news Australian ISPs iiNet, Internode and Primus have expressed an interest in implementing the limited Internet filtering scheme promulgated in Australia by the Australian Federal Police in cooperation with international policing agency Interpol, the AFP stated in documents revealed last week.
The initiative was proposed by the Internet Industry Association in late July this year, as a voluntary code of practice that would see ISPs block a list of a “worst of the worst” list of child pornography sites generated by Interpol and overseen by the AFP. It has been seen as a more moderate industry approach developed in reaction to the Federal Government’s much more comprehensive filter scheme.
Only three ISPs are known to have signed up to the scheme so far, which has largely moved from the IIA’s remit: Telstra, Optus and CyberOne. It now appears that the scheme is primarily overseen by the AFP directly, with the IIA unaware of which ISPs have signed up to the scheme. Vodafone has indicated it is preparing to implement the scheme in 2012.
However, in documents released last week by the AFP under Freedom of Information laws, the AFP stated that iiNet, Internode and Primus had also “expressed interest” in the scheme and were “preparing to use the list”. It also revealed that Internet gateway filter manufacturer ContentKeeper had already implemented the scheme. The document concerned was a list of talking points which had been prepared by AFP staff for AFP National Manager High Tech Crime Operations Neil Gaughan at a Senate Estimates session in October. During the session, however, Gaughan did not mention the interest of iiNet, Internode and Primus in the trial.
The mechanism for ISPs to implement the scheme is that ISPs speak to the AFP directly about it. Following their pre-consent, the AFP will then issue them with a notice under Section 313 of the Telecommunications Act which requires them to filter certain content from reaching their users. The AFP briefing document produced in October noted that iiNet — but not Internode or Primus — had in fact received a Secion 313 notice under the Telecommunications Act to request the ISP commence filtering.
iiNet chief regulatory officer Steve Dalby acknowledged the ISP had had conversations with the AFP over the filter, but hadn’t agreed to participate in the scheme, although he noted that the content being filtered was “really horrible stuff”. “It’s not for lack of wanting to stamp down on the distribution of illegal content,” he said.
“We think whatever process has used whether it’s a secion 313 notice or something else, that the ISPs should be not given discretion in whether to comply,” he said.
Internode chief executive Simon Hackett declined to comment on the matter, although Internode is believed to be in a similar situation to iiNet — it would implement the Interpol filter if required to by law, but not before. A Primus spokesperson issued a statement noting it did not comment on “law enforcement activities or processes”, and stated that the company would not be making any further comment on the matter.
iiNet has previously stated that it would comply with the law in respect to the Interpol filtering scheme. And in July, the company’s chief executive Michael Malone went further, sarcastically asking a commenter on broadband forum Whirlpool whether whether the Australian Federal Police should “do nothing about a foreign site that they know contains genuine child pornography” and whether “iiNet should refuse to comply with a lawful order issued by the AFP”.
Some civil libertarians have raised the issue of scope creep and whether the section 313 process could be used by the AFP to request that other forms of content illegal in Australia — such as detailed instruction in crime or even information about euthanasia — to also be blacklisted by the AFP. It has been speculated that this could lead to a defacto scheme similar to the Federal Government’s more comprehensive filter scheme, which does not currently have the parliamentary support to become law — although it remains Labor policy.
However, in July, Malone wrote that iiNet remained “a most vocal opponent of the government filter”.
“They were proposing a secret list of sites, covering “objectionable” material, or at least the murky refused classification,” Malone wrote. “The AFP is considering a small list of child porn, assembled by law enforcement bodies, reviewed by multiple countries. We need to ensure this is not confused with the government’s proposed filter. That is not dead yet either and needs to be opposed. An order from the AFP to blackhole a site containing internationally recognised child porn is not the same as the government filter.”
Internode chief executive Simon Hackett has previously stated that if Internode was required by law to comply with the scheme, it would. “The law hasn’t (yet) directed us to do something in this realm. So we haven’t yet done so,” he wrote on Whirlpool in July. “The point is that Internode obeys the law.”
“We hope that the government won’t repeat its previous activity in this realm, of framing ISPs who don’t act ahead of, and in the absence of the protection of, some new or existing law as being supporters of the ‘bad guys’. We are, of course, not ‘supporters of the bad guys’. But we’re also not disposed to take actions to impact our customers’ Internet services that are not (yet) the subject of any form of legal direction to do so.”
“We feel that if the government wishes to pass a law that has the effect of legally requiring us to do something, thats fine – we’ll do it. Until then, we will wait and watch with interest.”
