Wednesday, October 14, 2009

Filtering of Web Content by Internet Service Providers

The ACS has released the report "Thechnical Observations of ISP Based Filtering of the Internet" (12 October 2009). This discusses how well filtering of web content works, rather than the political or ethical issues of if it should be filtered. Some of these are discussed in my ABC Radio talk "Filtering Porn on the Internet:Imperfect by Necessity". The ACS report is 22 pages (300 kBytes of PDF), but the findings are summarised in a media release "ACS ISP Filtering Report: No Silver Bullet".
The ISP Filtering Report highlights the current challenges associated with filtering or blocking of internet content, which include:
  • Lack of a clear definition of the types of content that are subject to filtering
  • Limitations of automated techniques for analysing video, pictorial and audio content
  • Need for clear and consistent criteria behind labelling and rating of content
  • Where filters are placed within the network architecture, there is an impact on network performance (efficiency, speed etc)
  • Avoiding ‘over blocking’ and ‘under blocking’ and achieving consistency in blocking of material
  • The rate at which new Internet-accessible content is being generated makes it difficult to maintain up-to-date black lists, white lists, keywords and phrases etc used by analysis algorithms
  • Effectively managing user-generated material, which is created ‘on the fly.’ The labelling/rating of these sites and content is practically impossible; and
  • How to deal with encrypted traffic and secure channels, as encryption impedes filtering....
The Taskforce makes the following recommendations for progressing the debate and some issues surrounding ISP filtering. These recommendations aim to reduce the likelihood of inadvertent exposure to illegal content on the Internet:
  1. Multi- faceted approach using filtering technologies to address the distribution of illegal material - A multi faceted approach is needed to address filtering out or blocking of illegal material on the Internet using filtering technologies at the ISP, user and enterprise levels. This includes increased professionalism and tighter controls around domain name registration, education at all levels of society and oversight by parents.
  2. Education and oversight are the best methods to ensure online safety for children - There is no technological substitute for appropriate education and parental supervision of young people who are using the Internet. Education and oversight remains the best method of ensuring that children (and other end users) are aware of online safety and are not deliberately viewing inappropriate material or engaging in inappropriate behaviour online.
  3. Objectives of any ISP filtering program should be clearly defined. Based on recommendations 1 and 2, the Taskforce believes the policy objective for filtering should be clearly articulated; for instance, whether it is:
    • to avoid inadvertent or unintended viewing of Refused Classification (RC) or illegal content while surfing the web;
    • to prevent, detect, block and prosecute delivery, access, publication or circulation of RC or illegal content;
    • to deter both inadvertent and/or deliberate interaction with a wider ambit of RC, illegal or prohibited material using any method of Internet access.

    In addition to clear objective(s), this program should also include: performance standards, clarity around the definition of material to be filtered, reporting processes, type of traffic and filtering mechanisms to be used.
  4. Development of minimum standards to measure filtering efficiency - Different filtering processes achieve varying results in terms of impacts on speeds, resource usage and accuracy of filtering (over blocking and under blocking). In mandating or regulating for ISP level filtering, the Federal Government should develop a set of minimum standards to be achieved against which the efficacy of filtering can be measured.
  5. Planning for location of content filters - The Taskforce believes considerable thought needs to be given to location of filters within the ISP architecture (depending on the size, speed and level of redundancy) to avoid multiple filtering of feeds, filter failure which causes service disruptions and significant performance reduction due to filter operations.
  6. Implementing a national, voluntary content rating system - As part of any ISP filtering program, a national, content rating system could allow content providers to rate the material on their sites. Any rating scheme used should be standardised and easy to use so content developers can self-rate their content.
  7. Transparent guidelines and auditing process - The Government should establish clear, unambiguous guidelines on sites and material that will be included on the ACMA black list. In addition, there should be an independent and transparent auditing process for the black list and an ability for complaints about those sites included on the black list to be lodged and assessed in a timely manner.
  8. Ability to customise filtering levels - The Government should strongly encourage ISPs to provide products that allow users to select/customise their preferred level of filtering (above that which is mandatory).
  9. Education on protection and threats – As filtering is only one level of protection, the community needs to better understand the factors associated with threats, computer and network vulnerabilities and how countermeasures work and what they can do to protect themselves, if they are going to adequately protect their identities and their activities online. ...
From: ACS ISP Filtering Report: No Silver Bullet, Media Release, Australian Computer Society, 12 October 2009
The table of contents from the report:
1 Introduction 1
2 Background 2
3 Key Issues Addressed by the Task Force 3
3.1 What Are the Goals/Objectives of ISP Filtering? 3
3.2 What Type of Content Should Be Filtered? 3
3.3 Where Should Filtering Occur in the Network Architecture? 4
3.4 What Type of Internet Services Should Be Filtered? 4
3.5 Nature of Internet Filtering 4
3.6 How Is Illegal Material Distributed? 5
3.7 What Are the Criteria Behind the Black List? 5
4 Technical Issues and Filtering Techniques 6
4.1 IP Blocking Using IP Packet Filtering/Blocking 6
4.2 Domain Name Server Poisoning 7
4.3 URL Blocking Using Proxies 8
4.4 Hybrid System 8
4.5 Content and Site Labelling Based Filtering 9
4.6 Other Methods of Content Control 9
5 Issues and Design Choices for Filtering 10
5.1 Content Classification Issues 10
5.2 Criteria Enforcement 10
5.3 What Traffic to Filter 11
5.4 Encrypted Traffic 11
5.5 Filtering and Network Architecture 12
5.6 Implementation Issues 13
5.7 Addressing P2P and BitTorrent 13
5.8 Circumventing Filters 13
5.9 Over Blocking and Under Blocking 14
6 Other Issues 15
6.1 Improved Control Over Domain Name Registration 15
6.2 ISP Filtering Trial 16
7 Awareness and Education of Users 16
8 The Way Forward 17
Task Force Members 18 ...

From: Thechnical Observations of ISP Based Filtering of the Internet, Australian Computer Society, 12 October 2009

No comments: