Thursday, January 3, 2008

An alternative policy (v0.2): Filtered Network Providers (FNPs)

Since it appears that the only way this absurd public policy is going to be abandoned is to propose a better one, I guess I better write down (off the top of my head) a better one. I may edit this post over the next few days as I refine it. Any significant edits will be noted.

First, let's document what I understand the Minister's objectives to be:

  1. to assist parents in their struggle to block their children's access to web-based pornography
  2. to prevent adults with deviant sexual behaviour from accessing the most extreme forms of pornography and violence, including, but not limited to child pornography
  3. to do so without appearing to have totalitarian intentions
  4. to do so effectively.

I simply don't believe there is any value specifically blocking children's access to child pornography since there isn't a scintilla of evidence that Australian children desire, seek or encounter such stuff. However, if the Minister would like to prove me wrong on this, then he is welcome to point me in the direction of the studies that show it.

There is currently no evidence that the Minister cares about points 3 and 4 but perhaps this campaign will bring him round. He also appears to want to technically block responsible adults' access to child pornography. Why this is necessary is beyond me - after all, that's why we call them responsible, um, adults. Perhaps the Minister doesn't believe there are many responsible adults in the Australian electorate.

We need a policy that recognizes there are 3 classes of subscriber: parents with children who are concerned about the material their children might be confronted by, convicted sex offenders and all other adults.

The grotesque flaw with the Government's proposal is that it doesn't make a clear distinction between convicted sex offenders and all other adults. As far as the Government is concerned all other adults are potential sex offenders who should be treated as if they were convicted sex offenders.

Why they think this is good politics is beyond me. But that's for another post. The goal here is to recognize that there are 3 classes of subscriber and to propose a solution that recognizes this reality.

Let's consider the requirements of each group in turn.

parents with children
The primary concern of this type of subscriber is to minimize exposure to pornography of all kinds and to violence. To achieve this, the subscriber (if not all the users of the connection) is willing to be censored and is willing to trade some performance for "cleanliness"
convicted sex offenders
Having previously transgressed social and legal boundaries, society has asserted its right to restrict this class of subscriber's freedoms in various ways.
all other adults
This class of subscribers has committed no offence against the law and, in a democracy, is entitled to be treated with respect. In this class there are users who are opposed to censorship on principled grounds and those who are opposed to it only if it becomes personally oppressive. Inevitably, this group, as does any sufficiently large group, will contain sex offenders who have not yet been charged or convicted of a crime.

The Proposal

One or more commercial organizations set up one or more filtered networks. These organizations would be known as filtered network providers - FNPs. ISPs may also be FNPs or FNPs may be standalone entities that offer services to a number of ISPs

ISPs may offer subscribers who opt-in, tunnels into a filtered network of the subscribers choice. All IP traffic originating from the subscribers end-point is unconditionally and transparently tunnelled into the filtered network. This is the end of the ISPs responsibility, with respect to filtering.

The filtered network is firewalled off from the Internet in much the same way as a corporate network is. All inbound access is blocked. Outbound access it limited to a restricted set of protocols and may require proxy authentication. All access to and from the network is (or can be) logged.

Convicted sex offenders would be required to have their ISP connections tunneled into a special filtered network as directed by order of the judicial system. Supervisional authorities would be entitled to review any access logs to ensure that offenders were complying with their parole conditions.

ISPs will not be required to block access to ACMA restricted sites but will be required to log such access in a way that can be correlated with a subscriber if later required by warrant of a court. ISPs would be required to report a summary of such access to authorities on a regular basis and these reports might be used by investigating authorities to motivate an investigation.

Unfiltered subscribers who a court determines are guilty of ACMA violations may be subject to control orders which require that their ISP enforces unconditional tunneling to a filtered network

All other internet users would continue to have unobstructed access to the internet that they currently enjoy. As importantly, they will retain the dignity and respect of their Government that citizens of a democracy are entitled to expect.


ISPs responsibilities with respect to filtering are reduced to setting up tunnels to filtered networks for individual subscribers and logging and reporting on access to ACMA-restricted sites. ISPs may compete on the flexibility that subscribers have in choosing and configuring their FNP. FNPs would compete on performance, transparency of their filtering policies, effectiveness of their filtering, range of protocols offered and so on.

In the interests of transparency, the filtering policies of each FNP should be public and subject to review by a board of respected citizens.

Since the subscribers of FNPs are requesting control of their network connections the filtering can be much more aggressive than is appropriate for the general network. As such, while it won't be bullet proof, it can be far more effective than otherwise. FNPs can more effectively attempt to block covert channels and can lock down the protocols that pass the firewall to a restricted number (e.g. HTTP and HTTPS, but not SSL).

