• Enjoy the freedom to innovate and grow your business


    [ad] With Microsoft Azure you have hybrid cloud flexibility, allowing your platform to span your cloud and on premise data centre. Learn more at microsoftcloud.com.

  • IT Admin: No Time to Save Time?


    [ad] Do you spend too much time patching machines or cleaning up after virus attacks? With automation controlled from a central IT management console accessible anytime, anywhere – you can save time for bigger tasks. Try simple IT management from GFI Cloud and start saving time today!

  • Free Forrester analysis of CRM solutions


    [ad] In this 25 page report, independent analyst house Forrester evaluates 18 significant products in the customer relationship management space from a broad range of vendors, detailing its findings on how CRM suites measure up and plotting where they stand in relation to each other. Download it for free now.

  • Great articles on other sites
  • RSS Great articles on other sites


  • Reader giveaway: Google Nexus 5


    We’re big fans of Google’s Nexus line-up in general at Delimiter towers. Nexus 4, Nexus 7, Nexus 10 … we love pretty much anything Nexus. Because of this we've kicked off a new competition to give away one of Google’s new Nexus 5 smartphones to a lucky reader. Click here to enter.

  • Internet, News - Written by on Wednesday, February 27, 2013 15:39 - 17 Comments

    Redacted: AFP cuts ISP details from filter docs

    news The Australian Federal Police has sought to prevent the public from ascertaining the identities of ISPs participating in the Federal Government’s voluntary filter scheme for child abuse materials, through redacting the ISPs’ details from relevant documents released under Freedom of Information laws.

    In November last year, Communications Minister Stephen Conroy formally dumped the Government’s highly controversial mandatory Internet filtering scheme, instead throwing his support behind a much more limited scheme which sees Australian ISPs voluntarily implementing a much more limited filter which Telstra, Optus and one or two other ISPs had already implemented. Vodafone is also believed to be implementing the filter, and the process is also believed to be under way at other ISPs such as iiNet.

    The ‘voluntary’ filter only blocks a set of sites which international policing agency Interpol has verified contain “worst of the worst” child pornography — not the wider Refused Classification category of content which Conroy’s original filter had dealt with. The instrument through which the ISPs are blocking the Interpol list of sites is Section 313 of the Telecommunications Act. Under the Act, the Australian Federal Police is allowed to issue notices to telcos asking for reasonable assistance in upholding the law. It is believed the AFP has issued such notices to Telstra and Optus to ask them to filter the Interpol blacklist of sites.

    In mid-January this year Delimiter filed a Freedom of Information request seeking the complete text of all notices issued by the AFP under Section 313 of the Telecommunications Act over the two years preceding 14 January 2013 that mentioned the Interpol blacklist; as well as any responses sent by ISPs to the AFP in response to the issuing of those notices, and any subsequent communication from the AFP in response.

    In response, the AFP this month published two documents; a decision letter (download PDF here) relating to the request and a longer document compiling all of the Section 313 notices and responses. The second document is 10.6MB in size and is available to download here in PDF format.

    The documents reveal that the AFP has issued only a small number of Section 313 notices under the scheme; and certainly not enough notices to cover most of the ISPs operating in Australia. The AFP appears to have issued Section 313 notices in two tranches; in June 2011, shortly before Telstra and Optus implemented their Interpol filters in July that year, and more notices in mid-October 2012, shortly before Conroy announced the Government’s plans to abandon its more comprehensive filtering plans in November.

    However, in all cases the AFP has removed all references to the specific ISPs which it targeted with its notices, citing several sections of the applicable FOI legislation. The two principal sections cited by the AFP in its redactions to its documents include subsection 37(2)(b) of the FOI Act, and subsection s47E(d), as well as section 47F.

    In its letter, the AFP stated that portions of the documents released — namely, the identities of the ISPs — constituted information that would disclose methods and procedures used by the AFP in investigations of breaches of the law. With reference to another subsection, the AFP noted that while there was a public interest in the information being released, there was a need to ensure “continued cooperation during police investigations and the effectiveness and integrity of current procedures”.

