I am part of the Independent Reference Group, mainly because I don’t believe the filter will work, and because I am implacably opposed to any extension of it.

The members of the IRG are:

Nic McCully Deputy Chief Censor
Office of Film & Literature Classification

Nic Johnstone
Office of the Children’s Commissioner

Steve O’Brien Manager, Censorship Compliance Unit
Department of Internal Affairs

Mark Harris
Technology Research & Consulting

Andrew Bowater Government Relations Manager
Telecom

Duncan Campbell Deputy Editor
Netguide

My understanding is that this is not an exclusive list and may be added to if the need arises. The Independent Reference Group hasn’t met yet. The first meeting will be in early March. One of the first things I will be pushing for is publication of ISPs that have decided to join the scheme. I can understand why they would, and I expect it to be a marketing point for them.

It is an HTTP filter (which is why I believe it won’t be effective, as most of the really bad stuff passes through email, exclusive file sharing arrangements and the like). Anyone serious about obtaining images of child abuse (CAI in the jargon) will find it trivial to get around the filter. As I said to Thomas Beagle (http://www.techliberty.org.nz ) the other day, I think it’s security theatre, designed to make some sectors of the community feel safer.

Officials at DIA have assured me that they do not want to extend the filter, even to cover the other parts of s3(2), or I would not have agreed to be a part of the process at all. As the ZDNet article says, they have watched the train wreck that is the Great Wall of Conroy (my words, not theirs) and are determined to not make those sorts of errors.

However, we all need to understand that DIA can be instructed to follow Government policy. We need to monitor the policy making process and head any ‘slippery slope’ plans off at the political level. I am mightily encouraged that InternetNZ is engaging with DIA on this. For those unaware, while a councillor of InternetNZ, I did the testing on the previous incarnation of a filtering product, the IWF list, in 2005. My report from that trial is still available from the InternetNZ website (PDF)

I welcome questions and discussion about filtering, CAI and censorship in general. I am also happy to take concerns to the IRG and be a conduit to and from that Group.

EDIT: Just noticed an article by Liz Quilty on the technical nature of the filter. These are good points.

Let me say, also, that I do not support the CAI ‘industry’, either the images or the rationalisations that many use to justify it. It does disgust me, but so does the life and death of JonBenet Ramsay and other matters of the exploitation of children for whatever reason. What I do support is rational policy based on hard data and not on unproven assumptions.

For the record, I was involved in 2005 in some research and testing for InternetNZ, Netsafe and the Department of Internal Affairs. We were looking at the Internet Watch Foundation’s filter list and assessing it for use in NZ. My conclusion then was that, although the list appeared to contain nothing that wasn’t related to CAI (I freely admit that I did not check every link!), it would not be a silver bullet in preventing NZ Internet users from seeing all CAI material. I was investigating the freedom of speech aspect as much as the efficacy of the filter. What I was looking for, particularly, was whether the list blocked material that would be legal in NZ (not really) and, more importantly, whether it allowed material that is illegal under NZ law (which it does).

The matter of jurisdictional difference is important, as NZ has some of the most restrictive (or protective, depending on your POV) legislation in the world on this matter. The most important phrase there is, in my opinion, “promotes or supports” the activities. So it doesn’t have to be an image of a young person engaged in sexual activity, but can simply be text suggesting that the image would be a good thing. This is why you see very little media discussion other than “won’t somebody think of the children?”. Reporters, researchers and analysts like me have to be careful about what we say and write, to ensure that we don’t technically fall afoul of the law. Rest assured that I do not support or promote CAI, and I don’t personally know anyone who does. Okay?

Anyway, it was with some professional interest that I’ve been watching the Great Internet Filtering Debacle (GIFD) as espoused by the Rudd Government, and especially Senator Conroy. He believes the filth can be stopped. He’s put in place a pilot scheme to introduce this concept and it’s based on the IWF list mentioned above. It’s garnered more than a bit of abuse as a concept, because he appears to have determined that the filter should be used to block anything that is illegal in Australia. That covers a hell of a lot of ground, and it’s what has the opponents of the plan worried. The filtering is being run out of the ACMA (Australian Communications and Media Authority) which also handles spam and radio spectrum. Recently, reports surfaced around the world that their list had been leaked in various places, which is a bit like a 4 star chef giving out his recipe book to the opposition cafe down the road. A bit of research found the document and I was interested to have a look and see if the concerns were justified.

