“National security matter”:
Third agency caught unilaterally blocking web sites

51

topsecret

news The Federal Government has acknowledged that a third agency, beyond ASIC and the Australian Federal Police, has been using the Telecommunications Act to unilaterally block certain websites, with bureaucrats refusing to disclose which agency was involved, apart from stating that the issue was “a national security matter”.

Several weeks ago the Federal Government confirmed ASIC, the financial regulator, had started requiring Australian Internet service providers to block websites suspected of providing fraudulent financial opportunities, in a move which appeared to also open the door for other government agencies to unilaterally block sites they deemed questionable in their own portfolios.

The move is based on the use of Section 313 of the Telecommunications Act, which allows government agencies to ask ISPs for reasonable assistance in upholding the law, a mechanism which is also being used for the Government’s limited Interpol-based filter to block child abuse material, under the auspices of the Australian Federal Police.

However, the law is not usually used to block websites, and there appears to be no public oversight of the process which ASIC is using, no appeals mechanism, and no transparency to the public or interaction with the formal justice system. ASIC’s action came to light after the regulator in April blocked several sites suspected of providing fraudulent investment information, but also resulted in the inadvertent blockage of some 1,200 other innocent sites. It has since emerged that ASIC has blocked “numerous” sites over the past nine months.

The news was immediately greeted with alarm by a number of political groups and digital rights lobby organisations, which expressed concern that ASIC’s move could herald the covert return of the Federal Government’s previous mandatory Internet filtering scheme, which the Government abandoned in November last year. Commentators immediately called upon the Government to reveal how widespread the blocking practice was, and the news spurred journalists and activists to file Freedom of Information requests in an effort to ascertain the full extent of the situation.

In Budget Estimates hearings last night in Canberra, broadband department deputy secretary Abul Rizvi revealed under questioning by Greens Senator and Communications Spokesperson Scott Ludlam that a third agency, “in the Attorney-General’s portfolio” was also using the notices to order websites blocked.

However, Communications Minister Stephen Conroy interjected in the questioning and refused to answer further questions about which specific agency or department was involved, requesting that Ludlam pose his questions on the issue to the Attorney-General’s Department directly.

In a separate hearing this morning, Ludlam posed similar questions to the AFP about the issue, at a hearing attended by bureaucrats from the Attorney-General’s Department, such as departmental secretary Roger Wilkins. “There’s one other agency also using it,” Ludlam said. The full video is available online. “Could someone at the table illuminate me as to who that is?”

Wilkins replied: “We don’t comment on national security matters, Senator.” Ludlam replied that he hadn’t asked whether the website blocking was a national security matter. “It is a national security matter; we’re not commenting on it,” Wilkins added.

The comment is likely to raise fears that spy agency the Australian Security Intelligence Organisation was the agency involved in the blocking activity, as it falls under the purview of the Attorney-General’s Department. However there are also a large number of other agencies under that portfolio; listed here on the website of the department.

The hearings did produce some good news for those concerned about the potential abuse of the website blocking power by law enforcement agencies. AFP deputy commissioner Michael Phelan told Ludlam that although theoretically the AFP could add additional categories of content to its website blocking activities — such as websites which it believed infringed copyright — it was concentrating its efforts at the moment on blocking child pornography sites, because it believed the use of Section 313 notices in this manner was effective.

“We can’t do everything to everybody,” Phelan said, with respect to other categories of content, noting that the AFP was choosing not to seek to block other categories of sites. “At this stage we’ve made a very conscious decision to use these rather intrusive powers to do this particular thing at this stage.”

opinion/analysis
Wow. So now we have an un-named “national security” agency unilaterally blocking an un-named website, and nobody with knowledge of the matter — not Communications Minister Stephen Conroy, not the secretary of the Attorney-General’s Department — will comment on who that agency is, why it’s ordering websites blocked or what those websites are. This would appear, on the face of it, to meet the definition of constituent elements for a police state. Secret censorship — so secret that we don’t know who was involved, what was censored, or why. Nice. And this is Australia.

Let’s not forget that ASIO is immune to the Freedom of Information Act, so there is literally no official way of finding out if it definitely was ASIO in this case.

