The DIA Internet Filter
As reported in the media, two ISPs (Watchdog and Maxnet) are now using the Government’s Internet filter, so it is live and operational. It looks like the three big ISPs – Telecom, Telstra-Clear and Vodafone will also start using it later this year.
In this post I want to go over why the filter is a bad thing, but also the steps DIA has gone to, to make it less of a bad thing.
I’m going to do it in reverse order, and start with the steps DIA have taken, to make it “less bad” before I then turn to why it is still “bad”.
- It is voluntary, not compulsory. However having the filter in the first place means that a future Govt could seek to make it compulsory, if they feel not enough ISPs use it.
- Its scope is child pornography only, not all objectionable material, or other material such as terrorism related sites (which Australia plans to block)
- DIA have entrenched the scope, being just child pornography, in both the contracts with ISPs, and the contract with the software licensee. In other words the Government can not unilaterally expand the scope of this filter. This is especially welcome.
- DIA have put in place an Independent Reference Group, to monitor the scheme and verify that sites blocked are all within scope etc.
- The filter will not just block a website (as in the UK) but bring up a page telling someone it is being blocked, and allowing them to anonymously “appeal” the blocking, if they feel the page or site should not be blocked.
- The filter is not one based on keywords, but on actual sites checked regularly for child pornography content. The level of false positives should be very very low.
- The technical design of the filter is well done (for a filter) and most http requests will not go through the filter.
So I do give credit to DIA for their efforts to mitigate the negatives effects of a filter. However that does not mean, it goes from being a bad thing to a good thing. Here are the key reasons why I think the filter is still a bad thing:
- It causes the Internet to lie – it breaks the Internet. The filter means that a user’s request to view a particular page gets diverted and they get a false response. Now, this may be done with the best of motives, but it does fundamentally break the Internet.
- It sets up a principle that rather than prosecute people for illegal material upon the Internet, you block portions of the Internet that may contain illegal material. This is a bad principle.
- It is almost inevitable that other government agencies will, over time, want to add more material to the filter to be blocked. Now DIA have set it up so they can’t just add it to the DIA’s filter, but once you have one government filter, it is easier to set up a second. An example of this comes from this UK story a few days ago, where some peers in the House of Lords propose that as ISPs there already operate a filter for child abuse sites, they could also easily add onto it sites which breach copyright. One could also imagine some agencies wanting sites that breach suppression orders filtered, and if the Electoral Finance Act had endured, maybe someone would advocate sites that illegally offer an election opinion be blocked. This is a very very slippery slope.
- The filter is run by a Government Department, not by an outside organisation such as in the UK. I think DIA did it themselves as they had the capability to do so, but again I think it is an unhelpful precedent to have the Government itself running a filter.
- It may result in a false sense of security about access to child abuse images being blocked. Only websites will be blocked and most images are traded in chat rooms and peer to peer.
- As a centralised filter (the best filters are those people apply to their individual connection) it may introduce a single point of failure for much of the NZ Internet, as outlined here on Tech Liberty.
InternetNZ has a position paper on the filter, which is a useful resource.
The filter is now operational, with two ISPs. I suggest people talk to their ISPs about whether or not they plan to use the filter or not, and what your views as customers are.
March 16th, 2010 at 2:27 pm
I agree with your stance primarily because of this;
“6.The filter is not one based on keywords, but on actual sites checked regularly for child pornography content”
If someone has actually found child pornography on a website, I would think they are obliged to take more action than just adding it to a filter list.
March 16th, 2010 at 2:35 pm
Was talking with a mate about this last week, I think the intent is honorable, but unfortunately filters are far to easily avoided & really provide a false sense of security at best & at worst a diversion of resources.
I’m not sure this is alot better in terms of big brother, but instead of filtering, why not record, it’s still avoidable, but at least then infringements are able to be tracked & you could have some process to enable more complete monitoring of individuals, along with a record that could be used in court.
March 16th, 2010 at 2:47 pm
Just remind me HOW National is different from Nanny State Labour?
March 16th, 2010 at 2:48 pm
I’d change my ISP on this issue; so long as there’s one out there that doesn’t suck and doesn’t implement the filter…I trust you’ll give a list of recommended ISPs later in the year when the big guys implement?
March 16th, 2010 at 2:54 pm
Any censorship and particularly that provided by politicians is subject to abuse at some stage.
This is far worse than what the commynist scum tried in an effort to distort the last election.
Far, far worse.
