Our latest salvo in the filtering war, "Would the extreme cyber-libertarians please stand up?" can be found here.
We've also decided to centralize all posts on the main EFA blog, so please subscribe to the EFA RSS feed for further updates. Updates will be occuring at frequent intervals.
Tuesday, February 17, 2009
Wednesday, December 24, 2008
Talk of BitTorrent filtering shows confusion reigns
You may have seen elsewhere what appeared to be almost a throwaway line by Stephen Conroy: That BitTorrent filtering is now feasible.
It's definitely possible to throttle BitTorrent traffic - all BitTorrent traffic - but that is clearly not the same thing. So what is going on here?
I hardly need to point out this highlights a degree of disarray inside the Minister's office. The policy is not even close to being nailed down even as the trial is about to begin. Despite assertions that the mandatory filter will only apply to "prohibited" content (not illegal, mind you) and won't expand over time, at the 11th hour we have a major new technology announcement seemingly added as an afterthought to a blog comment. Is the hypothetical torrent filter only supposed to apply to illegal material? How will such material be identified - is there a blacklist of torrent trackers? If there was, how would that work in the real world when the traffic is all between peers? Government policy needs to make more sense than this!
This also demonstrates just how poor the advice is that the Minister is getting. For many reasons, it's clear a Government Minister should not be let near a microphone or a keyboard unless they have been properly briefed. Obviously nobody in Conroy's office understands the Internet to the level of detail sufficient to formulate and defend policies that affect our Internet infrastructure. Anyone with experience in the nitty-gritty of Internet networking could have explained the difficulties to the Minister. If somebody did, he ignored or misunderstood. In any case, Australia loses.
Please, Minister. Stop ignoring the correct advice that has been offered to you from the community and industry. If you must persist with this dreadful policy, at least show the electorate enough respect to present a proper policy document that informs (us and an increasingly frustrated Internet industry) about what we are in for.
Technology is improving all the time. Technology that filters peer-to-peer and BitTorrent traffic does exist and it is anticipated that the effectiveness of this will be tested in the live pilot trial.What I can tell you is that, assertions by some software vendors aside, the technology does not exist to filter BT in any sensible or effective way, and attempts to so would have a massive impact on Internet service. The majority of Internet traffic is now BitTorrent, and the way it works - where the data packets arrive in essentially random order from dozens of peers distributed around the world - is to all intents and purposes immune to meaningful filtering.
It's definitely possible to throttle BitTorrent traffic - all BitTorrent traffic - but that is clearly not the same thing. So what is going on here?
I hardly need to point out this highlights a degree of disarray inside the Minister's office. The policy is not even close to being nailed down even as the trial is about to begin. Despite assertions that the mandatory filter will only apply to "prohibited" content (not illegal, mind you) and won't expand over time, at the 11th hour we have a major new technology announcement seemingly added as an afterthought to a blog comment. Is the hypothetical torrent filter only supposed to apply to illegal material? How will such material be identified - is there a blacklist of torrent trackers? If there was, how would that work in the real world when the traffic is all between peers? Government policy needs to make more sense than this!
This also demonstrates just how poor the advice is that the Minister is getting. For many reasons, it's clear a Government Minister should not be let near a microphone or a keyboard unless they have been properly briefed. Obviously nobody in Conroy's office understands the Internet to the level of detail sufficient to formulate and defend policies that affect our Internet infrastructure. Anyone with experience in the nitty-gritty of Internet networking could have explained the difficulties to the Minister. If somebody did, he ignored or misunderstood. In any case, Australia loses.
Please, Minister. Stop ignoring the correct advice that has been offered to you from the community and industry. If you must persist with this dreadful policy, at least show the electorate enough respect to present a proper policy document that informs (us and an increasingly frustrated Internet industry) about what we are in for.
Tuesday, December 23, 2008
Secret report confirms what we all know: Trial a waste of time.
Asher Moses' interesting piece in the Herald today discusses a feasibility study into ISP-filtering that the Labor Government inherited from its predecessor. For those of us who have been following the debate, there is little surprising information here. The filters are easily circumvented; they would put a burden on small ISPs; peer-to-peer would not be filtered. These and many other points have been put to the Government repeatedly yet never properly addressed - instead, they have ploughed ahead with the ill-conceived and vaguely-defined trial as if it will provide all the answers. The fact that they had detailed advice about the futility of the scheme yet still decided to proceed is a bad look for the Ministry but comes as no surprise to most of us.
In an apparent effort to head off further criticism the Minister put out a press release, with the spin being that the IIA study didn't involve empirical testing but the trial would, so comparisons aren't invalid. This is a bit of a stretch for a few reasons. Most obviously, the much-vaunted live trial does not specify which technologies are to be tested, and does not address "child-safe" dynamic filtering at all. Therefore, the technologies to be used are up to the ISPs themselves - the same entities that contributed to the report. It's therefore a mystery how the trial could come to any new conclusions that were not already flagged in this report. What has changed since February? What will ISPs learn by implementing filters of their own design in their own networks that makes the trial such a revealing exercise?
Somewhat surprisingly, the report itself has been released and rather than vindicating the policy or the trial, it serves to underscore the farcical nature of this whole initiative. The first "key finding" of the report is that
So, even after all this time, it's still hard to describe the actual policy the Government is pursuing with any certainty. Could anyone who has ever been involved in a large IT project with ill-defined technology and goals please let us know how it turned out? (Hint: Not well.)
The IIA report makes a few other reports that remain as salient as ever, trial or no. For instance
In this light, an obstinate defence of the now-delayed ISP trial seems a strange strategy for the Government. The ISPs taking part have already expressed extreme skepticism about the whole enterprise. What result is the Minister expecting - and how will he spin it?
In an apparent effort to head off further criticism the Minister put out a press release, with the spin being that the IIA study didn't involve empirical testing but the trial would, so comparisons aren't invalid. This is a bit of a stretch for a few reasons. Most obviously, the much-vaunted live trial does not specify which technologies are to be tested, and does not address "child-safe" dynamic filtering at all. Therefore, the technologies to be used are up to the ISPs themselves - the same entities that contributed to the report. It's therefore a mystery how the trial could come to any new conclusions that were not already flagged in this report. What has changed since February? What will ISPs learn by implementing filters of their own design in their own networks that makes the trial such a revealing exercise?
Somewhat surprisingly, the report itself has been released and rather than vindicating the policy or the trial, it serves to underscore the farcical nature of this whole initiative. The first "key finding" of the report is that
There is a need for a clear policy on the goals of any filtering system that might be implemented.We certainly second that - an optional "cyber-safety" policy to replace PC-based filters has become, since the election, a mandatory tool to prevent the distribution of "illegal and unwanted" material online. Between these two very different policy objectives, confusion has reigned. Is it to stop hardened traffickers of child abuse material, or merely prevent accidental access to such material by innocent users? Is it, as has even been implied, to stop children viewing such material? The child-friendly filter is still a main part of the platform, yet the only hard information we have on how any filtering is to be done is that the ACMA blacklist is to be the basis. This small list is based on citizen complaints, and contains everything from truly illegal abuse material to nudity. As an example, the Minister has defended the filter as a way to "enforce existing laws" against the depictions of child sexual abuse, even though even the government does not dispute the fact that those deliberately in search of such material will be able to get around the filter.
So, even after all this time, it's still hard to describe the actual policy the Government is pursuing with any certainty. Could anyone who has ever been involved in a large IT project with ill-defined technology and goals please let us know how it turned out? (Hint: Not well.)
The IIA report makes a few other reports that remain as salient as ever, trial or no. For instance
The focus of the study was on content available in the form of web pages on the World Wide Web. This does not fully reflect the current dynamics of Internet based media.Web filtering doesn't deal with chats, IRC, FTP, Usenet, peer-to-peer, or any form of streaming video. Yet these are the very technologies that post the greatest risks for kids or most common avenues for distribution of illegal material. How will a trial of web filters shed any new light here?
Australia has a very heterogeneous ISP industry. Depending on the nature of a mandated filtering function, the impact on industry may be significant.Here's one area the trial will apply - it will prove that larger ISPs are better able to absorb the financial impacts of filtering, thereby penalising smaller players.
