Revealed: ASIC’s secret website block notices



news The Australian Securities and Investments Commission has published the full text of its official notices to telcos requesting they block websites suspected of providing fraudulent financial information, with the documents revealing that both the frequency and breadth of the agency’s blocking activities has increased since they began 12 months ago.

Last month the Federal Government confirmed its financial regulator ASIC had started requiring Australian ISPs to block websites suspected of providing fraudulent financial opportunities, in a move which appeared to also open the door for other government agencies to unilaterally block sites they deem questionable in their own portfolios.

The move is based on the use of Section 313 of the Telecommunications Act, which allows government agencies to ask ISPs for reasonable assistance in upholding the law, a mechanism which is also being used for the Government’s limited Interpol-based filter to block child abuse material. However, there appears to be no public oversight of the process, no appeals mechanism, and no transparency to the public or interaction with the formal justice system. A move by ASIC in April to block several sites suspected of providing fraudulent investment information resulted in the inadvertent blockage of some 1,200 other innocent sites.

The move was immediately greeted with alarm by a number of political groups and digital rights lobby organisations, who expressed concern that ASIC’s move could herald the covert return of the Federal Government’s previous mandatory Internet filtering scheme, which the Government abandoned in November last year. Commentators immediately called upon the Government to reveal how widespread the practice is.

Since that time, ASIC has admitted to another incident in which it inadvertently blocked some 250,000 websites, and another un-named agency within the Attorney-General’s portfolio, suspected of being ASIO, has been revealed to also be using the Section 313 power on “National Security” grounds.

In the wake of the ASIC revelations, several parties filed Freedom of Information requests with ASIC seeking to ascertain more details of its blocking practice. The Pirate Party Australia immediately filed a Freedom of Information request with the Australian Securities and Investments Commission, seeking documents relating to the blocking of, filtering of, or interference with the IP address blocked by the agency in March and April, in addition to any other website.

Late tonight, ASIC responded to the FoI requests filed by both Delimiter and the Pirate Party Australia, releasing its Section 313 notices in full, as well as a small amount of correspondence associated with the notices. You can download the documents sent to Delimiter here (PDF) and the documents sent to the Pirate Party Australia here (PDF).

The documents reveal that ASIC initiated its website blocking campaign by targeting three major telcos — Telstra, Optus and AAPT — in June 2012. At the time, ASIC senior manager of Deterrence, Financial Services, Michael R. Ryan, sent the three telcos a letter requesting a US-based IP address be blocked for a period of a month. The letter was headlined under the moniker ‘Op Ark’, which is believed to refer to Operation Ark, an ASIC operation which aims to combat organised crime targeting Australian investors through fraudulent investment material — often through Internet-related fraud.

Under different operational labels, ASIC filed subsequent Section 313 notices with the three telcos in October, November and December 2012, as well as January, February, March and April this year. In all cases, the regulator requested that one or several internationally hosted IP addresses be blocked by the telcos for a period of one month.

ASIC typically cited its belief that the websites concerned had breached regulations concerning the provision of financial information, and sometimes listed the suspected fraudulent companies involved by name.

In November, the regulator added another name to its list — Pacnet, another major provider of telecommunications services, and in March this year PIPE Networks was added to the list. The list is significant because it appears from its Section 313 notices that ASIC is attempting to block the websites concerned at a network backbone level rather than at the level of a retail ISP. All of the telcos concerned provide underlying network services to retail ISPs such as iiNet or TPG, and so it appears that ASIC is attempting to block the websites at the core of Australia’s Internet in a way that will flow through to retail ISPs, rather than requesting those retail ISPs themselves block the sites.

This impression is reinforced by a letter from a lawyer at PIPE Networks sent back to ASIC in response to the blocking notice. The lawyer — whose name has been blacked out from the documents — notes that “as previously advised”, PIPE could “only block the addresses on our own network and cannot completely block them on our submarine cable, due to the way capacity on the cable is sold”.

