The NZ Department of Internal Affairs is launching a web filter to block child abuse images (CAI)/child pornography(CP) (See my thoughts on terminology) in March, according to ZDNet. As part of the structure, there will be an Independent Reference Group that will have oversight of the process and be a point of review for complaints against the filter and its operation.
I am part of the Independent Reference Group, mainly because I don’t believe the filter will work, and because I am implacably opposed to any extension of it.
The members of the IRG are:
Nic McCully Deputy Chief Censor
Office of Film & Literature ClassificationNic Johnstone
Office of the Children’s CommissionerSteve O’Brien Manager, Censorship Compliance Unit
Department of Internal AffairsMark Harris
Technology Research & ConsultingAndrew Bowater Government Relations Manager
TelecomDuncan Campbell Deputy Editor
Netguide
My understanding is that this is not an exclusive list and may be added to if the need arises. The Independent Reference Group hasn’t met yet. The first meeting will be in early March. One of the first things I will be pushing for is publication of ISPs that have decided to join the scheme. I can understand why they would, and I expect it to be a marketing point for them.
It is an HTTP filter (which is why I believe it won’t be effective, as most of the really bad stuff passes through email, exclusive file sharing arrangements and the like). Anyone serious about obtaining images of child abuse (CAI in the jargon) will find it trivial to get around the filter. As I said to Thomas Beagle (http://www.techliberty.org.nz ) the other day, I think it’s security theatre, designed to make some sectors of the community feel safer.
Officials at DIA have assured me that they do not want to extend the filter, even to cover the other parts of s3(2), or I would not have agreed to be a part of the process at all. As the ZDNet article says, they have watched the train wreck that is the Great Wall of Conroy (my words, not theirs) and are determined to not make those sorts of errors.
However, we all need to understand that DIA can be instructed to follow Government policy. We need to monitor the policy making process and head any ‘slippery slope’ plans off at the political level. I am mightily encouraged that InternetNZ is engaging with DIA on this. For those unaware, while a councillor of InternetNZ, I did the testing on the previous incarnation of a filtering product, the IWF list, in 2005. My report from that trial is still available from the InternetNZ website (PDF)
I welcome questions and discussion about filtering, CAI and censorship in general. I am also happy to take concerns to the IRG and be a conduit to and from that Group.
EDIT: Just noticed an article by Liz Quilty on the technical nature of the filter. These are good points.
25 Comments
Good to hear that you’re involved with this. Anyone with any reasonable understanding of the internet will know that the filter won’t prevent images from getting to those that want them, but do you think that the filter is a good idea if it prevents ordinary users from accidentally stumbling across the images?
Ah, the oft-argued “stumble across it” line, also known as “won’t someone think of the children(tm)” ;-) [laughing with you, not at you]
How long have you been on the Internet, Stuart? How often have you “stumbled across” images of child abuse, in your daily surfing? Serious question.
I think I have once or twice, but I probably delve in seamier parts of cyberspace than most people. More often, it’s been because I checked a link in a spam email.
[NB When I ran New Zealand Government Online and checked *all* the email, I used to see about 1 spam a month, sometimes more, that linked directly to CAI sites. Many more that linked to adult sites, but that's irrelevant to the filter. And that's with thousands of messages a week that I personally could filter or have filtered for me i.e. I made the decisions about what I wanted to see (which irked the IT guys no end - I only let them remove viruses)]
Email won’t be subject to the filter, neither will https, irc, IM, twitter or anything that isn’t straight http. So, it will be trivial to avoid the filter, if that’s what you want to do. I’m please the filter is voluntary, because people can choose to use an ISP that’s not participating. If it was mandatory, as in Australia, I’d be the first to the barricades.
I don’t believe it’s the government’s place to tell me what I can and can’t see – whether political comment, pornography or anything else. I acknowledge that my view isn’t shared by government officials (Treasury isn’t paying much attention to my views on economic reforms, either, nor MED on copyright :-( ) and politicians, so I have to suck it up and deal with the real world.
Censorship is going to occur, because some people like nothing telling other people how they should live. My role is to minimise the harm that misguided censorship might cause.
