Plunged into darkness: ISP filtering

Author Justin Pierce Published 7 September 2009

The Australian Labor Party’s proposed Internet filter has been derided for a number of reasons. While the scheme aims to protect children from age-inappropriate material—a worthy aim, no doubt—there are many potential pitfalls and shortcomings of blanket schemes:

1. the expense, side-effects and effectiveness of the scheme
2. technical problems and the operational costs
3. civil-libertarian concerns about censorship
4. analyst concerns about ill-defined policy goals.

The monetary cost of implementation as well as the policy and technical implications of the scheme poses several problems. The proposed technical solution is too easily thwarted—resulting in an expensive policy outing that hinders the functionality of the Internet for law-abiding citizens. Moreover, the government is yet to provide evidence of epidemic levels of children accessing age-inappropriate content.

The government’s plan for cyber-safety identifies the following risks children face online:

• online identity theft
• cyber bullying
• having photos unknowingly published online
• computer addiction
• online predators and paedophiles
• inadvertently downloading illegal material.

But the proposed ISP-level filtering addresses none of these. These risks as what we know as 'content risks'. Take cyber bullying for instance. A content filter is useless in preventing cyber bulling. The rise of social networking websites, coupled with media-enabled mobile devices, has shifted the risk from content to co-ordinated acts of bullying and cruelty facilitated by electronic means.

To prevent children from accessing age-inappropriate content, the government proposes a two-tier filtering system: the first tier will be an opt-in content-based system that will dynamically filter web content as it is accessed. The second tier is a blanket censor on all web traffic based on a centrally controlled blacklist. There are several issues at play with the government’s proposal. Two are:

• the concept and definition of 'age-inappropriate' is subjective. Consider, for example, what you believe is inappropriate for a fifteen year old, ten year old and five year old, and then compare your views with your neighbour.
• there are reported incidents from the democratic nations with established filtering schemes, albeit very few, where inappropriate content has been missed by the filter (false negative) and where legitimate content has been blacklisted (false positive) unjustly.

The technical implementation details are also worth considering for their respective shortcomings.

Dynamic filtering, the most aggressive model, is a content-based filter where keyword combinations are screened by software. While this model is the most effective for PC-based filters (such as Parental Controls by Computer Associates) it not only has the pitfalls of the false positives and false negatives noted earlier, but it represents a potential 30% degradation in performance. Because ISPs cannot monitor all individual packets (a process akin to the postal service opening and reading all mail before it is delivered to the recipient) the screening must occur at a higher protocol level, where it is most resource intensive.

URL-based filtering, while orders of magnitude more technically feasible, suffers from enormous administrative overheads as a large list of ‘inappropriate’ material is amassed. Due to the many billions of web pages—in multiple languages and dialects—it is unlikely the blacklist will be always current or eliminate all inappropriate material as well as allow legitimate content.

In either of these cases many websites, such as password-protected websites, operate using the secure socket layer (SSL) protocol or otherwise encrypted protocols. Filtering of such traffic will require the government either to break the encryption model or ignore encrypted content, which opens the circumvention of the filtering scheme.

Another difficulty is the technological savvy of the perpetrators of child pornography and exploitation, who are reportedly very technically adept and operate in underground, closed networks that do not involve Internet traffic. Of those that do, however, offending websites are often set up, shut down and moved on in under thirty days, making tracking very difficult.

While the filtering initiative is a noble cause aimed toward protecting children from age-inappropriate material, the filter is both technically unfeasible and misguided. From a civil libertarian’s viewpoint, the question of who will own and maintain the blacklist is overshadowed by others such as:

• secrecy and accountability of administrators
• scope creep.

Instead of wasting money on an ill-defined and technically unfeasible scheme to protect children from age-inappropriate content, wouldn't it be better to invest in supervisory education?