Sunday, October 26, 2008

Internet Censorship in Australia

It seems this nation hasn't learned from the lessons of the past, or at the very least - our government hasn't:
The Age
ABC News

For those interested in some background reading:
EFA Article

This issue rolled around in 1999 and none of the largest ISPs or ISP associations within Australia were consulted when Senator Alston pushed these laws back then. The final workable solution was client side filters deployed on home PCs to restrict undesirable content.

Before delving into the obvious issues:
- the technical difficulties of blacklisting all web traffic (to say nothing of the futility of it),
- any discussions over who has the right to determine what is "undesirable" content,
I'd like to point out that the previous model made sense (at least in part). It placed responsibility for end user security with the user.

If you are going to deploy these filters, do so at the client side. Combined with putting a computer in an open family area, log and monitor their traffic, have open discussions with your children about the use of the Internet (and parents not turning to the PC as the new babysitter) I think is a sound strategy for preventing children from access inappropriate content.

I know many people scoff at such filters but hey, at least this streategy doesn't involve implementing proxying layer content filter to degrade the Internet back to the Dial-up Dark Ages.

However, this isn't really about preventing kids from viewing pornographic or violent material. Infact, it seems the Government can't decide if they are trying to restrict child pornography from the masses or stop children from accessing undesirable content.

From my reading of the above two articles, it sounds to me like the government is really trying to crack down on child pornography and is using the whole "protecting the kids" schtick to justify it.

I wish I could find it but earlier this year, there was another article somewhere that a kid was beta testing these same filters filters and was able to bypass their filters within approximately 30min.

If this isn't enough to persuade you - the model they are using for restricting content is a black list.

Enough said.

When you consider the number of technologies that exist (for free) that can be used by pedophiles to remain almost undetectable - and that such technologies can easily defeat the proposed implementation the government is rolling out, we have to ask ourselves:
a) who are we really protecting?
b) what is the value add?

As security professionals, we ask ourselves these questions every day when we explore new controls to protect data. In asking myself the question here I find that the requirements aren't well defined.

The government has not clearly articulated what they are trying to protect, why they are trying to protect it and most importantly - it has failed to explain how this solution will meet their requirements.

Anyone who strongly objects to Internet Censorship, please read the EFA link under the background reading.

While I'm all in favor of shouting out against censorship, my experience has been that unless you have a better suggestion, you'll be ignored and not taken seriously.

As information security professionals, we should all stand up do what we do best - express our discontent, highlight the technical risks and weaknesses of this solution and encourage an open forum to discuss these issues. Maybe by better understanding the requirements of the day we can find a solution.

Write to your MPs, write to the EFA, Today Tonight, whatever. Just get your opinion out there.

1 comment:

Matthew Hackling said...

Some great points there. I remember protesting in the Hay St mall in Perth when they last tried to foist this on the ISPs.

Back in that day, I was on 56K dialup and anything that was going to slow that any more was rage inducing!

You can't prevent all crime, but you can have an effective police force. I'd recommend they save the cash and give it to the AHTCC.