The following article was published on the website of Electronic Frontiers Australia this morning by EFA executive officer Jon Lawrence. It appears under a Creative Commons licence.
news/analysis As reported by Bernard Keane in Crikey yesterday, Australia’s corporate regulator – the Australian Securities and Investments Commission – has admitted to another incident in which a website blocking request has lead to the inadvertent blocking of thousands of websites.
In a written statement provided to the Senate Economics Legislation Committee (PDF), ASIC has admitted that one previous blocking request in which it specified an IP address, rather than a domain name, resulted in some 250,000 websites being blocked.
The regulator claims: “The vast majority (in excess of 99.6%), appear to contain no substantive content. In this instance we believe that less than 1000 active sites (less than 0.4%) may have been temporarily affected. None of these are .au sites. There are various reasons why such a large number of sites with no substantive content may use the same address, such as through a ‘domain for sale’ operation.”
Given the evident lack of even a basic understanding of the functioning of the Internet’s addressing system within ASIC, these claims are simply not credible. Has ASIC actually reviewed all 250,000 sites to determine whether they contain ‘substantive content’? How does it define ‘substantive content’? Do they believe that ‘only 1000 active sites’ is an acceptable level of collateral damage? The fact that none of them were using .au domain names does not mean that they are not sites operated by Australian entities (such as melbournefreeuniversity.org) nor does that mean that they are not sites that Australians wish to access.
While ASIC’s motives are of course laudable – to protect Australians from fraudulent investment schemes – its use of section 313 of the Telecommunications Act to block these websites is extremely problematic.
In its statement, ASIC has committed to consult with other government agencies and police “to determine how we can best disrupt websites that are part of criminal operations without impacting on legitimate sites”, and are looking at: How to ensure only specific websites are targeted (use the domain name, not the IP address, it’s really simple!); Contacting hosting or domain name providers to have sites taken down at their source, and; Redirecting blocked sites to a landing page indicating why the site is inaccessible. ASIC has also committed to publicly report on their use of s313 on an annual basis.
These steps are all very necessary and have our support, but Electronic Frontiers Australia believes that ASIC must cease all use of s313 to block websites until it has: Learnt how the Internet addressing system functions; Implemented, in consultation with the Department of Broadband, Communications and the Digital Economy, clearly defined processes for the use of this power, including some form of independent oversight; and has implemented a landing page that will inform affected users trying to access a blocked website. EFA believes that the use of s313 to block websites should be subject to judicial oversight, through a requirement for a warrant to be issued for each request.
View Senator Ludlam’s questioning of ASIC officials from last night’s session:
Image credit: Screencap of ASIC officials at a Senate Estimates hearing this week.