Network Level Content Blocking (UK)
Hi all, Sorry for the cross posting to a number of lists but this is an important topic for many of you (especially if you get multiple copies). As many people are aware there is an 'expectation' that 'consumer' broadband providers introduce network level content blocking for specified content on the IWF list before the end of 07. Whilst this is seen by many as a honorable political crusade to 'protect the innocent' many with a strong technical background are concerned that the long term impact on network development will lead to major 'breakages' within the internet. So far the only debate has revolved around the legal concerns that the introduction of this technology imposes to problems on the ISP: 1. Revocation of mere conduit status; by inspecting certain content and preventing access to it the ISP is doing more that just passing packets and is getting involved in the content. 2. Thin end of the wedge; if we can block Child Abuse Content then we can block copyright infringement.... 3. Increased liability; by blocking the content at a network level outside of the control of the user the ISP is potentially opening it self to a lawsuit should content leak through the block (although many are saying that this is not going to be enforcable it could still tie up people in court going through the arguments with no guarantee of a win cf mere conduit issue above). LINX (the London Internet Exchange) and ISPA are looking to arrange a day to address the technical issues of placing such a block in the network. The topics are expected to include: 1. Implementation - how do you put this into place 2. Scalability - how do you provide a non-degrading service 3. Circumvention - how do you stop people getting round the block 4. Reverse Engineering - how do you hide the block (should you hide it?) 5. Messaging - what do you tell the person about what you just done 6. Legality - what is the legal impact of this 7. Security - who should have access to what 8. Sanity Checking - how to prevent poisoning of the block list 9. Testing - how do you make sure that the block is working 10. Reality - is this actually the best way to do this We have 13 companies involved so far but really want to get as many ISP's together to make sure that people understand the implications of the governments request. Whilst the intent is to focus the content on the technical side we are keen to make sure that the all parts of the ISP industry are brought up to date so may run multiple strands with different levels of technical content if we have the numbers. If you are interested please contact John Souter (john@linx.net) or Malcolm Hutty (malcolm@linx.net) for more details. Thx J -- COO Entanet International T: 0870 770 9580 W: http://www.enta.net/ L: http://tinyurl.com/3bxqez
[trimmed other lists, not sure if they'd appreciate nanog volumes] On 7-jun-2007, at 11:06, James Blessing wrote:
As many people are aware there is an 'expectation' that 'consumer' broadband providers introduce network level content blocking for specified content on the IWF list before the end of 07.
Where is this list, what type of stuff is on it and how do you translate from the real-world identification of that which is to be blocked into some kind of restriction in the network?
On Jun 7, 2007, at 6:44 AM, Iljitsch van Beijnum wrote:
[trimmed other lists, not sure if they'd appreciate nanog volumes]
On 7-jun-2007, at 11:06, James Blessing wrote:
As many people are aware there is an 'expectation' that 'consumer' broadband providers introduce network level content blocking for specified content on the IWF list before the end of 07.
Where is this list, what type of stuff is on it and how do you translate from the real-world identification of that which is to be blocked into some kind of restriction in the network?
Whose expectation is it? If it is not a LAW, then, ISPs should reset the expectation and go back to the real problems of running a network. Owen
Iljitsch van Beijnum wrote:
[trimmed other lists, not sure if they'd appreciate nanog volumes]
On 7-jun-2007, at 11:06, James Blessing wrote:
As many people are aware there is an 'expectation' that 'consumer' broadband providers introduce network level content blocking for specified content on the IWF list before the end of 07.
Where is this list, what type of stuff is on it and how do you translate from the real-world identification of that which is to be blocked into some kind of restriction in the network?
Please see http://publicaffairs.linx.net/news/?p=497 for more details J -- COO Entanet International T: 0870 770 9580 W: http://www.enta.net/ L: http://tinyurl.com/3bxqez
On Thu, 7 Jun 2007, James Blessing wrote:
Sorry for the cross posting to a number of lists but this is an important topic for many of you (especially if you get multiple copies).
As many people are aware there is an 'expectation' that 'consumer' broadband providers introduce network level content blocking for specified content on the IWF list before the end of 07.
There are no British colonies in North America...are there? Or are the red coats coming again? ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
There are no British colonies in North America...are there? Or are the red coats coming again?
No, but there are a large number of American operators that have networks in the UK and this +will+ affect them. There is also the fear that once this is deployed in one country that others might follow suit. Regards, Neil.
On 7-Jun-2007, at 10:47, Jon Lewis wrote:
On Thu, 7 Jun 2007, James Blessing wrote:
Sorry for the cross posting to a number of lists but this is an important topic for many of you (especially if you get multiple copies).
As many people are aware there is an 'expectation' that 'consumer' broadband providers introduce network level content blocking for specified content on the IWF list before the end of 07.
There are no British colonies in North America...are there?
