Senator Conroy's office today provided answers to Questions on Notice asked by Greens Senator Scott Ludlam some months ago. Among the dozens of answers reiterating standard positions were some welcome details that have been frustratingly hard to come by before.
You can download the entire exchange (see below), but here are a few pieces of information we think are interesting.
Will an ISP be allowed to offer a service or product that aids in the bypassing or circumvention of the filter if;
(a) the product or service is solely for the purpose of circumventing or bypassing the filter; or (b) the product or service has other uses apart from bypassing or circumventing the filter.
ISPs will not be required to block circumvention attempts by their customers or other end users. [2580/1-3]
Our comment: It looks like there will be little risk in providing proxies, browser plugins and similar tools from day one to get around the filter. The Government must have accepted that they will wear this embarrassment.
On the blocking of entire domains:
What was the required behaviour of the filter when a Uniform Resource Locator (URL) consists only of the domain name?
Were all web pages on the domain blocked (or would have been blocked) at any point during the trial?
The ACMA Refused Classification Content list is a list of URLs of overseas hosted Refused Classifications material. The intended behaviour of the ISP filter is to prevent access to specific URLs. Were a domain name to be included on the Refused Classification Content list the intended behaviour would be to block that URL. It is not intended that other URLs on that domain be blocked unless they are also on the Refused Classification Content list.
This was not tested as part of the pilot and there was no URL on the list at that time that consisted solely of a domain name. See 2581 (5). [2581/5-6]
Our comment: This contradicts what we learned from the secret DBCDE forum that revealed, among other things, partial URL matching. If letter-for-letter URL blocking is what we get, then appending a "?" to any URL will possibly circumvent the filter.
Has the Minister ever been shown how to circumvent ISP filters of the type tested by Enex Testlab in 2009; if so, where and when was that demonstration conducted, which acts were demonstrated, and how long did the demonstration take?
Yes, the Minister has been shown a demonstration of a number of circumvention techniques of the filter products used in the ISP filtering pilot. This demonstration took place on Friday 5 June 2009, at the Enex TestLab at RMIT in Bundoora, VIC. The demonstration was of one hour duration, and a number of circumvention techniques were demonstrated including VPN and TOR. [2582/4]
Our comment: Interesting to know the Minister has had a proper demo. He is clearly well informed of the flimsiness of the filter, yet must not feel this diminishes the policy - that is, political - usefulness of the plan.
On ISP support for the filter:
Conroy:During consultations on the implementation of ISP-level filtering in Australia, a number of ISPs, including Telstra, have indicated their belief that filtering should be implemented on a mandatory basis through the implementation of legislation. [2583/3]
Our comment: This is interesting, if true, but is more likely to be a spinning of ISP opinion that they are not keen on voluntary filtering and only see it happening if it is indeed legislated.
On the size of the list:
Given that the report of the trial notes that it has been suggested by some stakeholders that 10,000 URLs may be a tipping point":
(a) does the department ever expect the blacklist to exceed this number of Uniform Resource Locators (URLs); if so, will further tests be conducted to test the censorware capabilities of filtering more than 10 000 URLs: and
(b) will the blacklist be restricted to under 10 000 URLs as a result of the knowledge from the trial?
The list will be regularly "washed" to remove URLs that no longer contain RC content. If the list approaches 10 000 URLs, the Government will undertake a technical review of filtering a larger list of URLs. [2583/14]
Our comment: This raises more issues than it answers. Firstly, the regular "washing" of the list will probably be a quarterly review, as indicated elsewhere in the document. If 10,000 does indeed cause a problem, there's a significant risk that the target will be reached very quickly. If a website contained 10,000 images, each at a separate URL, how would this be handled by ACMA? Or if somebody renamed a legal but RC image 10,000 times and uploaded them to a web server, and complained about all 10,000 URLs? Any such expensive and massive system needs to be more robust from the beginning.
As the Government has noted that URLs from "overseas agencies' will be added to the blacklist,
a) have these agencies previously agreed to this;
(b) which agencies does this include; and
(c) will the URLs obtained from these agencies be classified by the Classification Board.
(a) and (b) The Australian Communications and Media Authority has entered into a memorandum of understanding with the United Kingdom hotline operated by the Internet Watch Foundation, under which the Australian Communications and Media Authority has obtained access to a list URLs of known child abuse images compiled and maintained by the Internet Watch Foundation.
The Australian Communications and Media Authority has also obtained access to a list of URLs maintained by the Cybertipline, the hotline operated by the United States National Centre for Missing and Exploited Children. Access has been granted by the National Centre for Missing and Exploited Children, through the Australian Federal Police. The Cybertipline list contains URLs that provide access to depictions of pre-pubescent children being sexually abused. [2583/25]
Our comment: Mercifully, the NCMEC list and even the IWF list are much narrower in scope than the Government's proposed RC list, but there are obviously serious concerns in bulk-importing a list from an overseas agency unaccountable to the Australian public. The lists would have to be reviewed by Australian regulators.
Are the proposed censorware systems inconsistent with the Telecommunications (Interception and Access) Act 1979. whereby it is currently illegal for an ISP to intercept user requests: if so, is the Minister pursuing amendments to the Act to allow the censorware to legally intercept and block access to content?
The blocking of a defined list of URLs is not inconsistent with the Telecommunications (Interception and Access) Act 1979. Blocking URLs does not require the detailed inspection of web traffic.
Under the new ISP filtering scheme. ISPs will be free to choose the technical filtering solution most appropriate to their needs. However, the use of that solution must comply with relevant laws including the Telecommunications (Interception and Access) Act 1979. [2583/26]
Our comment: We'd dispute the assertion that "blocking URLs does not require the detailed inspection of web traffic", as it requires deep packet inspection, potentially exposing private information. As the system evolves, EFA will comment on whether any issues arise regarding compliance with the TIA.
What is the current typical cost of an ACMA investigation into a URL that is reported as potential prohibited or prohibited content where the content: (a) is referred to the Classification Board; and (b) is not referred to the Classification Board.
(a) In 2008-09. the average cost of investigating an item of online content that was referred to the Classification Board was approximately $685 per item.
(b) In 2008-09. the average cost of investigating an item of online content that was not referred to the Classification Board was approximately $173 per item.
Our comment: I hope you, as a taxpayer, feel like you're getting value for your money.
The full text is available here: Answers to questions on notice.