    It is unclear why the AFP considers that the identities of ISPs would cause an impact on its ability to undertake its operations, given that no customer data is collected by the ISPs in their implementation of the Interpol list; the list acts only as a block to stop the ISPs’ customers from accessing offensive sites on the list.

    Lastly, with respect to individuals employed by the ISPs who received Section 313 notices from the AFP, the AFP noted that again, while there was public interest in the issue, the AFP had not received consent regarding those individuals’ personal information, and their identities would therefore be exempt under the FOI Act.

    Delimiter has filed an application for the AFP to conduct an internal review of the FOI decisions, stating: “… the decision document I received did not provide sufficient detail to explain why these sections of the Act apply to the identities of the ISPs concerned. I do not believe that releasing the identities of the ISPs which the AFP has contacted regarding these trials would either be likely to prejudice the effectiveness of the AFP’s operations in this area.”

    The decisions appear to contradict earlier AFP decisions on the issue of releasing ISPs’ identities. In documents released in December 2011 under FOI laws, for example, the AFP stated that iiNet, Internode and Primus had also “expressed interest” in the scheme and were “preparing to use the list”. It also revealed that Internet gateway filter manufacturer ContentKeeper had already implemented the scheme. At that Telstra and Optus were publicly known to have implemented the filter.

    In addition, Delimiter made the following additional reply to the AFP: “Section 47F is also cited in the decision document as a rationale for withholding information in this regard; however, I would point out that the individuals contacted by the AFP as part of the process of issuing Section 313 notices are publicly known members of large corporations with public positions. It is irrational to suggest that releasing their identities would be an “unreasonable disclosure of personal information”; there is no personal information being released here; rather, the information being released relates solely to their professional role.”

    The AFP’s FOI documents also revealed that the ISPs would need to sign a relatively straightforward confidentiality agreement regarding the contents of the Interpol list, as a condition of being part of the program.

    Background
    Since Telstra and Optus implemented the Interpol filtering scheme in mid-2011, there have been no known public complaints about the system and no sites known to have been wrongfully added to the Interpol list apart from known child abuse sites. In addition, users of both ISPs have not complained publicly about speed issues with respect to the Internet filtering system. However, some segements of the community are still concerned about specific details of the Interpol filtering scheme.

    For example, when Telstra and Optus implemented the Interpol filter, neither explicitly communicated with customers to let them know that the scheme was in operation and that their Internet connections were actively blocking a small list of sites; and neither is known to have updated their terms of service with customers.

    In addition, in contrast with the mandatory Internet filtering policy (which was to have been administered by the Australian Communications and Media Authority) there is currently no known civilian oversight of the scheme, which is administered by the Australian Federal Police and international policing agency Interpol, apart from questions which parliamentarians may put to the Federal Police.

    Furthermore, Section 313 of the Telecommunications Act does not specifically deal with child pornography. In fact, it only requires that ISPs give government officers and authorities (such as police) reasonable assistance in upholding the law. Because of this, there appears to be nothing to stop the Australian Federal Police from issuing much wider notices under the Act to ISPs, requesting they block other categories of content beyond child pornography, which are also technically illegal in Australia but not blocked yet.

    A number of sites which were on the borderlines of legality — such as sites espousing a change of legislation regarding euthanasia, for example — were believed to be included as part of the blacklist associated with the Federal Government’s much wider mandatory filtering policy. It is not clear what safeguards exist to prevent the Interpol filtering scheme being extended by the Australian Federal Police to include such extra categories of content.

    The current attitudes of ISPs apart from Telstra and Optus towards the Interpol filtering scheme are also currently unknown, with it being unclear whether they would implement the scheme if the Australian Federal Police issued them with a request to do so. Last year, ISPs such as TPG and Exetel said right out that they would reject such an attempt, while others such as iiNet and Internode said they were unclear as to the specifics of the situation.

    The efficacy of the Interpol filter has also been publicly questioned. Optus has admitted that users would be able to defeat its implementation of the Interpol filter merely by changing the DNS settings on their PC. And information released under Freedom of Information laws by the AFP late last year shows as time went on, less and less requests were made by Telstra customers to access child abuse material on the list — presumably, as Telstra customers attempting to access the offensive material became aware that the telco had implemented a filtering system to block the requests.

