Australian Internet Filtering: A Taste of Things to Come?Tuesday, December 23rd, 2008 by Harry Lewis
Australian authorities are gearing up to test their plans to filter all Internet communications for illegal materials — child pornography in particular, but perhaps other materials as well. The test is focused on blocking access to web sites, and there have been several good articles on BanThisURL.com, a site specifically devoted to opposing the Australian plans. It’s a good object lesson in how hard it is to censor a distributed system and still have it work. Every now and then some member of Congress gives an if-we-can-put-a-man-on-the-moon-we-can-make-the-Internet-safe speech, and the Australian experience is a good object lesson in the special problems the Internet presents.
A good interview with a computer security expert appeared recenctly (thanks, SlashDot). It’s got a heavy dose of tech-speak, but it will be mostly comprehensible to a general reader. Here are a few of the main points.
- Man-in-the-middle attacks are a big worry. That is, if all Internet traffic is routed through one machine, or a small number of machines, which check for bad stuff, then getting control of one of those machines becomes a big prize. Control it and you can read all the mail going back and forth between Gmail and anyone in Australia, for example. What you do with it is your choice — you can just shut it down if you want to be nasty, or read it and not tell anyone if you want to do creepier things.
- Denial-of-Service attacks are another. You can make your filtering machines more secure by having fewer of them — but then it makes it easier for someone to try to choke them with thousands of requests every second. The way to beat a DOS attack is to re-architect the system, distributing its workload over thousands of machines — but then you have to worry about security at thousands of sites, bribes being offered to thousands of machine operators, etc.
- Exploiting software vulnerabilities. If the government buys machines and software from the lowest bidder, and doesn’t install patches with daily devotion, the machine is sure to be compromised by some Bulgarian teenager who is up to date on the latest and greatest attacks and has too much time on his hands.
- The filters probably won’t work. There are two basic approaches, each with its share of problems.
- A blacklist is just a list of URLs of web pages known to have bad content on them. The simplest approach to filtering is just to assemble a blacklist and check to see if the requested page is on the list, and to send back a “page not available” message if it is; otherwise pass the request along. But that would only begin a cat-and-mouse game. As soon as the owner of the restricted page realizes it’s on the government blacklist, he’ll move it to a different URL. Or some enterprising soul will set up a proxy server in another country — so you’ll send the URL of the page you really want to get to the proxy server (encrypted, so the government authorities can’t see what you’re asking for), the server in the other country will get the page and send it back to you (probably encrypted also). The government may blacklist the proxy server, which then moves its URL, and so on ad infinitum, or at least until one side gets tired.
- A content filter analyzes what’s actually being transmitted, photos or videos typically, and doesn’t let it through if it’s bad stuff. Now that requires the computer to recognize obscenity, which is a task most courts have a lot of trouble with. You can have a catalog of known bad photos (or their easily extracted hashes, but that’s a detail), but you’d have to keep that catalog up to date — at all the locations where it’s stored. You can flag photos for human screening by the percentage of the screen that is taken up with flesh tones, but that would begin another sort of cat and mouse game. Content filters don’t work very well, and to effectively screen out bad stuff, they have to err on the side of over-inclusiveness and eliminate lots of legal images too (Michaelangelo’s David, perhaps, or Botticelli’s Birth of Venus; not to mention medical illustrations and anatomy diagrams).
- Whatever kind of analysis is done, has to be done very quickly. Particularly when delivering video content, there just isn’t a lot of time to do the processing to figure out what you’re delivering. The genius of the Internet, as we explain in the Appendix to Blown to Bits, is that in the core, it’s really, really stupid. It just passes bit packets along. Ask it to do more and it will break.
- And of course everything you are doing has to be kept secret to foil your adversaries. Blacklists themselves become hot property — the blacklist used in Thailand became public a few days ago. It’s interesting to leaf through it — lots of garden-variety political cartoons with no sexual imagery at all.
Meanwhile, the Systems Administrators Guild of Australia has written a letter to the government stating, in essence, that it won’t work and they can’t make it work.