When the limited Internet filtering scheme was first proposed back in 2010, Primus was listed by Communications Minister Stephen Conroy as supporting the scheme. However, in July this year it revealed it may have changed its mind about the filter.
Great article.
Notice how little Conroy – (or anyone in the ALP) – says about the mandatory filter of late? I genuinely believe that under cover of the “Classification Review”, and this “Voluntary Filter” approach, that Conroy wants to quietly abandon the “mandatory plan” and use this mechanism to get his way.
I’ve been a very vocal opposer of the mandatory filter, in particular the secrecy of the contents of the ACMA list, and the vague – (if not, almost non-existent) – appeals process for wrongly classified material.
As much as I do hate filtering, there isn’t *strictly* anything wrong with the Interpol list being applied. It is the fact that eventually – (presumably) – all ISPs will end up with the mechanism in place, and then Section 313 – (already a law) – ends up being abused to achieve the aims of the mandatory filter.
The mandatory filter doesn’t currently have the numbers to become law – section 313 already is law, and Conroy knows it.
As much as his policy is stupid, and we often malign him for it – he’s not stupid.
In my opinion, this was always his “Plan B” – and it works under existing laws.
Malone’s questioning someone by asking whether “iiNet should refuse to comply with a lawful order issued by the AFP” is disingenuous at best. At the moment you only receive one of these orders from the AFP if you ask for one. If they have in fact received one already then I guess they’re already filtering.
As I’ve said before this method allows for the Government to say that filtering is not mandatory and allows ISP’s to say ‘we’re just complying with a request from the AFP’.
It’s bullshit and all parties involved know it.
How is this “Interpol/AFP” filter enforced?
Is it just a DNS blacklist?
In which case, these ISPs are technically breaking DNS (as defined by the various RFCs), right?
Do they really believe whoever is in search of child porn won’t/can’t change their DNS?
Is there any evidence, any study of any credibility, that shows this AFP/Interpol filter to be of any effectiveness when it comes to fighting child porn?
If not, then why are these ISPs going break the Internet and implement a flawed DNS service without any evidence to its usefulness?
Tesltra’s is a DNS blacklist. It’s avoided by simply not using their DNS servers.
I’ve been using Google DNS for a couple of years now.
If this is such an important/critical initiative, I guess ISPs should start contacting customers to educate them about what they are up to and the dangers of using alternate DNS servers ;-)
It’s actually easy to restrict people to certain DNS servers. You firewall outbound DNS access to block all DNS requests to DNS servers other than your own approved servers.
It’s not an uncommon security measure for big corporate networks to protect from rogue DNS servers, and DNS poisoning attacks.
It would force you onto your ISPs servers too.
True. I’d like them to start doing that. It would probably generate some more publicity and scrutiny :)
I’d be surprised if they ever actually did that, though. The whole filter thing seems like security theatre to me, they’re just doing it to make it look like they’re doing something. They don’t actually care that you can “get around” it by simply using a different DNS server.
At least, that’s how I’m reading this whole thing.
Although I’m personally strongly opposed to the idea of filtering anything, as long as it’s firmly in the “security theatre” bucket, I’m not so worried.
You’d be surprised.
A certain “extinct bird” ISP did it for a while.
That will just break the internet even more.
People will start developing hacks to access DNS servers on different ports
Block all DNS requests? – that takes DPI.
Block DNS requests based on just the packet headers?
people will start using VPN’s
Block all VPN’s that are outside Australia?
seriously, that is where this is all heading.
You cannot stop [illegal task] by DNS blocking
Be it, Child Porn, Bullying or internet piracy.
The internet will always exceed your attempts at censorship.
The only way to stop this stuff is by A) getting the source. B) getting the consumers.
C) attacking the carriage medium is doomed to failure. How much money have they spent in meetings / implementation studies, feasability studies, legal opinions etc. I guarantee it is all a complete waste of time.
Didn’t suggest that’s what they should do, just what they could do…
My point wasn’t even that they couldn’t / shouldn’t do it, just that they should realise that every single dollar spent working out how/what/when/who should be doing this is a completely wasted dollar.
The last filter cost us 25-40 million dollars. (probably not including everything). I know 50 million dollars is chump change, but, every time they try it it adds up. (I’d love to see the costs to government so far in meetings and legal opinions on the current round of filter conversations).