[On the mainland, not since Belize's independence in 1981. There are British Overseas Territories in the Caribbean (Anguilla, Bermuda, British Virgin Islands, Cayman Islands, Montserrat and the Turks and Caicos Islands) which are in North America according to at least some definitions of the phrase. However, to answer the question you were really asking, there are surely North American companies on this list who do business in the UK, and certainly no reason to think that North American politicians, given an example to follow, would never do so in this continent. So it's not obvious to me that this is off-topic here, speaking as one single subscriber.] Anyway, how does BT's cleanfeed work? How are British 3G operators doing equivalent blocking? I'd be interested in learning about the implementation. Joe
Joe Abley wrote:
Anyway, how does BT's cleanfeed work? How are British 3G operators doing equivalent blocking? I'd be interested in learning about the implementation.
There is an excellent paper on the failures of clean feed here: http://www.cl.cam.ac.uk/~rnc1/cleanfeed.pdf J -- COO Entanet International T: 0870 770 9580 W: http://www.enta.net/ L: http://tinyurl.com/3bxqez
Joe Abley wrote: [..]
Anyway, how does BT's cleanfeed work? How are British 3G operators doing equivalent blocking? I'd be interested in learning about the implementation.
I wonder how this solves the, from what I found out, common situation that people rent cheap "root servers" in a country like Germany where they VPN into and thus have full access to everything. Or for that matter any form of VPN or other remote access. The only thing that this 'content blocking' solves is that pops&moms who don't have any clue about the Internet at all will be deprived from some freedom, that the government can look into everything claiming that everything on the Internet is p0rn (which is not so far from the truth according to some :). All the folks who really want to access icky pictures will do so any way by using something very simple called HTTPS or any other form of encrypted access and work arounds like VPN's, Tor, Open proxies and the myriad of other ways that are possible. Takes a little bit of effort, but hey, does it matter, you at least get to get your daily feed of icky stuff and you can say to the government "oh I thought it was okay as it was not blocked by your filter". Btw, the 90% quote given is of course a marvelous thing when you have a single organization which has almost a monopoly ;) I wonder which companies are going to provide the 'solutions' to this problem and how well they sponsored various people of the government. Long live VPN's! Greets, Jeroen
On Thu, 7 Jun 2007, Jeroen Massar wrote:
The only thing that this 'content blocking' solves is that pops&moms who don't have any clue about the Internet at all will be deprived from some freedom, that the government can look into everything claiming that everything on the Internet is p0rn (which is not so far from the truth according to some :).
actually it keeps heat off the politicians that passed the law/dictate... I suspect that what happened is the gov't folks involved got into a situation where they couldn't say: "no" without also basically saying: "long live icky content!" :(
All the folks who really want to access icky pictures will do so any way by using something very simple called HTTPS or any other form of encrypted access and work arounds like VPN's, Tor, Open proxies and the myriad of other ways that are possible.
what's also 'nice' is that once the 'service' goes into effect the folks trafficing in 'icky picts' will know when their content has been 'found' so they can move it around to another location :( Making prosecution/protection actually HARDER for the gov't folks involved :( it's perverse, but it's mostly true :( -Chris
I strongly recommend you read Richard Clayton's paper on how (among other things) one could hack the Cleanfeed system to *find* the really bad stuff. He and his colleagues at the Cambridge Computer Lab also have a fine blog - http://www.lightbluetouchpaper.org
On Thu, 7 Jun 2007, Alexander Harrowell wrote:
I strongly recommend you read Richard Clayton's paper on how (among other things) one could hack the Cleanfeed system to *find* the really bad stuff. He and his colleagues at the Cambridge Computer Lab also
yup, read it, which was part of the reason for the note I sent... these sorts of blocking mechanisms don't seem to achieve the goals expected, and even in many cases make the goals of the 'icky pict' crowd more achievable :(
On Thu, Jun 07, 2007 at 04:01:54PM +0000, Chris L. Morrow wrote:
On Thu, 7 Jun 2007, Alexander Harrowell wrote:
I strongly recommend you read Richard Clayton's paper on how (among other things) one could hack the Cleanfeed system to *find* the really bad stuff. He and his colleagues at the Cambridge Computer Lab also
yup, read it, which was part of the reason for the note I sent... these sorts of blocking mechanisms don't seem to achieve the goals expected, and even in many cases make the goals of the 'icky pict' crowd more achievable :(
"If a politician fixes a problem then he loses it as a campaign issue. But if he makes the problem worse while heroically fighting against it, then he's golden." -- Rex Tincher - Matt
Alexander Harrowell wrote:
I strongly recommend you read Richard Clayton's paper on how (among other things) one could hack the Cleanfeed system to *find* the really bad stuff. He and his colleagues at the Cambridge Computer Lab also have a fine blog - http://www.lightbluetouchpaper.org
I don't understand why this is a problem. So they find it, but look, they can't get to it because it's been "cleanfeeded" anyway. Also they only get to know the IP adddress so if the site is a virtual host it's pretty useless to them. -- Leigh
* Jeroen Massar:
I wonder how this solves the, from what I found out, common situation that people rent cheap "root servers" in a country like Germany where they VPN into and thus have full access to everything.