I’d just like to point out at this point, if I may, the flimsy nature of the transparency around this issue in general. The fact that other agencies than the AFP are actively blocking websites using Section 313 of the Telecommunications Act only came to light because a handful of activists and journalists pursued the issue — none inside the mainstream media or in large organisations. Nobody from within the system. And we only know a little more because one Senator with a quirky passion for Internet censorship issues — the only politician with that passion in the Parliament — pursued the issue doggedly through the Estimates hearing process.

And we probably wouldn’t even know this much if AGD secretary Roger Wilkins — referred colloquially in Canberra circles as “the bowtie” due to his dress habits — hadn’t dropped a few sentences on the issue, the minimum possible that he could have said, in response to Ludlam’s dogged pursuit of the truth.

Such thin protections — paper thin — are the only reason we even know about this situation. On such shaky pillars does our freedom lie. And that’s something that bears thinking about for a bit. The question of how to make sure those protections are strengthened in future is a serious matter for our democracy.

51 COMMENTS

    • If it’s ASIO blocking these sites because they are child porn/bomb making/fraudulent or generally bad for us all then no problem, but if they are blocking them because of some back door deal or just out of spite then we as Australians have a right to know who is doing it!

      P.S. Please thank your party for closing my favorite trails down in the Watagan forests! I won’t be voting for your party ever again.

    • Thanks Scott – you are our last bastion of transparency and oversight! I urge anyone who sees you in the street to come up and give you a big hug :)

      God help us if the mad monk gets in and starts blocking abortion, euthanasia, and political party web sites ;-)

    • “We don’t comment on national security matters, Senator.”

      Comments like this are the death of democracy.

      The ministers would know who it is and why, no doubt several departments would know who and why…hell, even the recipient would probably know who and why (god knows if other innocent bystanders got caught up in it this time though). And if it’s been used to block a radical Islamic site (for example), I don’t see why they couldn’t say that (even if they withheld the address/name/IP of it).

      But when you have a prime minister that decides sites like Wikileaks are “illegal”, with no actual basis in law, I’m not sure they even know what the “national interest” actually is any more…

    • And with no oversight or possible avenue as to what category the blocked sites fall under, lets just call them national security issues and no-one will be the wiser.

    • While I do agree with your entire stance on Internet policy, voting Greens suffers the same problem with voting for any other party. That is, voting Green to support your Internet Freedom policies is also interpreted as a mandate for your entire platform such as your (completely asinine in my opinion) ban on nuclear power which as a country we sorely need. If I could vote on specific policies rather than collective policy bundles that hold too many other disagreeable positions, you would have my vote on this!

      • It might help if some didn’t bawl like a baby when debating important national issues in parliament too…

  1. Has Turnbull said anything on this? He’s not usually the quiet type.

    In the absence of any comment from the Coalition we have to assume they support this activity.

  2. I am so disappoint in every one (except Ludlam) of our politicians. None of them seem to care for technological issues, or privacy concerns they all seem to tow their parties line with complete disregard for the general population.

    But what can we expect when no one in the government has even heard of ToR. We elect high functioning idiots, who in turn hire morons, who know how to work the system. I guess we reap what we sew.

    Time to move out of this country – we have no legal recourse to prevent/inquire about injustices performed by our elected officials. This is a sad sad day for Australia.

  3. Good on you Renai for helping bring to light these scary realities.

    Dear God. He’s not even allowed to know the NAME, of an AGENCY, that’s black-bagging whatever information it wants…?!

  4. ludlam is now officially my favourite politician.
    courtesy of computerworld.com.au:
    A-G’s department stating, “We don’t comment on national security matters.”
    Ludlam: So it’s a national security agency?
    A-G’s: We don’t comment on those matters.
    Ludlam: So it’s a national security agency?
    A-G’s: We don’t comment on those matters.
    Ludlam: You are commenting. You just told me it’s a national security matter.
    A-G’s: No, he said he wasn’t commenting on it.

  5. At least Michael Phelan was willing to actually answer the questions and admit that the powers granted to them under the act are “quite intrusive”,’
    The others couldn’t give a flying patooty about our rights or privacy.

