I’m ashamed that in today’s society I have to begin this post with this paragraph but I have to nonetheless. For the record I am absolutely opposed to child pornography, bestiality, sexual violence and rape. I am abhorred that people are involved in the production and distribution of such material and I strongly feel that these people need to be brought to justice. I feel strongly that the government needs to implement measures to catch and prosecute these people and to make such material impossible to produce or distribute. I do however believe that the Mandatory Internet Filter as proposed by Steven Conroy is the wrong way to go about this.
The Internet filter, quite simply put is technically infeasible. The filter will work by directing all requests from Australian users towards a site containing RC content to a filtering device. This device then relays all requests to that site to the actual server, unless a requests is made for a blocked page, which will instead return a page indicating the site is blocked. This is similar to the way the firewall in China and other countries with a national Internet filter. This method is effective in that it is often 100% effective (which means that every page on the blocked list is blocked, with no false positives) when done right. There is a problem however, this method does not scale well. If the government were to block a page on a large site (as was attempted to Wikipedia in the UK) then the filter would not be able to handle the load. Secondly it appears to the administrators of that site that all requests are coming from a few IP adresses. This could cause Wikipedia to eventually block all Australians either because the requests will look similar to a DDOS or because they have no way to distinguish between users and need to prevent abuse. Although the filter may be 100% accurate at blocking web traffic it will not be capable of dealing with many other varieties of Internet data.
The proposed filter will only be capable of filtering standard web traffic from web browsers. The Internet consists of a large number of computers talking in any number of protocols. While web traffic is one of these there are many other ways to exchange information. This filter will not be capable of filtering email, bit torrent, edonkey, gnutella, XMPP, DDC, SSH, VPN, TOR and that is only naming a small portion. Many people caught to have been in possession of child pornography and other illegal content are found to have downloaded it via peer to peer technology. This is because standard web traffic makes it easy to trace and identify the owner, where as peer to peer traffic can be hidden much easier. Secondly web traffic can be ‘tunnelled’ or hidden inside these other protocols and this way completely bypass the filter. This means anyone with sufficient knowledge or five minutes to learn will be able to configure their PC to hide their data amongst an SSH or VPN connection. These technical arguments come from my experience as a systems Administrator, but there are other arguments not so technical.
Steven Conroy has said that the filter will only deal with RC rated content, however there is no transparency about what will be blocked. The government can’t publish a list of sites that are blocked because that will effectively give people looking for this content a list of places to find it. Without knowing what sites are being blocked we won’t know if or when the government decides that they would like to start blocking sites that are debating for or against abortion, euthanasia or any other politically sensitive topic. It may be interesting to know that the definition for RC content includes pages instructing in any crime, which would include euthanasia. A representative for Steven Conroy has specifically stated the filter won’t be filtering pages related to euthanasia but because of this broad definition it could be changed at any time and we wouldn’t know until after the material was blocked.
I am a Unix Systems Administrator, and for the reasons listed above, and more covered better by other bloggers, I am opposed to the filter proposed by Senator Steven Conroy and the Labor government. I urge my readers who are also opposed to the filter to write to your local MP, to Senator Conroy, to Tony Smith (Shadow Minister Minister for Broadband, Communications
and the Digital Economy). If all else fails and the Government does not see sense then use your vote. The filter will not work and will waste taxpayer money that could be used in many better ways.
Random Thought: Will posting instructions about how to bypass the filter be illegal?
Soz mate, but your technical description of the filter is inaccurate on several fronts.
First of all the ISPs will choose what filters they put in place, not the gov.
Second, no filters have been chosen yet.
Third, it is a URL filter system scenario, not a http filter.
So from all the filters that have not been chosen yet, which one does not handle high loads, and give a us a list of all the filters that were not tested but are still available to ISPs?
Start there, get those right and let’s see another article mate…
Good luck!
The ISP’s may decide on what filter to put in place, but ultimately the approach I outlined is the only possible way for the filter to work. The filter can either intercept all traffic and filter it (which would lead to false positives) or only filter specific traffic over the HTTP protocol by using a DNS intercept. This is practically the only approach that will come close to working for a large ISP but doesn’t even come close to scaling to an entire country. In December 2008 the UK tried to block Wikipedia[1] causing all sorts of havok for the Wikipedia administrators and UK citizens alike. It should be noted that not all UK ISPs were involved and even that small subset managed to highlight the potential failure. This is not an attack at any particular filter, but rather the whole internet filtering methodology.
Everybody nowdays tends to believe that all URLs begin with http:// but this is not the case. URLs can be used for any number of protocols[2]. For example samba (windows file sharing) URLs begin with smb://, FTP links with ftp:// and even vnc:// for VNC connection strings. While all these can be filtered, the filters proposed by the Government and tested at ENEX test labs are focused on the HTTP protocol only.
[1] http://www.techdirt.com/articles/20081207/1805293043.shtml
[2] http://en.wikipedia.org/wiki/Uniform_Resource_Locator