Skip to content

Monday, 23 March 2009

Yet another ACMA internet blacklist springs a leak

Stilgherrian writes:

The war of the leaking internet blacklists escalates. As Crikey reported on Friday, Senator Stephen Conroy reckons a list published the previous day by Wikileaks and dated August 2008 was not the ACMA blacklist of banned internet content — though “there are some common URLs [specific web addresses]”. Late Friday night, Wikileaks responded by publishing more recent blacklists, including one dated 18 March 2009, and threatening Conroy with legal action.

A URL I believed to be prohibited content and submitted to ACMA this year for further investigation is included on this list,” says anti-censorship campaigner Michael Meloni.

Wikileaks also published instructions for obtaining the blacklist by downloading the free trial of certain internet filtering software  — one of the Internet Industry Association’s Family Friendly Filters and one of those provided free to (a few) Australian families by the Howard government’s now defunct NetAlert scheme. Provided you’re reasonably tech-savvy, you can extract a list of URLs with the rather unambiguous name “Websites_ACMA.txt”. Depending on which version of the software you download, you get the August 2008 list as published, or something similar containing more recent material.

While Crikey hasn’t tried the procedure, there are reports that it works as advertised. At least it did until Friday, when the filter-maker posted a new version of their software  — one that’s no longer vulnerable to the published trick.

Wikileaks has since gone offline, overloaded by the global interest. Speculation that it was forced offline by government attack or other interference is probably best left to the tinfoil hat brigade.

Before they disappeared, the Swedish-based Wikileaks warned off Senator Conroy with threats of legal action:

Under the Swedish Constitution’s Press Freedom Act, the right of a confidential press source to anonymity is protected, and criminal penalties apply to anyone acting to breach that right… Should the Senator or anyone else attempt to discover our source we will refer the matter to the Constitutional Police for prosecution, and if necessary, ask that the Senator and anyone else involved be extradited to face justice for breaching fundamental rights.

Senator Conroy may wish to consider the position of the South African Competition Commission, which decided to cancel its own high profile leak investigation in January after being advised of the legal ramifications of interfering with Sunshine Press sources.

Crikey asked Senator Conroy’s office whether this newly-leaked list was the ACMA blacklist, but they were unable to comment by our deadline this morning.

However, they have pointed out that the figure of 10,000 URLs mentioned in Friday’s story is not the “planned” size of an expanded ACMA blacklist.

Concerns have been raised that filtering a blacklist beyond 10,000 unique addresses may result in network performance issues,” says the DBCDE documentation on the filter trials. The current trials include a lab test of the impact of a list that size.

Senator Conroy has also said that it was never the government’s intention to block all of the ACMA’s blacklist with the mandatory filter.

The Government has indicated an interest in using ISP-level filtering technology to block URLs that display content that is Refused Classification under the Broadcasting Services Act 1992, including child s-xual abuse imagery, bestiality, s-xual violence, detailed instruction in crime, violence or drug use and/or material that advocates the doing of a terrorist act,” he said on Thursday.

However that doesn’t match a list of seven statements made by the Minister or Government from November 2007 to 5 March 2009, making clear their intention to mandate blocking of “prohibited content” on the ACMA blacklist. Not a sub-set of it. Revisionism? Surely not.

11 Comments

  1. John
    Posted Monday, 23 March 2009 at 7:50 pm | Permalink

    Oh please! Is it true that the nasty-bad URL list had been available, in the clear, via a simple txt file?

    Websites_ACMA.txt”.

    FAIL

  2. Bob Dean
    Posted Monday, 23 March 2009 at 4:56 pm | Permalink

    It will be interesting if someone does take a libel action against the government for mistakenly including their innocent website in a list of banned sites. Afterall-Conroy and that strange person from ChildWise are both on record accusing anyone who opposes them of aiding child porn merchants.

    The UK Press Gazette reports that the European Court has nixed an attempt to put a time limit on internet libel-so a person could sue years after something is published on the web-and in the UK where libel actions are more profitable.

    Some people should think before they lash out at those who don’t agre with them.