The industry is not well prepared for the implementation of content filtering systems. Our findings show that there is great disparity in the vision of how such systems should be implemented and the perceived level of difficulty in implementation.Could there be a more succinct or timely summary of why a rushed filtering technology trial that does not specify the technology to be used is bound to fail?
There are many important legal and general business aspects that need to be addressed before a decision can be made on a filtering implementation. Frameworks need to be in place to ensure that the legal aspects and responsibility are adequately addressed.These are just the sorts of details the country is clamouring for - who controls the list? Who is filtering aimed at? What mechanism exists to rectify mistakes? Yet no information has been forthcoming. The trial, of course, will not shed any light here.
It is evident that there are significant technical problems surrounding dynamic content filtering and its implementation in a nationwide ISP-based content filtering system. Current technology is unlikely to yield efficient and economically viable solutions for this purpose.It has been obvious from day one that the initial, naïve vision for the filter - installing Net Nanny on the whole Internet - is unthinkable from a technical or cost standpoint. Perhaps for this reason, there is no requirement for dynamic filtering in the trial at all. One more thing that is not being addressed.
In this light, an obstinate defence of the now-delayed ISP trial seems a strange strategy for the Government. The ISPs taking part have already expressed extreme skepticism about the whole enterprise. What result is the Minister expecting - and how will he spin it?
Tuesday, December 16, 2008
Digital Liberty Coalition Protests Around Australia
The Digital Liberty Coalition held rallies around Australia last weekend with hundreds in attendance to protest the Government's plans to implement mandatory filtering. In Sydney where myself and Danny Yee attended the atmosphere was quite jovial; a lot of the time was spent with speeches (including Danny's) and people chatting to each other.
Danny Yee spoke in Sydney.
In Melbourne, Colin Jacobs spoke to a strong turnout despite the inclement weather.
While EFA were not involved in the organisation of the protests we always welcome public objection to the curtailing of freedoms that the proposed filtering represents. The protests in each city were well organised and turnout was promising. We are also excited that this critical issue is starting to garner mainstream media traction, the protests were reported in the Herald Sun, News.com.au and in other outlets. It's great to see everyday people starting to show increased interest in this vital campaign.
Danny Yee spoke in Sydney.
In Melbourne, Colin Jacobs spoke to a strong turnout despite the inclement weather.
While EFA were not involved in the organisation of the protests we always welcome public objection to the curtailing of freedoms that the proposed filtering represents. The protests in each city were well organised and turnout was promising. We are also excited that this critical issue is starting to garner mainstream media traction, the protests were reported in the Herald Sun, News.com.au and in other outlets. It's great to see everyday people starting to show increased interest in this vital campaign.
Tuesday, December 9, 2008
Law Enforcement Disempowerment Not Just Rhetoric
One of the key pieces of rhetoric from opponents of the proposed ISP level filtering scheme is that the money is better spent enabling law enforcement officials to do their jobs through better resourcing.
This argument is compounded by details such as the Labor Government's recent removal of $2.8m from the increased funding for OCSET1 (The Australian Federal Police's Online Child Sexual Exploitation Team) but the insistence that it is still able to grow the team by about ninety members2. But does the proposed introduction of a mandatory filter actually directly indicate that less effort will be dedicated to law enforcement measures?
There are two points that suggest that it does.
The first was raised by Jon Seymour recently on an EFA Stop Censorship mailing list, his point was the "principle of least farce", whereby;
"When confronted with a moral panic, a Government should choose the option least likely to cause farce or, if all options will cause farce, the one likely to cause the least farce."
Jon has explained how it's likely that when a Government would want to deal with behaviour that is ostensibly morally offensive, it's much more satisfactory to have it curtailed through pre-vetting a person's behavior and preventing it than it is to withstand a media trial after someone is arrested by law enforcement. People for some reason are more satisfied with the idea that a course of action is impossible - depsite the civil liberties concerns - than they are seeing people who do the wrong thing brought to justice.
The second point is slightly more technical. We have seen this week that several ISPs in the United Kingdom have blocked access to a Wikipedia article after it was discovered to contain album cover-art of a prepubescent naked girl. Among the typical furore an interesting technical problem has arisen; Wikipedia is now faced with a situation where vast swathes of people who view and edit wikipedia, appear to come from a single IP address - that of the proxy servers deployed by their ISP.