In Germany, the legal framework for filtering transit traffic already exists, so if the UK precedent shows that it's technically and economically feasible, this will be implemented over here, too. I doubt the situation is much different in most European countries. Of course, when the blocking is pretty much universal, I don't really see how the list maintainer verifies that the reason for blocking still exists. On the other hand, this might also provide an opportunity to shut down some of the most egregious malware distributors and controllers.
Anyway, how does BT's cleanfeed work? How are British 3G operators doing equivalent blocking? I'd be interested in learning about the implementation.
Well, first of all Cleanfeed's not perfect. And it's not that secret either. http://www.cl.cam.ac.uk/~rnc1/cleanfeed.pdf --Michael Dillon P.S. Although I work for BT, I have no involvement with the group that is repsonsible for Cleanfeed. All that I know about it, I learned via Google.
There are no British colonies in North America...are there? Or are the red coats coming again?
In fact, there are several British colonies now squatting in North America in that great British squatter tradition. One of them occupies a corner of the NANOG list which is why the meeting was mentioned on this list. Another can be found hoarding a chunk of MySpace. And so on. --Michael Dillon P.S. If you didn't get that bit about squatter tradition, check this http://tinyurl.com/2zvogn
On Thu, 7 Jun 2007, James Blessing wrote:
1. Revocation of mere conduit status; by inspecting certain content and preventing access to it the ISP is doing more that just passing packets and is getting involved in the content.
Its not "content" blocking, its source/destination blocking. While IWF may decide to list a particular source/destination based on its view of content, the network doesn't know look at or know what the content is and blocks anything at that source/destination address. The "address" may be an application layer "address," i.e. a URL part rather than a network layer address. But if the "address" is dynamically generated or changed, it may not have the same content. Some cellular networks still have walled gardens, which only allow access to "approved" source/destinations. Again not based on content, but based on business relationships with the cellular network operator. Once you understand its the network isn't blocking "content" but rather an ever expanding list of sources/destinations, the real question is how can you be certain the bad stuff and good stuff will stay in separate places. Or will the bad stuff continue to migrate elsewhere until you've blocked most of the Internet, and only "approved" sources/destinations remain?
On Thu, 7 Jun 2007, Sean Donelan wrote:
On Thu, 7 Jun 2007, James Blessing wrote:
1. Revocation of mere conduit status; by inspecting certain content and preventing access to it the ISP is doing more that just passing packets and is getting involved in the content.
Its not "content" blocking, its source/destination blocking.
oh, so null routes? I got the impression it was application-aware, or atleast port-aware... If it's proxying or doing anything more than port-level blocking it's likely it sees content as well, or COULD. Either way, it's not like it's effective for anything except the m ost casual of users :(
On Thu, 7 Jun 2007, Chris L. Morrow wrote:
Its not "content" blocking, its source/destination blocking.
oh, so null routes? I got the impression it was application-aware, or atleast port-aware... If it's proxying or doing anything more than port-level blocking it's likely it sees content as well, or COULD.
Either way, it's not like it's effective for anything except the m ost casual of users :(
Its more than null routes, but not much more. The router does a re-route on a list of network/IP address, and then for the protocols the redirector box understands (i.e. pretty much only HTTP) it matches part of the application/URL pattern. So IWF can block only one part of a sub-tree of a popular shared webhosting site *IF* is one of a few application protocols.
On 7-jun-2007, at 20:46, Sean Donelan wrote:
Its more than null routes, but not much more. The router does a re- route on a list of network/IP address, and then for the protocols the redirector box understands (i.e. pretty much only HTTP) it matches part of the application/URL pattern.
That's a cool way to implement monitoring of traffic towards random parts of the internet.
On Thu, 7 Jun 2007, Iljitsch van Beijnum wrote:
Its more than null routes, but not much more. The router does a re-route on a list of network/IP address, and then for the protocols the redirector box understands (i.e. pretty much only HTTP) it matches part of the application/URL pattern.
That's a cool way to implement monitoring of traffic towards random parts of the internet.
There are much easier, cheaper ways to do that. And as another person pointed out, the IWF method is not very surreptitious so the bad guys can tell someone found them and can improve their methods. And did I mention the false positive problem of click-fraud and embedded IMG URLs accessing those sites too. Yes, your computer may have been recorded accessing a bad site when you read a spam mail.
On 7-jun-2007, at 22:05, Sean Donelan wrote:
That's a cool way to implement monitoring of traffic towards random parts of the internet.
There are much easier, cheaper ways to do that.
Easier and cheaper? Can't think of any... This method nicely gets around the need to tap and process numerous (10) gigabit links, which isn't particularly easy and certainly not all that cheap. Interestingly, nobody has mentioned on the list what the offending content is yet. Or why this would even remotely be a good idea. I would think that if the content in question is legal, ISPs and the government shouldn't touch it, and if it isn't, law enforcement should do something about it.
On Thu, 07 Jun 2007 22:40:20 +0200, Iljitsch van Beijnum said:
Interestingly, nobody has mentioned on the list what the offending content is yet. Or why this would even remotely be a good idea.