The real issue for me is that the policy is around shutting down what authorities see as the “market” for this material, because they know it’s not possible to shut down the production. There’ll always be a rogue state that refuses to cooperate (currently, it’s Russia, though a lot of the material is actually served from the US as it has better infrastructure), there’ll always be servers that are easy to compromise, technology enables the dark side of life just as it does the stuff we like.
There *is* a child abuse problem out there. I’ve seen the stuff myself (legally, in DIA’s offices) and some of it is very bad. But we’re not going to shut down the problem of child abuse by stomping on the stray sparks around the edge. And we’re not going to help the real victims of the abuse by pretending it’s not there.
You’re right, in the 10+ years on the internet I’ve never stumbled across child abuse images before. However, I’ve stumbled across seedy sites before – including an embarrassing moment in the office when I mistyped a URL and an extremely dodgy website popped up!
But my thoughts are: if the filter only blocks child porn, and it’s managed in a responsible manner, I don’t see the harm in it. I don’t think the DIA is saying that this filter is going to be effective in shutting down child porn (if they are, then we’re in trouble) but if it’s an easy way to filter it out of standard HTTP traffic, that seems like a good thing to me.
By the way, when it comes to child porn I *completely* disagree with this statement of yours: “I don’t believe it’s the government’s place to tell me what I can and can’t see – whether political comment, pornography or anything else”
Re 4 – it’s not easy to filter out. It’s completely impossible. The filter is based on URLs that are submitted by people who do come across them, through their work. A lot of these will be from people who see it as their moral mission to seek out and report stuff. It is not doing assessment. ANy assessment will be done by live people. I’m not happy that people I don’t know with belief systems I am unfamiliar with have that level of control over what I have access to.
I agree that there is no essential harm in such an ineffective filter, but there’s no real benefit either, AND it could lead to people having such unwarranted confidence that they and their kids will never see anything untoward that they’ll freak when something does get through. And it will. And the media will be all over it – “why isn’t the government doing something?” – exceptions to policy will be made and THERE is the slippery slope that people like me are worried about.
re 5 Why?
The benefit of the filter is that if a particular URL is known by the authorities to show child porn images through HTTP, it can be blocked. I can’t see how that is ineffective – the filter will be 100% effective when it comes to blocking known URLs through HTTP. Just because there are others protocols that can be used to find and share child porn, doesn’t mean that we should just do nothing.
But I suspect your real issue here is that you don’t trust the government… Ah, the oft-argued “slippery slope” line, also known as “where did I leave my tin foil hat?(tm)” [laughing with you, not at you]
The URL can be blocked, but it can also be changed. Blocking the URL does nothing to remove the material, and very little to prevent it being seen. You mistake activity for progress. This is the equivalent of bailing a sinking boat with a sieve.
Technically speaking, it won’t work.
Don’t trust the government? Partially correct. I didn’t trust the government when I worked for it ;-)
You don’t need a tin-foil hat to know that governments over-reach themselves with half-baked measures, incompetent execution and political interference. I trust the individuals I know at DIA who are implementing this scheme to be honest and earnest about doing their job. I don’t trust any politician to be interested in more than the electoral cycle, and pushing whatever they think will get them re-elected. Cynical much? Perhaps, but out of experience.
I don’t believe in a government conspiracy to control our thoughts, but I do believe that you can’t block political thought without a blocking mechanism. Child abuse is often the argument used to put a mechanism in place, and once it’s there, there will be attempts to use it for other things. Overseas experience shows this. The Aussies haven’t even got their scheme in place and it’s already being pushed to include all sorts of material, some of which is not illegal.
It will all be done with the best of intentions – no-one is evil in their own head – that doesn’t make it the right thing to do.
By the way, you haven’t answered my question about why you disagree with me about censorship.
I didn’t answer your “why” question because I assumed you weren’t interested in my response, you just wanted an opportunity to present your case further. So feel free to let me know why you think that ordinary citizens have the right to look at child pornography.
(plus I don’t agree with anything else in your last comment, so we can just agree to disagree on your other points.)
I am interested in your response. Don’t make assumptions – you’ve never met me.
