We are opposed to the Government implementing Internet filtering in New Zealand.
Filtering Doesn’t Work
- The filter can’t intercept encrypted web traffic (https). It’s not hard to change your website from non-secure http to secure https. And, if you do, the DIA filter server can’t intercept it.
- The filter can’t intercept the file sharing, email, chat, instant messaging or anything other than unencrypted web traffic. (Although it does intercept people accessing those services via websites.)
- Adding new entries to the filter is a manual process. When websites are so easy and quick to set up, we don’t see how it’s possible for them to do a good enough job to keep the filter list up to date enough.
- The filter will only be used by some ISPs. If a number of major ISPs don’t use the filter, is there any point in implementing it for the ones that do?
- A motivated person can easily get around the filter. It is relatively trivial for a motivated person to use tools freely available on the Internet to circumvent the filter.
The Government has no Mandate to Filter the Internet
The Department of Internal Affairs has no mandate to filter the Internet and filtering is not covered by existing law.
It is not appropriate for the Department of Internal Affairs to implement this without appropriate laws being passed in Parliament in accordance with the normal democratic process.
Mass Filtering is Contrary to the New Zealand Bill of Rights
One of the major uses of the Internet is to for people to correspond with each other (email, chat, web forums, etc). Because the filter intercepts all traffic, not just web, for a particular network address, it will be intercepting and examining some of this correspondence.
Current New Zealand law does allow for the interception of personal correspondence, but only in certain well-defined circumstances and often requiring a search/interception warrant.
There is no law that gives the DIA the power to intercept Internet traffic. The DIA’s attempts to claim this power are contrary to the New Zealand Bill of Rights and therefore illegal.
Secret Censorship is Abhorrent in an Open and Democratic Society
The Department of Internal Affairs refuses to give out copies of the lists, claiming that the Official Information Act lets it refuse on the grounds that the list could be used to commit crimes, i.e. that the list will act as a pointer to illegal material.
However, this is in direct contrast to the provisions of the Films, Videos, and Publications Classification Act 1993 that the Chief Censor works under. This specifies that all censorship decisions must be published each month. The Chief Censor complies with this by publishing a searchable list of decisions on the Internet.
It is not appropriate for the DIA to decide to unilaterally change the accepted legislated processes around the openness of New Zealand’s censorship regime.
The Government Will Abuse the Ability
A number of countries have implemented Internet filtering schemes in the last few years (voluntary and involuntary, commercial and public).
The common thread in all these implementations is that the list has always been expanded to include material that shouldn’t have been on it. The Australians added sites that told how to work around their filtering, the Thai secretly expanded their list to include sites that mocked the King, the United Kingdom blocked most of Wikipedia for a while.
Governments have a tendency to over react whenever the media whip up a moral panic. Any Government given this tool will be tempted to use it in such times in an effort to be seen to be doing something.
The Filter Weakens the New Zealand Internet
The filter provides a single point of failure that is vulnerable to attack (e.g. DNS poisoning)or poor management. It also adds an additional layer of indirection that could easily cause hard to find and debug performance problems for modern web-based applications.
The filtering system also provides a very tempting attack vector for hackers. Anyone who can subvert the filter can divert any internet traffic in the country to the site of their choice.
Our Recommendations
We believe that the DIA’s proposed Internet filtering scheme should be abandoned. It goes against principles of privacy and freedom from search, it is ineffective for its purpose, and it sets a worrying precedent that a government department can arbitrarily decide to block Internet traffic of its choosing.
There’s a facebook group opposing this
http://www.facebook.com/group.php?gid=357618387010
I’m totally with you, but this article confused me – you say they “can’t intercept file sharing, email, chat, instant messaging or anything other than unencrypted web traffic” then add that “One of the major uses of the Internet is to for people to correspond with each other (email, chat, web forums, etc). The DIA’s proposed Internet filtering system will be intercepting and blocking some of this correspondence” – can you reword this for clarity? Thanks! Geoff.
Geoff – yes, good question. There’s two reasons:
1. While mail and chat still use their own protocols between systems, people are increasingly accessing them through web-interfaces. Consider Gmail as an example – the mail goes via the SMTP port (port 25) but then people access it through the web using HTTP (port 80). The filter intercepts and examines all HTTP traffic.
2. Because of the way the filter works, any traffic, including not HTTP/web traffic, to the IP addresses on the list still goes through the DIA’s filter. While they claim not to be inspecting it, they’re still diverting it and they can easily add filtering for it in the future if they wanted to.
Thanks for your comment, I’ll try and change the wording to make it clearer.
P.S. The picky might note that Gmail now defaults to secure HTTPS rather than HTTP, but I believe the general point is still valid.