Quoting the article http://publicaffairs.linx.net/news/?p=497 "At present, the government does not propose to require UK ISPs to block content and our policy is to pursue a self-regulatory approach wherever possible. However, our legislation as drafted provides the flexibility to accomodate a change in Government policy should the need ever arise." Lot of different ways to read that depending on your paranoia level. The phrase "Slippery Slope" does come to mind, however...
Valdis.Kletnieks@vt.edu wrote:
On Thu, 07 Jun 2007 22:40:20 +0200, Iljitsch van Beijnum said:
Interestingly, nobody has mentioned on the list what the offending content is yet. Or why this would even remotely be a good idea.
Quoting the article http://publicaffairs.linx.net/news/?p=497
"At present, the government does not propose to require UK ISPs to block content and our policy is to pursue a self-regulatory approach wherever possible. However, our legislation as drafted provides the flexibility to accomodate a change in Government policy should the need ever arise."
Lot of different ways to read that depending on your paranoia level. The phrase "Slippery Slope" does come to mind, however...
Well indeed, it'll be "terrorist" sites and "Fundamentalist religious" sites and "Sites that contain material that may incite religious hatred" or some other such nonsense. And then who decides what does and does not constitute these sites and *BANG* you have the great firewall of Britain or America or wherever. And since all these things are largely operated by para-government organisations and civil servants your vote makes little difference. But the reality is that right now the four hoursemen are a lovely political hot topic and either networks in the UK do somethin g about it themselves (i.e. filtering, not matter how ineffective it is) or some idiot who can't tell Internet Explorer from Excel will do it for us. Everybody knows it's really quite dumb, but it's less dumb than the dumbness that will be legislated if nothing gets done. So we'll all have odd boxes that inject a thousand or so routes into BGP (nowhere neat that many actually) and filters a bit of port 80 and everybody's happy for a while. Perhaps it'll even go away. -- Leigh Porter
Iljitsch van Beijnum wrote:
Interestingly, nobody has mentioned on the list what the offending content is yet. Or why this would even remotely be a good idea. I would think that if the content in question is legal, ISPs and the government shouldn't touch it, and if it isn't, law enforcement should do something about it.
It was in http://publicaffairs.linx.net/news/?p=497 "images of child abuse" "voluntary" "co-operation" "At present, the government does not propose to require UK ISPs to block content and our policy is to pursue a self-regulatory approach wherever possible." "However, 90 per cent. of connections is not enough...."
Ok. I'll chime in. William Allen Simpson wrote:
Iljitsch van Beijnum wrote:
Interestingly, nobody has mentioned on the list what the offending content is yet. Or why this would even remotely be a good idea. I would think that if the content in question is legal, ISPs and the government shouldn't touch it, and if it isn't, law enforcement should do something about it.
It was in http://publicaffairs.linx.net/news/?p=497
"images of child abuse"
"voluntary" "co-operation"
"At present, the government does not propose to require UK ISPs to block content and our policy is to pursue a self-regulatory approach wherever possible."
"However, 90 per cent. of connections is not enough...."
I find these two lines to be the most interesting "..we are setting a target that by the end of 2007, all ISPs offering broadband internet connectivity to the UK general public put in place technical measures that prevent their customers accessing websites containing illegal images of child abuse identified by the IWF." and "“At present, the government does not propose to require UK ISPs to block content and our policy is to pursue a self-regulatory approach wherever possible. However, our legislation as drafted provides the flexibility to accomodate a change in Government policy should the need ever arise. “ The last line being most significant. I read it as, "We will threaten you with a law to do the work, but since we don't want it challenged [like we would with the US legal system] we are going to threaten it...even if it might not pass." And this is for anyone "selling broadband to the general public" -- however that is defined. Are commercial connections the general public? or just residential? While I can't wait until web hosts/operators have to debug screwy performance and Squid bugs for sites passed through "untouched" by these proxies just because they share an IP address While offering this as a service, or a free service is interesting (and in the spirit of voluntary cooperation) where users could opt in or out for it might be interesting... I can't imagine this would fly in the US. Britain's moves to become a police state notwithstanding, I wonder how this insidious door-opener for censorship will rear its head as it effects the general Internet. Google's "voluntarily" censoring itself in China as a precondition of operating there. I am sure this "voluntary" policy in Britain will make getting various permits or approvals impossible even if they don't create a law to expressly mandate its use -- The Home Office Minister has already said he expects it in place, thats not far from a precondition of operation. On the positive side, this will spark all kinds of innovation and give the conspiracy theorists all sorts of fun filled evenings. Deepak Jain AiNET
On Thursday 07 June 2007 23:15, Deepak Jain wrote:
I can't imagine this would fly in the US.
Such systems have already been ruled "unconstitutional" in the US.
-- The Home Office Minister has already said he expects it in place, thats not far from a precondition of operation.
