When I started my campaign against internet filtering my original concern was that the government would be running a secret censorship scheme.
However, as I’ve found out more about how the filtering will work (see the Technical FAQ), I’ve become increasingly impressed with just how useless it is. The DIA’s proposed internet filtering system is not going to stop the people who want blocked material from accessing it.
Here are some of the major technical problems with it:
1. It can’t intercept encrypted web traffic (https).
When internet web traffic gets diverted to the DIA, their filter server examines the request to see which website it is going to and then the request is either blocked or allowed. This does work if the web traffic is in plain text and not encrypted.
Of course, many people don’t want anyone to see the information they’re sending over the web to the bank, or the credit card number they’re sending to an online shop. So someone invented a secure form of web traffic (called https) that encrypts everything sent to and from the web server. More and more sites are starting to use secure web traffic for everything (e.g. Google Mail).
It’s not hard to change your website from non-secure http to secure https. And, if you do, the DIA filter server can’t intercept it.
2. It can’t intercept file sharing, email, chat, instant messaging or anything other than unencrypted web traffic.
Most mainstream movies and music are shared with peer to peer file sharing. The DIA’s filter server won’t look at this type of traffic.
Most online communications are through email or instant messaging. The DIA’s filter server won’t look at this type of traffic.
Why wouldn’t people who spread child pornograpy use the same tools available to everyone else on the internet?
The DIA’s filter server only examines unencrypted web traffic, ignores everything else, and is therefore doomed to irrelevance.
3. Adding new entries to the filter is a manual process.
Creating and moving websites is fast and easy these days. My own web server (used for this blog) only took about an hour to set up.
To be blocked by the DIA’s server, someone has to find out about the site, check it, and then add it to the list. At which point it can just be moved to a new name on the web.
When websites are so easy and quick to set up, I just don’t see how it’s possible for them to do a good enough job to keep the filter list up to date enough.
4. The filter will only be used by some ISPs.
A number of ISPs in New Zealand do not intend to use the DIA’s internet filter. They don’t see it as part of their business. To quote the words of one ISP’s CEO – “we’re the pipe, not the censor”.
If a number of major ISPs don’t use the filter, is there any point in implementing it for the ones that do?
And if the ISP wants to implement their own filter for their business/school clients, they’ll surely be wanting to ban more than is covered by the DIA filter.
5. A motivated person can easily get around the filter.
Most importantly of all, even if all those other points weren’t true, it’s just too easy for a motivated person to work around the filter.
One fairly simple way (and you could write instructions that would let even the non-technically savvy do it). Sign up for US$10/month account with a hosting firm in the US. Install MyEnTunnel on your PC and point it at your account in the US… and everything you do on the internet goes through the US and will never go anywhere near the DIA’s filter server.
Most people won’t bother doing this, but the people who want this material know that it’s illegal and are already used to using similar techniques to avoid detection.
Even if we ignore the political problems and the internet performance problems, we’re still left with the major problem that the filter just won’t work.
So why are we wasting time and money on it?