(This post is based on a piece first published in Business Spectator).
In a recent online article (http://www.thepunch.com.au/articles/dont-believe-the-myths-on-the-isp-filter/), Senator Conroy took on his critics regarding the current Australian Government mandatory Internet censorship policy.
I feel that its important to highlight some of his statements, and then provide some analysis of each of them.
I’ll quote from the opinion piece, and respond to each quotation, in turn:
1) “we have never said ISP-level filtering alone would help fight child pornography or keep children safe online”
Unfortunately, ISP-level filtering will not help fight child pornography (at all) and it will not keep children safe online (at all).
The reason it will not help fight child pornography is that the online dissemination of such material occurs between adults who do not generally use web pages to share material, and who will also routinely use encryption, proxy servers and VPN servers to hide the relevant material while in transit.
In addition, the intended policy is such that filtering is only to be applied when there is a complaint made.
Those trading in this material are hardly likely to file a complaint about it!
The reasons why it will not keep children safe online are these:
- Children do not seek such material (hence the filter is irrelevant to them). The filter does not protect children in this sense at all.
- This material does not simply ‘leap out at them’ unbidden, it has to be actively sought out by searching for it
- Content deemed ‘RC’ by the Government and listed in the mandatory filter is not the same as material that may be ‘offensive’ to children (or adults!) or ‘unsafe’ for them to view in general; and
- Adults who seek to interact in illegal ways with children will use vectors completely outside of the operation of the web page filter (such as chat rooms, social media sites, and BitTorrent file exchanges) to do so.
The filter will not (and is not intended to) block ‘offensive’, R-rated (or even MA15+ rated) content, despite a widely held public misconception that this is its purpose. This misconception is driven by statements such as the one quoted here!.
Fact: ISP-level mandatory filtering will do nothing, at all, toward the stated aims of fighting child pornography or keeping children safe online.
2) (Regarding Restricted Classification material) “you cannot watch it on a DVD”
Alas, you can indeed watch it on a DVD. Simply declaring it to be illegal does not make it go away.
The DVD is an object that physically carries content, and that object be transported via the national or international postal service from any street address in the world, without limitation. There is no ‘mandatory filtering’ applicable here. And hence no precedent to justify it in the online world.
There is also a clear irony here, given that Canberra (the source of this filtering policy) is also the primary vector for the sale and posting (on DVD) of video material that is illegal to sell in other states. Despite this fact, the postal service is not expected to open (and view!) every DVD that is mailed around the country. Nor should it be.
Fact: DVD’s and books containing RC material do actually exist on DVD (and similar media) in Australia today, despite existing policy banning them.
Somehow, Australian society remains intact anyway.
I am not arguing against the laws about RC material in general. I’m arguing that mandatory Internet content filtering is of zero effect in terms of supporting those laws.
I’m arguing the proposition that existing laws magically block DVD’s from being sent through the postal service is as wrong as the proposition that mandatory URL based web page filtering will have any impact at all in terms of stopping the transmission of RC material via the Internet.
As always, the way to police illegal material moving through the Internet is through police work. This is, of necessity, concentrated at the endpoints – at the ultimate sources and the ultimate consumption points – of that content.
The intermediate transport network, whether the postal service or an Internet service provider, is neither an effective, or an appropriate, choke point to use, in lieu of doing the hard work of policing the bad stuff, the hard way. The mandatory filter policy is an attempted shortcut that just does not work.
3) “Refused Classification material is not available on Australian hosted websites.”
Alas, yes, it is available on Australian hosted websites.
The current regime relies on public complaint and ‘take down’ notices to cause the removal of content from Australian hosted websites.
If there is no compliant, then there is no take-down notice.
The regime doesn’t work now (and yet the policy we currently face involves blindly extending that ineffective policy as if it does work).
It is critical to appreciate that the filter proposed will only apply to un-encrypted conventional web pages, using ‘URL based filtering’, despite most video content (RC or otherwise) in Australia being transported across the Internet through other means; These other transport methods are not proposed to be filtered at all.
It's as if the policy was to erect roadblocks on highways and declare victory, while ignoring the sure knowledge that the criminals being sought are flying overhead in private planes.
Fact: Bad stuff is out there now, and this policy won’t make any difference to that situation, whatsoever, other creating a false sense of security.
4) “The Refused Classification Content list cannot be made public because if it was, it would simply be a catalogue to direct people to specific URLs that are Refused Classification. “
Publishing the titles of banned books and DVD’s is considered to be a fair and reasonable part of transparency in the operation of government. After all, we need to know what the government has decided that we can’t read, don’t we? Or else how can we object if they go too far?
And yet, the government have argued that publishing banned URL’s is different, because consumers can use the URL to look up the content itself – that it is more than merely the ‘title’ of the work concerned. So we are asked to just ‘trust them’ and allow this list to be secret.
It is impossible to avoid the logical fallacy here!