We are kind of use to the home office minister saying all sorts of cranky things. Chances are he'll be gone by the end of the month. My personal dealing with the IWF (stop emailing me, we don't have any NNTP servers anymore) don't fill me with confidence. If the government mandate this, they'll have to provide a list of images to block under a more accountable regime than some random "voluntary body", and they'll have to take responsibility when people point out the government is blocking access to specific sites that contain material that criticises them. I think complying with a voluntary censorship regime is a bad idea all around. I'm one of James's employers customers when I'm surfing at home. Simon
On 7-jun-2007, at 23:29, William Allen Simpson wrote:
Interestingly, nobody has mentioned on the list what the offending content is yet. Or why this would even remotely be a good idea. I would think that if the content in question is legal, ISPs and the government shouldn't touch it, and if it isn't, law enforcement should do something about it.
"images of child abuse"
Obviously if you block access to the images the child abuse goes away. Where can I sign up for my lobotomy so that government policy starts to make sense?
On Thu, 7 Jun 2007, Sean Donelan wrote:
On Thu, 7 Jun 2007, Chris L. Morrow wrote:
Its not "content" blocking, its source/destination blocking.
oh, so null routes? I got the impression it was application-aware, or atleast port-aware... If it's proxying or doing anything more than port-level blocking it's likely it sees content as well, or COULD.
Either way, it's not like it's effective for anything except the m ost casual of users :(
Its more than null routes, but not much more. The router does a re-route on a list of network/IP address, and then for the protocols the redirector box understands (i.e. pretty much only HTTP) it matches part of the application/URL pattern.
So IWF can block only one part of a sub-tree of a popular shared webhosting site *IF* is one of a few application protocols.
Sorry, clicked send before finishing. BUT the important thing is the network operator and routers don't actually look at the content. If the same bad content (picture, video, whatever) appears somewhere else that isn't on the IWF list, it won't be blocked. And likewise if the content at the source/destination changes/removed, e.g. the picture disappears, the destination will continue to be blocked until IWF updates their bad list even though nothing bad still at the destination.
Sean Donelan wrote:
On Thu, 7 Jun 2007, Sean Donelan wrote:
On Thu, 7 Jun 2007, Chris L. Morrow wrote:
Its not "content" blocking, its source/destination blocking.
oh, so null routes? I got the impression it was application-aware, or atleast port-aware... If it's proxying or doing anything more than port-level blocking it's likely it sees content as well, or COULD.
Either way, it's not like it's effective for anything except the m ost casual of users :(
Its more than null routes, but not much more. The router does a re-route on a list of network/IP address, and then for the protocols the redirector box understands (i.e. pretty much only HTTP) it matches part of the application/URL pattern.
So IWF can block only one part of a sub-tree of a popular shared webhosting site *IF* is one of a few application protocols.
Sorry, clicked send before finishing.
BUT the important thing is the network operator and routers don't actually look at the content. If the same bad content (picture, video, whatever) appears somewhere else that isn't on the IWF list, it won't be blocked.
And likewise if the content at the source/destination changes/removed, e.g. the picture disappears, the destination will continue to be blocked until IWF updates their bad list even though nothing bad still at the destination.
But this is OK as it's unlikely that something good and wholesome will be on http://n.n.n.n/foobardodgypr0n.html Also the lists are actually updated fairly regularly. -- Leigh Porter
Sean Donelan wrote:
On Thu, 7 Jun 2007, Chris L. Morrow wrote:
Its not "content" blocking, its source/destination blocking.
oh, so null routes? I got the impression it was application-aware, or atleast port-aware... If it's proxying or doing anything more than port-level blocking it's likely it sees content as well, or COULD.
Either way, it's not like it's effective for anything except the m ost casual of users :(
Its more than null routes, but not much more. The router does a re-route on a list of network/IP address, and then for the protocols the redirector box understands (i.e. pretty much only HTTP) it matches part of the application/URL pattern.
So IWF can block only one part of a sub-tree of a popular shared webhosting site *IF* is one of a few application protocols.
What we have is a box that takes the IWF feed of dodgy sites and resolves the entries to IP addresses. These are then injected into the network with Quagga's bgpd. The network then obviously routes anything to these IP addresses and therefore those websites to the filter box. (but not a bad idea....)The filter box runs Squid with the URL list from the IWF. Port 80 traffic is directed through squid and anything appearing on the IWF list that is accessed by anybody returns a page telling them to go away. We thought about the error page stuff but what the heck, it's obvious its being filtered anyway so you may as well put some google ads on the page you return (Joke ;-) In fact you could run upside-down-ternet on it, there's no end to the things you could do to screw with people's heads. Anything on a virtual host whos URL is not explicitly in the IWF list is passed through squid without being touched. Since only port 80 is passed through the filter then of course there are all manor of things you could do to circumvent the filter and this will of course always be the case as people will use whatever they can to get what they want. After all, all yuo really need to do in order to get all the dodgy material you want is to subscribe to a decent USENET service and get it all from that. For what it's worth though it works well for what it is and we certainly get a few hits on it. -- Leigh Porter
On 6/7/07, Leigh Porter <leigh.porter@ukbroadband.com> wrote:
Since only port 80 is passed through the filter then of course there are all manor of things you could do to circumvent the filter and this will of course always be the case as people will use whatever they can to get what they want. After all, all yuo really need to do in order to get all the dodgy material you want is to subscribe to a decent USENET service and get it all from that.