Performance of subscribers using a filtered network is necessarily reduced w.r.t. raw network performance but this is a trade-off that presumably parents are willing to make. Parents either want an effective and secure porn-filter or they don't. Parents would be free to choose the FNP that offers the best performance/effectiveness trade-off. They would also be free to choose an unfiltered network connection.

FNPs could offer parents summaries of the internet activity of their children so that parents could review it and counsel their children if required. Such summaries might flag attempts to use covert channels.

Unlike the Government's proposal, this proposal doesn't create an all-pervasive censorship platform that can be re-purposed at will, thereby reducing fears that the Government has totalitarian tendencies. However, it still presents some risks. If ISPs have, by normal operational means, the ability to transparently tunnel individual subscribers to filtered networks of their choice then it is possible that this capability could be abused unless there are suitable safeguards in place to prevent this abuse.

Government authorities will only be entitled to inspect records relating to individual subscribers of unfiltered networks under strict court supervision. The Government will only be allowed to censor the access of citizens found guilty of violating a law. All other citizens will remain unmolested by censorship.

The fact access to ACMA-restricted sites is not blocked is actually an advantage if the goal of Government policy is actually to detect, investigate and prosecute sex offenders. A pattern of continual access to ACMA-restricted sites is far more convincing evidence of guilt than a single attempt that is blocked. The existing policy drives all sex offenders to use untraceable covert channels that are more difficult to trace and investigate simply because that will be the only way to get access to their filth. At least this way, it will be easier to catch the less sophisticated consumer of ACMA-restricted material. Of course, the more effective it is in catching criminals the less effective it will become since self-preservation instincts will force remaining offenders to exclusively use covert channels which cannot easily be traced.

The ISP industry will have to comment on whether it is technically viable to transparently tunnel subscribers to a foreign network on an end-point by end-point basis. It would not surprise me if this was as expensive as the Government's proposal, however, at least the ISPs would be relieved of the filtering responsibility; there responsibility would end once they have setup the tunnel.

This policy, in order to be effective, would imply the use of content-analysis style filtering. This will require lots of server hardware to provide the CPU-grunt necessary (disclaimer: I work for a hardware manufacturer).

Due to the amount of hardware required, it's hard to see how FNPs would be financially viable. This is especially true since existing PC-based filters are already just as effective as FNPs, in absence of an undisciplined child who attempts to subvert them. This presumably makes the market for FNPs reasonably small. It is also unclear how much parents would be prepared to pay for rights to use an FNP or how deeply committed the Government would be in subsidising it.

Existing ISPs would still likely resist this proposal for very good reasons: the tunneling requirement would still be expensive for them to implement and they would cop damage to their reputations as service providers if their subscribers blamed them for performance or access issues caused by the downstream FNP. As such, it is likely that FNPs would have to own the customer relationship effectively becoming, in some sense, ISPs themselves.

Concluding Notes

Even though I drafted this policy, I continue to have deep reservations about it.

Although I believe it does not hold as much potential for totalitarian abuse as the Government's proposal, it is still a step in this direction. If this policy was ever subjected to formal development one could see that it might get perverted by changes made in the name of technical or financial viability and these changes might produce a bastard child that was as dangerous as the Government's present proposal. To paraphrase the Minister's comments about a different threat - constant vigilance is required to protect us from those dark and perverted forces who threaten our liberties.

Every adult who has been prevented from getting something done by the brain-dead policies of the corporate firewall administrator knows how frustrating that is. At least, with free access to uncensored residential internet connections, we know what freedom means. Proposals such as this deny this freedom to an entire generation of Australian children; these children will grow up expecting to be filtered, monitored, controlled and censored. Is this what we really want to teach them? Much better, I think, to teach them that freedom brings with it both dangers and responsibilities.

It is also massive overkill - the only problem it solves which isn't solved by existing PC-based filters is the problem that PC-based filters are relatively easily subverted by children. Do we really need a solution any more complicated than a little bit of old-fashioned parental discipline? If parents don't have the respect of their children, the battle is surely already lost.

Finally, I'll close with this quote from Peter Chen's recent article in the Age:

The underlying belief that computers can perfect or protect our morality smacks of a strange mixture of technological ignorance and faith.

Revision History

0.2 (04 Jan 2008)
Rewritten policy. Clearly identifies filtered network provider as a separate concept and delineates the responsibilities between ISP and FNPs. Makes explicit the role of courts in imposing controls on and permitting surveillance of subscribers. Added note about lack of pervasive censorship platform. Added note about financial viability. Added notes about technical viability. Expanded concluding notes. Added note about likely resistance from ISPs.
0.1 (03 Jan 2008)
Added the idea of signing a declaration of responsibility in lieu of requesting a filter.
0.0 (03 Jan 2008)
Initial revision of policy

No comments: