Tech Liberty NZ Defending civil liberties in the digital age

Internet filter list to be kept secret

Posted on February 24, 2010

When the internet filter was announced, one of our primary objections was that it was a secret censorship scheme. The list of banned sites was kept secret and there was no oversight of the entries on the list. As the experience of Australia and the UK has shown, this tends to lead to abuse as sites are blocked for no good reason. It also conflicts with the general thrust of the rest of NZ's censorship regime in which all decisions must be published.

Being believers in open and accountable government, we made a request under the Official Information Act for a copy of the filtering list and the inspector's reports that were used to justify adding sites to the list.

The Department of Internal Affairs refused our request for a copy of the list:

The release of the filtering list (particularly in an electronic format) would facilitate access to images of child sexual abuse images. I am therefore withholding this information in terms of section 6(c) of the Official Information Act (where the release of this information is likely to prejudice the maintenance of the law, including the prevention, investigation, and detection of offences, and the right to a fair trial).

We appealed this decision to the Office of the Ombudsmen.

Open government isn't fast

As an aside, we were disappointed by the speed of response from the Ombudsmen. Our original letter was sent to them on the 22nd of May, 2009. Correspondence has been exchanged and the final decision was sent to us on the 17th of February, 2010, nearly nine months after the original complaint.

Meanwhile, changes to the administration of the filter

While the appeal process was grinding on, pressure from us and other people have led the DIA to make some changes in how the internet filter will be administered.

Firstly, they have established a Code of Practice that explains how the filter will be run.

Secondly, the Code of Practice specifies the creation of an Independent Reference Group to oversee the operation of the filter. (For now we'll ignore the fact that the "Independent" Reference Group includes the manager of the unit that is implementing the filter.)

Thirdly, after further submissions the DIA revamped the Code of Practice so that the Independent Reference Group would be able to see the list of sites that are being added to the filter. While this is not as open as the rest of our censorship system, it is an important concession by the DIA as it means that there will be some external oversight of the list. This will provide an important check on the possibility that the scope of the filter will secretly expand.

The Ombudsman's Decision

I have formed the opinion that it was open to the Department to refuse your request, on the basis that release of the list would be likely to prejudice the maintenance of the law.

I appreciate your points that very few people would deliberately choose to access the websites, and that there may be other means for members of the public to test the content of the websites without accessing them. However, the fact remains that there are some people who, for whatever reason, may choose to visit the websites if the list was available. If even one person were to use the list as a reference point to access the websites, that could be a breach of the law.

Read the full text of the Draft Decision (PDF) with the full justification and the Final Decision (PDF) responding to our comments about the draft decision.

Limited data set

In follow-up requests to both the DIA and the Ombudsman we also asked for the filtering list and reports with the DNS part of the URL removed (i.e. the sitename.com part of http://sitename.com/location/data). This would mean that there would be no way to use this information to actually visit the site. While this wouldn't allow us to do as many technical tests, it would still be interesting to read the reports.

The decision from the Ombudsman makes it clear that the only reason for refusal is that the full address would allow people to visit the site. We see no grounds for the DIA to refuse a request for just the reports and will be asking for that soon.

Conclusion

We accept that society has the right to implement censorship but we think that this should be limited, open and accountable. We are disappointed to not get access to the list and find it worrying that New Zealand is implementing a secret censorship scheme.

The lack of access to the list also means that we cannot do our planned testing and analysis of the sites on it (note: technical tests at the network level with no chance of accidentally downloading disturbing or potentially illegal images).

However, while the Ombudsman's refusal is a setback in establishing openness, we are pleased that the DIA has been forced into allowing some independent oversight of the filtering list and the administration of the filtering system. This does go some way to ameliorating our concerns about secret abuse of the filter, although the other problems with it still remain (that it doesn't work, that it reduces the security and stability of the NZ internet, that it gives government a tool that they will abuse in future).