    Thanks heavens we’ve got Senator Ludlam in our court.

  6. The politicians need to revise Section 313 of the Telecommunications Act so this cannot happen.

  7. Using ISPs to block IPs without blocking proxies is like putting up a locked gate with no fence. All they’re doing is wasting time and money.

    • @ Sean
      I have no problem in questionable content being blocked I wonder why people do

      the problem is who defines whats questionable, your standards are probably different to mine, which are different to my neighbours which are different to the Catholics which are different to the Muslims which are different to the Gay’s (shush I’m trying to make a point not offend) which are different to the Liberal’s which are different to Labor’s and the Green’s and on and on and on……

      That is the problem that the majority have with this policy.

      • I can understand where your coming from but if its illegal in Australia then I am happy for them to shut off access to it, I don’t really have a problem with that at all and I don’t ever think we will see a day when any party would really want to get caught doing so for their own political benefit it would be suicide.

        These people are put in place to help protect my family and I am happy for them to do so.

        • Sean, they’re not just blocking ‘illegal’ material – they’re able to request _anything_ be blocked. To do what you say would require judicial oversight (i.e. oversight BY the judiciary). Remember what the Commonwealth Constitution (and logical common sense) dictates: independence of the judiciary / separation of powers (between the legislature and the legal system).

          Please always research an the issue before commenting :)

          * Not to mention the fact the web sites that discuss an illegal ‘topic’/’action’ and not illegal per se – e.g. abortion, euthanasia, homosexual marriage, terrorism (aka reasons for perpetrating violence) etc.

          • Here are a few issues as was mentioned in the article which you seemed to have not read.

            – There is no transparency
            – There is no oversight
            – There is no appeals process

            This is far from a democratic process. This is government agencies able to act outside of the judicial system.

          • “Please always research an the issue before commenting :)”

            I will comment on anything I like when I like and from my reading thus far I think they are doing the right things for the right reasons :-) so have no problem with that at all.

            So can you give me a list of sights the are blocking besides sites on the interpol lists, ASIC are blocking known sites for good reason and if that saves one person from losing their life savings well I am happy with that as well.

            It seems the ISP’s have no problems doing this either if they did you would think they would have kicked up a stink about it don’t you i wonder why.

          • @ Sean
            So can you give me a list of sights the are blocking besides sites on the interpol lists, ASIC are blocking known sites for good reason and if that saves one person from losing their life savings well I am happy with that as well.

            That’s the problem, there is no list of sites that are being blocked, and ASIC didn’t only block “scammer” sites either, they blocked a school.

            I “in principle” agree with removal of sites from the internet, but do I believe that I should be the one responsible for blocking information? No; but there would be less crap in my opinion.

            If there is going to be a group removing content, then there must be legal oversight and a defined process for it, otherwise its poor policy open to manipulation by special interest groups.

          • Saving one person’s life savings? Let’s turn that on its head.

            Are you happy to see somebody’s livelihood ruined because ASIO or any other government department blocked their website inadvertently, just as ASIC blocked an online university? We might never know if this happens if we allow this to occur and for ASIO and other departments to fight transparency on website blocking.

            And even assuming that their blocks are genuinely motivated to protect Australians (which is unknown right now) who makes the decision of what is more important? Is it alright to ruin people’s livelihoods and businesses to block radical Islam sites or scam sites? How do you calculate the net gain or loss to Australia from these mistakes, particularly if they are hidden from the public?

          • ” from my reading thus far I think they are doing the right things for the right reasons :-) so have no problem with that at all.”

            And maybe right now they are, but what if they suddenly start doing it for the wrong reasons. Without oversight without judicial recourse without some sort of even knowledge of the fact that it is occurring how would you even know that an innocent is being mistreated let alone correct it?

            “So can you give me a list of sights the are blocking besides sites on the interpol lists, ASIC are blocking known sites for good reason and if that saves one person from losing their life savings well I am happy with that as well.”

            Yep, except a couple of things. Why is there no oversight? If it is being done for good and correct reasons, why does it need to be done “secretly”?