March 16th, 2010 at 3:01 pm
What I don’t get about this whole filter thing is — What’s the point?
This filter will do practically nothing to stop the trading of child pornography amongst those who are actually determined to do that. Very little of this trading is conducted via plain HTTP connections.
So all that’s left really is that it will stop others from accidentally accessing child porn – which is not something I believe is any sort of significant problem. I suppose if you’re already trawling a lot of porn sites it could be possible to end up at some ‘underage’ site, but stumbling on serious abusive child porn seems very unlikely.
So why is DIA spending time and money on a filter that is only likely to solve a non-existant problem?
[DPF: Their official answer is it is designed to stop low level offenders who might be "curious" about child porn]
March 16th, 2010 at 3:03 pm
“If someone has actually found child pornography on a website, I would think they are obliged to take more action than just adding it to a filter list.”
They are hosted from countries with questionable legal jurisdictions at best, and use proxies and other things that go above my limited head to hide the true hosting location. Unfortunately for now shutting down the original content is allot more complex.
Crampton – Orcon are not implementing it, they are the next largest ISP. Pretty good if you are in a main centre (less so in the smaller cities) and their overall experience is pretty good. They severly limit p2p during peak periods, which I personally like as it means the rest of their network works allot better.
March 16th, 2010 at 3:05 pm
If the filter becomes de facto compulsory (as in the UK), then I would argue it is better to have it covered by legislation than a “voluntary” scheme with no oversight or control. Legislation would clearly prescribe the permitted limits of the filtering (or at least bring them out in the open). It would be more likley to prevent any surreptitious attempt to extend the filter than the current unregulated scheme. The legislation could also guarantee that the filter remains voluntary for ISPs.
March 16th, 2010 at 3:09 pm
Greg, they wear blue… aside from that, not a lot.
I’m particularly concened that john Keys is behaving a lot like Helen Clark in a manner of rule by decree because he knows whats good for us.
I await the day we find a politician and party worth voting FOR instead of against. We have plenty of those already.
March 16th, 2010 at 3:16 pm
“Crampton – Orcon are not implementing it,”
Bizarrely, a government-owned ISP.
(Bizarre as in they arent implementing it and bizarre in that the state owns an ISP)
March 16th, 2010 at 3:52 pm
I agree with all that you say, DPF. But what really makes my blood boil is this:
The reason for this filter is presumably that we will somehow be irreparably shocked / upset / damaged if we inadvertently stumble upon child pornography. Yet there is clearly a class of superheroes at the DIA who can spend all day looking at the stuff (purely in the interests of shielding the rest of us, you understand) without being affected at all.
Aren’t we simpletons lucky that this superior class of person – our “betters” if you will – exists, protecting us from all that is unpleasant in the world. They alone have the moral fortitude to head into the darkest recesses of the internet and see what is there, while the rest of us simply couldn’t cope with going “WTF?!”, clicking the “back” button, and possibly reporting said site to law enforcement.
If only we could all attain such perfection as these anonymous, faceless bureaucrats at the Department of We Know Best.
[Meanwhile, of course, the people who go looking for this sort of stuff continue trading it on IRC, peer-to-peer file sharing and VPNs, unaffected by any filter].
March 16th, 2010 at 3:58 pm
“Bizarrely, a government-owned ISP.
(Bizarre as in they arent implementing it and bizarre in that the state owns an ISP)”
Ha, indeed. The irony was not lost on me when I first came accross it.
March 16th, 2010 at 4:17 pm
As long as we give permanent name suppression to professionals from Palmerston North who amass libraries of 300,000 images of this stuff whilst working close to primary school children, we’re on to a hiding for nothing.
What is the point of home detention and community service for people who sell/trade/give this stuff away, they are moving towards being touchers and are aiding and abetting touchers.
They know this and so do the cops.
March 16th, 2010 at 4:23 pm
There is one internet image board that I am aware of that has a ‘humor’ section in which there is a lot of sexual-related material posted. I understand that in the past child pornography, while not the norm, has been posted there. These images are not normally there, and the site does not archive them (they are typically deleted every couple of days). This could be a case of a person ‘inadvertently’ stumbling on such material. I would be interested to see how the DIA filter would cope – should they filter “just in case”?
Secondly, I help administrate an internet forum. We have a no-porn policy, and will delete it on sight. We have not had anyone post child pornography, but occasionally get porn-bots posting, and have had bestiallity etc. What will the DIA approach be if (for example), a botnet started posting this sort of crap to otherwise legitimate websites? I would hope that sanity would prevail?