It is dangerous to argue based on technology here. There are systems designed to resist censorship and oppression. These systems are used for good and evil. But if you argue like that, those systems might be outlawed tomorrow. It might become suspicious to encrypt your data and use secure protocols.
Focus on the law, on freedom of society and the damage done by blending out child porn as a problem of society in general. Organizations who work with such cases should consider the consequences and then speak out for/against the government. Typically they will notice that such filters will impede their work and further reduce the awareness in society.
In Germany, we had some success by demanding the government to actually do something against child porn instead of blocking URLs. German government argued that some countries have no laws against child porn and global enforcement is impossible. The examples they named responded very strongly to this accusation emberassing the German government.
It also appears that child porn is typically exchanged in closed groups or via protected communication. The risk to stumble on CP on the web is next to zero. You might be able to get some data from organizations that work in this field. Good luck!
Steffen – I agree with your observation that people don’t stumble upon child pornography by accident. Even if they did, most people would just go “Ewwww” and close the window – unpleasant but not exactly damaging.
While we don’t have information on the “stumble factor”, there are reports from the UN the confirm that the web is’t really the problem, as most people are distributing offensive material through peer to peer file sharing.
The NZ government is truly going out of its way to demonstrate a complete lack of technical knowledge, isn’t it?
I just find it completely astounding that these people can be told repeatedly, by people more educated and more experienced, that this is a futile project, and yet they go forwards with it anyway.
That does not inspire faith in those making policy.
Even though this filter does not stop filesharing, should the government not stop what it can? That would be the same as the police should not stop speeders on the motorway because its possible to drive fast on a local road. In the fight against child sexual abuse material preventive measures like this (and I am assuming that the ones being blocked are not investigated) will protect the victims from further re-victimization by masturbating men in front of their computers in NZ. People also seem to think that once a government starts using one method, they drop all the other ones. I am pretty sure that the police will still investigate the ones that “easily” circumvents the blocking and by doing so, automatically nominates themselves as higher value targets for the police.
I come from, all though I do not live there now, a country that has had blocking of child sexual abuse material for many years (and only that, I might add – there has been no feature creep or expansion of material being blocked) and the public does not object. The main reason being that most will never see or notice it at all. The ones that do, will not complain – as their goal is to financially support the criminals behind the distribution on the Web, and therefore are criminals themselves. Any democratic society must accept some forms of content control, and we gladly roll over for whatever the law makers, the editors, the TV producers and others decide is good for us, while we have a misconception that the Internet is something else, another dimension where normal laws and rules does not apply. On the contrary, my dear Watson – any cable, person, PC or other stuff venturing on the Internet is covered by whatever law that applies in that area, and in NZ its NZ law. Just like it would if you stood outside your local grocery shop and asked every nine year old passing “wanne suck me for 100 dollar?” or spammed the local notice board with pictures of your marvelous sex life with your preteen daughter.
Laws and rules are meant to protect the sane part of the population from the other type of people out there, both on and off the Internet. I, for one, have no problem with accepting this :)
Ordinary Dude – We’re not calling for this material to be legal, nor do we think that “anything goes” just because it’s on the internet. Indeed, we support the DIA in their attempts to arrest the people that produce and distribute child pornography.
However, we don’t think internet filtering is the right approach. It doesn’t work to stop the people who do produce and trade in this material – they can easily circumvent it by using proxies, peer to peer file sharing or other means.
So if it doesn’t work, I can’t see how it is worth implementing a system that costs money, can be abused by future governments, and has the potential to weaken the NZ internet.
The Australian filter, during the trial, expanded to filter some sites giving information on abortion, and even a website of a Queensland dentist for no apparent reason. This was revealed when the list was leaked publicly.
I agree with you that any filtering will have flaws – be it the lack of complete coverage or how waterproof it really is. Still, any preventive work will be hard to measure. Any site that is stopped by this filter, and any image of a child being sexually abused NOT being viewed is in itself an indication of success – even though it will not stop all viewing. As long as this is done in addition to other police work, like arresting, seizing etc – it is a valuable tool used in combination with the others.
People who produce hard core sexual abusive material of children do this because they have a sexual desire for children and wants to have sex with them. When they do get the chance, their documentation of the their crimes is to fulfill their own fantasies, to be used as currency to gain access to other groups where a payment of unknown material is required, to increase their own standing within the group of their piers or to generally “support the case”. This production is difficult to stop, especially since digital cameras eliminated the whole development process. On the other hand, there is a sizable commercial production of less abusive “child erotica” – produced solely to feed the need and demand for such imagery. By blocking the customers to both types of child sexual abuse material, you will achieve the following:
1. Children who are victims of hands on abuse already will be less likely to be repackaged and resold again and again on commercial sites – and thus will have their rights as humans better protected by the government.
2. There will be less demand for children to be commercially photographed and traded, and as a result fewer of them will have to be pimped by their parents into “erotic posing”.