It appears that none of the telcos concerned pushed back on ASIC with regard to its blocking requests, although it is believed that the use of Section 313 notices in this way had not been used in Australia previously. A network engineer for Optus, for example (whose name is redacted from the documents) replied by email to ASIC several times merely noting that the requests had been actioned.

In one instance, ASIC requested that an IP block filed in April this year be lifted. It is possible that this could refer to the revelation in April this year that the regulator had accidentally blocked some 1,200 sites, including Victorian education site Melbourne Free University. The site’s owners contacted various parties, including the Greens, their ISP and the Attorney-General’s Department seeking information on why their site had been blocked. It was subsequently unblocked.

It remains unclear why ASIC’s standard use of the Section 313 notices requested that the telcos block sites for one month only, although it is possible that the regulator’s use of the power for that short period was designed to give it some breathing space while it sought to take down the sites more permanently at the hosting layer.

This theory is given credibility by a document included in the FoI release material, which saw ASIC obtain a Federal Court Order for one site to be taken down.

ASIC’s consistent use of raw IP addresses — rather than website names — in its Section 313 notices suggests that the agency’s accidental separate blockages of some 1,200 and 250,000 sites on different occasions was not an anomaly for the regulator. Given the prevalence of shared web hosting space used by websites online, it would have been more technically accurate for the regulator to have requested only specific website URLs be blocked, rather than IP addresses; this would have likely meant that only specific sites would have been blocked, rather than thousands of other sites being inadvertently blocked. It is believed that this URL-based approach is the approach taken by the AFP in its similar Section 313 blocks involving a ‘worst of the worst’ list of child abuse sites supplied by international policing agency Interpol.

The use of IP addresses in this manner appears to suggest a degree of technical incompetence on ASIC’s part, given that it would also be possible for a blocked site to easily and quickly switch IP address to a new web host, but retain the same website URL, evading ASIC’s blocking regime within a matter of hours.

ASIC’s comprehensive response to the FoI request — in which it has redacted very little information from the documents as supplied — runs counter to the approach taken by the Australian Federal Police when Delimiter filed a similar FoI request around the use of Section 313 notices earlier this year. In that case, the AFP redacted a significant amount of material from its documents, including the identities of the ISPs it targeted.

In May, then-Communications Minister Stephen Conroy asked his department for measures which could provide transparency around government use of Section 313 notices to block websites, and it has been reported that meetings between the major Federal Government departments have been convened on the issue. However, Conroy resigned his post on Wednesday this week, following the ascension of Kevin Rudd once more to the Prime Ministership, and it is not clear yet who Conroy’s successor will be, or what their attitude will be to the use of Section 313 notices.

There are a few things we can take away from the text of the Section 313 notices which ASIC has provided to Delimiter and the Pirate Party Australia.

Firstly, ASIC has demonstrated that it is relatively technically inept (surprise!). You can see this through the use of IP addresses rather than website URLs (which resulted in thousands of innocent websites being blocked), you can see it in the attempt by ASIC to have websites blocked at network layers as low as PIPE Networks’ submarine cable (which was not possible for PIPE), and you can see it in the fact that ASIC only targeted a small number of telcos rather than a comprehensive spread. Frankly, it appears that the regulator’s blocks would have been relatively ineffective if used against smart website operators, and that they would have been easily evaded by those seeking to visit the blocked sites. Great.

Secondly, you can see that very little of the actual communication between ASIC and the telcos on this issue took place via email chains that can be documented and are subject to FoI requests. I am sure that Telstra, AAPT, Optus and PIPE Networks communicated with ASIC at least cursorily on this issue, and probably extensively. But that communication must have taken place by telephone and not by email. This speaks to a somewhat secretive approach by both ASIC and the telcos on this matter.

