The Australian government has said it will ensure departments know what they’re doing before allowing them to order internet service providers to censor the internet.
Under section 313 of the Telecommunications Act, agencies have the power to compel internet service providers to block websites. This little-known power attracted attention in mid-2013 when the Australian Securities and Investments Commission (ASIC) accidentally blocked 250,000 websites, most of them innocuous, when seeking to block websites associated with investment fraud.
Subsequently, the government has admitted this power has been used by the Australian Federal Police — mainly to block child abuse websites — and one other national security agency. Last year, then-communications minister Malcolm Turnbull established a parliamentary inquiry into the matter, during which ASIC admitted its staff lacked the technical knowledge to know that requesting an ISP block one IP address could potentially lead to thousands of websites being blocked at once. Often websites use shared hosting and use the same IP address as other websites. If the IP address is blocked to stop people accessing one site, the block prevents access to all other websites sharing that IP address.
ASIC was trying to block a financial fraud website that attempts to lure people into handing over their financial information, but in the process in inadvertently blocked thousands of innocent websites, including the Melbourne Free University website.
The parliamentary committee investigating the power ultimately recommended the government establish whole-of-government guidelines for using the power, including using “stop pages” so people trying to reach blocked pages will be alerted to the fact they have been blocked and can request a review if they believe the block to be in error. The committee also recommended that the agencies asking for sites to be blocked have the requisite level of technical expertise required to carry out the block.
In the government’s response, tabled in parliament this week, the government accepted both recommendations, stating the new guidelines to be developed by the Department of Communications and the Arts will “include measures to improve transparency and accountability, including minimum requirements and recommended procedures for agencies to follow”.
These guidelines will also require agencies to have technical expertise, or access to technical expertise, to advise on site blocking.
Apart from that, government agencies will continue to have the ability to compel ISPs to block websites. The previously secret use of section 313 to block websites was labelled as a “defacto internet filter” by the digital policy group representing companies like Google and Facebook.
Telecommunications industry lobby group the Communications Alliance this month has also warned the government to carefully consider whether to use section 313 to require ISPs to block offshore gambling websites. ISPs are not currently required to block overseas gambling websites, but the group has advised the Department of Social Services in its review into illegal offshore wagering that forcing ISP to block the websites could have unintended consequences as witnessed in the ASIC incident:
“The use of blocking to achieve social policy outcomes is problematic. Site blocking in general is a relatively blunt tool and has the potential to extend outside original intentions.”
The alliance also warned that any such blocks could be easily circumvented using virtual private network (VPN) services.
The use of section 313 to block websites is separate from the legislation passed in June that allows copyright owners to seek court orders to require ISPs to block piracy websites.