Did Conroy’s AFP filter wrongly block 1,200 sites?

18

blog Apologies, folks. We missed this one when it first aired several weeks ago. But we’re planning to get stuck into it in a major way next week as it hasn’t been investigated in any depth by the media at large, that we can see. According to the Electronic Frontier Foundation, it appears that the limited ISP-based filter which several of Australia’s major ISPs (Telstra, Optus and Vodafone so far) have implemented with the assistance of the Australian Federal Police (you know, the one they won’t talk about) may have suffered a massive false positive event in early April and wrongly blocked some 1,200 websites, including community group the Melbourne Free University. The EFF’s media release at the time states:

EFF has long opposed Australia’s Internet censorship schemes, warning that even the voluntary filtering that has been implemented by Australia’s largest ISPs, Telstra and Optus, lacks transparency and accountability, and could lead to collateral damage—accidental censorship of websites that are not violating the law in any way. A dramatic example of such collateral damage appears to be occuring at the moment.

EFF was recently contacted by the organisers of a community group called the Melbourne Free University (MFU) because their site appears to have been blocked or censored by Australian network operators, possibly at the request of the Australian government. Users from some (but not all) Australian ISPs have been unable to reach the Melbourne Free University site since Thursday the 4th of April. An employee of one of the affected ISPs told MFU by email that the site was blocked as a result of an order from the Australian government, but was unable to say more. Research by EFF and MFU, and discussion amongst Australian network operators, confirms that the IP address has been black holed by a number of Australian ISPs, preventing access to more than 1,200 websites including the Melbourne Free University (multiple websites sharing a single IP address is common due to virtual hosting).

The causes for the block are currently unknown. Speculation by the Australian networking community has included criminal investigations, action by ASIC, or DDOS mitigation. Unusually, a representative of one of the blackholing ISPs, AAPT, would only state that “in regard to this issue, this IP address has been blocked”. Under conditions where the cause was to protect the functioning of the Internet, such as to combat a denial-of-service attack, one would expect the ISP to clearly describe the reasons for the temporary filter to better assist other network operators. It would be surprising if the cause was Australia’s nascent Internet censorship system as that is reported to operate with DNS rather than IP blocks.

Whatever the reason for the IP black hole, it is extremely unlikely that they justify the reckless censorship of 1,200 sites for Australian Internet users, and very disturbing that the true reasons have not been made public after many days of requests from the affected parties. Decisions that affect the global connectivity of the Internet should be made transparently, whether they are made in the offices of ISPs, or in the courts and corridors of government.

In the mean time, Australian Internet users who are affected by it can install Tor to access affected websites.

UPDATE 2013-04-12: Apparently as a result of this blog post, social media attention, and questions from the Australian Greens to the Australian Federal Attorney General’s Department, the block has been lifted. But there has not yet been any explanation of why these 1,200 sites were blocked in the first place.

The Melbourne Times Weekly further informs us:

The Australian Communications and Media Authority, the body responsible for internet regulation, issued a statement denying it had blocked the site or that it was investigating any prohibited content. ACMA would not elaborate on this statement when contacted by MTW.

To put it bluntly, we’re very confused as to what’s going on here. For starters, it’s supposed to be very hard for hosting companies to get listed on the Interpol ‘worst of the worst’ child pornography blacklist which the AFP is using as part of its limited filtering scheme. Secondly, even if sites do get on that list, users visiting that site are supposed to be redirected to a page explaining the block. This kind of false positive issue — with no civilian oversight — is precisely the kind of problem which we’ve been warning about with respect to the Interpol filter for some time. With this in mind, over the next several weeks Delimiter will be seeking to ascertain what happened in this extremely concerning episode. We hope the Attorney-General’s Department and the AFP have their shredders handy. Because we’re about to lay the Freedom of Information smackdown on this one.

Image credit: Kim Davies, Creative Commons

18 COMMENTS

  1. Thanks for getting on to this Renai. I was surprised at the time that it didn’t get much attention.
    This is a classic case of what is wrong with secret government imposed filtering lists. I can’t think of a much better example of Overblocking.

    I also thought that Interpol Filter was supposed to be domain based not IP based, so how the hell does this happen in that case?

    • No worries. I can’t believe nobody else picked this up, to be honest.

      “I also thought that Interpol Filter was supposed to be domain based not IP based, so how the hell does this happen in that case?”

      Precisely. This aspect of this story is extremely disturbing.

      • This isn’t the filter. The filter is DNS based. When you participate they don’t give you IP addresses, they give you domain names. This is something else. (Still obviously law enforcement, but not the “voluntary” filter specifically).

  2. I thought the Interpol filter was supposed to be implemented via DNS poisoning, not blackhole-routing IPs.

  3. If my sites were hosted on that server I would be moving all content to another hosting provider altogether and seeking a refund for breach of contract (pretty much all hosting providers guarantee uptime).

    This would send a pretty clear message to hosting businesses, particularly if this one was named and shamed. I recognise that web hosts served with a court-ordered takedown notice must comply, but they would be completely within their rights to require details of the specifically offending site or at least contact all customers on the affected service. Simply rolling over and accepting that it’s reasonable to block an IP that affects 1,200 sites demonstrates contempt for your customers and a massive inadequacy in senior executive decision making in the face of difficult decisions.

    But yes, the broader issue is obviously what happened, how was it allowed to happen, what is the liklihood of it happening again, who could it affect, what possible cause could there be to block a whole IP, was there any consultation or understanding for the collateral damage it would cause, was this a result of a police request, or court ordered; even if the authorities ordered it, why did the host comply so willing without any attempt to warn, inform or work with affected customers caught up in something they had no involvement with?

  4. This is the EXACT reason I have issues with these systems. Any “filter” system like this should have to be run by an independent body and be able to be reviewed by a citizens group like EFF or Choice, it should NOT be a secret list with politicians watching over it…

  5. If this kind of filtering is to become more common, imagine the damage one bad apple could cause when ISPs begin large scale deployment of Carrier Grade NAT.

    ChrisP

  6. Nuke from orbit, it’s the only way to be sure.

    It sounds like a lazy approach to targeting one, or a group of resources within a particular subnet. That it was subsequently lifted without notice suggests the net was cast far wider than it should have.

    @tinman_au – won’t ever happen. The people whom want control of this sort in place aren’t interested in democratising the process.

  7. Thank you for this article.
    Without knowing if my ISP, Spintel, blocks, this filtering could explain why it suddenly became near impossible to read my Dutch Newspapers, HetParool and DeTelegraaf. Any other people with similar experiences?
    And where is the liability of an ISP, they are after all contacted to supply a service, not to block one.
    Albert

Comments are closed.