Lastly, what we see is that the telcos did not appear to fight ASIC on this issue, despite the fact that its use of Section 313 notices in this manner was virtually unprecedented. We don’t see anything here in terms of lawyers questioning ASIC’s rationale for blocking the sites or even why the regulator wanted whole IP addresses of shared web hosts blocked, rather than specific URLs. This is somewhat disturbing, given the fact that ASIC’s actions represented direct interventions in the telcos’ businesses and technical platforms. It suggests that Australian telcos are used to rolling over for Section 313 notices on an ongoing basis.

All of this points to the need for independent, centralised oversight of the use of Section 313 notices by Federal Government agencies. The Australian population deserves better than for technically inept agencies to unilaterally decide to block random websites and a host of innocent ones, with no accountability measures in place. It’s abundantly clear that Australia’s telcos are pretty happy to roll over and let Australia’s law enforcement agencies do what they will with our Internet — let’s be under no illusions: Australia’s telcos will not act as watchdogs in this system.

Let’s hope that Conroy’s successor — whoever they are — makes this issue a priority. Because if they don’t, I can assure them: Those of us in Australia’s media who are tracking this situation will not desist in our efforts to provide transparency and accountability around the use of Section 313 notices by government agencies. Unilateral and secretive blocks of websites is just not a concept any modern democracy should be comfortable with.


  1. Great article, thank you! Frightening but informative. I’m glad to see the last line about not desisting in efforts for transparency.

  2. Thanks for the update on this issue Renai.

    As I have said before the Telcos are only interested in the bottom line. What they don’t seem to understand is that they could find their bottom line seriously impacted if the public decide that they are more interested in kowtowing to government departments and agencies than looking after their customers.

    If there is ever a challenge to the validity of the S313 notices in the manner they are being pursued particularly without a supporting warrant, and it is up held, they may regret being so acquiescent.

    I note that our third largest ISP has not been targeted for some reason. May be they are a little scared of them refusing to be bludgeoned by “more powerful” institutes and them value their customers as they have previously demonstrated.

  3. Blocking an IP or a URL both have their own drawbacks, namely;

    IP: Collateral damage of all the other sites sharing the IP, plus it is easy (and quite cheap) to shift a ‘bad’ site to a new host and make a trivial DNS change.
    URL: Cannot catch the (literally) thousands of domain names that get pointed at the same IP, added to which it is both trivial and cheap to obtain a new URL that goes to the same content once the site is identified and reported to the ISP to block.

    There are two sides to every argument, but I wouldn’t call ASIC totally inept when it comes to site blocking; for example it was pretty interesting to read that they had contacted PIPE to get blockages occurring at the backbone layer.

    Blocking content is the real requirement, but to do that requires deeper internet filtering above layer 3, and then that of course opens a whole new debate now, doesn’t it?

    • Dan makes similar points to those I was going to raise – I’ve seen less than legitimate sites use tactics like multiple domain redirecting and even direct IP resolution (providing http traffic to requests of sub-pages under the root IP instead of a domain name), tactics that can only be combated using IP blocks or traffic filtering analysis.

      Personally, I’m actually encouraged by the fact revealed here that I the blocks are only in effect for one month (presumably while the host is contacted and the content removed from from the server).

      I also don’t think this tactic will inadvertently affect many Australian businesses or websites – most Australian businesses can’t afford the performance penalties using cheap hosting on international Web hosts. This could get complicated with cloud service providers like Amazon, but I think if a major host had an IP blocked like this they would be pushing back.

      None of that is to say that this scorched earth approach is the best solution, or that the collateral damage is necessarily acceptable. I definitely think further oversight, reporting and transparency is necessary, as well as notification and feedback mechanisms so that legitimate websites have adequate information to understand the impact of the issue and do something about it if necessary. If ASIC or other regulators are contacting the Web host for the purpose of tracing the offending content owner and taking it down permanently, it would be trivial to ensure the notification was forwarded to all the legitimate clients on that server/IP and not to the offending content owner.