Under normal circumstances, IP addresses are somewhat unique (with exceptions of multiple users at a given school or business in some circumstances), but should the Wikipedia project wish to block or restrict users they are constrained to blocking all of them.
So what happens in this scenario if an ISP user deliberately exhibits illegal behavior that the police wish to discuss?
With large sections of the Australian Internet likely to come from a relative handful of IP addresses, the job of law enforcement officials becomes more complicated. They may discover and blacklist a website, proceeding to investigate people who have previously visited it and find that only a handful of IPs were accessing the site (yet many visitors). The process of dutiful law enforcement now has an extra-complicated step where the ISP needs to be contacted and instead of identifying an IP address, attempt to match up the user IP addresses access through the filter to the offensive site - likely matching time and date stamps on both systems and calculating time differences and the like. The law enforcement procedure is more drawn out, more prone to error (including "technicalities" that see actual offenders walk free) and ISPs are given another serving of the increasing public pressure for them to actively participate as enforcers of what is done with the service they provide.
It's difficult to think that with the added benefit of keeping criminals out of the media and having child protection activists ask in the wake what the Government is doing to protect children (ironic, given that these stories display exactly that), a Government takes protection of children seriously when it reduces funding for law enforcement while simultaneously obfuscating and complicating the procedures that they need to follow. It makes sense to reiterrate; if the Government is serious about protecting children from abuse, the millions of dollars earmarked for the production of a confusing technical landscape for law enforcement, is better used as the funds to clear a cheque directly into their hands.
This argument is compounded by details such as the Labor Government's recent removal of $2.8m from the increased funding for OCSET1 (The Australian Federal Police's Online Child Sexual Exploitation Team) but the insistence that it is still able to grow the team by about ninety members2. But does the proposed introduction of a mandatory filter actually directly indicate that less effort will be dedicated to law enforcement measures?
There are two points that suggest that it does.
The first was raised by Jon Seymour recently on an EFA Stop Censorship mailing list, his point was the "principle of least farce", whereby;
"When confronted with a moral panic, a Government should choose the option least likely to cause farce or, if all options will cause farce, the one likely to cause the least farce."
Jon has explained how it's likely that when a Government would want to deal with behaviour that is ostensibly morally offensive, it's much more satisfactory to have it curtailed through pre-vetting a person's behavior and preventing it than it is to withstand a media trial after someone is arrested by law enforcement. People for some reason are more satisfied with the idea that a course of action is impossible - depsite the civil liberties concerns - than they are seeing people who do the wrong thing brought to justice.
The second point is slightly more technical. We have seen this week that several ISPs in the United Kingdom have blocked access to a Wikipedia article after it was discovered to contain album cover-art of a prepubescent naked girl. Among the typical furore an interesting technical problem has arisen; Wikipedia is now faced with a situation where vast swathes of people who view and edit wikipedia, appear to come from a single IP address - that of the proxy servers deployed by their ISP.
Under normal circumstances, IP addresses are somewhat unique (with exceptions of multiple users at a given school or business in some circumstances), but should the Wikipedia project wish to block or restrict users they are constrained to blocking all of them.
So what happens in this scenario if an ISP user deliberately exhibits illegal behavior that the police wish to discuss?
With large sections of the Australian Internet likely to come from a relative handful of IP addresses, the job of law enforcement officials becomes more complicated. They may discover and blacklist a website, proceeding to investigate people who have previously visited it and find that only a handful of IPs were accessing the site (yet many visitors). The process of dutiful law enforcement now has an extra-complicated step where the ISP needs to be contacted and instead of identifying an IP address, attempt to match up the user IP addresses access through the filter to the offensive site - likely matching time and date stamps on both systems and calculating time differences and the like. The law enforcement procedure is more drawn out, more prone to error (including "technicalities" that see actual offenders walk free) and ISPs are given another serving of the increasing public pressure for them to actively participate as enforcers of what is done with the service they provide.
It's difficult to think that with the added benefit of keeping criminals out of the media and having child protection activists ask in the wake what the Government is doing to protect children (ironic, given that these stories display exactly that), a Government takes protection of children seriously when it reduces funding for law enforcement while simultaneously obfuscating and complicating the procedures that they need to follow. It makes sense to reiterrate; if the Government is serious about protecting children from abuse, the millions of dollars earmarked for the production of a confusing technical landscape for law enforcement, is better used as the funds to clear a cheque directly into their hands.