Posted by Thomas Beagle

Comments (16) Trackbacks (0)
  1. It will be leaked soon enough, and it won’t contain child sexual abuse images.

    It is inconceivable that the NZ government has seven thousand URLs of child sexual abuse material and nothing is being done to remove them at the source. A simple phone call to the hosting server is all it takes to remove the content.

    While it’s not as bad as our proposal here in Australia, it’s still secret and unaccountable and goes against democratic principles and the due process.

  2. Wait, hang on. If the filter applies to everyone (isn’t that the plan?), then people won’t be able to visit the sites in the list. Because they’ll be filtered!

    So, um, wtf?

  3. Be, here is a chance for you to earn a few easy $$$. Propose that to them as a contract. You will only need a couple of weeks and you will have all that nasty content off the web. You can do the same in Oz.

    Easiest money ever earnt.

    Strange mob the AFP though, must be complete dills if they have never thought of that. No wonder they can never fix the problem when it is so simple. Surorises me though that operators putting up stuff like that co-operate so nicely.

    But I recently read that Google and Yahoo refuse to co-operate and do that, so what hope do they have with guys making money from vids of kids bonking? Sounds pretty naive?

  4. >Because they’ll be filtered!

    Not if someone uses a foreign proxy as those proxies won’t necessarily be filtered, but can disguise which site the NZ user requests to a nz isp or agency.

    Criminals will, of course, be using that kind of thing anyway to hide their tracks, so the actual benefit is minimal for the civil liberty cost of secret censorship.

  5. How and why do you keep repeating the statement “it reduces the security and stability of the NZ internet”

    If the filter fails ie falls over the only thing that happens is that people will be able to access the child abuse sites again, how is that effecting the stability of the internet. How does it reduce security?

    Why not print the statement from the PDF.

    “The deputy ombudsman has reported to me that all sites he viewed did contain objectionable material of that nature”

    Cmon guys at least present a fair and balanced blog.
    when are you going to give it up, you are looking for something that is not there.

  6. Ben and Dipper: I have seen people make the argument that some government groups are too keen on collecting URLs when they should be trying to shut the sites down. Of course, that assumes that the country they’re hosted in or the company they’re hosted with are willing to do this.

    There’s an interesting article about takedowns here: http://www.lightbluetouchpaper.org/2008/06/11/slow-removal-of-child-sexual-abuse-image-websites/

  7. Dipper: Google refused to remove material that would be banned under the Australian “Refused Classification” rules. This includes things like euthanasia instructions, R18 video games, etc.

  8. Joseph – we keep repeating the statement that the filter reduces the security and stability of the NZ internet because we believe that the filter reduces the security and stability of the NZ Internet.

    We have some more articles to publish on this subject, but to get us started here’s five reasons:

    Firstly, there are many more failure modes than just the filter system falling over. Even that will still lead to some interruption as the ISPs discover the outage and their systems have to update the routes.

    Secondly, the filter lends itself to DNS based attacks. If a person with a URL on the filter list chooses to, they could change the IP address that it resolves to to a high-volume site (e.g. Wikipedia) and the resulting storm of traffic would overwhelm the filter. The DIA said they have no protecting against this and would just have to fix it after they notice the traffic flood.

    Thirdly, the filter system provides a very tempting attack vector for any hackers as subverting it will give you the ability to intercept any traffic you like.

    Fourthly, filter systems of this sort tend to introduce an extra source of glitches and confusion when it comes to fixing complex internet performance/routing problems.

    The reason we didn’t quote that piece from the PDF was because we didn’t think it was relevant to the article. Yes, the sites that the DIA chose to show to the Ombudsman had child pornography. We don’t dispute that.

    It doesn’t remove the fact that we would like access to the complete list to do appropriate testing and checking. It would also mean that we wouldn’t have a secret censorship scheme that refuses to live up to the standards of openness that the rest of New Zealand’s censorship must follow.