Why aren’t they just monitoring hits to these DNS addresses or IPs and reporting that to the AFP? AFP can then request court orders to tap their line (maybe after 10 hits in 1 day?). Monitor their comms legally. Arrest the kiddie porners – legally.
I really don’t get it.
Again, no argument. This is just what we have to deal right now, for better or worse.
*deal with
I have my own DNS server. I don’t think they can stop me.
I would have no problem if the Interpol list of “the worst of the worst” as defined on their web site was the only thing filtered.
Unfortunately if you examine the full process as set out on the Interpol web site it is quite possible for the AFP to maintain a block on a site containing prohibited content under the Australian definition even if the material that caused the original block has been removed. Consequently there is no transparency about this scheme and we can’t be confident of what is happening.
It is also not clear that the use of Sec 313 in this way is legal according to more learned commentators than I. I am not a lawyer but I would have thought that if Sec 313 was applicable then the AFP should be issuing notices to all ISPs not just those that volunteer.
internode are a bunch of losers for even thinking of agreing to this
If you want proof that DNS blocking causes overblocking, Vexnews is currently being blocked by Optus because it’s on the same host as a blocked IP.
Can’t be a DNS block then – that’s an IP block.
Consider – if…
http://www.site1.com.au = 123.45.67.89
http://www.site2.com.au = 123.45.67.89
…and you want to block http://www.site1.com.au, you just force the DNS servers to either not resolve http://www.site1.com.au to 123.45.67.89, or to resolve to a different IP where you put up a warning page.
That doesn’t mean your DNS server has been prevented from resolving http://www.site2.com.au.
What you have there is an IP block.
In fact, now that I think deeper, you’ll find that the route to the entire subnet has been blocked – deliberately or accidentally.
Either way, that you can’t access Vexnews sounds like an admin error, or an overreaction to the “bad site”.
Admin error, overreaction, call it what you will. The fact remains that this will happen all the time and there is nothing we will be able to do about it. There is no transparency, no clear and quick way to appeal and I have no faith in this list doing what is actually being claimed.
Worst of the worst my arse, how the hell could one possibly know when its a censored list!!! Look at the ACMA list that was leaked, so much for “The ACMA list is the worst of the worst”.
I’m not disagreeing – I’m just applying the appropriate technicality to the discussion.
A filtering mechanism of any kind is abhorrent to me, but the Interpol list – (which is not hidden behind cloaks and shadows like the ACMA list) – is “better” than the ACMA list.
It’s all just very contradictory at the moment – the government espouses a “great big new regulatory body” as part of its so called “Convergence Review”, without desired outcomes that are contradictory to arbitrary binary decisions about whether or not a certain website is accessible or not.
The best solution is to have such sites taken down – if they can be identified to put into an Interpol “worst of the worst” list, they can be identified to be shut down.
Unfortunately, it is not always that simple, and the problem is we live in a global community now. A site hosted in a foreign country where euthanasia – (to pick on it as an example) – is completely legal, would have every right in the world to tell Interpol to rack off if another country where euthanasia is illegal sought that it was taken down.
That’s where the “greyness” comes from in this debate, and why governments like that in China heavily “edit” the internet to suit themselves.
There’s no “easy” solution. Heaven forbid there is a country where kiddie porn is legal, but similarly, they’d have every right to say, sorry, it’s legal here – you can’t make us shut it down.
The bottom line is that international boundaries mean very little anymore, and the policy debate will never get this right until they start accepting that a byte of information doesn’t give a rats arse what country it is travelling to, from, or through.
“The best solution is to have such sites taken down –”
The problem is they don’t event try to take the sites down. Still trying to find the report I read not long after the UK filter was introduced but a civil rights group had a >50% success rate in removing offending material with something as simple as sending an email to the admin responsible for the server.
Agreed.
But you locate the server, and hopefully you locate the owner and seek to prosecute.
Herein lies the problem – they are trying to solve a multi-faceted problem with a simplistic, expensive solution.
Don’t get me wrong – I hate filtering in any form.
I think you’re talking about this one http://www.unpolitik.de/2009/05/28/delete-dont-block-it-works/
Now that is a great article.
Good evidence again that the basic principal of *asking* could reduce the number of Child Porn sites.
Very similiar but I sure it was a UK group. It was years ago so I could just be misremembering.
I know you weren’t disagreeing Michael, I’m a big fan of your stuff :)
Let me put my tin foil hat on for a sec
The AFP gets the list from Interpol and I assume this is done periodically to ensure its updated regularly. This list is then distributed to ISP’s who have signed up to the scheme.