  3. CTA
    Posted Tuesday, 24 March 2009 at 11:58 am | Permalink

    The full list can be found here.

    http://wikileaks.org/leak/acma-secret-blacklist-18-mar-2009.txt

  4. Andrew P
    Posted Monday, 23 March 2009 at 3:27 pm | Permalink

    I am not one of the technorati so I don’t know whether the patented ped-away! device will work. But I am pretty sure that the majority of Australians distrust any secret list held by the government, and that Kevin will tolerate about 0.00 actual degrees of political pain in defence of this ridiculous double-speak. So I’ll bet the only thing this is going to block when it is turned on, is the parliamentary ambitions of the good Sen Conroy.

  5. Les Bursill
    Posted Monday, 23 March 2009 at 7:29 pm | Permalink

    WTF Can’t Conroy get it in his head. We are in charge and we don’t want his crappy filter. Please Mr Conroy Sir, Minister, snivel snivel GO AWAY with the filter.

  6. mike smith
    Posted Monday, 23 March 2009 at 5:11 pm | Permalink

    Edel, the problem with encrypting the list at the government end, and then decrypting it at the ISP end, is that the decrypting key must exist at the ISP end. That’s a weakness that you can’t overcome. All the “security by obscurity” will not get over that :)

  7. Joel B1
    Posted Wednesday, 25 March 2009 at 8:48 pm | Permalink

    And if wikileaks isn’t working (like last week mysteriously) try mininova…

    approx 1900 downloads with 34 seeds and 97 leeches as of now.

  8. Edel
    Posted Monday, 23 March 2009 at 4:20 pm | Permalink

    Lists can be securely managed and sent, as long as you have control of the apps working at both ends. Past and current ACMA list management practices and procedures do not support or allow a secure delivery at this time, but they might wise up and specify standardized filtering apps at all ISPs. The list would then not be visible to any ISP staff, and the NetAlert processes obviously also need changing. Now that was a product of the Howard government’s obtuse handing of NetAlert…

    There are organizations that securely send files to thousands of remote sites on a daily basis. The problem there is not the list, it is not inherently insecure due to it’s contents, the issue is the procedure and lack of a fundamental secure transfer and storage process.

    I think you may want to reconsider whether governments should maintain lists of objectionable material for the purpose of identifying, filtering and controlling access to those sites Mark… How else could they pragmatically do that? Who else could? Would you leave that to a filtering vendor??

    As for the dentist, he has at least gained in visibility and media exposure… Has it been confirmed if his site was on the ACMA list or was it a filtering vendor add-on? There is a difference…

  9. Joel B1
    Posted Monday, 23 March 2009 at 5:29 pm | Permalink

    mininova is a great P2P site. No p-rn, just family-friendly stuff.

    some 1800 downloads…

  10. Mark Newton
    Posted Monday, 23 March 2009 at 2:55 pm | Permalink

    Ok, so let me get this straight:

    The Minister’s response to empirical evidence that the ACMA blacklist contains gazillions of perfectly legal websites is to say “it was never the Government’s intention to block all of the ACMA’s blacklist with the mandatory filter.”

    (interesting use of language: It seems like only yesterday that he said, “there has never been any suggestion that the Australian Government would seek to block political content” — I think that was on the same day that we found out ACMA had blacklisted part of an anti-abortion site. But I degress…)

    So lets take the Minister at his new word: Eurasia has always been at war with Eastasia. Lets assume that the Government has no intention to block all of ACMA’s blacklist with mandatory censorware, and that the only content they wish to block is the stuff that’s so illegal and offensive that it makes your eyes bleed and causes curdling of the milk in your coffee.

    So that means ACMA will need to maintain a SECOND blacklist: There’s the original one they maintain now, the one with the dentists, tour opperators, Betfair and the tuck shop association; and another one which is the Worst Of The Worst.

    How long do you think it’ll be ‘til that one leaks?

    Surely the Govt has their eyes open to the risk now, given all the water under the bridge over the last few days. They can’t seriously expect anyone to believe that a _new_ blacklist will be any more secure than the old, especially when it needs to be distributed to 700 ISPs instead of a dozen censorware vendors.

    My question is simple: Why is the Government in the business of maintaining pornography databases in the first place? Plenty of other Governments don’t, so why does ours? Does the ALP still expect anyone to believe that they’re serving some kind of public interest by maintaining this charade?

    - mark

  11. Bob Dean
    Posted Monday, 23 March 2009 at 5:05 pm | Permalink

    Edel-who censors the censor then ? If these sites are so harmful then why won’t a public servant or policeman be corrupted by them ?. An unholy mess.