  9. I cant believe you have I am going to assume misprinted something, because I know your not trying to make up something to be more malodramatic.

    the document you posted stated the ombudsman CHOSE the sites to the review and reviewed the WHOLE list. please state the facts not your interpretation.

    You went to the ombudsman because you trust him or her judgement correct, how are you still not accepting it.

    regarding the DNS anyone can potentially do that, however there are processes at much higher levels in place to ensure that someone cannot or severly restrict it otherwise the whole internet would fall down, again stop being so malodramtic.

    every government system is a target, this would be no different thats true, but I am pretty sure they have things in place to combat any egit who trys something (within reason)

    regarding glitches or confusion I am sure if there is an error the people maintaining or in-charge of it have enough nouse to fix the problems, and some nouse to work with the service providers NOC’s to fix problems, again stop being so malodramatic.

  10. Joseph – Firstly, I apologise for my error, you are entirely correct that the Ombudsman did view the whole list and they were the ones who selected which sites to check. I read the letter some time ago and my memory was at fault.

    As for your other points.

    I appealed to the Ombudsman because that is the process under the Official Information Act when a government department refuses to give out information. I do not agree with the decision of the Department of Internal Affairs or the Ombudsman.

    While the decision may be technically correct under the OIA, I believe the Official Information Act is wrong to exclude the “is it in the public interest” test for those grounds for refusal. I have recently made a submission to the Law Commission’s review of the OIA stating this.

    When it comes to the DNS attack, I don’t think you fully understand how easy it is for someone who owns one of the banned domains to change the IP address returned for it. This is the fundamental basis for how the international DNS system works. If they return the IP address of a high volume site, all requests for that site will be forwarded through the filter, probably overwhelming it, until such time as someone at the DIA notices and excludes that domain name from the filter. There is no protection against this attack as this is how the DNS system is designed to work.

    As to the other two points, I’m sure they intend to do their best to run the system as well as they can. However, these systems are complex and are part of a much larger complex system (the internet). I would be very surprised if there aren’t some outages and problems caused by the filter in the first year of operation. I guess we’ll find out.

  11. I am well aware on how DNS works. I think you miss my point. you claim that it is susceptible to this type of attack lets call it poisoning.

    I put it to you that you could say any system is susceptible to this type of attack that utilises DNS in someway shape or form. My argument here is I am sure they (being the government) and the community (being the people responsible for wider governance of ther internet) should or most likely would have systems in place to deal with such a scenario ie trust based policies

  12. Joseph – When I went to talk to the DIA about the filter, they said they had no way to detect that sort of thing other than noticing that an inordinately large volume of traffic was going through (or trying to go through) the filter system.

    I hope they’re doing something about this!

  13. @ Thomas

    Here is a contrasting article, which is arguably what promoted Germany to drop their own censorship policy:

    http://cyberlaw.org.uk/2009/05/29/germany-delete-don%E2%80%99t-block-it-works-unpolitikde/

    There probably wouldn’t be a web host in the world which would agree to let child sexual abuse be continued to be hosted on their servers with their knowledge. As the article points out, as soon as they are aware of this fact, it is deleted very quickly.

    This isn’t controversial material like euthanasia, which is what our Australian government is targeting. It’s material which practically every human being on the planet wants eradicated, so I see no reason why government’s can’t simply pick up the phone and call the web host.

    That of course is assuming the government (or government agency) is aware of a particular URL before the police are.

  14. Ben – thanks so much for that link, I remember reading it once but couldn’t find it again.

  15. No worries. It shows that if bureacracy is taken out of the equation, taking down child sexual abuse material on the web, in the extremely rare cases that it actually exists on the open web, is incredibly easy and all it takes is a phone call or email.

  16. Another way to bypass the internet filter is not to go through it in the first place. What i mean by that is people could setup their own BBS or intranet and access it by dialup modem, cell or wireless close by. Of course it would be very limited and slow on dialup, but it cant be filtered by an ISP. BBS is opensource and available to anyone.


Trackbacks are disabled.