      But to me, this information demonstrates that this issue has a lot more shades of grey than initially assumed and there are some legitimate reasons for IP blocking, making the technical ineptitude call a little unreasonable at this point. Let’s stick to analysis of the facts, rather than pushing assumptions onto the situation that are unhelpfully muddying the waters here for any readers who’s understanding of technical reasoning behind these practices begins and ends with the article’s content.

    • >”Collateral damage of all the other sites sharing the IP”

      Not just web sites. Any other applications too e.g. email, …

  4. While we’ve seen the sometimes worrying collateral damage caused by blocking IP addresses without checking, it’s a little rich to suggest ASIC is ‘technically inept’ as a result.

    If anything, it’s the other way around. While I’m not passing judgment on these s313 notices either way, let’s just put that aside and say they’re legitimate. If so, and ASIC is trying to get them actioned at the backbone providers – which makes sense – then DNS poisoning is either impossible or unlikely to filter down to most ISPs. That service typically isn’t even provided at the wholesale level; it’s layer 3 or bust.

    If ASIC actually sent a list of URLs to PIPE or AAPT they would be laughed out of town, it would be meaningless information. So which is it gonna be?

    I really expected better from this article.

    • “While we’ve seen the sometimes worrying collateral damage caused by blocking IP addresses without checking, it’s a little rich to suggest ASIC is ‘technically inept’ as a result.”

      Do you mean that you think they blocked those innocent websites on purpose?

      I’m really more interested in what legal redress or compensation innocent website owners might have available as a result of the actions of agencies like ASIC. I’m assuming that the ISPs involved are indemnified from any possible action on the grounds of complying with legislation but then I note that at least one (rumoured) ISP was refusing to action these notices so just how enforceable are they?

      • If the police raid your home or business in the course of an investigation and confiscate your computers and comms equipment, then subsequently find that you’re innocent the of whatever they had thought you might have done and return your stuff after a month (more like six, but go with me here) what redress do you have under the law for impact to your business and livelihood from this mistaken action by the police? If this happened to my business I would have to replace all my equipment and restore from backups immediately (and if they confiscated those I’d be screwed) – my business wouldn’t exist with no ability to support my clients or access cloud services for a month. Could I sue them not just for loss of income but loss of all future profitability, good will and my business as a going concern? I daresay the police would be indemnified from such action, but IANAL and have no knowledge of the law in that area so don’t know one way or another – I raise the question because it seems particularly applicable in this circumstance (notwithstanding police legislation is state specific while this would be a federal issue).

        • It’s a bit different though if they block access to an unrelated third party’s website who was never under any sort of investigation at all. It is a bit like shutting down access to a whole shopping centre because there is one dodgy store there. That wouldn’t be tolerated in our society, so why should it be online?

        • I think you can claim compensation at certain levels.

          Also one of the biggest differences with the police raiding a premises is that they are required to obtain a warrant.

          The ‘accidental’ blocking of internet websites is being done without a warrant or any kind of oversight.

          It is obvious to me that blocking some of these websites is a very important thing to do. But like many people, I strongly believe it needs to be completely transparent with powerful oversight to ensure blocking is limited to the worst kinds of illegal activity only.

        • Since it is the state taking the equipment for criminal evidential purposes to prove that a crime has or has not been committed then you really have no redress at all due to qualified immunity systems, which is exactly why we have such things as due process, reasonable suspicion, onus of proof, and warrants under criminal structures (civil and administrative systems are totally different).

          Though if you can prove that the State enacted the criminal proceedings wrongfully either knowingly or that it should of known (and breached it’s own rules) then a case of malicious prosecution could be undertaken that could give you redress – Kim Dotcom is currently in that position in regards to the NZ Police taking of his equipment since the courts have now declared that taking was illegal.

  5. Is blocking the offending website really the best/only option? How do these nefarious websites advertise themselves? Search engines? Email? Both, I would imagine.