However,it seems you just want to be contrary rather than engage. I’ve already said why I don’t like censorship. If you’re not prepared to make your case, then that conversation is done, which is disappointing.
Am I to take it from your last para that you:
* don’t believe that URLs can be changed so that content remains available?
* don’t think governments over reach themselves?
* do think that governments are always to be trusted?
* don’t think politicians are interested in the electoral cycle and pushing things that will get them elected?
* Don’t think that requests will be made to include things in the filter that aren’t related to images of child abuse?
* do think that people – even governments – are evil in their own head?
You say: ” feel free to let me know why you think that ordinary citizens have the right to look at child pornography”
Now, that illustrates the difficulty of having any form of rational discussion about appropriate approaches to dealing with images of child abuse. As soon as an individual says “let people decide what they should see”, it’s taken as an endorsement of child pornography. That is a ridiculous “strawman” argument, often brought in when one party realises they have no legitimate argument to make, so they throw emotion into the mix so that reason won’t win. I was hoping for better from you.
What problems do you think censorship solves, and what would you permit to be censored?
To answer your questions…
* don’t believe that URLs can be changed so that content remains available?
I assume that the list of URLs will grow over time. As a URL is found to be showing child porn, it gets added to the list. It’s an ongoing task. (I hope I’m not wrong about that.)
* don’t think governments over reach themselves?
I trust that our government won’t. And if they do, we’ll hear about it, protest, and it will get fixed. (didn’t NZ get voted the least corrupt government in the world?)
* do think that governments are always to be trusted?
As above – we live in a democratic society, if we don’t trust the government then we can vote them out.
* don’t think politicians are interested in the electoral cycle and pushing things that will get them elected?
I don’t understand this question – are you saying that politicians may try to get URLs added to the list which benefit themselves?
* Don’t think that requests will be made to include things in the filter that aren’t related to images of child abuse?
As I’ve stated above – if this ever happened, I trust that we would hear about it and who ever was responsible for it would get punished (even if that punishment just means we vote them out.)
* do think that people – even governments – are evil in their own head?
Not sure what you mean? Some people are evil, others aren’t.
I disagree with you on censorship because I have no problem with child porn being censored. If there was a referendum on whether child should be censored, I would vote Yes. Generally I disagree with censorship, I feel like I should be able to make up my own mind about what content I should be allowed to see. But as I said above, I draw the line at child porn – I *want* the government to do as much as they can to block it (even if this first step will have little effect on those sickos that seek out the material.)
By the way, I just properly read the other article on 3 news you linked to, and I’m a bit confused. The writer says that the list will be filtering IP addresses, but my understanding (from reading the DIA info) is that it’s filtering by URL. Which is correct?
Also, the author says that the filter won’t work for HTTPS traffic, but if the DIA are blocking URLs, then it doesn’t matter whether it’s HTTP or HTTPS traffic – the URL is still blocked. You don’t need to see inside the encrypted traffic to get the URL.
So if I’m correct, most of that article is incorrect in that the filter doesn’t affect virtual web hosting behind a single IP, and the filter *will* work on HTTPS traffic.
What I mean by the URL changing is, when a distributer realises they’ve been blocked, it’s a trivial thing to route a new URL to the same content. Many use multiple routes anyway. My point is that the filter doesn’t get rid of the material – it only hides it so people forget it’s there and don’t do anything about it. Yes, the new URL can be added to the list, and it is ongoing, but it’s not dealing with the fact that the material is there at all.
Our government over-reaches itself all the time. Work out just how many government agencies are able to enter your home without a warrant.
Trusting governments – eternal vigilance! Look at what’s happening in the Canterbury high country at the moment. By the time the voters can have any impact, the damage will be done.
Yes, I believe politicians will attempt to have the scope of the list increased, all in the name of “the public benefit”. That’s one of the reasons I took this role on – to stand in their way.
How do you think you will hear about things being added to the filter? Especially if it’s done by changing the policy? There is no public reporting process. I think your willingness to trust government is a little bit dangerous, Stuart. We don’t live in a democracy, whatever it’s called by the spin doctors. Apart from the ballot, the general public has almost no say n the implementation of policies that affect them (e.g. GST, which this Government explicitly stated they wouldn’t raise, that they didn’t need to raise in order to fund their tax cuts. Yet now they are considering raising it. To fund their tax cuts).
