[LINK] ALP Net censorship policy hidden, but alive and far-reaching
Robin Whittle
rw at firstpr.com.au
Wed Aug 18 21:36:42 AEST 2010
Hi David,
Thanks very much for pointing out that I had mistakenly described the
ALP's mandatory ISP filtering policy as applying to R-rated material.
You wrote:
> The ALP is most definitely not a progressive party. It's a conservative party
> that grew out of a catholic, trade union background. It's just more progressive
> that the Liberal Party, which isn't hard, as even Menzies wouldn't recognise the
> party he created and is probably turning in his grave at what it's become.
Yes, as one Link person mentioned to me off-list:
Our options are a bunch of pathological authoritarians or a
mob of myopic misers. Which is least unfit to govern is our
melancholy duty to decide on election day. Choose your poison.
But now, on the Internet censorship issue, after what was apparently
quite an argument, the genuinely liberal people within the Coalition
won the debate. So on this issue, the ALP is clearly to the right of
the liberals in the Coalition - probably about as far right as the
Coalition right-wingers, Family First and the DLP or whatever remains
of them.
> As for the internet filter, where is there something that says it will include
> R-rated content? Everything I've seen refers to RC content. The latest is at
> http://www.abc.net.au/news/stories/2010/08/17/2985789.htm.
This is him just back-pedalling indicating the censorship won't be as
bad as people fear, because there is going to be some new kind of the
criteria for what is "RC".
The authoritative source of the policy seems to be:
http://www.alp.org.au/federal-government/news/safer-internet-families/
This mentioned RC material, as you mentioned - not R-rated. There's
no mention of what protocols the ISPs are supposed to filter.
Presumably it is TCP port 80, which is used by most websites, since
"http://xxx.yyy.zzz" tells the browser to open an HTTP session via
TCP port 80. However, "http://xxx.yyy.zzz:81" tells the browser to
do the same using TCP port 81. There are 65536 TCP ports, and a web
server could use all, or almost all of them. It is easy to configure
web servers to respond to HTTP requests on multiple TCP ports, or a
range of ports. Various other TCP port numbers are traditionally
used for other purposes:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
It is easy to make a web server respond on TCP port 30301, which is
normally used for BitTorrent. ISPs wouldn't want to have their
filtering servers trawling through the vast volumes of BitTorrent
packets, on the lookout for some which appear to be used to carry
HTTP requests and responses.
They can't very well block entire IP addresses, since a single web
server machine on a single IP address could have dozens of websites
on it, and only one of them might the one which runs foul of
Australian Internet censorship rules.
There's always HTTPS, of course, which has requests and responses
fully encrypted so no filtering box can discern their contents, or
change them - so the filtering server could only block this on an
IP-address by IP-address basis.
The page:
http://www.dbcde.gov.au/online_safety_and_security/cybersafety_plan/internet_service_provider_isp_filtering
talks about specifying the banning material by way of a URL, which
seems to indicate they are thinking of web-browser protocols - HTTP
and perhaps FTP.
The filtering trial information:
http://www.dbcde.gov.au/online_safety_and_security/cybersafety_plan/internet_service_provider_isp_filtering/isp_filtering_live_pilot
indicates on page 7 that they only attempted to block "web"
communications:
Telstra found its filtering solution was not effective in
the case of non-web based protocols such as instant messaging,
peer-to-peer or chat rooms. Enex confirms that this is also the
case for all filters presented in the pilot.
Pages 8 and 9 don't mention specific protocols, but it is safe to
assume they are dealing with HTTP, presumably on port 80. The term
"FTP" doesn't appear in the report, but it is possible to run a
website over FTP, rather than HTTP - though not quite as efficiently
and, I think, without many of the modern server-based conveniences.
I guess that would be one easy way a web server could avoid the
current filter. However, then the web-server needs its own IP
address, which they could catch with IP address blocking.
Page 20 contains some details of the blacklists:
The ACMA blacklist does not simply include top level URLs.
It is, in fact, very granular and may specify detail right
down to a particular target within a site (e.g. the actual
page listed on a site). Other jurisdictions’ blacklists
(such as New Zealand’s) contain the top level URL only, so
everything hosted on that site is considered blacklisted.