I was a bit unsure about downloading the ACMA list, when I saw it had been leaked, so I asked some contacts at DIA. They said it was okay to look at it, as long as I didn’t download anything from the links (which includes viewing, BTW, so don’t fool yourself that that will save you), and didn’t republish any of them. So I went and got it.

Having looked at the list, it’s a dog’s breakfast. Parts of it do read like the IWF list (down to the granularity of individual jpgs) so I suspect the original list was based on that one, but the additions are both odd and intermittent. It’s possible that the list is a phony – Conroy has claimed as much, but I understand that the leaker has acknowledged the list as from August last year (despite the two March entries), and has updated their release (public interest is very high and I haven’t been able to access their site for at least 24 hours, due to server issues). My gut feel is that the list is genuine, as the ‘dog’s breakfast’ nature of it fits with the whole Conroy plan of protecting Australia from naughty things.

Let’s look first at the update dates (the numbers in front of the date have been added for ease of reference) :

1.1 March19 2009
1.2 Aug 6 2008
1.3 July30 2008
1.4 July28 2008
1.5 July17 2008
1.6 July3 2008
1.7 June 26 2008
1.8 June 19 2008
1.9 June 13 2008
1.10 June 4 2008
1.11 may29
1.12 may22 – 2008 – Adjustment
1.13 MAY22 – 2008
1.14 MAY14 – 2008
1.15 MAY6 – 2008
1.16 APRIL30 – 2008
1.17 APRIL24 – 2008
1.18 APRIL16 – 2008
1.19 APRIL9 – 2008
1.20 APRIL3 – 2008
1.21 MAR26 – 2008
1.22 MAR20 – 2008
1.23 MAR12 – 2008
1.24 MAR05 – 2008
1.25 FEB29 – 2008
1.26 FEB20 – 2008
1.27 FEB13 – 2008
1.28 FEB6 – 2008
1.29 JAN30 – 2008
1.30 JAN24 – 2008
1.31 JAN18 – 2008
1.32 JAN9 – 2008 – B
1.33 JAN9 – 2008 – A
1.34 JAN4 – 2008
1.35 DEC19 – 2007
1.36 DEC14, 2007
1.37 DEC6, 2007
1.38 Nov 21 2007
1.39 Nov 14 2007
1.40 Nov 8 2007
1.41 Nov 2 2007
1.42 Oct 25 2007
1.43 Oct 18 2007
1.44 suicide
1.45 Oct 10 2007
1.46 Oct 3 2007
1.47 Sep 28 2007
1.48 Sep 18 2007
1.49 SEP 15 2007
1.50 AUGust 27
1.51 August 23
1.52 August 16 – Added the ones that must have been in the standard adult list [sic]
1.53
1.54 August-14 – 2007
1.55 August-12 – 2007
1.56 August-01 – 2007
1.57 july24 – 2007
1.58 July12 – 2007
1.59 July4 – 2007 – Update
1.60 June 27 – 2007 – Update
1.61 June 20 – 2007 – Update
1.62 June 01 – 2007 – Update

Now, I admit that my operational experience of this is 4 years old, but I have checked the IWF site and, as far as I can see, they still operate the same way. The IWF list is updated at least daily, sometimes more often. As a subscriber to their service, you get notified of the availability of each update, you go and download it through a secure connection and add to your filter. There is no software involved – it’s a simple list of URLs that have been reported to them, that they have checked and agreed, and added to the dynamic list. I say “dynamic” because they do have a process in place to recheck the URLs at a later date (after giving the relevant ISP/host notification and the opportunity to take it down) and remove them if they’re no longer offending. The IWF has a formal arrangement with the Home Office which gives its Code of Practice a lot more authority than an industry voluntary agreement.

What I’m getting at is that this list would be regarded as woefully out of date by anyone serious about this stuff. If you’re doing a pilot, you have to run it as the real thing or the data is meaningless.

It’s also important to note the IWF raison d’etre. They work to eliminate:

1. child sexual abuse images hosted anywhere in the world
2. criminally obscene content hosted in the UK
3. incitement to racial hated content hosted in the UK

1 is a given – almost any ISP in the Western world will respond to this. 2 would probably run under NZ legislation. 3 is most definitely not NZ law. Whether it should be is a debate for another time. It currently isn’t, and this is one of the reasons I flagged the list as not completely suitable back in 2005.