    For the first five weeks it operated, from 1 July through to 7 August last year, Telstra’s filter blocked a total of 52,013 requests to access child abuse materials online, with 10,402 average requestsper week. Average requests per day were 1,405, with the highest day recorded seeing 2,443 requests blocked and the lowest seeing 915 blocked.

    However, over the succeeding weeks through to mid-October last year, fewer and fewer requests were made. In the week commencing 13 August, 8,649 requests were made, but by September the figure was down to between 1,193 and 3,452 requests per week, and in the week beginning 15 October, just 989 requests were made — which had previously been close to the lowest requests received in one day, in the filter’s first month of operation. In the period from mid-September to mid-October, the lowest day saw just 99 requests made by Telstra customers to access the blocked material.

    Delimiter has encouraged the Minister to hold an open press conference on the issue to take questions from the media, as well as to issue a discussion paper on the issue which would allow the public to comment on the scheme formally. In addition, we have invited the Minister to respond to the following questions in writing:

    • Given the wide-ranging nature of the Interpol filter — affecting most Australian Internet users — why was no public consultation held before the Government decided to take take this step? I note that the Government has never held a formal public consultation into Internet filtering in general.
    • How would the Government respond to the claim that there will be no civilian oversight of this Interpol filtering scheme, with key information about it only being released over the past several years through Freedom of Information requests filed with the Australian Federal Police?
    • ISPs such as iiNet, Internode, TPG and Exetel have declined to participate in this scheme so far over the past 12 months, with some citing uncertainty of the legal situation. How would the Government address the claim that the legal ground of this Interpol filtering scheme, notably the process whereby the AFP issues notices to ISPs, is not clear?
    • Which further ISPs will the AFP issue notices to? Has the Government already received support from those ISPs for the scheme? How will the Government react if an ISP declines the notice?
    • How would the Government respond to the claim that there is the potential for the AFP to issue notices beyond the Interpol list to ISPs, in an approach which could be dubbed ‘scope creep’?
    • Neither Telstra nor Optus explicitly notified customers that they had implemented the Interpol filter when they did so last year. What guidelines will the Government be placing around ISPs’ participation in this scheme?

    However, so far Conroy has declined to respond to the questions.

    opinion/analysis
    In July 2011, when Telstra and Optus implemented the voluntary Interpol filter, I wrote the following about it:

    “We are talking about a filtering scheme here which is being implemented behind closed doors, with little notification to customers, with no civilian oversight, an unclear legal framework, the potential for scope creep and a limited and secretive appeals process overseen by the agency which drew up the list to start with.”

    None of this has changed. Communications Minister Stephen Conroy will not answer basic questions about the scheme. The Australian Federal Police will not answer basic questions about the scheme. And Australians are apparently not even allowed to know which ISPs have implemented it and which have not. Plus … there is also a lot of evidence to show that the new filter is trivial to circumvent.

    Personally, I think the voluntary Interpol filter is a good idea; and it’s certainly a much better idea than the mandatory ISP filtering idea the Government came up with last time around. However, the scheme is far from perfect, as the AFP’s current reticence to disclose an appropriate level of detail about it shows. Australia can do better on this issue.

    submit to reddit

    17 Comments

    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Nick Perkins
      Posted 27/02/2013 at 5:09 pm | Permalink |

      I don’t have a problem with this sort of filtering, but transparency is important. I would hate to think that ISPs might start slipping other sites on such a filter as well without warning.

      • Posted 27/02/2013 at 5:31 pm | Permalink |

        That’s pretty much why I’m still writing about this issue. The potential for ‘scope creep’ is quite large.

    2. Bob.H
      Posted 27/02/2013 at 5:38 pm | Permalink |

      It is interesting to note that the Telstra figures on referrals to the stop page have substantially reduced over time. This surely would indicate that the largest number of hits on the stop page were not in reality actual requests but resulted from automated processes which had nothing to do with actual attempts to access domains on the Interpol list. I seem to recall that the AFP were loudly trumpeting their success shortly after the introduction of the Interpol filter.

