Archive for August 2009
IT Minister Steven Joyce has finally sent me a reply. This was in response to me asking him about his statements in NBR against the idea of Internet filtering:
We have been following the internet filtering debate in Australia but have no plans to introduce something similar here.
The technology for internet filtering causes delays for all internet users. And unfortunately those who are determined to get around any filter will find a way to do so. Our view is that educating kids and parents about being safe on the internet is the best way of tackling the problem.
I asked:
- Are you still against the introduction of internet filtering?
- Does the National government have a policy for or against internet filtering?
His letter didn’t answer either question, the only substantive part of it was:
I would like to say first off that the voluntary website filering system being proposed in New Zealand by the Department of Internal Affairs is significantly different in design and scope from the mandatory system proposed in Australia.
He then listed a number of differences in the systems and suggested I talk to the Department of Internal Affairs about it.
What I find interesting about this letter is that he carefully avoids answering both of the questions I asked. Steven Joyce refuses to say that he now supports Internet filtering, and also refuses to take the opportunity to state whether the National government has a policy for or against it.
I find this lack of clear political support for the scheme to be heartening.
Don’t just take my word for it, let’s see what the Department of Internal Affairs has to say about how well their system works (the following quoted text is all from the draft Code of Practice):
ISPs Might Not Participate
Participation in the Digital Child Exploitation Filtering System by ISPs is therefore voluntary and this provides an effective means of ensuring that the system keeps to its stated purpose. If ISPs become uncomfortable with the direction of the system, they can withdraw.
Doesn’t Prevent the Creation of Illegal Material and the Exploitation of Children
The Department of Internal Affairs appreciates that website filtering is only partially effective in combating the trade in child sexual abuse images. In particular website filtering is effective only after the fact and does not prevent the creation of illegal material nor, in the case of images of child sexual abuse, the exploitation of children.
Doesn’t Catch the People Doing It
The system also will not remove illegal content from its location on the Internet, nor prosecute the creators or intentional consumers of this material.
Can Easily be Circumvented
The Department also acknowledges that website filtering systems are not 100% effective in preventing access to illegal material. A person with a reasonable level of technical skill can use tools that are freely available on the Internet to get around the filters.
Doesn’t Stop File Sharing or Chatrooms
As illegal material, such as child sexual abuse images, is most often traded on peer-to-peer networks or chatrooms, which will not be filtered, the Censorship Compliance Unit carries out active investigations in those spaces.
Might Give Parents a False Sense of Security
The Department is aware that a website filter could give parents a false sense of security regarding their children’s online experience. Filters are unable to address all online risks, such as cyber-bullying, online sexual predators, viruses, or the theft of personal information.
Maybe the DIA should persuade themselves that Internet filtering is a good idea before trying to implement it.
The Department of Internal Affairs has released a draft Code of Practice for the operation of their Internet filtering scheme.
The Code of Practice provides a good overview of how the system works and explains the policies that the DIA will use to manage the list. None of it should be a surprise to anyone who has read the FAQs and other articles on this website.
Rather than rehash the arguments for or against the filtering (although it is amusing to note that the Code admits a number of the shortcomings with the system), I’d rather write about their proposal for an Independent Reference Group that they have included in the draft Code.
The Department will institute an Independent Reference Group (IRG) to maintain oversight of the operation of the Digital Child Exploitation Filtering System to ensure it is operated with integrity and adheres to the principles set down in this Code of Practice.
That reads well enough but finding out what the IRG will actually do is a bit tricker. The first reference to them is in relation to people appealing decisions to block particular sites: “The appeals submitted and the actions taken will be reported to the IRG. The reports will be published on the Department’s website.”
The second is merely about reviewing the Code of Practice: “The Department, in conjunction with the IRG, will review the Code after 12 months operation. ”
The first major omission in the Code is the method by which the members of the IRG are going to be selected. We need to know that to get some idea of just how Independent the RG will be.
Secondly, there is no real guidance to the workings of the IRG. How often will they meet? What powers will they have? What happens if there is a disagreement between the DIA and the IRG about the inclusion of a particular site?
Thirdly, note that the IRG still has to rely on the DIA as they’re the ones that judge any appeals. The IRG only sees the report of the DIA’s inspector. Is the IRG going to be able to anything more than say “The DIA told us that they’re doing everything correctly”?
Overall, I’m not sure if the IRG really adds much to the need for openness and transparency. Once again the DIA’s desire to keep the filter list secret ends in the inevitable “you have to trust us”, except that this time we have to trust the IRG who has to trust the DIA.
Naturally I’ll be making a submission.
A further response from the Department of Internal Affairs (page 1, page 2, page 3).
Some points from their letter:
- The Internet filtering system will be going live “within two months”.
- Public records? Those reports that we used to censor certain websites based on their content and then deleted are public records? Cor.
- Confirmation that all traffic (chat, file sharing, email, etc) other than web traffic is passed through the filter without being checked.
- Confirmation that all HTTPS (secure web traffic such as used by banks and shopping sites) is passed through the filter without being checked.