The detailed approach could turn into a vast list. The approach
which only works with the server's URL would be a blunter tool,
requiring entire sites be blocked, if only a small fraction of the
material at the site was intended to be blocked. Pages are not
necessarily static or on stable URLs so it would be easy for a site's
operators to work around the relatively fixed nature of the detailed
filtering.
Telstra attempted filtering by doctoring their DNS resolver. That is
easy to get around - just configure the PC to use some other resolver.
Page 22 indicates they want to ban particular pages on YouTube. That
will tangle them up in work in perpetuity, since new pages are added
by users at a prodigious rate. According to:
http://en.wikipedia.org/wiki/Blocking_of_YouTube
Australia would then join Brazil, the China, Indonesia, Iran,
Morocco, Pakistan, Tunisia, Turkey, Saudi Arabia, Syria, Thailand,
and the United Arab Emirates.
A non-authoritative estimate of the number of videos added per day is
200,000:
http://wiki.answers.com/Q/How_many_videos_are_there_on_YouTube
Pages 25 and 26 mention 37 methods of circumvention, and the
generally minimal ability of the filtering systems to prevent these
from being successful. "For public interest reasons" this taxpayer
funded report doesn't mention the methods.
Obviously if the user runs an encrypted VPN to a server not affected
by Australian ISP filtering, they will be unaffected by the
filtering. A vibrant industry for these services would soon pop up
if this censorship was ever implemented.
The report doesn't mention the specific filtering software, servers
etc. which were used, but it does give an overall description of
various approaches:
Hybrid pass-by filtering:
Use BGP (router protocol) to force packets being sent to
particular IP addresses to a filtering device - and then have
the device try to sort out which HTTP requests are for banned
virtual web servers, or sections of banned virtual web sites,
which are using that IP address.
This reduces the load on the filtering boxes, since requests
to any IP address not associated with banned material does
not have to go through the filtering system.
This approach to blocking doesn't appear to involve the data
coming back from the remote server - it is just a method of
intercepting requests which in some way matches the blacklist.
Pass-through deep packet inspection
From the cursory description given I guess they are only looking
at requests, but they have to look at all requests, not just
a subset as with the first approach.
Filtering via a proxy server which handles all requests and
responses
It would be very expensive and potentially slow to have such
servers handling all request and response traffic.
> Of course, you can vote for whoever you like Robin, but voting for the Coalition
> also supports a broadband network that is adequate for today, but most
> definitely not for tomorrow.
It would be great if we could have the NBN, but we can't without
spending far more than $43B. I think the ALP has been smoking
loco-weed or reading Eckhart Tolle to seriously propose, and now
start work on, a massive IT / physical infrastructure project like
this without any proper planning or cost-benefit analysis.
If you believe Senator Conroy, this NBN is going to provide 1Gbps to
each home. Yet GPON (the technology chosen for the NBN) has 2.4Gbps
downstream, to be shared between 32 or 64 homes.
The whole thing is so unprofessional and amateurish.
If you believe the ALP, all this will cost the user $30 a month. Yet
how can an ISP even run their filtering system on such large volumes
of requests or responses for that? Let alone source data over the
Pacific link from the USA?
I don't understand how anyone can regard this project as realistic.
The kindest thing you can do for the ALP is vote them out of office,
so the NBN is closed down ASAP. If this doesn't happen, the NBN will
be a millstone around the ALP's neck - and would be remembered for
decades as a glaring example of Labor empire building, wishful
thinking, grandiosity etc.
IT projects have a terrible habit of going over-budget and
over-deadline. This is a huge IT project with a physical footprint
far more extensive and labour-intensive than any other IT project in
the world. Can anyone think of such an extensive plan? Fibre to 10M
homes, offices etc.?
This NBN project didn't even have any planning or due diligence, so
it hasn't a chance of turning out as the ALP plan. Its our money
they are doing this with - it is not money pooped out by magic from
some fantastical bird.