I was part of the government structure for 20-plus years. I trust individuals within that structure, but I watch the structure like a hawk. There’s always someone prepared to say “let’s see who squarks if we do *this*”
What I mean by “evil in their own head” is that no-one wakes up in the morning and says, right, today I’m going to be explicitly evil, unless they’re a sociopath like Graeme Burton (and even he probably doesn’t think of himself as explicitly evil – he just doesn’t care).
People can do evil things with the best of intentions – “surely everyone would be safer if we just did this” – and when it’s to protect children, everyone applauds. But there can be unintended consequences. Look at the fuss in the UK where you have to get a police clearance to work with children. They don’t licence parents, but they vet the hell out of the chap who volunteers his time to coach the rugby team. That’s totally wrong, and based on a knee-jerk about 2 girls who got killed. By someone who wasn’t even working at their school.
I’m not arguing that images of child abuse (let’s call it what it really is) should be freely available. I’m arguing that we should be doing what we can to get them off the net and stop them being produced, not hide them behind a false wall and pretending they don’t exist. Let’s look at who is actually harmed by these images – the viewer? Not really, a momentary disgust, some emotional distress, but I’ve found no evidence of permanent harm or Id be out there doing unspeakable things myself, and so would the DIA staff who police this area.
The people hurt are the children who are being abused to produce their images. How will blocking them stop that abuse? It won’t, not an iota.
The current thinking in governments around the world is to criminalise “the market” in the hopes that it will dry up and lead to a drop in production. That’s not going to happen, because the worst stuff is not being produced for money but because they can. For trade in chatrooms and such, like for like. To have as “trophies”, or to collect the way some people collect stamps.
I think there’s a flaw in that thinking – you can’t dry up “market” that doesn’t exist. The number of people dumb enough to hand over identifying credit card details is miniscule compared to the numbers indulging.
While there is a billion dollar industry in this stuff, that’s only one part of it, and it’s arguably the least abusive. The hard core stuff is usually evidence of the real crimes against children, rather than the crime itself. By hiding ourselves away from that, we are not helping the children who are being abused. We are condemning them to oblivion, to be ignored while we feel happier because we’re ‘protecting’ *our* children.
I also think I should be able to make up my own mind about what I can see. Where you and I part company is that I am prepared to accept that free speech and expression means there will be stuff out there that I don’t like, or consider disgusting. It’s my choice to look at that or not, and if criminal penalties arise from that, I’m okay with accepting the result. Personal responsibility.
I’m happy to agree to disagree. Why I’ve pushed you on this is to find out your thinking, not because I want to convert you to my viewpoint. But I do want you, and others, to think about the potential consequences of simply banning stuff you think shouldn’t exist.
With ref to 12, Liz got it wrong – it’s not the IP address per se being blocked – it’s the URL that leads you to that address. Sometimes, the scumbags don’t use the DNS but just the actual address of the machine. While that technically is its IP address, contextually it’s still the URL that you type into your browser window (or more correctly, the URI, but let’s not go there late on a Saturday night). She sees it as all about transparent proxying and it is not, which is why her points about https are also incorrect)
So, will IP addresses appear in the filter list? Undoubtedly. But domain names are not being looked up to find the IP address to add to the filter (which is what IP filtering would require). Technically, IP filtering could be faster than URL filtering, but also more prone to error. Liz is a technologist and her article assumes that the most efficient technical solution would be used.
According to DIA, https traffic is not being blocked. Yes, https URLs could be added to the list, but there are issues with verifying that secure traffic contains the content that would require blocking. Also, I believe the authentication (handshaking) involved in https exchanges would add a performance burden to the filter that DIA are trying to avoid (that’s sheer supposition on my part, BTW).
The points that I agree with Liz Quilty on are the non-technical ones. Your child’s safety depends on you teaching them what to do in any circumstances, not hiding the nasty thing from them as long as possible. That’s on a level with telling them that Santa Claus still exists when they’re 12.
