On Fri, Dec 7, 2018 at 12:08 AM Lotia, Pratik M <Pratik.Lotia@charter.com> wrote:
Hello all, was curious to know the community’s opinion on whether an ISP should block domains hosting CPE (child pornography exploitation) content?
"Whether an ISP should block" ?! Probably not in most cases, except may be required in some jurisdictions mostly outside our region that are under authoritarian regime requiring ISPs block any resource banned at the whim of any blanket order from their executive (without due process); this is within the same vein as a phone company hearing a rumor that a certain payphone is being used for illegal activity and banning all calls from their customers to/from the number, under the presumption that _all_ calls from that phone are for criminal acts. Assuming: said hosting IP address is on a remote network: the ISP does not provide authoritative name service for that domain, and the customer accesses the resource over the network not through a cache or application proxy/other service provided by the ISP ---- the customer expects their ISP merely routes packets and does not participate in content, and an ISP deliberately interfering with expected connectivity jeapordizes stability of the network and the ISP's business relationship with their customers; the best possible affect on the ISP is neutral. Notable exception is emergencies where blocking an IP address or domain actually stops behavior such as DoS that directly disrupts the network, and blocking mitigates a negative affect on the network. For example, let's say we receive a report that www.twitter.com[104.244.42.65] hosts CPE. In that example, the report should be sent to law enforcement and Twitter: no action by anyone else should be required UNLESS Law Enforcement produces to the public a court order to disconnect/block Twitter's communication services, that would normally come after a hearing, and same principle applies regardless of if the domain name is a top1000 domain or not. If each ISP wants to be extra helpful, then perhaps they would like to log all their traffic to Twitter (in that example) and forward to law enforcement as suspected CPE trafficking activity -- although that is a risky invasion of customer privacy; at least reporting suspected potential of access to CPE doesn't deliberately lobomitze IPs from the network or disrupt traffic: not all of which traffic is necessarily CPE-related. In case the ISP oversteps and blocks Twitter traffic that includes legitimate non-CPE traffic (It may even affect e-mail traffic where people are communicating with the site to try to identify the CPE for removal); the ISP may face a loss of subscribers, and in that example Twitter would hopefully pursue various lawsuits or regulatory complaints against the ISPs blocking their IPs for deliberately creating an unreasonable disruption to the network. Possible negatives for the ISP are the risk of those repercussions PLUS the ongoing maintenance costs, personnel time, and other resources required for the ISP to maintain the blocking policy -- and service the extra blocklist, any removals or exceptions needed --- helpdesk hours for all the additional customer complaints that will occur; potential loss of good will and negative reputational affects on the ISP. It begins to seem fairly difficult to business justify the policy and likely fiscally irresponsible for an ISP to start opening this can of worms.
On one side we want the ISP to not do any kind of censorship or inspection of customer traffic [snip]
Blocking domains or IP resources is not MERELY censorship. Censorship, which is itself far less objectionable: is selective blocking or removing content, for example, redacting a chapter from a book. Blocking domains or IPs is disconnecting infrastructure, for example: seeking to block twitter due to alleged CPE has an impact that affects much more than the CPE --- its like blocking an entire publisher; it doesn't matter they have printed mostly books that don't contain the content you've objected to - since you (ISPs) lack a censorship system --- censorship is not even an option, and the measures you're talking about are much more drastic than censoring content. Also, when the domain holder eventually responds and works with law enforcement to remove the found example of CPE, the domain block does not go away on its own -- therefore evidencing it is MUCH more than censorship. Furthermore, if the domain is then unblocked any other examples of CPE that had been overlooked (not detected by anybody yet) may become accessible again. Its fair to say a domain block is not technically related to content at all --- its in effect an "Independent ban" of access to a generic host identifier registered to a remote network. (Generic host identifiers aren't content, don't refer to content, and don't have a 1:1 relationship to content)
Pratik Lotia -- -JH