How it works is that there’s a hotline that you can call (“you” being anyone at all) when you encounter something that you think shouldn’t be there. The IWF (trained by Police and backed by the Home Office) check the URL and assess the legality of the material. If it infringes the law, they advise the relevant ISP. If it’s one of their member organisations (and I believe just about every ISP in the UK is), they are required by their Code of Practice to remove it. If it’s someone outside their jurisdiction, they alert them and add the URL to the list. Some jurisdictions are less cooperative than others and the material may not be illegal there, so it gets blocked so that UK citizens can’t access it.

The IWF also sells their list to similar agencies around the world, usually government-backed, and this subscription service appears to be what the Aussies have bought into.

Which brings us to the meat of the list – what’s on it? As I said above, I’m not clicking any links to verify them, but the URL formation indicates that the majority of entries are what you’d expect. There are features that someone familiar with this material would expect to see, like the structure and syntax of code, which let’s you know that you’re looking at JavaScript rather than C#. I’m not going to go into detail about them – you really don’t need to see this stuff. Trust me that it can be the stuff of nightmares, whether the kids are smiling or not. My hat is off the the people who can manage to patrol this beat, and I specifically mean Steve O’Brien and his team at DIA.

Anyway, there’s also stuff that, on first glance, doesn’t fit the mold. Poker sites, anti-abortion sites (with excessively graphic images I understand), some bog-standard adult sex sites that might have some under-age stuff on them, but I’d be surprised – they know how easy it is to get shut down, some sites I know that are gross but not generally illegal (think freaks, disfigurement, corpse images – not fun, but not illegal from what I know of Australian law), euthanasia advocates (twice- in fact there’s quite a lot of duplication, which just shows the level of care that’s being taken to maintain the list -not), lots of teen sites (and I’m guessing that will include anything with “teen” in the URL, by the looks of things, whether the subjects are of legal age or not), and then there’s the famous Maroochy Boarding Kennels.

This one’s been in the news so I knew it was safe to click on it. Now, I’m guessing the kitten in the hammock on the front page might be pretty young, and the puppy as well but, apart from being a design crime (lime green with animated unaliased images – gah!!!), this site is not at all illegal. And the URL in the list returns a 404. It has “/data” on the end of the URL, as do a couple of others -I’d be willing to bet that they’ve suffered a similar fate. And I’m not alone in guessing that. Maroochy’s story is that they were hacked a couple of years ago, with links going to ordinary porn sites, and that caused them to be blacklisted in Google, while they got it fixed, but that once it was fixed they were cleared again. If the list is ACMA’s, then they are not confirming the URLs they add, which can be quite serious for a small business that relies on their website to generate business. And there’s no way Maroochy could have known they were on the list, and so appeal. Loaded dice.

In summary, the list is not something I’d like to rely on. Conroy’s stated approach is that if it’s illegal in Australia, he’ll stop Australians looking at it. Good luck with that.

I’m in two minds about the value of filtering. When you hide stuff from people, it makes a certain subset more interested in finding what you’re hiding. Also, these URLs change on a daily basis, so there’s no way to keep up. On the other hand, this stuff is pretty bad and keeping people from inadvertently stumbling over it is probably in their interest.

Censorship authorities are pretty much agreed that filtering is not a silver bullet, but every bit helps. DIA is currently running a pilot using a different system that I hope to write about in a later post. Their view is that they’re focussing on images of child abuse, as that is their brief. Other things may be illegal, but trying to do too wide a coverage will result in less capability on their main objective. DIA are managing their own list, which will be maintained by a similar process to the IWF, via a reporting hotline. And they note that other countries are moving towards this kind of process as well.

The argument most often used against this type of censorship is that it’s the thin end of the wedge and may lead to governments censoring any comment critical of their policies. The Australian approach appears to be adding fuel to that argument. The only way for them to regain credibility is to be as transparent as possible. And that kinda defeats the whole purpose.

UPDATE: It appears I was looking at the 11 March list, which is marginally updated from the August list, Conroy complained about. There is now an 18 March release which is substantially different.