      It would be interesting to know exactly what sub section of Sec313 the AFP are relying upon in making their request. It would be even more interesting for a full review of this process by the judiciary. Undoubtedly we will hear more of this when Senator Ludlum receives an answer to his question on notice. http://whrl.pl/RdvolE

      There has been some interesting discussion on Whirlpool about this http://forums.whirlpool.net.au/forum-replies.cfm?t=1892148&p=101 The comments here are interesting http://whrl.pl/RdvNIB

    3. Joakal
      Posted 27/02/2013 at 6:41 pm | Permalink |

      If child pornography possession is illegal then that person is a paedophile. In order to create an ongoing blacklist, they need to not only view the content but possess it perpetually. They need to possess it because Internet addresses change all the time and may end up in the hands of an unsuspecting domain owner who wants to know why the domain is blocked. Ergo the filterers are government-funded paedophiles.

      How they can stop child porn AND destroy content? By investigating and prosecuting those that possess child porn. Then destroy it. As a bonus, they can stop child abuse. Guess who will be keeping a massive amount of child pornography? The Australian Federal Police or at least Interpol.

      I say, ban Internet filters except for opt-in for concerned Internet users. It’s deeply concerning that Telstra/Optus spent millions voluntarily controlling users’ access to the web.

      • Karl
        Posted 27/02/2013 at 10:12 pm | Permalink |

        “If child pornography possession is illegal then that person is a paedophile… the filterers are government-funded paedophiles.”
        No that’s completely wrong. Breaking a law doesn’t make somebody a paedophile, and similarly being a paedophile is not illegal.

      • TrevorX
        Posted 28/02/2013 at 12:00 pm | Permalink |

        What are you smoking? The ISPs didn’t spend millions, they would have spent maybe $1,000 on a technician’s salary for them to spend maybe a day altering DNS records on a test server, testing, then pushing it out to the live servers. All in a day’s work for a network admin.

    4. Nobby6
      Posted 27/02/2013 at 7:01 pm | Permalink |

      I certainly think it’s fair that they redact anything identifiable with the person handling their requests, as one who has processed 282 requests, but not any 313 requests, it’s nobodies business but mine and the AFP’s, same goes for other ISP liasions.

      Further, I also certainly don’t think the AFP has a responsibility, or even a right, to release who it sends notices to, that would be the ISP’s rightful place to announce that.

    5. His media "adviser"
      Posted 27/02/2013 at 7:53 pm | Permalink |

      Security is subjective, its a feeling, you feel secure or your dont, it cant be objectively measured.

      This filter attempts to make us feel more secure by requiring blind trust in Authority, its counterproductive, it can not achieve any net good.

    6. MitH
      Posted 27/02/2013 at 9:24 pm | Permalink |

      Linky no worky

      First is ok
      http://delimiter.com.au/wp-content/uploads/2013/02/Decision-letter.pdf

      Second document links points to wordpress admin area
      http://delimiter.com.au/wp-admin/docs/Final-documents.pdf

      even tweeking the format fails
      http://delimiter.com.au/wp-content/uploads/2013/02/Final-documents.pdf

      BigBrother is messing with your code…..

    7. Rob
      Posted 27/02/2013 at 10:24 pm | Permalink |

      You ask a relevant question but later answer it with data from the trial.

      “It is unclear why the AFP considers that the identities of ISPs would cause an impact on its ability to undertake its operations, given that no customer data is collected by the ISPs in their implementation of the Interpol list; the list acts only as a block to stop the ISPs’ customers from accessing offensive sites on the list.”

      The fact that telstra has logged all the failed attempts day by day, week by week, month by month would be very relevant in any AFP investigation.
      If each ISP is reporting that to AFP, it gives them an Ida of which IP ranges to monitor more closely, and which ISPs are worth subpoenaing for more info on their customer base.