How do we know that the list hasn’t been modified by the AFP or anyone at all in government prior to it being handed over to the ISP’s? Is there some sort of verification process that an ISP can use to ensure it matches exactly the worldwide Interpol list and isn’t the original list with a tonne of “What the Aussie Gov doesn’t want you to see material” on it?
Remember, AFP are the Government, they aren’t at arms length or a neutral body.
Yup that’s the way, put up a sign saying “don’t look here” when there’s something illegal on the internet. Surely our law enforcement agencies’ time would be better spent investigating the owners and operators of these sites so as to have them arrested, their clients arrested and their websites properly taken down for everyone? This is run by Interpol, not just the AFP, it’s pretty much universally criminal, yet people still get away with it.
Internode has lost my faith.
Out of all the people in the Telecommunication Industry, I would of thought a well respected and knowledgeable man as Simon Hackett would of went into bat to support there customers. Not treat all Internode customers like criminals.
Internode over the last 12 months have shown that they don’t know if they are coming or going. The price increase/decrease debacle is a perfect example.
Wonder what the fanbois think of this considering that many praised their god when he never jumped on board and had no intention to when the filter was first implemented.
Mr Dalby is a private citzen working for a private company, with, to the best of anyones knowledge, a fine, upstanding moral code. What in this profile gives him the right, privilege, or even the authority, to be able to:
1) Apparently observe the Interpol list of the worst of the worst ‘websites’
2) Make a personal call that the list was “really horrible stuff”.
3) Make the decision on behalf of his customers to implement the filter on his network.
The third point is arguable. The first two are, frankly, staggering.
How many other ‘company reps’ have been given or will be given ‘access’ to the ‘really horrible’ list without any declared checks and balances?
Will ALL isp company representatives involved in this process be given appropriate security vetting or is the position of ISP executive a license to see material that would normally be under rigorous security?
1) I didn’t think that the ISP staff/execs actually got to see the secret list.
2) If I am right they obviously can’t make a call on what is actually on the list, only on what is publicly available at the Interpol web site.
3) Any decision made is for the company, about the company and to benefit the company; the client is only the milk cow. ISP business rule #1.
My tin foil hat theory is that the ISPs are using this to try and stop having to implement the proposed mandatory ISP filter which I would think would be more expensive for them.
My point is that if they can’t see the list, how can Dalby refer to it as ‘really horrible stuff’? Or are we being filtered by folk who take everything at face value?
I don’t have any particular issue with choosing the Interpol list – it is internationally administered by a number of countries and it’s not “secret” within the law enforcement ranks of those countries. I believe this is “adequate” transparency – ie: not driven by Australia’s political agenda.
Personal call as to whether it’s “horrible stuff” – I’m sure he’s just going off a description of the sites on this list, and lets be honest, I have no doubt it’s pretty horrible stuff.
Making a decision on joining the “voluntary” filtering program without consulting users? There I have a problem – and it may be an issue in regards to their standard terms of service. It’s a murky line. It’s called the “voluntary filter” but I bet none of their users were asked to “volunteer”.
Many would agree to do it – but that’s an assumption. And assumptions can come back and bite.
IIRC, the Interpol website stated that nations also added content to the list in line with their own laws.
Internet prohibited content anyone? ;-)
If so, that does muddy things up a bit more, certainly.
But I can’t see Interpol letting Australia – (or any country) – put a bomb-making site on a kiddie-porn list.
Well according to our ‘laws’ dentists, dog trainers and the like should be very leery of Interpol…
That’s ACMA, not Interpol.
You said “But I can’t see Interpol letting Australia – (or any country) – put a bomb-making site on a kiddie-porn list.”
But if you have a look here http://www.itnews.com.au/News/284851,second-british-isp-blocks-file-sharing-site.aspx you will see that they are adding a copyright infringing site to the clean feed child pornography site in Britain. Just a bit of a worry I think.
You are correct neilmc, the Interpol site states that as part of handing over the list to the national police force of a country that that police force can add other sites to the official Interpol List (and it remain the official Interpol List for that country)
Not only that if a site is cleansed of the “worse of the worse”, but has other material that is illegal in ANY (Interpol) member country then that site can remain on the “worse of the worse” Interpol list. In effect the list can become a blocking list that blocks sites according to the sum of laws of all Interpol member sites.
Remember RC material is illegal i Western Australia, even though its legal to actually do in most cases, but it can cause that material to be added to the “Interpol” list, if the site had been hacked at some time with CSA material.
