Here is a contrasting article, which is arguably what promoted Germany to drop their own censorship policy:

http://cyberlaw.org.uk/2009/05/29/germany-delete-don%E2%80%99t-block-it-works-unpolitikde/

There probably wouldn’t be a web host in the world which would agree to let child sexual abuse be continued to be hosted on their servers with their knowledge. As the article points out, as soon as they are aware of this fact, it is deleted very quickly.

This isn’t controversial material like euthanasia, which is what our Australian government is targeting. It’s material which practically every human being on the planet wants eradicated, so I see no reason why government’s can’t simply pick up the phone and call the web host.

That of course is assuming the government (or government agency) is aware of a particular URL before the police are.

I hope they’re doing something about this!

I put it to you that you could say any system is susceptible to this type of attack that utilises DNS in someway shape or form. My argument here is I am sure they (being the government) and the community (being the people responsible for wider governance of ther internet) should or most likely would have systems in place to deal with such a scenario ie trust based policies

As for your other points.

I appealed to the Ombudsman because that is the process under the Official Information Act when a government department refuses to give out information. I do not agree with the decision of the Department of Internal Affairs or the Ombudsman.

While the decision may be technically correct under the OIA, I believe the Official Information Act is wrong to exclude the “is it in the public interest” test for those grounds for refusal. I have recently made a submission to the Law Commission’s review of the OIA stating this.

When it comes to the DNS attack, I don’t think you fully understand how easy it is for someone who owns one of the banned domains to change the IP address returned for it. This is the fundamental basis for how the international DNS system works. If they return the IP address of a high volume site, all requests for that site will be forwarded through the filter, probably overwhelming it, until such time as someone at the DIA notices and excludes that domain name from the filter. There is no protection against this attack as this is how the DNS system is designed to work.

As to the other two points, I’m sure they intend to do their best to run the system as well as they can. However, these systems are complex and are part of a much larger complex system (the internet). I would be very surprised if there aren’t some outages and problems caused by the filter in the first year of operation. I guess we’ll find out.

the document you posted stated the ombudsman CHOSE the sites to the review and reviewed the WHOLE list. please state the facts not your interpretation.

You went to the ombudsman because you trust him or her judgement correct, how are you still not accepting it.

regarding the DNS anyone can potentially do that, however there are processes at much higher levels in place to ensure that someone cannot or severly restrict it otherwise the whole internet would fall down, again stop being so malodramtic.

every government system is a target, this would be no different thats true, but I am pretty sure they have things in place to combat any egit who trys something (within reason)

regarding glitches or confusion I am sure if there is an error the people maintaining or in-charge of it have enough nouse to fix the problems, and some nouse to work with the service providers NOC’s to fix problems, again stop being so malodramatic.

We have some more articles to publish on this subject, but to get us started here’s five reasons:

Firstly, there are many more failure modes than just the filter system falling over. Even that will still lead to some interruption as the ISPs discover the outage and their systems have to update the routes.

Secondly, the filter lends itself to DNS based attacks. If a person with a URL on the filter list chooses to, they could change the IP address that it resolves to to a high-volume site (e.g. Wikipedia) and the resulting storm of traffic would overwhelm the filter. The DIA said they have no protecting against this and would just have to fix it after they notice the traffic flood.

Thirdly, the filter system provides a very tempting attack vector for any hackers as subverting it will give you the ability to intercept any traffic you like.

Fourthly, filter systems of this sort tend to introduce an extra source of glitches and confusion when it comes to fixing complex internet performance/routing problems.

The reason we didn’t quote that piece from the PDF was because we didn’t think it was relevant to the article. Yes, the sites that the DIA chose to show to the Ombudsman had child pornography. We don’t dispute that.

It doesn’t remove the fact that we would like access to the complete list to do appropriate testing and checking. It would also mean that we wouldn’t have a secret censorship scheme that refuses to live up to the standards of openness that the rest of New Zealand’s censorship must follow.