Filter Vendor Agrees Aussie Censorship Can't Work As Promised 143
Acidspew writes "The Australian Government's plan to filter the Internet has caused furore and has been met with vehement objection. Many people have put their opinions forward regarding this matter, but this time around, M86 Security — the vendor that provided many ISPs equipment during the initial filter trials — has finally weighed in on the discussion. Six of the nine ISP participants in the URL-based Internet filter trial last year used M86's R3000 filtering kit. According to ARN: 'Internet filtering won't prevent people deliberately looking for inappropriate material from accessing blocked content, according to security vendor M86 Security.' The company continues by saying its filter gear was designed to be implemented into schools and enterprise businesses, not for an entire country. The article also touches on M86's views on censorship."
Re:Confusion (Score:5, Informative)
As someone who used to work in a filtering company...
The point of a filter to nanny kids is not to stop kids finding porn. It's to stop them wasting their time in school using sites like Facebook, MySpace, etc. This kind of nannying is also useful for keeping an eye on your employees and making sure they don't spend all day on Facebook. Quotas can be enforced, access patterns allowing certain sites during certain times can be configured.
The filter does a reasonable job of ensuring things like Google's safe search are always forced to on and stopping users accidentally stumbling on things they shouldn't. We had filter categories like 'porn', 'hate speech' and 'terrorism' which could be used to block a fair amount of stuff but that kind of automated decision making is not perfect and stuff slips through - even without a sufficiently determined attacker trying. It's just not possible to automatically block everything bad. The more accurate your automated blocking, the more intensive the CPU and memory requirements.
It is possible, and reasonably cheap to block access to a number of known bad URLs. This is only possible if the blocker also controls the gateway firewall and only allows HTTP traffic to pass through it. If any other traffic is allowed to pass through the gateway we have immediate back doors (SSL, VPNs, SSH tunnels, TOR, etc) available to us.
SSL-based traffic can be snooped with an intermediate key, but you also need to get a wildcard certificate to match. That's been proven fairly easy to do. If you control all machines behind your filter you can also have them trust your dodgy CA and issue your own certificate. What's interesting enough is that most users simply click away at SSL warnings until they get to the site anyway. No matter how annoying the browser is about it users just want their content.
I see the most serious point of contention here is that people's banking and other fairly personal details will be inside the filter/proxy UNENCRYPTED. This means that a 3rd party has access to that and if the system is exploited so does any number of evil parties. I lost interest when I stopped being in the industry to an extent, but Conroy had initially wanted to disect SSL traffic as well. Did he go ahead with that requirement?
Censorship on a whole country level is silly idea; there's too many back doors unless the country wants to restrict information flow to HTTP-only, which would have a devastating effect on the Internet. Even China isn't that strict and there exist dissidents who use technology to get around the Internet filters there.
Re:highly unusual (Score:3, Informative)
I think it is (b).
Two alternative news media websites were blocked accidentally:
Thankfully, this draconian measure does not effect all internet users in New Zealand however. It appears to be confined to those whose internet server providers, (ISPs), use Asia Netcom for their international internet traffic. Telstraclear, Vodafone and Worldxchange Communications users are not effected, while Woosh, Orcon, Slingshot, Telecom and Ihug users are.
An avid fan of Infowars.com and a 9/11 truth activist, Jeff Mitchell, reported on Saturday that he contacted his ISP, Orcon, to establish what was causing the block, and was advised by a computer technician who did a traceroute, that the break in traffic to the two websites was found to be occurring at Asia Netcom's router in Sydney.
Since many countries use and share satellite uplinks/downlinks for communication as well as underground fibre-optic cables, and that these are split into private networks for corporations, it makes enforcing filters that bit more trick. Many multi-national corporations actually have their network point of connection with the outside world through their corporate headquarters, rather than through local connections. That makes the enforcement of security policy far simpler. Long distance communication companies do the same as well. So applying filtering at one router is going to affect a whole load of countries at the same time. They would have to split up the IP addresses according to country and then filter them using individual routers.