I have to disagree with you Michael with all due respect but you say:
“I believe this is “adequate” transparency – ie: not driven by Australia’s political agenda.”
Interpol say:
http://www.interpol.int/Crime-areas/Crimes-against-children/Access-blocking/Complaints-procedure
. “If found not to contain child sexual abuse material according to the “Worst of”-list criteria, but still illegal material according to national legislation in one or more countries, the material will remain inaccessible in those countries.”
You can’t be sure that the AFP version of the list is not going to contain “prohibited content” eg MA 15+ material not behind an approved age restriction system. I don’t think that it is as transparent as I would like.
I guess we have to “trust” them…haha…and like I said above, herein lies the problem – they are trying to solve a multi-faceted problem with a simplistic, expensive solution.
That’s too easy to break.
So, you’ll join the protest if Wiki leaks gets blocked?
Umm, I guess…never really thought about it…not sure how that’s relevant to whether we should or should not have a filter.
It was just that you were saying we have to trust them to not block sites for the wrong reason. Something like wiki leaks could be taken out. The was pressure to filter out Al Jazera during the US grab for oil… I mean liberation of the Iraqi liberation from US impossed dictator… I mean the freeing of the Iraqi people from the evil Saddam.
We shouldn’t have one for ANY reason. Good list, bad list, or indifferent list. I’m just applying the technicality of how one should or shouldn’t work.
Acutally Michael, it is the man issues in determining of whether we should or should not have a filter. A filter that incorrectly blocks is not one I would like forced upon me.
As above, we shouldn’t have one at all. But for the right now for some people we have one. I hate it, you hate it, we all hate it – but it’s a fact right now.
“If found not to contain child sexual abuse material according to the “Worst of”-list criteria, but still illegal material according to national legislation in one or more countries, the material will remain inaccessible in those countries.”
They tried being up-front about introducing a censorship system, it failed.
They are now using this “worst of the worst child porn” Interpol list as a smokescreen, once in they can go back to banning dentists websites etc.
Precisely! This is why some of us have been expressing opposition to this voluntary filter since July.
I’m getting the strong impression the driver behind this is that this is the only alternative to Conroy’s vision of a clean internet.
That ISPs (plural, now) are taking it at all seriously hints that there’s a lot of non-public discussion going on.
Whilst I’d be inclined to think the AFP, INTERPOL would be a better source than ACMA, I don’t really care whom the source behind the list is, a filter is simply pulling the rug over a problem.
It doesn’t address the causes and certainly doesn’t protect children (the ones actually impacted by the sorts of abuses the filter purports to fix). It’s hardly surprising religious groups are calling for filtering, given it’s an expedient way of “hiding” an ongoing problem within more than one denomination.
It’s also a very expedient method to introduce other types of content to a block list; copyright infringement reasons have been used to add yet another usenet search engine to an in-use filter in Britain.
If this filter is introduced, there will be scope creep. AFACT will seek to use it. So will every religious/ hate group with an axe to grind. This is already happening elsewhere. It’ll happen here.
I have a feeling that the NBN is one huge carrot, even if Conroy uses it for his Plan “B” (or is plan “I”)
Interpol KNOW they can remove the site within hours, CSA material is now illegal world wide and the IWF stats show that the majority of its “worse of the worse” is on USA servers. Interpol are trying to be relevant, keep their member countries funding and this list is one way to do that.
And you are right, AFACT and others will jump on this list and demand that other sites are added. If they can do it for the “worse of the worse” then they can do it for those other sites. And use the UK as a prime example of how it can be dome legally.
Filtering in Britain has expanded from CP to copyright via court orders. Once filtering starts, there is no stopping it. Fortunately filtering is easy to get around.
“in documents released last week by the AFP under Freedom of Information laws”
Renai, where are these documents you speak of? If they have been released, I am not sure why you have not posted them or linked to them?
Just curious is all :)
The file size is too large to host them on Delimiter — I’d go bankrupt with hosting costs. The govt doesn’t believe in compressing PDFs, apparently. Where possible and appropriate, I’ll post them as JPGs, as I did in another article today on the filter.
Update: I should note, the AFP and Conroy’s office will release these docs publicly soon as well on their own sites, under FoI laws.
Well I guess it is time for you to post a new article Renai? http://forums.whirlpool.net.au/forum-replies.cfm?t=1833450&p=4#r74
Meh, basically what he’s said before.
Comments are closed.