If a person circumvents a blocking, that is all well and good. It will show your intent to view children being sexually abused and will make you stick out like a soar thumb to the police when they come across you. The police routinely get access to customer lists, access list and webserver logs from colleagues around the world – and if you are on one of them after setting up your own proxy – I am pretty sure you will be visited by the police. The hit percentage will increase for the police as well, as they will not have to wade through the masses of accidental viewers generally “I click all blue links”-kind of people.
Also, by preventing the crime the police can free up resourses to go after the criminals on the other protocols, the ones that such filtering does not cover – resulting in all over better protection of the children and better policing of the Internet. Imho, the Internet needs policing, just like the rest of the society – as it IS only a part of society, not an alternative reality. The Internet is so integrated in our daily lives now that we expect it to be as available as electricity, and we do want somebody to keep an eye on whats going on with our electric network, right?
Why does every one always believe that any tool will be abused? There must be some sort of control with the content being put on such a list, but it should not be made public. The police are answerable to your parliament, so why not make them have to defend their decisions on this topic to them?
Brenda: If you were a criminal operating a successful operation where you sold the images of abuse of children, do you think you would benefit from discrediting the blocking of your service? In my country we have had many examples of bad guys hiding their highly illegal material in a complicated URL and when the government block the domain, you have to know the whole address to see it. The first page may be totally legal, religious, political, adult pornography or something else – and for the casual passer by (and the ones that believe that everything posted on wikileaks is the truth :) it will seem that the government/police are blocking access to legal material. If I was a criminal, I would do the same – as I would then get heaps of people yelling about the limiting of information availability that they are subjected to, without knowing that they in fact are being somewhat used to secure my continued services and criminal behavior. Also, the content on the domains in a blocking list will change, its in the nature of the network – so what was illegal yesterday may have moved and been replaced with the “information on abortion” web site today. There is a need for continued and regular monitoring, a possibility for the public (user) and domain owner to complain and have the site revised. This is a given.
The Internet is a wonderful thing, but not everything on the Internet is wonderful. I would rather have a slightly screened Internet with relative safety rather than a network where I can get hijacked and phished into a child abuse site at any time. That is my two cents, anyway :)
Wow OrdinaryDude do you know anything about the internet?
Yes any site that is blocked would be a success, but for the small amount of times someone stumbles on that site, is it really worth the cost of implementing a filter, and putting the freedoms at risk?
All the major child porn traders would be stupid to use a plaintext openair protocol such as http as that would get them caught in no time flat.
Also, what do you mean people who circumvent the filter would stick out like a sore thumb? They would slide under the radar as VPN or HTTPS is encrypted and so hard if nigh on impossible to see the content. Proxies aren’t as secure but it would still be impossible to examine every single connection to every single worldwide proxy in use at any given time.
And these technologies have legitimate uses, business uses. You can bet the shit will hit the fan if they call everyone using them a child porn trader and ban their use.
A more effective way to combat child porn is to send a takedown request to all the addresses on the blacklist that the DIA is keeping from us. So does that mean they are keeping it under wraps so only they know where the child porn is so they can keep an eye on it?
This is just another classic case of politicians hiding behind children to (in this case) erode our civil rights.
Mom and Dad Luddite are holding the door open for Facism.
Hamstar: Yes I do, actually :) You obviously consider your right to whatever you feel you have a right to is more important than the rights of the children that has been and will be abused as a result of the availability of the material – and I strongly disagree with that viewpoint. Nobody, or hardly nobody, stumbles across a site like this. Its the ones that sit with their penis in one hand and type “preteen lolitas incest” in google with the other that end up there.
Also, I do know quite a bit about how the marked of online commercial child sexual exploitation material is organized – and they absolutely do. Remember that many of their customers are not necessarily computer savvy and need to have easy access to graphic material, and what other protocol is better suited at that then the http? They do not use https, VPNs or other less available variants – they want to punch their credit card number into a java text box for instant gratification. Its really as easy and open like that, shying away from encryption – as it would complicate things for their customers. Hosting the stuff in countries that does not have legislation or with non caring hosting companies is also a good strategy for these guys, and when you get deleted and banned – you just move to another country or hosting company in minutes.
Blocking will not affect legitimate users of any protocol, nor will it affect your searches – it will only affect you if your browser tries to open a domain or address that has already been checked and found to have illegal material in it. If you have been hacked and abused by a criminal, you damn well need to fix it yourself before your domain is available on the Internet again, imho.
If you have any connections with any ISP you will know that your friendly neighborhood ISP is constantly denying access to domains, defined by themselves, spamhaus or somebody else. Due to phishing, fraud and other undefined reasons, you are constantly being censored on the internet. Where is the protest marches against that? A corporate actor that by its own accord decides what you will get access to? I am more concerned about that. In my country any blocking is accompanied by a warning page that tells you what your browser tried to access, and the transparent way of doing this is enough to keep me pleased with the service.