Monday, December 8, 2008
Blacklisting of Wikipedia in Britain a taste of things to come here
The web is buzzing with news today of how a Wikipedia article has been added to a blacklist used in the United Kingdom. The article, about the "Virgin Killer" album by the Scorpions, was added to the list because the album art features a naked, prebuscent girl.
The way the (voluntary) clean-feed works in Britain is tha the IP addresses for blacklisted hosts are redirected to a filtering proxy, which then examines the URL inside the request to see if it's on the blacklist. If not, the proxy then forwards the request on to the real address of the server. The result in this case is that all requests to Wikipedia appear to be coming from these proxy servers (there are six of them, operated by the major ISPs). Since Wikipedia's control of page editing permissions largely relies on IP addresses (for instance, blocking vandals by IP), nobody in the UK can now edit Wikipedia anonymously.
The list in question is one provided by the UK-based Internet Watch Foundation. The IWF is an independent organisation that accepts reports of child abuse material, and otherwise seeks out content that they judge would be illegal. They assemble a blacklist which is made available to law enforcement agencies and ISPs by arrangement.
The image in question is no doubt confronting - as it was intended to be. However, the album itself is still available in many places around the web as well as in physical record stores. One has to wonder about the logic behind the ban - who is being protected? The model? Are those who would view this album cover to be protected from themselves? Is this CD to be blamed for starting heavy metal fans down the road to child abuse?
We can be grateful the IWF has done this, however, because it serves as an excellent and timely lesson on the perils of Internet filtering. It is a perfect snapshot of things to come in Australia if the cleanfeed is introduced here.
Could this really happen here? It not only could, it would, as Senator Conroy himself has indicated that Australia has signed up to the very same IWF blacklist. He has stated so explicitly in a form letter that is being sent out to those who have written in with concerns about the filter:
The way the (voluntary) clean-feed works in Britain is tha the IP addresses for blacklisted hosts are redirected to a filtering proxy, which then examines the URL inside the request to see if it's on the blacklist. If not, the proxy then forwards the request on to the real address of the server. The result in this case is that all requests to Wikipedia appear to be coming from these proxy servers (there are six of them, operated by the major ISPs). Since Wikipedia's control of page editing permissions largely relies on IP addresses (for instance, blocking vandals by IP), nobody in the UK can now edit Wikipedia anonymously.
The list in question is one provided by the UK-based Internet Watch Foundation. The IWF is an independent organisation that accepts reports of child abuse material, and otherwise seeks out content that they judge would be illegal. They assemble a blacklist which is made available to law enforcement agencies and ISPs by arrangement.
The image in question is no doubt confronting - as it was intended to be. However, the album itself is still available in many places around the web as well as in physical record stores. One has to wonder about the logic behind the ban - who is being protected? The model? Are those who would view this album cover to be protected from themselves? Is this CD to be blamed for starting heavy metal fans down the road to child abuse?
We can be grateful the IWF has done this, however, because it serves as an excellent and timely lesson on the perils of Internet filtering. It is a perfect snapshot of things to come in Australia if the cleanfeed is introduced here.
Could this really happen here? It not only could, it would, as Senator Conroy himself has indicated that Australia has signed up to the very same IWF blacklist. He has stated so explicitly in a form letter that is being sent out to those who have written in with concerns about the filter:
The existing ACMA blacklist is a list of internet web pages which are defined as ‘prohibited’ under Australian legislation. The list has been in place since 2000 and currently contains around 1300 URLs.Although the IWF no doubt performs some good work, it is in the margins where the biased judgement of those who have sworn to hunt down child abuse is made arbiter of what every Internet user can and can't see. As the Wikipedia fiasco shows, the result is more than an inconvenience - it has affected the access of tens of millions of people to one of the most important sites on the Internet. In Australia, not only would the Government have the ability to secretly add any site to our blacklist, but an unaccountable foreign-based organisation would as well. Given that the traffickers of genuine abuse material will not let themselves be slowed down by a filter and are already covering their tracks, the net result that will be achieved here is exactly this: inconvenience, chaos and expense with absolutely no dividend for the children.