    What would happen if Google was made accountable for spreading this rubbish? Or email hosts? I’m sure there are plenty of technically-feasible (but potentially rights-impinging) solutions.

    A much bigger can of worms obviously but would deal with much wider issues that plague the Wild West that is the Internet.

    • A lot of illegitimate sites exist to serve content directly to machines infected with things like browser hijackers. Some may advertise, but it might be through questionable sites like warez and porn sites – good luck regulating those! Removal or blocking of the content is the only reasonable solution. The question is, how accurately can you target the content/site you’re interested in and how effective are your blocks? Take downs are the best solution, but not always possible with international servers in countries that may not respect Australian or international law. Blocks, however, can be controlled and enforced locally with high responsiveness (not waiting months like with international requests).

      So blocking is appropriate and necessary (and is actually a perfectly normal part of network security and administration); it’s the secretive nature of this system and the lack of transparency and oversight that’s the problem

  6. Interesting that the notices are issued “pursuant to investigations” rather than for what section 313(3) actually says – “enforcing the criminal law”.

    I’m not a lawyer, but ‘investigating’ and ‘enforcing’ are very different things.

    • hi Steve,

      would this wording make iiNet more likely to challenge such a Section 313 notice, if it was issued by ASIC to iiNet? In addition, I would welcome your thoughts on whether iiNet suppliers such as PIPE Networks are breaching their obligations to customers such as iiNet if they blocked websites at the underlying transit layer, as ASIC appears to be trying to do.


      • We would have declined on the strength of ‘pursuant to investigations’. We wouldn’t have to challenge anything, we simply wouldn’t take any action.

        Just imagine if any website (like yours, for example) could be blocked for a month, just because you or your activities were under investigation. It would put most on-line enterprises out of business.

        It’s absolutely unacceptable. Anybody could be ‘under investigation’, it takes due process and evidence to find you guilty. Without transparency, due process and appropriate authority, no blocking should be possible.

        Section 313(3) is about enforcement, that is – once guilt has been determined and enforcement (of the penalty) follows. There is nothing in 313(3) about ‘investigations.

        • Hi Steve,
          Very interested in your comments.

          When i looked at S313 I noticed in particular (7) which talked about warrants. It has been my interpretation for some time that S313 was intended as complimentary to and enabling S7 of the Telecommunications (Interception & Access) Act. That particular Act makes it absolutely clear that a warrant is always required to interfere with a telecom communication. My interpretation has been that S313 has never changed that intention in any way.

          Your thoughts on this would be of interest if you are able to comment.

          When the NBN is finally available at my MDU your and the companies activities on behalf of customers of iiNet has made the company a front runner to be my RSP of choice. Or to put it another way your contribution is considered really valuable.

          Many thanks for you input.

          • @ Bob
            I think that this activity by ASIC is unrelated to interception (sometimes called ‘tapping’), which (as you say, requires a warrant).
            That said, I would agree that a warrant, court order or something equally authoritative is more appropriate for a significant step such as a website block.

            I’m not a judge or a lawyer, but I expect that a stronger argument than a ‘possible contravention’ would be required for the issue of such a warrant/order.

            Here we have ASIC employing a very lazy approach to a very serious request.
            I feel sick to the stomach every time I think about the so-called collateral damage caused by ASIC’s cavalier approach. Other uninvolved sites like Melbourne Free Uni don’t even seem to warrant an apology for being smashed by these guys.

            As a company, iiNet is extremely reliant on our on-line presence for new business, customer self-service and operational delivery. If ASIC accidentally (or intentionally while ‘pursuant to investigations’) put us off the air for a month, there would be massive damage to he business. The same can be said of any other on-line business, which, in 2013, is pretty much everyone.

            On the NBN front, we look forward to getting your MDU up and running. It’s possible that’ll be VDSL and fibre to the basement, if the coalition gets in.

          • You raise another good point.