I am curious to know how you can be sure that your politicians are “hiding behind children to erode your civil rights” and introducing fascism through the back door? Could it be that the politicians, police, government have a genuine wish to protect children and the victims of abuse?
Good intentions doesn’t make them any less wrong. I have no doubt that the people and politicians involved want to be seen to “do something” about it. It’s not dissimilar to “security theatre”, where it’s more important to be seen than to be effective.
And having done it for one noble cause, the wishlists then start.. First it’s just a bit more material that groups don’t like…
http://www.familyfirst.org.nz/index.cfm/Media_Centre/Media_Releases/Releases/17_12_09_NZ_Should_Join_Australia_To_Censor_Internet.html/17_12_09_NZ_Should_Join_Australia_To_Censor_Internet.pdf
Then it’s stuff on the Internet “we” don’t like:
http://www.stuff.co.nz/technology/digital-living/3464723/Aussie-bid-to-shut-offensive-site
Then pretty soon we’re filtering for just about anything an industry wants:
http://www.theregister.co.uk/2010/03/10/livingston_deb/
Note this paragraph in the last item:
“The peers behind the amendment have argued that since all major ISPs already block a list of URLs carrying images of child abuse, they have the technical means to comply with injunctions demanding copyright blocking.”
Or suppression orders:
http://www.internetnz.net.nz/issues/newzealand/HarveyPresentation.pdf
Or political speech.
http://www.itwire.com/opinion-and-analysis/whiskey-tango-foxtrot/36904-i-am-muzzled
That’s where these good intentions lead.
Now you’re right that there was a fad with blacklists for SMTP. ORBS and others. Most fell out of favor for the same reasons this filtering will end up like: used for purposes far beyond original claimed reasons, ineffective at the problem.
Some ISPs do still cling to SMTP blacklists, but it’s a dying practice. Sadly, this filter won’t be a dying practice once it’s widespread, it will only expand in use.
Ordinary Dude seems to think that legalistic and moralistic apologism is going to somehow make Internet filtering okay.
Let’s examine the claims one by one:
1. Filtering will affect child porn viewing and is simply another enforcement angle.
That’s false, for reasons that have already been explained. Filtering will not stop it, nor will it affect the habits of anyone choosing to engage in that behavior. The only thing that can stop that is enforcement of existing laws.
At the same time, it introduces a weak point into national Internet infrastructure and means any unencrypted information I send across the Internet is accessible to the DIA. That’s simply an unacceptable trade-off for myself and for quite a few other people. China and the UAE do that. We’re supposed to be a progressive Western democracy, not an authoritarian police state.
2. Filtering won’t affect Internet performance.
Questionable at best, especially on a national level. Deep packet filtering through a single point of failure, in a country with already limited bandwidth?
I wouldn’t bet on that.
3. Filtering won’t be abused.
This is perhaps the most laughable of all. Filtering is abuse by definition. To suggest that it won’t ever be used outside its defined scope is ridiculous. Yes, I’ve seen InternetNZ’s report on the matter and the safeguards in place to prevent that.
It doesn’t matter. At some point in the future, it WILL be abused and it WILL be used for some shady purpose. Not if. When.
The only way to limit that kind of power is for no one to have it in the first place.
Frankly this entire thing seems like a way to slip it in under the radar, both by making these ridiculous claims about “protecting children” (it won’t) and making it appear “civil liberties friendly”. Convenient enough that at some point down the road, that can easily change.
This has to be stopped here and now. Once it’s allowed to go into place, that’s the end of it.
OrdinaryDude,
Firstly the filter is voluntary. That means that people in NZ are still free to view internet content however they wish, and others are not.
That throws out the whole arguement about trying to stop people from getting access to material, even more so than the arguement about which protocols it supports, and which it doesn’t.
Does changing ISPs give the Police and DIA proof of ‘intent’ that people are wanting to view illegal content? That’s a very long bow to draw.
A lot of people will change ISPs simply because they feel having an internet filter is abhorrent, and so proving either way becomes a further drain on the legal system in NZ.
And secondly, with your statement that you know quite well how the child exploitation market works, you are either a member of such a market, or a member of DIA staff.
So why don’t you state which one it is, and make these comments clearer for everyone, on which bias you hold.
Short and sweet. ACTA. Both internet filtering and the three strikes law are requirements. Our government is putting in place the framework it needs in order to ratify ACTA in a few years time. Of course there will be a few more tweaks before then. The internet filter won’t be voluntary for long. If you are not worried about ACTA you should be.
http://en.wikipedia.org/wiki/Anti-Counterfeiting_Trade_Agreement