Today I met with some of the staff in the Censorship Unit at the Department of Internal Affairs to discuss the Internet filtering system.

Here’s some of what I learnt:

• The Censorship Unit prosecute approximately 40-50 people a year for trading in child pornography, with a conviction rate of over 90%. Most of these are using P2P file sharing.
• The purpose of the filter is not to stop the hard core traders, but to stop the casual and curious. The view is that a curious person will be sucked into getting more and more.
• The Enterprise (final live system) Internet filtering system will be installed in Auckland, Wellington and Christchurch. Initially all traffic will go through the Auckland location with the others as redundant fail-over sites, eventually the traffic will be load-balanced between the sites.
• The system also has redundant Internet connections.
• The DIA claims that a major outage would be resolved in 5-10 minutes at worst.
• The DIA say that the cost of the system is approximately $30k a year plus Internet and staff costs.
• They really do re-check 7000 sites each month. Apparently there are three checkers who spend about an hour each working day, checking about 120 sites each an hour.
• The Code of Practice is being rewritten somewhat in response to the submissions. In particular, the role of the Independent Reference Group (IRG) will be better defined.
• The IRG will have access to the reports about the websites as well as the details of the appeal.
• The DIA have been speaking to likely bodies to see if they wish to be part of the IRG.
• There may be a role for the Office of Film and Literature Classification in auditing the list of banned sites.
• We confirmed that the system doesn’t work with HTTPS (encrypted web traffic) and the new IP version 6.
• The NetClean (the filtering product being used) contract specifies that the system can only be used to filter child pornography.
• They say that they wouldn’t add Wikileaks to the filter if a copy of the list turned up there.

I will be updating the FAQs accordingly.

I’ve taken a variety of laptops through NZ Customs many times in the past. I’ve also taken through portable hard drives and flash drives. It never occurred to me that Customs might want to search them or even that they had the power to.

It also didn’t occur to Amir Mohammed, a New Zealand man who was charged after Customs searched his laptop and found bestiality videos. Luckily for Amir the courts accepted his excuse and he was discharged without conviction.

Letter to Customs

I wanted to find out more about the powers that Customs had to intercept material in this way so I wrote and asked them about it. Here’s a merging of my questions and their answers (or grab the PDF):

1. What law gives Customs the ability to search the contents of laptop computers or other digital storage devices such as hard disks or flash drives?

Section 151 of the Customs and Excise Act 1996.

2. What type of material is Customs looking for when it performs these searches?

Any goods that may be in breach of New Zealand law.

3. Does Customs looks for material that may be breaching copyright as well as objectional material?

Yes.

4. How does Customs determine that any material found is objectionable?

Section 3 of the Films, Videos and Publications Classification Act 1993 outlines the meaning of objectionable. The New Zealand Customs Service will consider an item in terms of section 3 of this Act and may seize if it is considered to be objectionable. If any clarification on this assessment is needed, Customs will refer good suspected of breaching the Films, Videos and Publications Classification Act 1991 to the Office of Film and Literature Classification (OFLC). The OFLC is then responsible for ruling whether goods are objectionable or not and will advise the Customs Service accordingly.

5. How does Customs determine that any material found is in breach of copyright?

Assuming that this question refers to the importation of commercial digital data, the Customs Service will undertake a comparison of the imported item with the copyright work. The Service will then seek input from both the importer and rights owner, and then make a determination under the Copyright Act 1994.

6. How long can Customs retain possession of a computer or other digital storage device in order to search it?

The Customs Service can detain computers and digital storage devices for a reasonable length of time to allow for examination. This time can vary depending on the circumstances.

7. Does Customs ever copy any data from any device? If so, how long is this data retained for?

Yes, in order to examine a device the contents may be copied. The length of time this data is retained will vary depending on circumstances.

8. What happens if the stored data that Customs wishes to search is protected by a password or is encrypted so that it cannot be read?

I am unable to provide an answer to this question due to operational security.

Some brief comments

• Section 151 of the Customs Act refers to the general ability of Customs to search things and not to computers/data in particular. The Act doesn’t really mention computers or data explicitly.
• There is an interesting parallel to the Internet filtering being implemented by the DIA, although Customs uses the OFLC to help make decisions. I assume that it’s possible to appeal the decisions made by Customs.
• There is also an interesting parallel to the Internet copyright fight too, with Customs actually talking to both parties (importer and rights-holder) before taking possible infringement any further.
• I wonder if they refused to answer the question about encryption because it would be too embarrassing to say “We can’t do anything”. I was actually more interested to hear whether they have the legal right to compel people to provide decryption keys.