The filtering process works as follows (this is my understanding from reading the technical documentation and from asking questions):
1. DIA adds URL to list.
2. The filter system converts URL to an IP addresses.
3. The filter system advertises that it has the best route to that IP address.
4. The ISP receives the advertisement and diverts *all* traffic for that IP address to the filter.
5. The filter then splits the traffic into HTTP and other. All non-HTTP traffic (including HTTPS) is forwarded onto the destination.
6. HTTP traffic is then examined. Requests going to the filtered URL are blocked, all other requests are forwarded on.
My understanding of https is that you can’t intercept it and work out which URL is being requested as that information is encrypted. (Yes, I believe it is now possible to set up an https proxy that would allow you to examine the traffic but this is hard and would require significantly more powerful systems and a significantly faster internet connection.)
In the trials the DIA blocked less than 1% of the traffic that was diverted to the filter.
You can read more about it here: http://techliberty.org.nz/issues/internet-filtering/filtering-technical-faq/
Thanks Thomas
So you are one of the ubermen chosen? to be capable of looking at the CAI. If you have any strange thoughts or are feeling tired, worn-down, restless or similar I would like to suggest to you that forwarding all new sites to me first and letting me decide whether you can censor those sites as an appropriate response to the harm that has been inflicted upon you by the evil Government. Rest assured that I will not let you be inflicted with the worst of the CAI anymore and with my Super Uberpowers am capable of browsing all sorts of weird and strange things, not limited to, but including asian porn, which straddles the line between approvable and banable frequently.
As you have alluded to this is about the Govt being seen to be doing something so that the sheeple will be placated, and to me it doesn’t bode well. When a Govt organisation is willing to use secrecy in their plans to curtail the freedoms of people for their own good, and when that is being done because they are actually trying to win votes by being able to give themselves the ability to say ‘we are doing something about it’., I seriously have to wonder what’s next… ie asian porn? i suspect most kiwis have no idea how crazy that stuff is, and if they did would want it banned. I know my mother would.
Anyway what we know is that this is irrelevent to the CAI industry and/or purveyors of such, all it does is put in place a mechanism to filter web sites, with a not very plausable reason for the existence of such filter. So it is definately the thin edge of the wedge being installed here and I deduce it is being done with reasoning that makes me concerned about the future of freedoms. How about blocking all those other illegal things alluded to? Well of course that should be next, it would be hypocrasy to not filter them, then of course there is those fanatics and extremists – elciada and anyone associated is next, then satan worshipers, might as well filter all those countries we don’t approve of as well, hmmm and once we start to use electronic voting we should filter all those sites that try to prove that those machines are untrustworthy, as that would be bringing our own democracy into disrepute….
YUP there is some serious work for you uberperson censors in the future.
Innovation is the plus side to censorship. It forces those censored to think outside the walls.
I have 3 sons and their desire to look at naked girls of the same age as themselves is STRONG, when I first said to the eight yr old hey puttin in ‘pics of naked 8 yr girls’ into google was probably illegal and the polioce could come round and confiscate all our tech gear and put me in prison. He did what he thought was best and so I started to see the history being cleared on the itouch. Not overly clever but he’s only eight and still learning.
My oldest boy has probably already searched for anonymous secret internet browsing or some such, or just been told at school how to surf safe, which to him is the exact opposite of what is generally meant by the safe search term, so like prohibition of generally harmless drugs we are making our children into schizophrenical citizens where we tell them we think they should do one thing but in actuality they mostly do something quite different, wondering what the rest of society is so hung up over.
I looked up some of those sites that were on the Aussie banned list releasaed on wikileak using a tor browser and found that they were mostly pics of girlfriend sites, hardly CAI in my opinion, then again I’ve watched enough tv to see glimpses of what CAI can be and feel pity for children abused.
Speaking of tv, I cannot recall ever seeing an erection. But have seen killing in so many ways that it is now passe, but on the net I have seen numerous erections but cannot recall any killing. And I ask myself what is worse…. Human death practically force fed every night or human arousal by choice…
Yup there is bad. But I don’t need the Govt to try and stop me or my children from accidentally or purposely seeing it. Thank you for speaking out for me.