      While logging the page request / filter block, they are more than likely capturing the IP address of the requesting service, date, time, browser agent etc which would link back to the account holder. That gets them another step closer to possible suspects.

      If the AFP is investigating people, they wouldn’t want it known exactly which ISPs are running the filter because it would make it more difficult for a peadophile to shop around for an ISP who isn’t running the filter.

      More transparency on what is being filtered is good, then do we really need to know who is filtering?

      • Bob.H
        Posted 28/02/2013 at 1:48 am | Permalink |

        “While logging the page request / filter block, they are more than likely capturing the IP address of the requesting service, date, time, browser agent etc which would link back to the account holder. That gets them another step closer to possible suspects”.

        No this is not being recorded or the AFP has lied to the Parliament. It is also directly contrary to the way that Interpol say their filter works. All that Telstra was recording was the number of requests that were diverted to the “Stop Page” As I noted in a post above this has significantly reduced and the assumption must be that a large number of the original hits were from crawlers and other automated searches and not from human initiated searches. How many of the 989 requests in one week in October were humans and how many were bots is something we don’t know. To say that these statistics have any real meaning is “gilding the lily”.

        The stats that Telstra have collected on hits on the “Stop\ Page” are not going to be of any assistance to the AFP or anyone else as they don’t tell us any thing more than the number of hits.

        • PeterA
          Posted 28/02/2013 at 10:42 am | Permalink |

          If you read the schemes details, there is nothing preventing an ISP from logging access requests.

          There is no requirement but the section 313 request specifically does not state that you should or should not log requests. (It merely says logging is not a requirement since identification is not the goal of the scheme).

          • Bob.H
            Posted 28/02/2013 at 11:19 am | Permalink |

            “If you read the schemes details, there is nothing preventing an ISP from logging access requests.”

            Interpol say ( http://www.interpol.int/Crime-areas/Crimes-against-children/Access-blocking/The-INTERPOL-%22Worst-of%22-list ) “INTERPOL or other police authorities will not, as a rule, have access to logs and/or identifying data on the Internet users being redirected, such as IP-addresses.”

            This means that any logging of this data is not required under Sec313 and the ISP is subject to Sec 7 of the Telecommunications (Interceptions and Access) Act 1979 as amended which would seem to preclude them from recording the information. My understanding is that ISPs can only obtain and use a record by DPI or similar means for network maintenance purposes. ISPs who kept a record of the IP address of anyone redirected to the stop page would likely be in breach of the law. This is one of the reasons that any statistics on access to the stop page should be viewed with skepticism.

    8. Disgruntled Loner
      Posted 28/02/2013 at 4:00 pm | Permalink |

      ¨The AFP’s FOI documents also revealed that the ISPs would need to sign a relatively straightforward confidentiality agreement regarding the contents of the Interpol list, as a condition of being part of the program.¨ – how does that work with Conroy´s claim that this new Censorship Scheme is being forced on to ALL ISPs? Surely they can´t force anyone to sign?

      And, even if you were in favour of this censorship why would you sign. You know that this whole thing is going to be leaked, it is a matter of when not if. The previous scheme was leaked, and the UK version of this was leaked. The Police are unlikely to be capable to track down who leaked the information, nor will they be likely to even attempt to do so since they already have your name on a document assuming responsibility.

      It seems to me like you are signing on to play roulette with the prize being identified as a paedophile enabler and career ruin.

    9. Stephen H
      Posted 28/02/2013 at 7:48 pm | Permalink |

      Seriously, 10,000 requests/week for child porn through just one ISP? Either I live in an extremely sheltered world, or that number is garbage. Or some guys are EXTREMELY active and totally incapable of hiding their tracks.

    10. The Majority
      Posted 03/03/2013 at 11:35 am | Permalink |

      This is sorta BS hey, if you follow Anonymous on twitter for instance they are big on taking down these types of pedo scum. Yet when they provide the information and proof to the law they themselves are looked upon as the person who was in breach and the “law” uses excuses such as saying that this isnt a problem which is of priority to them.
      So to me… it just seems very suspicious that the “law” wants a filter to block access to things which are not of a high “priority”.

