The government’s new internet “filtering” scheme based on Interpol’s blacklist may have been a victory for the connected, but it does little to advance the state of public administration or restrict the distribution of child abuse material.
Communications Minister Senator Stephen Conroy isn’t attempting to pass new internet censorship legislation — that has the potential for significant rowdiness. Instead, he’s relying on section 313 of the Telecommunications Act 1997, which requires telcos to do their best “to prevent telecommunications networks and facilities from being used in, or in relation to, the commission of offences against the laws of the Commonwealth or of the States and Territories”. Telcos must provide “such help as is reasonably necessary” for, among other things, “enforcing the criminal law and laws imposing pecuniary penalties”.
According to high-profile network engineer Mark Newton, using section 313 in this way is unprecedented — it’s always been interpreted to mean carriage service providers have to comply when a specific crime is happening, right now. And fair enough.
“Now all of a sudden section 313 means that if there is a hypothetical crime somewhere that fits this particular pattern that Conroy seems to care about, then hypothetically we’ll do something about it,” Newton said on this week’s Patch Monday podcast. “It’s almost like science fiction about pre-crime. We’re in the Minority Report land.”
David Vaile, director of the Cyberspace Law and Policy Centre at the University of New South Wales, is concerned we now have a system that relies on compliance with police directions without material having necessarily been through a classification process here in Australia. “I really think it’s just a question of either federal police or perhaps ministerial discretion about the scope of that. That would be one of the more critical interpretations,” Vaile said.
“It makes sense that there should be an obligation on carriage service providers, when they know about it, not to assist some massive criminal fraud or whatever. What’s interesting here is that it’s cast, as in many Commonwealth laws, in a really broad way that gives enforcing regulators or enforcing authorities, in this case it sounds like the federal police, potentially very broad scope.”
“If it’s not really something that’s spelled out and constrained, if it’s an open-ended discretion based very much on a non-reviewable interpretation, then it’s much harder to be comfortable that really it is just what it seems.”
But Newton suspects it won’t ever be spelled out. “What we’ve had this week is a bit of a change of interpretation that hasn’t been tested by any court, but I don’t think will be because no one’s going to object to it, because they want this to go away,” he said.
Technologically, Newton says the landscape is pretty much the same as five years ago. “There’s been very little innovation in the censorware systems space. The same vendors are pushing pretty much the same solutions, using the same techniques,” he said. What’s different is the government’s choice of blacklist.
The blacklist produced by the Australian Communications and Media Authority in response to public complaints consists of individual URLs — that is, references to individual pages on a website, or even individual images or videos.
“When you start looking at individual URLs, that means that you’re getting into the realm of having to use proxy servers and deep packet inspection and various other quite intrusive techniques to pick the URLs out of the data stream that users are sending through the ISPs, and that causes the actions that ISPs have to take to implement it to all of a sudden become very expensive, very invasive and have performance constraints,” Newton said.
By comparison, Interpol’s blacklist consists of entire domains. If any child abuse material is hosted on a domain, the whole domain gets redirected to an Interpol block page. It’s something ISPs can do without spending any money.
“Because it’s just a list of domains, what [ISPs] need to do can be implemented just by editing configuration files in their DNS resolvers,” Newton said.
DNS resolvers are the computers that translate an internet domain like crikey.com.au into a numerical internet protocol (IP) address like 220.127.116.11, which can then be used to route the traffic. When users’ computers look up one of the 1400 blocked domains, their ISP’s DNS resolvers simply hand back the IP address of a computer containing Interpol’s block message rather than the “correct” address. The procedure is called “DNS poisoning”.
Your humble scribe, a network administrator with far less skill than Newton, can confirm that setting up such an arrangement is trivial work. He can also confirm it’s trivial to bypass — internet users can choose another, non-poisoned, DNS server just by typing its IP address into their own computer’s network configuration.
This was proven when Italy tried a similar scheme to prevent Italians accessing unlicensed offshore gambling sites. Within a week or so, six million Italians switched to Google’s DNS.
So what’s left is the political victory. Conroy can say the problem has been solved. For now.