If the ISP filter worked, then the list of filtered URLs would be safe to publish in public… because if the filter worked, nobody could access the linked content!
Fact: The government doesn’t even believe that technical filtering of Internet content works (or, surely, they’d be happy to publish the banned URL list because it’d be safe to do so, because… the filter works, right?)
5) “High traffic sites like YouTube and Facebook are not included in the policy, however, it should be noted that these sites have their own policies “
“High Traffic Sites” are precisely the places where consumers are the most likely to come across ‘bad’ content or ‘bad’ people. And yet – the more popular a site is, the less likely it is that the government will attempt to mandate filtering for that site…!
The government doesn’t control the policies of these overseas owned and hosted sites, so if their policies happen to change (or don’t turn out to suit the agenda of the Australian Government after all)… then what? Wave our hands about and say ’sorry, too hard!’?
Fact: The government is prepared to ignore its own stated policy goal (the mandatory filtering of web sites) anywhere that it is ‘just too hard’ to do so. Not only by ignoring non-web based content, but by deliberately ignoring big web sites just because … they’re big! Huh?
(The definition of ‘too big’ seems, itself, to be highly rubbery – who decides a web site is ‘too big to filter’ – and by what logic is a large site safer to ignore than a smaller one?)
6) “The Government understands there is no one-size-fits-all approach when it comes to cyber safety and that’s why we have a comprehensive policy covering education, law enforcement, research and technical-based solutions.”
Technical filtering simply does not achieve the stated policy goals stated for its existence. It just does not work!
There is no escaping this. This isn’t a matter of rubbishing technical experts and claiming they’re just not smart enough programmers.
You can’t make a computer program modify social behaviour, and you can’t stop people using a VPN server or a proxy server to trivially bypass URL based web page filtering.
Once traffic is moving in a VPN connection, it is impossible to tell whether it is good or bad, and it is therefore impossible to filter it without filtering legitimate content as well.
The point is that VPN servers are not themselves good or bad – they are just transport mechanisms.
The government doesn’t argue against the ‘trivial circumvention’ argument because there is no argument against it.
Fact: Technically-based ’solutions’ to limiting ‘bad stuff’ on the Internet are trivial to circumvent, circumvention cannot itself be avoided without closing down the entire Internet, and accordingly mandatory web page filtering just doesn’t work.
The bottom line:
Internet Service Providers transport information. Like the postal service, their onus is to move that information without editing it or reading every packet that moves through their transport corridors in order to apply a moral judgement to it.
The postal service is protected by being deemed a ‘common carrier’. This is precisely the protection that the Internet Industry deserves to do its job as well.
The use of retail Internet Service Providers as a convenient ’soft target’ in government content policy is as lazy as it is ultimately useless.
The greatest risk in the implementation of technical ’solutions’ such as this one is that parents are at risk of believing that they actually work, and absolving themselves of the responsibility that they have (and that need to have) to monitor the use their children make of digital media in general (and the Internet in particular).
Finally, there is an obvious question here, given all of these facts:
How is the government going to ’sell’ the outcome here, once it been forced upon Australian society?
- Will they make the false statement that it actually achieved anything?
- Will they make the true statement that they’ve just spent a lot of money (and most likely passed on to consumers) to achieve nothing at all, and that anyone’s kid can type ‘VPN server’ into Google and un-stoppably bypass the filter within ten minutes (including time to grab a drink from the ‘fridge)?
Either way, given the facts I have noted here, it is clear that mandatory URL level web page filtering actually harms society (through creating a false sense of security) and that it has no positive impact toward the claimed aims of the policy.
Take the money allocated to the technical path and distribute it across the other (laudible) goals of the overall cyber safety policy of the government, and we’ll all be in a better place.
Mandatory URL based web filtering is an expensive sleight of hand that simply does not achieve the stated policy goals that are being used to justify its imposition.
This post is the personal opinion of the author. It is not the official policy of his employer. The policy of his employer (and all ISPs in Australia) is simply to obey the law. Accordingly, if this policy becomes law, then it will be implemented by ISPs in Australia: Not because they agree with it, but because they clearly are not being given a choice – just as for Internet users in general. Thats what ‘mandatory’ means.
- CEO Fraud: A First Hand Encounter Centrify CEO Tom Kemp reveals his own 'CEO Fraud' experience of social engineering aiming to scam his company's cash. I have been seeing increasing number of article...
- ‘House of cards’ falls to immutable wisdom I declare, I have seen the light although I was mired in doubt to start with. What held me back from accepting the cloud into my life was fear - the terror of losing control. It ...
- Bad habits are worse than bad guys in IT security IT security is at greater risk from the bad habits of system administrators than from bad guys actually hacking into infrastructure warns Centrify Asia-Pacific Regional Director Ma...
- The Upside of Heartbleed The Heartbleed bug has generated a lot of catastrophic commentary and reverberating repercussions since it was publicly disclosed on April 7. ‘Catastrophic’ is the rig...