Re:Keep up the pressure (Score:4, Informative)
Well, let's take the usual example of child pornography. This material is clearly illegal under current Australian law, and as such it's a criminal offence to produce, possess or distribute it.
So if that material is blocked, that's "blocking illegal material". It's censorship, yes, but if the process is subject to public oversight, no big deal - so long as a process exists by which it can be guaranteed that all the material that is blocked is illegal, there's no big deal, it's just a government enforcing the law.
Now if material is "refused classification", that's slightly different. That then becomes a matter of state law - in some states, it's illegal to possess, whilst in others it's only illegal to sell. For instance, if a resident of Western Australia were to possess an uncensored copy of Left 4 Dead 2, that would be illegal, whilst the same act is legal here in New South Wales.
This IS censorship, and the whole idea of refusing a work classification is offensive. This is material which hasn't broken any laws, but which has been deemed offensive by a review board. For films, this isn't a problem - there's an X18+ classification which covers anything which is offensive but not illegal (well, usually. Some of our laws are pretty vague). But notably, games don't have such a rating, so we can't have Left 4 Dead 2, or any game which mentions the name of real drugs, or any number of other things (Aliens Vs Predator was recently refused classification here, but, for the first time in nearly 2 years, won an appeal on the grounds that the violence was justified within the fantastical Science Fiction setting).
The whole system is riddled with problems. Material which is offensive but not sexual in nature (ie. violence) can be awarded R18+. Material which is offensive but not violent in nature (ie. porn) can be awarded X18+. Material which happens to be both (ie. porn with a plot), even if the violence is not of an offensive nature, is eligible for neither classification.
Re:XS4ALL (Score:3, Informative)
I've made a translation based upon your link of the page I link to:
Position of XS4ALL on (il)legal downloading:
Now everyone has access to a broadband Internet connection, consumers changed how they interact with entertainment, music and movies because they themselves can now download and watch whenever and wherever they want. Because the entertainment industry still has not sufficiently adapted to the changes that the Internet brings, many consumers download without paying. To prevent this, there are people calling for ISPs to enforce automatic tracking software to inspect and filter al the contents of Internet and email traffic of their customers. Every citizen on the Internet would get permanent control of a police-type robot and to who is not compliant, the Internet would be closed.
Artists have a natural right to compensation for their work, but it is highly undesirable to require ISPs to take on a role of law enforcement and investigate any e-mail, search, or travel picture sent to their Internet customers. That would be a severe breach of fundamental rights to privacy and confidentiality of communications, information and freedom of speech.
XS4ALL therefore urges all parties in their election program to take a stand for the protection of civilians, and to force the entertainment industry to a new business model that fits the current time, instead of criminalizing citizens massively by siding with an industry who refuses to meet a real - but new - consumer demand.
To help all parties to carry the debate wisely, XS4ALL has sent information to the Houses of Parliament, the Ministries of Justice and Economic Affairs and the program committees of political parties to clarify the legal and technical risks of the current plans. The report and accompanying letter can be downloaded here.
Report [googleusercontent.com]
accompanying letter [googleusercontent.com]
Re:Keep up the pressure (Score:2, Informative)
Now if material is "refused classification", that's slightly different. That then becomes a matter of state law
Not just state law. The Classification Board and Classification Review Board act under the aegis of the Federal Attorney General's Dept. But yes, the states are free to enact their own control regimes.
This IS censorship, and the whole idea of refusing a work classification is offensive. This is material which hasn't broken any laws, but which has been deemed offensive by a review board.
Not so. The refusal of classification has to be made on strictly legal grounds. Either the material has broken laws (by depicting violent sexuality, promoting drug use &tc.), or the decision of the Board is wrong. And the classification scheme is, as you say above, but in regard to prohibited material, "subject to public oversight." [classification.gov.au] Conroy's secret censorship proposal would (dare I still use the modal verb) not be!
Now I happen to think that the legal criteria for restriction are misguided, (I don't actually feel threatened by pot-smoking BDSMers), but that's a different question from the offensiveness of refusing classification per se.