March 16th, 2010 at 4:48 pm
Child porn has been specifically identified as a hazard, more so than any other porn or other objectionable content. This is why child porn is singled out for special treatment in the Films, Videos, and Publications Classification Act 1993.
Agreed however it should not be the thin edge of the wedge, if restrictions spread to other content then there will be temptation for people to learn to use proxies. Moreover there are other problems. For example one can store a hell of a lot of images on a micro SD card.
March 16th, 2010 at 4:56 pm
I checked with my ISP. Add them to the list of renegades and subversives who “have no plans to implement the filter”. They go by two names: XNet and WorldXChange.
This looks likes it could become a significant point-of-difference between ISPs, affecting customer churn.
March 16th, 2010 at 4:59 pm
It vaguely bothers me, due to the mental retardation involved in blocking something that the offenders are going to take no more than 5 minutes to figure a way of getting around it, but it’s voluntary for the ISPs so It’s hard to get worked up about. If it turns out to cause technical problems, waste resources etc, the ISPs will be free to drop it. Meh.
March 16th, 2010 at 5:14 pm
I bothers me because it is way too nanny-state.
While there may be ‘peer review’ and processes in place to prevent it becoming a Chine-like filter I wonder what the disclosure processes are.
Its all very well for some government dept to decide that something should be filtered, and to have that information publicly available, but how available? Are all changes to the filter publicly notifiable?
Having to issue OIA requests to find out what is being filtered is the next best thing to no consultation. I think it would be too easy for this or future administrations to ‘slightly expand’ scope, and before you know it, the next Labour govt will block this blog!
March 16th, 2010 at 5:17 pm
I’m with xnet too. Glad to hear that they don’t support this stupid idea. I hope others who are with Telstra-Clear/Telecom will change ISP because of this.
One just has to be cynical about this filter. We know it won’t work. Is everyone just letting it come into being because saying “I support unblocking child porn on the internet” would be political suicide?
It must be a either a charade (government “taking action” on illegal images), or preparation for a kill-switch for any website that says the something the government doesn’t like. I guess the other option is “In Australia they do this…”, and sadly NZ often follows in Australia’s stupid footsteps.
March 16th, 2010 at 5:27 pm
This is just a stupid waste of time and money, and more importantly, will slow the internet down for everyone.
As DPF mentioned, hardly any serious CP goes via http so it’s like putting a full time security guard on your side entrance while leaving your front door open.
They mention $150,000 in funding; that’s not going to be close to the figure needed to filter a whole country’s http traffic.
Even if the filter only adds 0.1 seconds to an http request, it could still result in much longer page load times – typically web site pages can need many tens if not hundreds of http requests to load.
This is stupid stupid stupid, the kind of stupid that only governments can come up with. Bah.
March 16th, 2010 at 6:05 pm
If it has to be it has to be but I would like to see anything that has to be “filtered” be agreed on by an elected committee of my fellow countrymen. Not, I repeat NOT, by scum sucking power crazy politicians. These bastards should be a thousands miles from this sort of technology.
March 16th, 2010 at 6:25 pm
Especially since even with an OIA, they still won’t tell you what’s on the list.
March 16th, 2010 at 6:27 pm
Missing is an important reason: it does not solve any problem. Even if people do access child porn by going to web sites, which I doubt is the normal way to do it, the DIA’s filter can be easily circumvented by a proxy, and setting that up is simply a matter of following a few standard instructions. And the DIA filter will not stop ftp, emails, torrents, skype, mobile to mobile, or even postage or copying files between hard drives. So this whole thing is a total waste of time and money.
Is it possible that this whole thing has occurred because nobody had the gumption to stand up and oppose this total silliness for being totally silly out of fear of being seen to defend child porn?
March 16th, 2010 at 6:32 pm
SSB, isn’t “an elected committee of my fellow countrymen” the same as “scum sucking power crazy politicians.”?
March 16th, 2010 at 6:36 pm
Yes, I think you’ve nailed it.
“Something must be done!”
March 16th, 2010 at 7:01 pm
After trying Vodafone ADSL2 and Xtra i am looking at heading back to Xnet probably the best ISP i have had in this country, good to hear they wont be filtering content.