Thanks, Raoul. Not feeling particularly uber, but I’ll do what I can.
People need to approach their MPs and raise a stir as to why NZ is doing this. Sadly, I suspect the predominant response will be “we’re protecting our kids” and who wouldn’t want to to that?
i don’t think the list of people thought about this filter enough, YOUR WASTING OUT TAX MONEY GET OUT OF THE COUNTRY
You may have misunderstood my position, Mr Anonymous. I’m involved because I don’t agree with the filter. My tax money too, BTW.
Yes, well I’m sure that the CIA filter would have stopped the prominent doctor in Palmy North from downloading his little collection of inappropriate images. Not !
Quite farcical in that this goon got caught and was slapped with a wet bus ticket.
So, who really is “protecting the children” ?
Twice, my internet connection has accessed CP, but it was NOT thru web browsing – both times they were bundled up in well-seeded torrent or e-mule archives – usually rar formats. Miley Cyrus’ Greatest Hits or similar in one case, and another was in a bundle of album artwork for an artist. Both my niece and my son didn’t seem too fazed by it – “happens all the time”, quite common it seems amongst their school friends.
Now this presents a catch-22 – do you report it and risk being on a “notified list”, and perhaps have your computer gear uplifted for weeks at a time for “forensic analysis” ? Or does one just purge the files and annotate the torrents ? If you annotate the torrents as CP, then you are advertising that the torrent is CP for those that are expressly looking ?
Yep, that’s the reason I think the filter won’t work.
As I understand it, notifying DIA won’t put you on a list, but there’s no point in notifying anything that isn’t a web page.
Your son and niece seem pretty balanced about it, and I think most kids would be. It’s the parents who freak out about it.
What if a purveyor of inappropriate material set up a website that detects the IP address of the visitor and thereby shows the internet censorship department pictures of happy kittens, but shows everyone else pictures of nasty things?
(or is happy kittens during business hours and turns nasty between 10pm and 4am each day)
Or a website that only shows an approved list (of paying inappropriate material viewers) the inappropriate material – and everyone else sees happy kittens?
What if a company (through a third party) hacks a competitor, places bad pictures on their server and then, after an appropriate period, reports their website and gets it taken off-the-air?
What if an overseas syndicate hacks your server and uses it to store dodgy material (no security is perfect)?
What if the website address changes weekly – or daily – or hourly?
What if the government decides to add a category of material to the filter – for example X-rated pictures of small-breasted women – and then extends it further and further with amendments…..where might it stop?
There are simply too many ways to get around this type of filtering – and far too many ways to spoof, hack or use it beyond its intention it for it to be worth the money.
Thin edge of the wedge.
I agree. As I said above, it’s security theatre. y aim is to try to minimise those possibilities. I can’t stop them filtering, but I can do my best to make sure it doesn’t extend beyond its remit.
It would work out cheaper to buy your own software protection against illegal porn etc.
But we know it runs deeper than that…this scheme.
Cheaper than what? For the individual user, there is no dollar cost in the DIA scheme. Last I looked the prices for home based filter software range from $US25 – 60 so let’s say $40 average, which is ~$NZ60. So that’s per computer. So, 1,621,000 total households filtered by 75% which have internet connections (broadband and dial-up) at 1.5 machines per household (on the basis that no connected household will have less than one computer, but many will have more than 2) and you’re looking at $109,417,500 per annum, as these are subscription-based products. Compare that with $150K pa for the filter – doesn’t stack up by an order of magnitude.
But you say it “runs deeper” – please elucidate.
2 Trackbacks/Pingbacks
Social comments and analytics for this post…
This post was mentioned on Twitter by vodafonenz: @CCDesign Mark Harris, one of the overseers, has a good post on this: http://tracs.co.nz/gripping-hand/censorship-and-the-dia-filter/...
[...] Censorship and the DIA filter Officials at DIA have assured me that they do not want to extend the filter, even to cover the other parts of s3(2), or I would not have agreed to be a part of the process at all. As the ZDNet article says, they have watched the train wreck that is the Great Wall of Conroy (my words, not theirs) and are determined to not make those sorts of errors. [...]
Post a Comment