The voluntary filtering being introduced by some of Australia's major internet service providers (ISPs) is on shaky legal ground. Blocking access to blacklisted websites could even be a crime. Since July 1, Telstra, Optus and some smaller member ISPs of the Internet Industry Association (IIA) have been introducing content filters based on Interpol's blacklist of child exploitation material rather than the relevant portions of the blacklist that  continues to be compiled by the Australian Communications and Media Authority (ACMA). This was Communication Minister Stephen Conroy's strategy. The ISPs filter out kiddie-nasties voluntarily, at least in the short term. He's seemingly not fussed that it's a different list. Meanwhile, the Australian Law Reform Commission is reviewing the entire content classification system. The government will eventually incorporate that review into laws to implement Labor's still-unchanged policy for more comprehensive internet censorship. The nod-wink-handshake was politically expedient. It got things in motion without having to squeeze tough internet censorship laws through a constipated Senate. (Blame Greens Senator Scott Ludlam for that mental image.) Existing laws have been re-purposed, perhaps stretched to the point of fissure. (Blame me for that one.) The IIA has said the filter would be part of its forthcoming voluntary industry code. No new laws were needed because ISPs were installing the filters "in accordance with a legal request for assistance" under s313 of the Telecommunications Act. Presumably ISPs believe, or hope, that by responding to a "legal request" by police under s313(3) and something goes pear-shaped they'll be covered by the immunity provisions in s313(5). "The IIA's use of the term 'legal request' in their media release of June 27, 2011 appears (in the writer's opinion) designed to either exaggerate and/or mislead readers (members of the public, including some journalists, etc.) about the extent of police powers under s313," writes Irene Graham in a comprehensive 7000-word analysis at Libertus.net. These "legal requests", writes Graham, refer to the fact that police can request, and the telcos be required to give, "such help as is reasonably necessary" for the "purpose" of "enforcing the criminal law" and other specified types of laws. Requests have usually been for phone call records, call traces, telecommunications services and technical advice for investigators or, in limited circumstances, cutting off a service. Blocking access to websites takes us into new territory. "There is potentially or possibly an argument that the actual filtering of the Interpol blacklist itself could under the Commonwealth Criminal Code Act constitute an impairment of an electronic communication, which could actually be a criminal offence," said Peter Black, QUT internet law lecturer, on the Patch Monday podcast. It's s477(3). Maximum penalty 10 years in prison. The Telecommunication Act's s313(5) provisions only protect ISPs and other carriage providers from civil action. And the internet filters might not actually be "authorised" in law. "Note: s476.2(4) states that a person is entitled to cause impairment of electronic communication when that is done under a warrant issued under the law of the Commonwealth, a state or a territory. However, there is no exception for impairment that occurs in response to a mere request for 'help' by police or anyone else," Graham writes. If the criminals hack some examplecorp.com and serve illegal material from an obscure location, the entire website is blacked out. It's quite likely that the majority of accesses being blocked would have been to legitimate content. There's plenty of scope for collateral damage. Mark Riley is chief technology officer at ContentKeeper. Its business is content filtering. He likes domain-wide blocking. "If a hosting provider is a bit recalcitrant about taking content down, and they leave content that is known to be inappropriate up, they will then be put on the list, and amazingly, within minutes the actual content will be removed." Riley told ZDNet Australia. "Having that amount of leverage over a hosting provider seems to have very, very positive outcomes." Erm, due process? "That does sound a little bit troubling," Black said. "Hopefully if Australia does go down the path of using this Interpol list more broadly we can have some sway and influence over how that list operates. "Ultimately, I think this is more an interesting academic question because I think it can easily be solved by one of two ways," he said. Parliament could pass some quite simple amendments to legislation. Or the ISPs could just adjust the terms of service with their customers. "As long as the terms of service allow the ISP to do this, then this whole complicated legal question goes away, and it is very easy for the ISPs to change their terms of service." But is that the way we make laws? We just leave the commercial sector to do its own thing?