For what it's worth though it works well for what it is and we certainly get a few hits on it.
Have you been asked by the Dibble for the squid's server log yet? It's the obvious next step - if you had a URL request blocked, obviously you were where you shouldn't have been. You're either with us...or you're with the terrorists.
Alexander Harrowell wrote:
On 6/7/07, Leigh Porter <leigh.porter@ukbroadband.com> wrote:
Since only port 80 is passed through the filter then of course there are all manor of things you could do to circumvent the filter and this will of course always be the case as people will use whatever they can to get what they want. After all, all yuo really need to do in order to get all the dodgy material you want is to subscribe to a decent USENET service and get it all from that.
For what it's worth though it works well for what it is and we certainly get a few hits on it.
Have you been asked by the Dibble for the squid's server log yet? It's the obvious next step - if you had a URL request blocked, obviously you were where you shouldn't have been. You're either with us...or you're with the terrorists.
I actually removed the code in Squid that logs so it's impossible to log without significant development work ;-) -- Leigh Porter
On 6/8/07, Leigh Porter <leigh.porter@ukbroadband.com> wrote:
I actually removed the code in Squid that logs so it's impossible to log without significant development work ;-)
-- Leigh Porter
Internet governance by benevolent conspiracy:-)
Its too late, you've already admitted that the data exists and can be captured. This is always where it starts... Dave. Leigh Porter wrote:
Alexander Harrowell wrote:
On 6/7/07, Leigh Porter <leigh.porter@ukbroadband.com> wrote:
Since only port 80 is passed through the filter then of course there are all manor of things you could do to circumvent the filter and this will of course always be the case as people will use whatever they can to get what they want. After all, all yuo really need to do in order to get all the dodgy material you want is to subscribe to a decent USENET service and get it all from that.
For what it's worth though it works well for what it is and we certainly get a few hits on it.
Have you been asked by the Dibble for the squid's server log yet? It's the obvious next step - if you had a URL request blocked, obviously you were where you shouldn't have been. You're either with us...or you're with the terrorists.
I actually removed the code in Squid that logs so it's impossible to log without significant development work ;-)
-- Leigh Porter
ssshhhhhhh David Freedman wrote:
Its too late, you've already admitted that the data exists and can be captured.
This is always where it starts...
Dave.
Leigh Porter wrote:
Alexander Harrowell wrote:
On 6/7/07, Leigh Porter <leigh.porter@ukbroadband.com> wrote:
Since only port 80 is passed through the filter then of course there are all manor of things you could do to circumvent the filter and this will of course always be the case as people will use whatever they can to get what they want. After all, all yuo really need to do in order to get all the dodgy material you want is to subscribe to a decent USENET service and get it all from that.
For what it's worth though it works well for what it is and we certainly get a few hits on it.
Have you been asked by the Dibble for the squid's server log yet? It's the obvious next step - if you had a URL request blocked, obviously you were where you shouldn't have been. You're either with us...or you're with the terrorists.
I actually removed the code in Squid that logs so it's impossible to log without significant development work ;-)
-- Leigh Porter
On Fri, Jun 08, 2007, David Freedman wrote:
Its too late, you've already admitted that the data exists and can be captured.
This is always where it starts...
The logging code in release versions of Squid is pretty horrible and won't handle the loads modern ISPs will put under it. You have to disable it to get any decent performance. Adrian
Have you been asked by the Dibble for the squid's server log yet? It's the obvious next step - if you had a URL request blocked, obviously you were where you shouldn't have been. You're either with us...or you're with the terrorists.