I have received another letter from the DIA (PDF) in response to further requests.

As well as a copy of the whitepaper that I’ve already written about, I asked the DIA to clarify “whether the filter will only be used for images of child sexual abuse or will it also be used for text files as described by Trevor Henry, Senior Communications Advisor on 17/7/2009”.

The response from Steve O’Brien, manager of the Censorship Compliance Unit, was as follows:

Unfortunately, Trevor Henry’s statement has been taken by some commentators as “proof” that the scope of the Digital Child Exploitation Filtering System will expand. As stated above, the purpose of the filtering system is to block access to known websites that contain images of child sexual abuse.

Well, I’m glad we cleared that up, the filter is only going to be used for pictures. But wait, what’s this, he hasn’t finished yet:

These websites sometimes also contain text files that exploit children for sexual purposes, and where this occurs those text files will also be blocked.

The concept of a text file exploiting a child seems odd to me.

Even ignoring the slightly ludicrous phrasing, part of the rhetoric around the implementation of the filter has been that they are trying to stop photos of actual abuse – “…will focus solely on websites offering clearly objectionable images of child sexual abuse.” There is no child being abused in a text file.

The examples given by Trevor Henry clearly demonstrate that written material can be just as abusive as pictures.

I don’t believe that he did clearly demonstrate that (read what he wrote). While what he describes is creepy, to my mind there is a clear distinction between writing about how to abuse a child and actually abusing one.

So, has this response cleared anything up? The answer has to be no. The DIA is still claiming that it’s trying to only ban images of child sexual abuse (something I might be inclined to support if they did it openly and if it had any chance of working) while at the same time admitting that they’ll ban other things that aren’t images as well.

The Department of Internal Affairs (DIA) have released to me their report (PDF) on the testing of the Internet Filtering system.

The first half of it is a description of the system and doesn’t really contain much new information (except that we now know it runs on FreeBSD and uses the Quagga BGP daemon).

The second half of it is more interesting as it has some results from the DIA’s testing. This was apparently split into three phases:

1. Single ISP with 5,000 users ((already had their own filtering system so it was probably Watchdog).
2. Two ISPs with 25,000 users.
3. Four ISPs with 600,000 users (at a guess this was when Ihug and TelstraClear joined).

Before we go on, a brief reminder of how it works: The ISP diverts all requests that are on the same Internet address as one of the blocked sites. The filter then checks each diverted request and decides whether to block it or let it through. The filter never sees requests for websites that don’t share an Internet address with a blocked site.

Interceptions

Now, back to the numbers. The phrasing in the whitepaper is a bit hard to interpret, the following is based on my best attempt at understanding it:

In phase 1, the system apparently had 3 million requests diverted to it each month and blocked 10,000 of those requests. This means that only a third of 1% of processed requests ended up being blocked.

In phase 2, there’s 8 million requests per month with 30,000 of them being blocked.

In phase 3, there’s 40 million requests per month with 100,000 of them being blocked.

In other words, there’s a very large number of requests being filtered through the DIA’s server compared to the number that are being blocked.

Effectiveness

There’s no way to measure the effectiveness of the filter at stopping people from finding child pornography – we can’t tell how many people worked around it or downloaded material using peer to peer filesharing or other methods.

One interesting number, however, is the number of blocked requests per user.

In phase 1, there’s 2 blocked requests per user per month (10,000 blocked requests per month/5000 users).

In phase 2, there’s just over 1 blocked request per user per month (average 30,000 blocked requests per month, 25,000 users).

In phase 3, there’s 0.17 (average 100,000 blocked requests per month, 600,000 users).

What’s odd is the way that the number of blocked requests per user go down phase by phase. I have no idea what this indicates.

Robustness

According to the report, the system was operating at 80% capacity in the third phase. Apparently this was a bit much for it as: “the system did experience some stability issues processing this amount of requests and required maintenance on two occasions to replace hardware.”

There is no further detail about whether the “80% capacity” referred to the performance of the filtering system or the Internet connection they were using.