Definition of Slippery Slope

BT are being forced to block access to specific piracy websites, lucky that they have the technology hanging around for the IWF watch-list then?

BT are being forced to block access to a piracy site.

This will no doubt use the BT Cleanfeed infrastructure used for the IWF. You either have something clever that proxies everything, or your redirect the blacklisted IPs to a filtering proxy. The former is expensive, the latter breaks wikipedia anonymous updates.

Anyway, I wrote about this point that the Aussie No Clean Feed were making made a while back. Given politicians and the judiciary a toolkit that can be applied generally, and they will.

This raises some depressing questions:

  • How long until this ruling applies to other ISPs?
  • How long until the IWF watch-list becomes broader to save content owners going after each ISP?
  • How long until refusing to use the IWF list, like some smaller ISPs, becomes illegal?
  • At what point is using VPN services outlawed: I use one when I’m on public WiFi but it would bypass any ISP provisions.

I’m sure none of us are really surprised, but it’s sad to be proven right.

On Wikipedia filtering

Now the row has died down, a few thoughts regarding the filtering of the album cover from Wikipedia.

A few thoughts on the now defunct UK Wikipedia censorship row:

  1. It’s good that it’s brought the IWFs presence into the open. It wasn’t really hidden, but many people didn’t really know it existed. Though in reality 95% of the people still don’t know or care.
  2. How come not all ISPs implementing the IWF list were affected? Was there some examination of the list (which from heresay I thought was verboten), or do the other ISPs just have a more rigid deployment/change control procedures for updates?
  3. Kudos to Thus/Demon for providing a descriptive error message (to paraphrase “the IWF told us to block this”), instead of a blank 404 which some other providers presented.
  4. Because of the implementation of the filtering, some ISPs presented all requests to Wikipedia from their outbound proxy IPs. Wikipedians then removed of anonymous editing from these IPs due to the possibility of abuse.

Ultimately, removal of anonymous editing of Wikipedia is not a huge deal. Most users can register, although there are reasons why some people may require/desire to make anonymous edits.

Regardless of the degree of the impact however, it’s now clear that some implementations of filtering can impact the normal operation of some bits of the internet. Deep Packet Inspection could possibly preserve the outbound IP, but at a far higher cost and latency impact than the “selective” transproxying that many ISPs have implemented.

Something for the Australian government/populous to consider.

On Internet Filtering in Australia

I read with dismay this week about the plan to offer all Australian internet users a content filter provided by their ISP. While originally there was to be an opt-out for this, it appears this is actually a switch from a supposed “clean feed” to a core list of illegal material. If the plans go ahead as mooted, Australians will not be able to avoid some form of government mandated internet filtering. (I’m sure there’s a pun here on Great Barrier Reef, Great Barrier of Grief is the best I can think of, please post a comment if you think of a better one).

The incorrect facts and rhetoric I’ve heard peddled got me riled, the Minister responsible says those who don’t want filtering (paraphrased) “want to let people access child porn”. He states that many countries, including the UK, already have such a system in place. During the interviews he doesn’t like the most obvious comparison of China who have the most notorious system, the “great firewall of China”. In the UK, according to the IWF/Hansard 95% of broadband connections block the sites listed by the IWF, which only concerns images of child abuse.

The idea of the system is pointless for so many reasons, but the following stick out for me:

  • False negatives will mean that the “clean feed” never will be entirely safe. It also can’t protect from many threats, including children being grooming on chatrooms, and the sharing of inappropriate personal information.
  • False positives will potentially mean that people can’t access legitimate information, or information hosted on the same server as “objectionable” content.
  • Ineffective as much of the harmful material that they want to limit access lives on darknets, peer-to-peer services, or is encrypted – so an upstream filtering proxy won’t prevent anyone determined from accessing it.
  • Easily bypassed as the China experience has shown. Anyone who wants to get past the proxy is able to (using VPN, TOR, etc). Given how much more savvy younger users tend to be than their parents, who are the ones likely to understand these workarounds?
  • Expensive for ISPs to implement another level of trans-proxying and traffic management. Will this be a new barrier of entry to the market?
  • Government logging is made an awful lot easier with servers running government approved software embedded in ISPs, with integration with the ISP’s authentication systems – the government could potentially have a complete history of what connections have browsed to, tagged with account details.
  • Performance reducing the already sluggish internet hanging on the end of a relatively thin bit of electric string, do users really want more latency added to their browsing?

The internet is a wonderful resource but has bad elements on it. Safe internet use requires a broader strategy than a single tool, the first step of which is putting the computer in a room where adults can supervise. Machine based filtering can help, and detect activity an upstream proxy can’t, but can never address everything. The strategy to protect children also needs to empower them: explaining that not everything on the internet is what it appears, and teaching them about being a geek, i.e. don’t click on links in spam, be slightly paranoid and protective of your personal information. (That said there’s probably another argument that this is less relevant now, and the problem isn’t that your mother’s maiden name is easy to get hold of from Facebook, the problem is that banks/utilities still think it’s a secure question).

While the goal of preventing access to illegal content is a valid one, and nobody would ever condone the illicit content covered in the core proposal – the idea of a government mandated filters that ultimately won’t even stop all access to the illegal material is worrying. These filters will have knock-ons for legitimate users in terms of false positives and performance detriments.

It’s especially concerning given that some fringe parties holding casting votes in the senate have even more “comprehensive” ideas of what should be banned (gambling sites have been mentioned). While that isn’t part of the government’s proposal today, whenever infrastructure and legislation like this is put in place scope creep take place – witness the UK recent seizing of Iceland’s assets under Anti-Terror legislation during banking crisis.

I leave Australia in a few months, I may yet return, but moves like this make me less keen to.

Details of the campaign against this.