If this website blocking is voluntary and if your goal is to protect your customers from inadvertently loading one of their pages, then you would not want to log any details, would you? If you want to help the police by reducing the number of spurious hits on this known illegal website so that they have a higher chance of tracking real criminals from the website hits, then you would not want to muddy the waters by sending your useless data to them, would you? Situations like this are always very complex and it does not help when people throw around simplistic analyses that are not grounded in reality. There was recent media coverage in the UK that indicates there are far more pedophiles than was thought and that real pedophiles don't fit the common stereotypes that people have of them. To me, this indicates that the police are struggling with data explosion and need help in reducing that data to increase their chances of catching SOME of the criminals. It does not suggest that police want to catch ALL the criminals and some number of innocent people as well. After all, any arrests will have to be processed through the court system and when you throw lots of innocent people and marginal cases into the courts, the cases drag on for a long time and clog up the system. That would be counterproductive wouldn't it? The objections that I see from people in regard to things like website blocking and network tapping, seem to assume that governments are very narrowminded, very efficient and have evil intent. In my experience, there is a lot more systems thinking in governments that you think, they are not terribly efficient, and they do not collectively have evil intent. They do make a lot of mistakes, but these get corrected. If nothing else, governments have learned that it is very bad to cover up mistakes, but you can make a lot of political hay by admitting them and proposing the next bold new solution. If you really don't like something that governments do, you are better off not attacking it in a narrow way, but suggesting that it was a mistake and pushing government into the next bold new initiative to fix the mistake. This works especially well around election time, but it can also be done between elections because even the party in power changes tack from time to time. In this case I would suggest that it is in ISPs best interests to get involved with network content blocking, so that ISPs collectively become deep experts on the subject. We are then in a position to modify these activities in a way that is beneficial to ISPs and their customers (who happen to be voters too). And we are in a position to advise government on future actions as well. If ISPs choose not to get involved, then they are less likely to be listened to by government partly because they have less credibility and partly because they simply don't understand the issue and therefore fail to communicate effectively. Inter-ISP cooperation is a big problem that needs to be solved on a global scale. Fortunately, there is a growing number of international forums in which ISPs do get together to deal with specific flashpoints. If your company has any part of your network in the UK, please do get involved by contacting LINX as requested: We have 13 companies involved so far but really want to get as many ISP's together to make sure that people understand the implications of the governments request. Whilst the intent is to focus the content on the technical side we are keen to make sure that the all parts of the ISP industry are brought up to date so may run multiple strands with different levels of technical content if we have the numbers. If you are interested please contact John Souter (john@linx.net) or Malcolm Hutty (malcolm@linx.net) for more details. --Michael Dillon
On 8-jun-2007, at 12:01, <michael.dillon@bt.com> <michael.dillon@bt.com> wrote:
In this case I would suggest that it is in ISPs best interests to get involved with network content blocking, so that ISPs collectively become deep experts on the subject. We are then in a position to modify these activities in a way that is beneficial to ISPs and their customers (who happen to be voters too).
Your assumption that blocking parts of the internet is a useful activity is flawed. The only positive effect that this has is that it protects users from accidentally running into stuff they'd rather not come into contact with. But this is much more effeciently and effictively done using commercially available filters. I talked to some people from the Dutch equivalent to http:// www.iwf.org.uk/ This was a very curious experience. What they want to achieve is protecting children from abuse. This is of course a laudable goal. But they think they can do that by ridding the internet of images depicting said abuse. There are pretty strong laws against that in the Netherlands*, but this woman thought that wasn't enough: she felt it would be good to also outlaw _text_ describing child abuse. This is really scary. If these well-intentioned but extremely dangerous people get their way, someone can end up in jail for simply writing some text. All the while, children in known dangerous situations go on a waiting list before they can be removed from the dangerous (home) environment. So apparently, it's more important to go after the results of child abuse in the past, and maybe even go after people who only fantasize about this stuff, rather than help kids that are in danger NOW. But hey, removing kids from abusive homes costs money and results in angry parents on the news. Strongarming ISPs into taking "voluntary" action on the other hand, is free and only results in angry threads on NANOG. I'm not one to give up my civil liberties without a struggle, but protecting kids may be important enough to make it worth giving up a few. But is it too much to ask for something that actually works in return? * Not long ago, a man was convicted because he had 10 images of this kind on his computer. They were part of a 100000 image porn collection. His claim that the 10 images were downloaded accidentally wasn't accepted by the judge: he should have been more careful.
Iljitsch van Beijnum wrote:
On 8-jun-2007, at 12:01, <michael.dillon@bt.com> <michael.dillon@bt.com> wrote:
In this case I would suggest that it is in ISPs best interests to get involved with network content blocking, so that ISPs collectively become deep experts on the subject. We are then in a position to modify these activities in a way that is beneficial to ISPs and their customers (who happen to be voters too).
Your assumption that blocking parts of the internet is a useful activity is flawed. The only positive effect that this has is that it protects users from accidentally running into stuff they'd rather not come into contact with. But this is much more effeciently and effictively done using commercially available filters.
I talked to some people from the Dutch equivalent to http://www.iwf.org.uk/
This was a very curious experience. What they want to achieve is protecting children from abuse. This is of course a laudable goal. But they think they can do that by ridding the internet of images depicting said abuse. There are pretty strong laws against that in the Netherlands*, but this woman thought that wasn't enough: she felt it would be good to also outlaw _text_ describing child abuse. This is really scary. If these well-intentioned but extremely dangerous people get their way, someone can end up in jail for simply writing some text.
All the while, children in known dangerous situations go on a waiting list before they can be removed from the dangerous (home) environment. So apparently, it's more important to go after the results of child abuse in the past, and maybe even go after people who only fantasize about this stuff, rather than help kids that are in danger NOW. But hey, removing kids from abusive homes costs money and results in angry parents on the news. Strongarming ISPs into taking "voluntary" action on the other hand, is free and only results in angry threads on NANOG.
I'm not one to give up my civil liberties without a struggle, but protecting kids may be important enough to make it worth giving up a few. But is it too much to ask for something that actually works in return?
* Not long ago, a man was convicted because he had 10 images of this kind on his computer. They were part of a 100000 image porn collection. His claim that the 10 images were downloaded accidentally wasn't accepted by the judge: he should have been more careful.