ACMA has also negotiated agreement with the UK Internet Watch Foundation (IWF) facilitating access to the IWF’s list of child abuse image URLs.
Wednesday, November 19, 2008
How to stop people circumventing your filter
So the ISPs have started blocking your secret blacklist by poisoning the DNS for all the domains in it. Since it's easy to use another DNS server, though, the ISPs have started discarding all traffic to to all IP addresses on the blacklist. Things seem to be going well for about six hours until a news story airs of a teenager using a proxy server to access some of the hideously violent and massively illegal material on the blacklist (for example, one of the several sites that were last year added to the blacklist for containing nudity).
You're the Communications Minister and your reputation is on the line, so you can't back down. This only shows, you tell the press, that the ISPs aren't co-operating and we need to go further and employ the dynamic filters that your trials showed to be so effective. You ask the public: You do think our children are worth protecting, don't you? ISPs are directed to put the service in place, and are given a few months and token payments to do so.
In the meantime, the blacklist is leaked and your media advisors are falling over themselves blaming extreme cyber-libertarians and ISP wreckers for publishing the Official Aussie Government List of the Nastiest Sites on the Net.
Once the dynamic filters are in place, the media is full of reports of slowdowns, technical glitches and massive overblocking. Your own daughter complained that she couldn't do research for a school assignment because a Wikipedia article was blocked. But you stick to your guns. The technology will improve, you say. It's worth it for the kiddies and to stop the pedophiles ("you don't want pedophiles to have kiddie porn, do you?").
Shortly thereafter comes the story on the current affairs show where a kid uses a free VPN to get around the dynamic filter. Don't teenage boys have anything better to do?, you wonder naïvely. You add the VPN site and encrypted proxies to the blacklist, but they keep cropping up faster and faster. Those extreme cyber-libertarians keep telling people how to get around the filter. Well, you say, the Australian people support your mission, and what's the point passing a filtering law if you don't try and enforce it?
How do they stop people getting around filters in Scandinavia? Oh, they don't. The filters aren't mandatory. What about Iran then, or China? The answer, you discover, is to criminalise it. People don't like to be lawbreakers, especially when the Government is watching and harsh penalties are involved.
As you reach for the phone to get the bureaucrats researching the appropriate criminal sanctions, you can't help but stop for a moment and wish that you'd never started with this whole bloody filter in the first place.
You're the Communications Minister and your reputation is on the line, so you can't back down. This only shows, you tell the press, that the ISPs aren't co-operating and we need to go further and employ the dynamic filters that your trials showed to be so effective. You ask the public: You do think our children are worth protecting, don't you? ISPs are directed to put the service in place, and are given a few months and token payments to do so.
In the meantime, the blacklist is leaked and your media advisors are falling over themselves blaming extreme cyber-libertarians and ISP wreckers for publishing the Official Aussie Government List of the Nastiest Sites on the Net.
Once the dynamic filters are in place, the media is full of reports of slowdowns, technical glitches and massive overblocking. Your own daughter complained that she couldn't do research for a school assignment because a Wikipedia article was blocked. But you stick to your guns. The technology will improve, you say. It's worth it for the kiddies and to stop the pedophiles ("you don't want pedophiles to have kiddie porn, do you?").
Shortly thereafter comes the story on the current affairs show where a kid uses a free VPN to get around the dynamic filter. Don't teenage boys have anything better to do?, you wonder naïvely. You add the VPN site and encrypted proxies to the blacklist, but they keep cropping up faster and faster. Those extreme cyber-libertarians keep telling people how to get around the filter. Well, you say, the Australian people support your mission, and what's the point passing a filtering law if you don't try and enforce it?
How do they stop people getting around filters in Scandinavia? Oh, they don't. The filters aren't mandatory. What about Iran then, or China? The answer, you discover, is to criminalise it. People don't like to be lawbreakers, especially when the Government is watching and harsh penalties are involved.
As you reach for the phone to get the bureaucrats researching the appropriate criminal sanctions, you can't help but stop for a moment and wish that you'd never started with this whole bloody filter in the first place.
Subscribe to:
Posts (Atom)