            “It seems the ISP’s have no problems doing this either if they did you would think they would have kicked up a stink about it don’t you i wonder why.”
            The ISPs are legally required to do so. It is in such small numbers (at this stage) that many may have simply actioned because it is not there duty to investigate, it is their duty to comply. Don’t try and move the argument away from where the fault is.

            The fault here is the lack of Clear Process and Procedure, including a degree of oversight, that all departments wanting to use section 313 should be applying to.

          • Wasn’t this whole thing exposed due to a University being incorrectly added to the black list?

            What if they decided to block wikileaks as it had data that was sensitive to national security on it? The question isn’t simply ‘is acceptable that certain material is blocked?’, but what information is considered so dangerous as to block, who decides what this material is, who ensures these laws are applied legally and how decisions can be disputed if necessary.

          • so have no problem with that at all.

            Fine, you’re OK with the government skipping legal proceedings and the government it’s self just declaring things “illegal” and passing sentence.

            Personally, I’d prefer the government stick to accusation/prosecution and the courts actually decide, but hey, that’s just me.

            ASIC in particular seem to have pretty spotty history in deciding what’s actually “illegal”: http://www.news.com.au/business/asic-pushes-on-despite-string-of-lost-court-cases/story-e6frfm1i-1225819993553

    • ISO hunt, The Pirate Bay, Torrentz.com etc are NOT illegal… some links may point to illegal content, but the sites themselves are not illegal per se.

      Why would you assume they are? Invalid assumptions like these are precisely why this filter failed, was always doomed to failure, and is the Slippery Slope of Satanic Spawn.

        • Sean, thats a straw man argument, and shows a lack of intelligence with respect to the issues that were raised in the article… Noone is arguing what you think they are.

    • What people are worried about is that S313, as it is being used at present, allows literally thousands of federal, state and local government agencies to block any website they happen to dislike, without telling anyone why, or indeed that it is being done. If allowed to continue, it is almost certainly only a matter of time (probably before the election) that it will be used to block political material, probably without the beneficiary even knowing about it – or at least having “plausible deniability”. It will also obviously be used to block “whistleblower” websites. It should be noted that ICACC’s blocking only became known because they screwed up technically.

      If this is not obvious to you, and does not worry you, I suggest a little more reading might help!

    • “What are people so worried about, sites the likes of ISO hunt etc will be blocked?”

      Sean, this comment suggests you are either conflating this issue with “piracy” and “IP protection” or you are trolling.

      Whether ISOhunt should be blocked or not is not the issue.

      This is about proper Legal and Judicial oversight into actions that can affect the livelihoods of Australian Citizens.

      Government departments are filled with people. So whilst the Department itself may be the ideal, the people in them may not be. It only takes one mistake(wrong ip address for example) and suddenly a site that is perfectly legal and has done nothing wrong is offline.

  8. 1) We have evidence that government departments lack the requisite technical competence to understand the technical aspects of such filtering

    2) We have evidence demonstrating that government departments can and will get this stuff wrong, and the ramifications for collateral damage are substantial

    3) Those with greater technical knowledge or understanding involved in the process are not consulted, are not allowed to provide their opinion, have no channels for feedback back to the department in question and are legally gagged from discussing the issue or raising concerns in the world beyond the department.

    4) Logic suggests that if there is a degree of liklihood that error will occur, a method of error control is necessary. Without the ability to control, restrict or rectify errors, they will occur and will do so unchecked. Without oversight or even the ability to view or audit the system by those qualified to determine the existence of errors there is no way to determine the prevalence of errors, their impact or to even fix them.

    In summary, you simply cannot introduce a system designed to cause faults in a system (even if deliberate ones), provide that method of fault introduction to untechnical, unqualified people who aren’t even capable of recognising errors when they are apparent, restrict discussion and oversight of the system so that no one outside the fault introduction mechanism is allowed to view it, and then expect that the system as a whole can continue to function. It cannot – you are breaking it by design and then legally restricting those who have the skills to stop you funking the whole thing up from being able to even advise you of problems, let alone fix things.

    This is equivalent to firing mortar rounds into the city in the hope of stopping white collar crime while wearing headphones playing Black Sabbath on 11. The defence that you have vetted targets through a rigorous process and have developed accurate coordinates for the mortar based on their known location is intellectually dishonest – you know the risk of error is huge, you know the collateral damage is unavoidable, you know that once the target realises they are being fired on, they can simply change location and you mortar is ineffective against them anyway, and yet you can’t hear those shouting all these reasons to stop this stupidity because you have your collective heads stuck so far up your collective arses all you can think is SHIT!

    Ahem. What I meant to say was you have a flawed system with no oversight designed to break things, so you will end up breaking a hell of a lot more than you intended with no ability to stop it or even know you’re on a runaway train causing disaster in the first place. Because you fucking designed it like that.

  9. Hmm anyone else notice how similar Australian 313 is to Nigerian 414? I wonder which one will end up being more notorious? ;-)

  10. I still don’t understand why it can’t be voluntary, and certainly don’t understand why it can’t be transparent. I mean, mum and dad users – the most at risk of financial scam websites – would be more than happy to volunteer for such filtering!

    If this was done properly, and in the open, I feel most people would be happy with it. But then, perhaps I’m the only one that believes the government is benevolent, and simply misguided.

  11. Chris, whether the government is benevolent and simply misguided is really quite irrelevant. With the government having now established that S313 can be used for secret censorship by virtually every government entity, at every level of government, you have to assume that every one of these organisations is also benevolent.

    As a perhaps relevant suggestion – a news item this morning raises the question as to why ASIC took sixteen months to do anything about a whistleblower’s fax. Can you imagine the temptation to quietly block access to this sort of information, given that the mechanism established and already in use is secret and has no oversight whatever by anyone? Repeat this for example at your local council where embarrassing information about secret developer meetings with council staff are being publicised by a whistleblower.

    Now do you see why people are concerned?

    • I could see why people where concerned from the outset – I think you’ve missed my point. My comment was intended to offer an alternate path in which the government could achieve it’s aims in a more acceptable manner. That, of course, assumes that their aims are benevolent to begin with (ie – protecting Australians from scammers online).

      If their aims are more selfish than that my suggestion of a voluntary, transparent filter would not work.

  12. The issue of censorship is a nice moral problem, the real problem is confidence. We have spent 20 years making the internet a safe place to do business. In one swoop, this practice could ruin all that investment. As a builder of business web sites, how do I know if the millions spent on a web presence or a cloud computing data center will be wasted. At any moment a junior public servant could block my site with a single mistyped IP address. I will have no traffic and no recourse.
    Its about money and doing business with the Australian Internet just became a much more frightening place.

    • Uncertainty reduces business confidence. A major retraction in business confidence is a Very Bad Idea. Like, economy destabilising bad…

  13. I wrote about a similar turn of events in the UK recently and have been thinking about it a bit since. I’m very anti-censorship but feel that if a person or group was being censored (in a way that the public would be outraged about) there are plenty of avenues for them to announce that they were censored.

    • Was about to say the same thing. If something gets blocked that should be blocked, nobody is going to know. If something gets blocked that shouldnt, such as a school, well its going to be discussed somewhere like Whirlpool when people start trying to visit the blocked site.

      The worst I’ve seen so far is a school got blocked for a couple of days. The transparency is there by default, because the web is open source. If you find a site thats blocked, you know its blocked, and by extension that becomes public knowledge. Which people can act upon.

      If unknown sites are blocked by unknown agencies, its only unknown until someone attempts to visit the site, and at that point it can be confirmed through an ISP that isnt applying the filter, and you can get a decent idea who’s doing the blocking.

      • “and you can get a decent idea who’s doing the blocking.”

        But you don’t. “The Government” requested the block then chasing multiple departments denying it was them.

        • I meant you can figure out what the likely department is by the nature of the site being blocked. Wont be certain, but you can get a good idea. Whether or not anyone fesses up to ordering a s.313 block, Whirlpool will be on the case delivering 20 or 30 conspiracy theories on who it would be…

  14. Commenter Sean is just a sheep who trusts all these people in power over him. Let him dream his sweet dream. He assumes everything they do is good for him…

Comments are closed.