March 16th, 2010 at 7:07 pm
I used to run IT security for an organisation. Occasionally I’d receive a call from one of our employees complaining about being sent child porn and I’d investigate. I had one woman ring up in tears because she’d received an e-mail containing “child pornography” and graphically described a man having anal sex with a young boy. I checked. It turned out to be very obviously two adults, one was a woman, and it was hard to see what was going on the image was so small and low resolution. What she saw was almost entirely in her own head. By then I’d worked out that there was a segment of our user base who have whipped themselves in to a frenzy of moral indignation where all porn is, by definition, illegal child porn and that no measure to eliminate it failed their cost benefit analysis.
So we have the Australian Internet censorship people define “child pornography” to include any adult who might possibly be mistaken for a child. If you have enormous silicon-enhanced “assets”, then you’re free to work in porn in Australia. But if you’re a bit flat chested, then you need to book yourself in to the plastic surgeon before you can start work. We also see them prosecute people who possess written or cartoon material (including the Simpsons, in one case) involving children in sexual situations. While this might be distasteful, I don’t see that any child is harmed. As an analogy, murder is illegal but if we banned fictional depictions of murder then there wouldn’t be much on the television. And we don’t mind because no one is harmed filming an episode of CSI.
So what standards and definitions are being applied in the NZ case? Who knows! We’re supposed to just trust DIA and their reference group. DIA publish their non-Internet censorship decisions, but the Internet ones are secret. Censorship where the criteria and the decisions are secret is just wrong.
I suppose we’ll have to wait for someone to write a web crawler that will compile a list of pages censored in NZ and publish it. In which case, will DIA censor pages hosting the list of banned pages? The Australian banned pages list made it to WikiLeaks, and their response was to ban WikiLeaks.
March 16th, 2010 at 7:08 pm
Yeah you’re right Malcolm but I meant a committee outside and independent of the scum suckers, if such a thing is possible. Just imagine this sort of crap in the hands of power at any cost socialists. Something like this would have had the Dear One orgasmic.
March 16th, 2010 at 7:14 pm
Beautox>They mention $150,000 in funding; that’s not going to be close to the figure needed to filter a whole country’s http traffic.
I think the new NZ-Aus-USA cable being discussed is supposed to run at 5 terabits per second. Redundant appliances to filter at those speeds are going to set you back millions of bucks. Possibly tens of millions. The idea that you can filter a whole country worth of Internet traffic for the cost of a single enterprise-sized deep inspection firewall or XML appliance just isn’t realistic.
March 16th, 2010 at 8:50 pm
I think some of the posters are over-estimating the ability of people who access child porn. Many of them are what you might term ‘low functioning’. At the polytech I did some tech support for we had one guy print some outchild porn to a colour laser printer, except it was not the one he thought it was – doh! We referred that to the police.
I believe the point of blocking child porn, is to lower accessibility, and therebye lower demand for people to make it, and thereby lead to less suffering.
Oh yeah I noticed no-one has mentioned anything about how else we might prevent the abuse of children in any of the posts above.
March 16th, 2010 at 9:18 pm
not give them home detention and name suppression perhaps?
March 16th, 2010 at 10:55 pm
Baby steps, we can do it, we can get like China if we go very slowly and don’t frighten the horses.
So DPF, a discussion breaks out in a thread which references information considered to be associated with child pornography practices because such a case is being discussed. Is that it, you are blocked?
D4J would say – forever fighting the fem nazi’s.
March 17th, 2010 at 12:48 am
I agree with the filter and, having read what DPF has said about it, think it is even better than I had imagined.
I head and read alot of people going on about how the internet is supposed to be unemcumbered by this sort of thing. They say that the internet shouldn’t be censored as censorship goes against the philosophy of free-trade of information.
I think we should get used to the fact that the internet will become more and more censored, through either commercial interests or government intervention.
The fact is that these are still early days. An analogy might be the first cars. I don’t know but I can’t imagine there being a speed limit placed on the first cars. Eventually there came a time where there was a need to limit their speeds.
As to the ability to VPN and P2P illicit material, as I said, it is early days and eventually there will be an easy and cost-effective way of blocking that also. In the meantime, stopping ‘curious’ users of child porn is the right way to go as it will cut down on alot of VPN and P2P use that stems from that initial curiousity.
Essentially though, I am not convinced by the ‘slippery slope’ arguments against censorship. There will come a time when it is politically unfeesable to institute further constraints, an example being the relaxation on literature in the past 40-odd years.
March 17th, 2010 at 8:34 am
They will filter out Goat Sex soon and both the Muslim world and Kiwiblog’s search stats will suffer.