            Australian authorities have no excuse for not going through a proper process if the host is located within Australia. They already have more than enough legal authority to do it properly. However Section 313 does not appear to make such a distinction. A lazy government can presumably go after even domestic hosts. A lazy government can in theory block your own company even if none of your services are located offshore. (I imagine that quite a few Australian ISPs are actually reliant on some offshore services.)

            (I still think that Australian authorities should have to go through a proper process if the host is overseas but I do understand that such a process would be more difficult and more time-consuming.)

      • PS – I note that one of the PDFs in your FOI response includes a court order against someone called Ullman. Point 4. says he must deactivate his website(s).

        That’s more like ‘Due Process’ .

        • Thanks Steve for your regular input on the Delimiter forums, as a iiNet customer for over 8 years your feedback is greatly appreciated on these hot topics.

  7. Could it be that blocking IP is an easier application of the law?
    That blocking by domain requires an interception warrant?

    That is, you need look at the contents of packs to see their domain destination. The IP destination is just in the headers. Therefore, blocking a domain would require a warrant as you have to intercept and read the packets, not just rout the destination to /dev/null ?

    IINAL, but it is a possible explanation for this activity.

  8. >”All of this points to the need for independent, centralised oversight of the use of Section 313 notices by Federal Government agencies.”

    No. It points to the need for the government to stop using Section 313 as a backdoor internet censorship regime !!!!!

    NB: Any state or territory officer, agency or department can also use Section 313. If you really think that all that is needed here is “oversight” then it needs to cover more than just Federal agencies.

    It is debatable as to whether the oversight needs to cover all use of s313 or just the illegitimate use of s313 for internet censorship purposes. (Legitimate use of s313 for help regarding a specific Australian customer who is reasonably suspected of involvement in a crime may already have adequate oversight, or in any case is a bigger can of worms.)

    • @Orville
      I don’t think ‘reasonably suspected’ cuts the mustard.

      I have no problem with thieves and fraudsters getting busted – to the full extent of the law – but it’s got to be on the basis of more than ‘reasonably suspected’ by a middle order public servant.

      • Steve, you make some excellent points that make the issue much clearer (and scarier, when you consider the network providers just rolling over for these). I am interested to know whether iiNet would only consider a block sanctioned by a warrant, or if cooperation would be given to halt access to a demonstrably dangerous or malicious website as a result of a section 313 notice if your own staff had confirmed the threat to your customers? While I agree that permanent blocks require due process, there are times when attacks and network vulnerabilities require immediate response, no matter the origin of the notification.

      • Steve, I didn’t want to make my post too long. I was alluding to the kind of situation in which a law enforcement agency gets a court warrant to perform interception – or a law enforcement agency accesses telecommunications data (which doesn’t have independent oversight). The threshold is something like “reasonable suspicion” and it has to relate to specific Australian services. The law enforcement agencies don’t however have to have an open and shut case ready to prosecute.

        I understand that both of these are enabled by explicit legislation, rather than relying on Section 313. The intent was to make a distinction between targeted, possibly court-approved behaviour based on reasonable suspicion of criminal activity and the untargeted, near open slather of an internet censorship regime.

        • @Orville
          >>The intent was to make a distinction between targeted, possibly court-approved behaviour based on reasonable suspicion of criminal activity and the untargeted, near open slather of an internet censorship regime.

          I think “near open slather” is a bit hyperbolic. ASIC were trying to do what they thought their job was and blew it.

          If we have to choose between a cock-up and a conspiracy, I think we’ll have to take the cock-up on this one.

          • ASIC claims to have investigated what sites would be overblocked if they took out an entire IP address. That suggests reckless and callous disregard, rather than either incompetence (cock-up) or conspiracy.

  9. The idea of using IP address and blocking multiple sites has its plus side too and I suppose it would work in a similar way to anti-spam reputation systems, where if your organisation is infected by a spam bot, then it will quickly find its way onto a blacklist thus impacting your ability to send any email. Now yes it hurts your organisation, but it also forces you to clean up your act.