- Three people will be employed maintaining the filtering system, although they might have other duties as well.
Internet Connection
The Internet filter server will be using a “fibre optic cable at 100Mb/sec” at a cost of $2000 per month.
After talking to people in the industry, this sounds like it will be a connection through the Wellington Citylink network and at that price will probably include 5-10Mbps of paid for Internet bandwidth.
Filtered Content
Finally there are a series of questions & answers about the type of content they’re blocking.
First they respond with “All of the websites that were on the filtering list hosted images of child sexual abuse.”
But when asked about link sites, the response is very carefully written: “Some of the websites that were on the filtering list contained thumbnail sized child sexual abuse images as part of galleries and links to websites hosting objectionable material. There were no sites that did not include images of child sexual abuse, even if only thumbnail images.”
Of course, this in direct contradiction to what they have told other people as documented here (in both the article and the comments).
I hope the Ombudsman hurries up with their decision about releasing the list.
Three Statements
From the DIA press release titled “Web filter will focus solely on child sex abuse images”:
A filtering system to block websites… will focus solely on websites offering clearly objectionable images of child sexual abuse.
From a letter from Nathan Guy, Minister of Internal Affairs:
I support the Digitial Child Exploitation Filtering System that has been developed by the Department of Internal Affairs to help prevent access to child sexual abuse images. The filtering system will focus solely on known websites offering clearly objectionable images of child sexual abuse.
However, Rory McKinnon has also been writing to the DIA to collect information for an article he wrote for the NZPA. He asked: “Can the minister personally guarantee that the blacklist will not “creep” (that is, expand its scope to include anything other than child sex abuse)?” The response (written by Trevor Henry, Senior Communications Advisor, Regulation and Compliance – 17/7/2009) to this letter was a little different:
The Department confirms that the scope of the filter will be confined to websites carrying images of children being sexually abused but there may be circumstances when a website that contains text files might be blocked. For example, an instructional manual for child abuse or a diary relating to the abuse of an actual child might be blocked.
Scope Creep
You may note that the first two statements very clearly say that the only websites to be filtered will be those that host images of children being sexually abused. The third statement contradicts the first two. It includes examples of other material that might be blocked by the filter, such as a text manual or a description of abuse.
Now, maybe you don’t think that filtering a manual or diary about sexual abuse is that bad – but that’s part of the problem. It often makes sense to extend something just a little bit further… then a little bit further… until finally you end up somewhere quite different from where you started.
For example, if you can filter an article that describes how to sexually abuse a child, can you also filter an article that explains how to get around the filter to read the first article?
The Australian system experienced this exact problem. They started by banning objectionable images and ended up banning entire websites that revealed what was being filtered.
Trusting the Government
Now, it probably bears repeating that I have no sympathy for those who create and distribute child pornography. My argument has always been that filtering won’t work, and that doing it secretly will lead the government to abuse it.
On the second point, the DIA’s position has been that we have to trust them and whatever secret review process they set up. But why should we trust them?
They refuse to give anyone a copy of the full list so that it can be audited, and when asked for a partial version of the list without the full addresses, they revealed that they have started deleting the records so that no one else can audit them either.
Now we find that their statements about only filtering images are also incorrect. The scope of what they’re doing has already grown before the system is out of the trial phase.
Internet filtering is not going to stop child abuse or child pornography and any such scheme is too open to abuse by the government. We should abandon it now – personally I’d rather we spent the money on preventing child abuse.
I have received a letter from Nathan Guy, Minister for Internal Affairs, where he expands upon the DIA’s plans to set up some sort of oversight on the Internet filtering scheme.
My department recognises that, to ensure public confidence in the filtering system, the operation of the system must be as open to scrutiny as possible. The Department is, therefore, developing a Code of Practice to govern the operation of the completed system, and will be making the Code available on the Department’s website for public comment. An Independent Reference Group will be formed to ensure the Department operates the website filtering system in compliance with the Code.
I look forward to seeing the Code of Practice and hearing more about the Independent Reference Group.
While re-reading the most recent response from the Department of Internal Affairs (see page 3), I was struck by the following:
The Department is moving to implement the fully operational system and will shortly commence rebuilding the list. As the filtering list is rebuilt, new officer’s reports will be generated and, in preparation for this process, the reports related to the trial list have been deleted. The Department therefore cannot provide the requested information as it does not exist. [emphasis added]
I believe that this is a serious concern.
The Department of Internal Affairs has been running an Internet filtering scheme that has been actively used to filter people’s Internet connections without their knowledge. They have apparently deleted the reports that they used to justify adding websites to the list. This means that they have deliberately removed the ability for anyone to audit what they have been doing.
As a government department, the DIA has a responsibility under the Public Records Act 2005 to ‘create and maintain full and accurate records in accordance with normal, prudent business activity‘. They’re not allowed to just delete them without getting permission from the Chief Archivist.
It’s this sort of behaviour that makes it so important that any filtering scheme be conducted in an open and accountable manner.