March 17th, 2010 at 9:28 am
Australia has it’s own version, google cache only because the original isn’t available, https://secure.wikileaks.org/wiki/Is_the_Internet_Filter_Australia%27s_Berlin_Wall+site:http://wikileaks.org/+australian+banned+websites&cd=8&hl=en&ct=clnk&gl=nz&client=firefox-a” rel=”nofollow”>Is the Internet Filter Australia’s Berlin Wall
March 17th, 2010 at 9:32 am
Burt
As far as this thread was about, it was about url’s being contained/filtered not keywords or do you know something the rest of us don’t?
March 17th, 2010 at 9:56 am
Nostromo, that is because this has nothing at all to do with child abuse.
This is a case of lowlife scum setting up a big-brother type censorship (sorry BB) using the highly emotive child porn as an excuse.
Censorship that will at some time in the future be used for nefarious purposes by unscrupulous fucking pollies if it’s not stopped now.
March 17th, 2010 at 10:22 am
A few things -
The filter doesn’t need to filter all HTTP traffic. It’s quite well designed really, routes to IP addresses hosting filtered sites will be advertised as going though the filter. Most traffic will be unaffected, but there could be quite seriou impacts if content on a cloud host or large CDN were filtered then the impact could be significant.
I believe the point of blocking child porn, is to lower accessibility, and therebye lower demand for people to make it, and thereby lead to less suffering.
Oh yeah I noticed no-one has mentioned anything about how else we might prevent the abuse of children in any of the posts above.
I don’t think this system would make any impact on the serious demand for child pornography. If there is any significant trading of this material over plain HTTP (which is unlikely because of the necessary secretive nature of it) it will simply move to other methods – adding a simple SSL certificate to an existing site to provide HTTPS access is cheap, easy and defeats this filter.
The only way to prevent the abuse is to genuinely decrease the demand, which will require active investigation and prosecution. But realistically it’s like drugs – it’s never really going to be possible reduce demand enough to stem the supply entirely.
As to the ability to VPN and P2P illicit material, as I said, it is early days and eventually there will be an easy and cost-effective way of blocking that also. In the meantime, stopping ‘curious’ users of child porn is the right way to go as it will cut down on alot of VPN and P2P use that stems from that initial curiousity.
Fundamentally these things can’t be filtered without actually stopping them completely, or at best stopping a lot of legitimate traffic.
March 17th, 2010 at 11:55 am
I have difficulty with some of the figures. For instance it is claimed the DIA filter is comprised of 7,000 child porn sights.
Are there really that many out there? And if so, why is 7,000 and not 6543. DIA refuse to release the list, but they could give a precise nume couldn’t they? That’s if they are not concealing something.
DIA says each site is manually added to the filter list. I was once involved in converting a database of 10,000 names written on cards into a computer database. It was a huge job, so overwhelming that we roped in clerical staff, typists, in fact anyone in the office, to help – which also meant errors crept in.
My question is: How was it possible for three “warranted” DIA inspectors to collectively and jointly view and review 7,000 child porn sites? Did this really happen or where other DIA staff used? How long did it take? I can’t help but suspect that DIA have purchased an existing list from overseas, or the FBI have given it to them.
The practicalities of how this 7,000 list was compiled are significant and I am not convinced that DIA have satisfied the public that the system is as well developed and maintained as they suggest.
March 17th, 2010 at 12:18 pm
Agree with homosexual Kiwi contributor — I agree with a filter. The Internet is a bit like the wild West at the moment. Filtering out child pornography seems to me to make sense and I can’t understand why anyone would be against that?
Appreciate there is a slippery slope argument but no one is arguing that we shouldn’t censor child pornography. It appears to be more around technical arguments about whether it will slow down the Internet. DPF’s argument about breaking the Internet doesn’t carry a lot of weight with me, when we consider the evil that is being perpetrated by Child pornographers.
March 17th, 2010 at 12:27 pm
Well, lets not forget the illogical sentences we seem to be giving them!
There’s no standard sentence for possession or for on selling/passing on the images.
Some get name suppression and home detention and others get the book thrown at them, totally inconsistent.
This is harm minimisation not dealing to the problem.
If we were serious about it, we can deal to it simply by all democracies turning off an ISP that hosts Porn sites.
The ISP’s will soon start to comply and those countries that allow hosting will find their IT traffic gets chopped around.
March 17th, 2010 at 8:32 pm
How many countries now have or are planning to have internet filters capable of filtering thier whole countries traffic?
Child porn seems like a good excuse to have the ability to be able to control something so important.
I bet it is some kind of UN idea!