    So in the same way a hosting provider that allows dodgy sites is going to find its customers disgruntled and going elsewhere. It is incumbent on them to make sure their customers are know your customer.

    There is still the issue of oversight and transparency, but if they were addressed, would it be such a bad thing?

    • It would still be a bad thing if the government (Steve’s “middle order public servant”) gets to be judge, jury and executioner.

      The government may well have a reasonable belief that some site is involved in criminal activity (for example) but that falls short of persuading a court, by presenting evidence and giving the accused a chance to present a defence.

      This is one of the problems with the current regime. The government decides. The web site disappears.

      Another issue that you don’t appear to have addressed is: The government decides. Thousands of innocent web sites disappear. Oversight and transparency won’t fix that.

      “Reputation” may be a better way to deal with this. Your web browser subscribes to a reputation service – of your choice. It advises you accordingly. You make your decisions. You are free not to subscribe to such a service. You are free to subscribe to such a service but from time to time ignore its recommendations. I think this functionality more or less already exists in web browsers.

    • I actually have a huge problem with associating a technical address like an IP with ‘reputation’. It is a disingenuous and dangerous association. Have you ever had to get a static IP unblocked from spam filters when it was only newly registered? Once an IP has been blacklisted it is usually easier just to discard it rather than clean up it’s ‘reputation’, which is why the pool of blacklisted IPs is growing so fast – no one is taking the time to clear toxic or dirty IPs, they just replace them with ‘clean’ ones, a practice demonstrating the futility and stupidity of the whole idea of linking a persistent reputation with a technical address.

      Don’t get me wrong – there’s an excellent argument for IP blocking, but only as a short term measure. As a community we need to work towards a common solution that addresses malicious content, spam (both accidental and deliberate) and other potentially damaging activity in a more helpful, inclusive manner. Writing off an IP with blacklists and expecting everyone with a computer at the end of a network connection to have the technical knowledge or budget to solve their infection issue isn’t in the long term interests of the network as a whole, which is what we should be working towards.

      • >”there’s an excellent argument for IP blocking, but only as a short term measure”

        I’ve yet to see any real world examples of something so dire that extra-judicial execution of a web site or IP address is justified.

        I can invent Le Carre-esque plots for how such a situation could arise but that doesn’t make them real. Urgency is usually an excuse to avoid independent scrutiny.

        If ASIC didn’t have unilateral power to disappear web sites, noone would die.

        • Here’s just three:

          1) access to a malicious fraud website very convincingly designed to resemble a banking website serving connections originating from authentic looking emails that are duping people in their thousands every hour.

          2) content served to a mutating virus

          3) user data on PCs harvested by a virus being sent back to a server

          All of these meet the definition of threats that could or would have judicial authorisation granted for their restriction, but in a situation where every minute can mean millions of dollars of damage it is sometimes necessary to deal with the problem immediately, while usual judicial ‘due process’ cannot possibly react fast enough to the ‘threat on the ground’.

          This is how network operators keep your Internets from collapsing every day. The fact that you have no direct experience is utterly irrelevant.

          • @TrevorX
            ISPs are not in a position to make judgements on scenario (1).
            ISPs are here to operate their network infrastructure in order to provide a threat-free service to paying customers. Not to police fraudsters.
            We have authorities that specifically deal with that, there is an onus of proof and various processes to make sure that their actions meet community expectations of justice and fair play. That does not include, act now, prove later.

            Scenario (2) & (3) – see above. ISPs are here to operate their network infrastructure in order to provide a threat-free service to paying customers.
            If our network is attacked or threatened by malicious activity, we must protect it. We don’t need external authorisation for that.

          • 1) is best dealt with by functionality built in to the web browser, as I suggested earlier. That way people can have whatever level of protection they want, without opening a can of worms of government bypassing the courts i.e. shoot first, ask questions later.

Comments are closed.