The most important thing is to have permanent Internet connectivity -
via whatever means which doesn't involve phone calls. DSL, 3G
wireless and for the truly remote, geostationary satellite are all fine.
The benefit of fibre is to allow 10Mbps and perhaps 100Mbps
downstream, with somewhat lower upstream rates, which wireless and
satellite can't do. That is only of benefit to most people if they
watching videos - or perhaps if they are generating video material in
real-time for sale. I think the e-health stuff, with specialists
examining patients via high quality video link is primarily BS.
Voting for the ALP won't make the NBN come true. The costs of
running all that fibre all over the country, with new ducting,
directional boring etc. installing fibre to homes and inside the
homes etc. are way beyond $4000 a home. Most homes don't want or
need the speed, so the whole thing would be built, and the take-up
would be relatively small if not for the government's
anti-competitive actions of forcing (with taxpayer funded payment)
Telstra to abandon its copper network wherever the NBN is installed,
and to not allow its HFC system to be used for Internet access.
I wish we could all have Gigabit fibre. But we can't without far
more expense than the country can bear. Even if we had the money, I
would argue most of it best spent not on video-speed broadband, but
on education, preventive health, health in general and especially to
develop and install vast systems of overnight heat-storage, 24 hour a
day generating, solar thermal power stations. That is the only hope
we have of reducing our very high carbon-dioxide output. A look at a
global chart of insolation:
http://en.wikipedia.org/wiki/File:Insolation.png
shows that Central and Northern Australia is the best place for solar
power, short of the Sahara and the Arabian Peninsula.
I will post corrections to what I wrote on these ALP pages:
http://alp.org.au/blogs/alp-blog/july-2010/together,-let-s-move-australia-forward/
http://www.alp.org.au/blogs/alp-blog/august-2010/help-spread-the-facts---national-broadband-network/
about my "R rated or beyond" mistake. But please check the quotes I
point to in my previous message. They are here:
http://mailman.anu.edu.au/pipermail/link/2010-August/089091.html
and indicate that Craig Emerson intends mandatory filtering to
protect children from seeing things they shouldn't. Both he and the
PM refer to preventing people seeing things which are "wrong".
Indeed it is a conservative, socially controlling, party.
Below is the correction I posted to one page. I posted a brief
correction to the other page, with a link to the first.
- Robin
I was mistaken to state that the ALP Internet censorship policy
applies to R-rated material. It applies to "Refused Classification"
(RC) material
(http://www.ag.gov.au/www/agd/agd.nsf/Page/Classificationpolicy_Classificationlegislation),
the full description of which is too long to quote here. The RC
criteria includes "Detailed instruction or promotion in matters of
crime or violence." - which would seem to include military,
self-defence or boxing instructions.
So if there is a discussion forum on euthanasia, and someone posts
instructions to it on how to commit suicide, then the forum could be
classified RC, with the result that all ISPs would be required to
block access to the forum. Likewise any generally non-RC site which
someone contains even a little RC material.
The ALP's policy has changed quite a lot, as Irene Graham points out:
http://mailman.anu.edu.au/pipermail/link/2010-August/089117.html .
She wrote: "From mid 2008 to mid Dec 2009, there was absolutely no
doubt that the ALP's policy plan was to mandatorily require ISPs to
block adults' access to some MA15+, and all R18+ and X18+ material."
- which is the source of my mistake.
Internet communications involve much more than the equivalent of
watching movies or reading magazines. The Net supports two-way and
group discussions of all sorts of matters, privately and in public.
Government's don't usually regulate private conversations, including
those which take place by phone or by letters in the postal system.
The Net is like the postal system - extremely flexible and used for
all sorts of public and private purposes, far more than any one
person or organisation could understand or anticipate.
The trial of the filtering system worked only with websites (HTTP and
HTTPS). However there's nothing in the ALP's policy which limits it
to HTTP traffic. The policy could just as easily be applied to FTP,
streaming media, peer-to-peer file sharing, instant messenger, email
and voice and video conferencing.
So many of our important private, group and public discussion occur
via the Net. We shouldn't vote in a party with a policy of censoring
our Internet communications.
More information about the Link
mailing list