USßr
"'d';"~'!;' i
. """:"'L'."" . .' .
"-." .
..' ,. ..'\:..
::.5 FCFli1GFlrE_
",;'t~
,;':~"~r-f,.' I . tk' ,
Figure 1. The sequence of events in a potentially blocked request to visit a URL. Even before the first step shown in the diagram, the patron's computer does a little work to decode the URL that the patron has requested to view. Consider a URL such as http://ww.vahoo.comlnfl. The first part, the letters "http" occurring before the II, constitute the service (or, more technically, the protocol). The http protocol is for connecting to a server to retrieve a web page. Other common protocols include https (for connecting to a server with an encrypted connection to securely retrieve a web page) and ftp (for downloading files).
The next portion, ww.yahoo.com , including one or more periods and ending at the next I, is called the hostname or domain name. The Internet has a domain name system (sometimes called DNS) that allows the patron's computer to look up an address like
www.yahoo.cominordertofindoutacorrespondingIPaddresssuchas69.147.114.210.
That numeric IP address uniquely identifies the destination host (the web server).
The third portion, Infl in this example, which begins after the domain name, is sometimes
called the filename or path or urlpath.
Step 1. The patron's computer attempts to establish a connection to the IP address of the destination host. It tries to send a message that it would like to "GET" whatever the server provides in response to this urlpath, such as an HTML document or an image fie. Because the patron's computer accesses the Internet through the FortiGate unit, however, a few other things happen along the way, and the patron's computer may not receive the same response it would have received had it been connected directly to the Internet, without going through a filtering proxylfirewalllike a FortiGate.
Step 2. If the URL has been requested recently, by this patron or another patron in the same branch, the Forti Gate may already have a cached copy of F ortinet s rating of the
Decl of Resnick
Page 47
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