      I like to research things for myself and question the mainstream news.
      You’ll be shocked at what you might find ;)




    Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:


  • Most Popular Content


  • Six smart secrets for nurturing customer relationships
    [ad] Today, we are experiencing a world where behind every app, every device, and every connection, is a customer. Your customers will demand you to be where they and managing customer relationship is the key to your business’s growth. The question is where do you start? Click here to download six free whitepapers to help you connect with your customers in a whole new way.
  • Enterprise IT stories

    • Greens claim NSW LMBR project turning into a disaster sydney

      The NSW Greens late last week claimed to have obtained documents showing that the NSW Department of Education and Communities’ wide-ranging Learning Management and Business Reform program, which involves a number of rolling upgrades of business administration software, was deployed before it was ready, with “appalling consequences for administrative staff, principals, teachers and students”.

    • NSW Govt trials inter-truck safety devices trucks-cohda

      The New South Wales Government has inked a contract with connected vehicle technology supplier Cohda Wireless, as part of a trial of so-called Cooperative Intelligent Transport Systems (C-ITS) which allow heavy vehicles to communicate directly with each other about their position on the road to help reduce road accidents.

    • Victoria finally kills $180m Ultranet disaster thumbsdown1

      The Victorian Government has reportedly terminated its disastrous Ultranet schools portal, which ballooned in cost to $180 million over the past seven years but ended up being barely used by the education stakeholders it was supposed to serve.

    • NetSuite in whole of business TurboSmart deal turbosmart

      Business-focused software as a service giant NetSuite has unveiled yet another win with a mid-sized Australian company, revealing a deal with automotive performance products manufacturer Turbosmart that has seen the company deploy a comprehensive suite of NetSuite products across its business.

    • WA Health told: Hire a goddamn CIO already doctor

      A state parliamentary committee has told Western Australia’s Department of Health to end four years of acting appointments and hire a permanent CIO, in the wake of news that the lack of such an executive role in the department contributed directly to the fiasco at the state’s new Fiona Stanley Hospital, much of which has revolved around poorly delivered IT systems.

    • Former whole of Qld Govt CIO Grant resigns petergrant

      High-flying IT executive Peter Grant has left his senior position in the Queensland State Government, a year after the state demoted him from the whole of government chief information officer role he had held for the second time.

    • Hills dumped $18m ERP/CRM rollout for Salesforce.com hills

      According to a blog post published by Salesforce.com today, one of Ted Pretty’s first moves upon taking up managing director role at iconic Australian brand Hills in 2012 was to halt an expensive traditional business software project and call Salesforce.com instead.

    • Dropbox opens Sydney office koalabox

      Cloud computing storage player Dropbox has announced it is opening an office in Sydney, as competition in the local enterprise cloud storage market accelerates.

    • Heartbleed, internal outages: CBA’s horror 24 hours commbankatm

      The Commonwealth Bank’s IT division has suffered something of a nightmare 24 hours, with a catastrophic internal IT outage taking down multiple systems and resulting in physical branches being offline, and the bank separately suffering public opprobrium stemming from contradictory statements it made with respect to potential vulnerabilities stemming from the Heartbleed OpenSSL bug.

    • Android in the enterprise: Three Aussie examples from Samsung androidapple

      Forget iOS and Windows. Today we present three decently sized deployments of Android in the Australian market on Samsung’s hardware, which the Korean vendor has dug up from its archives over the past several years for us after a little prompting :)

  • Enterprise IT, News - Apr 23, 2014 15:58 - 0 Comments

    Greens claim NSW LMBR project turning into a disaster

    More In Enterprise IT


    Analysis, Telecommunications - Apr 23, 2014 12:04 - 6 Comments

    Neither AT&T nor Turnbull are telling the whole truth

    More In Telecommunications


    Featured, Industry, News - Apr 17, 2014 9:28 - 1 Comment

    Campaign Monitor takes US$250m from US VC

    More In Industry


    Blog, Digital Rights - Apr 23, 2014 12:57 - 22 Comments

    Cinema execs blame piracy for $20 ticket prices

    More In Digital Rights