[LINK] EFF: 'Aust Networks Censor Community Ed Website'

Roger Clarke Roger.Clarke at xamax.com.au
Fri Apr 12 07:58:57 AEST 2013 

[EFF has drawn attention to the blockage of an IP-address by at least 
AAPT, and possibly some other ISPs.

[The domain that complained, http://melbournefreeuniversity.org/, 
resolves to 198.136.54.104, which is operated by active.host-care.com 
in the US.

[I use TPG.  At 06:55 I could access the site, and at 07:55 I can't.

[I wonder which ISPs are blocking it.

[Is it an intentional blockage driven by ACMA, ASIC or a law 
enforcement agency?  Is it a cock-up?  Is it a promotional stunt by 
the domain concerned? (Well, you have to consider *all* the 
alternatives).

[If it's intentional, which of the multiple users of the IP-address 
is the target?  And on what legal basis has an instruction been 
given, or a request acceded to?]


Australian Networks Censor Community Education Website
DANNY O'BRIEN AND EVA GALPERIN AND PETER ECKERSLEY
Electronic Frontier Foundation
APRIL 11, 2013
https://www.eff.org/deeplinks/2013/04/australian-networks-censor-community-education-site

EFF has long opposed Australia's Internet censorship schemes, warning 
that even the voluntary filtering that has been implemented by 
Australia's largest ISPs, Telstra and Optus, lacks transparency and 
accountability, and could lead to collateral damage--accidental 
censorship of websites that are not violating the law in any way.  A 
dramatic example of such collateral damage appears to be occuring at 
the moment.

EFF was recently contacted by the organisers of a community group 
called the Melbourne Free University (MFU) because their site appears 
to have been blocked or censored by Australian network operators, 
possibly at the request of the Australian government.

Users from some (but not all) Australian ISPs have been unable to 
reach the Melbourne Free University site since Thursday the 4th of 
April. An employee of one of the affected ISPs told MFU  by email 
that the site was blocked as a result of an order from the Australian 
government, but was unable to say more. Research by EFF and MFU, and 
discussion amongst Australian network operators, confirms that the IP 
address has been black holed by a number of Australian ISPs, 
preventing access to more than 1,200 websites including the Melbourne 
Free University (multiple websites sharing a single IP address is 
common due to virtual hosting).

The causes for the block are currently unknown. Speculation by the 
Australian networking community has included criminal investigations, 
action by ASIC, or DDOS mitigation. Unusually, a representative of 
one of the blackholing ISPs, AAPT, would only state that "in regard 
to this issue, this IP address has been blocked". Under conditions 
where the cause was to protect the functioning of the Internet, such 
as to combat a denial-of-service attack, one would expect the ISP to 
clearly describe the reasons for the temporary filter to better 
assist other network operators. It would be surprising if the cause 
was Australia's nascent Internet censorship system as that is 
reported to operate with DNS rather than IP blocks.

Whatever the reason for the IP black hole, it is extremely unlikely 
that they justify the reckless censorship of 1,200 sites for 
Australian Internet users, and very disturbing  that the true reasons 
have not been made public after many days of requests from the 
affected parties. Decisions that affect the global connectivity of 
the Internet should be made transparently, whether they are made in 
the offices of ISPs, or in the courts and corridors of government.

In the mean time, Australian Internet users who are affected by it 
can install Tor to access affected websites.


Some Technical Info on the Black Hole

A typical traceroute from affected an ISP looks like this:
...

Packets for the MFU website, which is hosted in the US, never make it 
out of Australian networks. For comparison, a traceroute from an 
Australian university where censorship is not present looks like this:
...

Other websites using the same IP address ( including 
karenleefield.com, moneysaveuk.com , fmachennai.org , 
smartandfrank.com, and kohchangpoolvillas.com) demonstrate similar 
behavior.

A BGP query to looking glass server at an affected Australian 
backbone ISP shows the black hole as an abnormal route to the 
destination IP:

...

-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law               University of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list