As reported by Bernard Keane in Crikey yesterday, Australia’s corporate regulator - ASIC - has admitted to another incident in which a website blocking request has lead to the inadvertent blocking of thousands of websites.
In a written statement [PDF: 474KB] provided to the Senate Economics Legislation Committee, ASIC have admitted that one previous blocking request in which they specified an IP address, rather than a domain name, resulted in some 250,000 websites being blocked.
They claim that “the vast majority (in excess of 99.6%), appear to contain no substantive content. In this instance we believe that less than 1000 active sites (less than 0.4%) may have been temporarily affected. None of these are .au sites. There are various reasons why such a large number of sites with no substantive content may use the same address, such as through a ‘domain for sale’ operation.”
Given the evident lack of even a basic understanding of the functioning of the Internet’s addressing system within ASIC, these claims are simply not credible. Has ASIC actually reviewed all 250,000 sites to determine whether they contain ‘substantive content’? How do they define ‘substantive content’? Do they believe that ‘only 1000 active sites’ is an acceptable level of collateral damage? The fact they none of them were using .au domain names does not mean that they are not sites operated by Australian entities (such as melbournefreeuniversity.org) nor does that mean that they are not sites that Australians wish to access.
While ASIC’s motives are of course laudable - to protect Australians from fraudulent investment schemes - their use of section 313 of the Telecommunications Act to block these websites is extremely problematic.
In their statement, ASIC has committed to consult with other government agencies and police “to determine how we can best disrupt websites that are part of criminal operations without impacting on legitimate sites”, and are looking at:
- how to ensure only specific websites are targeted (use the domain name, not the IP address, it’s really simple!);
- contacting hosting or domain name providers to have sites taken down at their source, and;
- redirecting blocked sites to a landing page indicating why the site is inaccessible.
They have also committed to publicly report on their use of s313 on an annual basis.
These steps are all very necessary and have our support, but EFA believes that ASIC must cease all use of s313 to block websites until they have:
- learnt how the Internet addressing system functions;
- implemented, in consultation with the Department of Broadband, Communications and the Digital Economy, clearly defined processes for the use of this power, including some form of independent oversight; and,
- implemented a landing page to which blocked sites can be redirected that will inform affected users trying to access a blocked website.
EFA believes that the use of s313 to block websites should be subject to judicial oversight, through a requirement for a warrant to be issued for each request.
View Senator Ludlam’s questioning of ASIC officials from last night’s session:
EFA has been a leading voice against internet filtering in Australia, through our Open Internet campaign. You can support our work in fighting for digital freedom, access and privacy in Australia by joining or donating today.