I agree that it will not protect children at all. Presumably there are already a large number of images (I hear figures of people having n * thousand images) so there is already enough material for there not to be a reason to generate more which would of course involve abuse. So what then is the aim of the filtering? Is it just the latest political bandwagon It is quite odd really that governments want to implement something to prevent people from breaking a law. And some posts have been correct in asking what's next? Automatic copyright/patent infringing filtering? -- Leigh
On Fri, Jun 08, 2007, Leigh Porter wrote:
It is quite odd really that governments want to implement something to prevent people from breaking a law. And some posts have been correct in asking what's next? Automatic copyright/patent infringing filtering?
Obviously you've not paid much attention to what Youtube have been doing lately.. Adrian
Well, it seems to be a standard operating procedure that anyone in a high profile case gets accused of possessing "child porn" via anonymous leaks from the police to the national press. (See the Forest Gate incident - not only did they tear the guy's house apart looking for nonexistent "chemical weapons", they "accidentally" shot him, then they briefed the tabloids that his computer was riddled with evil images of children. Naturally, he was never prosecuted for same.) If any UK ISP is willing to NOT do this, you've got my business.
Why did they even go for him in the fist place? Has anybody heard of operation Ore in the UK? It looks like a bit of a disaster, who would have thought that stolen credit Card details would have been used to buy illegal porn? -- Leigh Alexander Harrowell wrote:
Well, it seems to be a standard operating procedure that anyone in a high profile case gets accused of possessing "child porn" via anonymous leaks from the police to the national press. (See the Forest Gate incident - not only did they tear the guy's house apart looking for nonexistent "chemical weapons", they "accidentally" shot him, then they briefed the tabloids that his computer was riddled with evil images of children. Naturally, he was never prosecuted for same.)
If any UK ISP is willing to NOT do this, you've got my business.
It is quite odd really that governments want to implement something to prevent people from breaking a law. And some posts have been correct in asking what's next? Automatic copyright/patent infringing filtering? On that subject- we should probably change the language as well. Make it so that people can't even think of breaking the law because the words for such an action no longer exist. That would be doubleplusgood!
-Don
This was a very curious experience. What they want to achieve is protecting children from abuse. This is of course a laudable goal. But they think they can do that by ridding the internet of images depicting said abuse. There are pretty strong laws against that in the Netherlands*, but this woman thought that wasn't enough: she felt it would be good to also outlaw _text_ describing child abuse. This is really scary. If these well-intentioned but extremely dangerous people get their way, someone can end up in jail for simply writing some text. "The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding."
-Judge Louis Brandeis "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience. - C.S. Lewis
I'm not one to give up my civil liberties without a struggle, but protecting kids may be important enough to make it worth giving up a few. But is it too much to ask for something that actually works in return? "They that would give up essential liberty for a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania, 1759
"Experience teaches us to be most on our guard to protect liberty when the government's purposes are beneficent." -Judge Louis Brandeis I am not willing to give up any of my own liberties to protect children. We already have laws that do that and judging by the number of people arrested they seem to work. You reach a point of diminishing returns. At some point you have to accept that the world is a dangerous place and that bad things happen. There is a balancing point and a greater good to think about. Making everyone elses life less free does not balance out with the prospect of maybe saving a few kids. As the laws become more invasive they will eventually breed resentment and hatred for the government and fellow citizens. The end result will be civil unrest and fighting and that helps noone. Sadly it's already happening. Americans hate each other more than at any almost any other time in our history- and the hatred is becoming vicious. -Don
On Fri, 8 Jun 2007, Donald Stahl wrote:
"The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding."
-Judge Louis Brandeis <snip>
I am not willing to give up any of my own liberties to protect children. We already have laws that do that and judging by the number of people arrested they seem to work. You reach a point of diminishing returns. Hello,
Before *this* thread spins out of control, I would like to draw your attention to NANOG-L AUP, available at http://www.nanog.org/aup.html , particularly #6: Postings of political, philosophical, and legal nature are discouraged. In other words, it is on-topic to discuss operational effect of filtering - what the original post started with. It is on-topic to discuss how to filter and comply with government or corporate mandates to filter. It is on-topic to discuss existing logging/filtering solutions and their operational impact. It is "not so much" on topic to discuss legalities of filtering, but I think most agree that it still belongs here. It is clearly off-topic to discuss lists of british colonies, or civil liberties or protection of children - there are better forums to do this. Please follow any replies to this message to nanog-futures@nanog.org -alex (acting mlc chair)
On Fri, 8 Jun 2007, michael.dillon@bt.com wrote:
In this case I would suggest that it is in ISPs best interests to get involved with network content blocking, so that ISPs collectively become deep experts on the subject. We are then in a position to modify these activities in a way that is beneficial to ISPs and their customers (who happen to be voters too). And we are in a position to advise government on future actions as well. If ISPs choose not to get involved, then they are less likely to be listened to by government partly because they have less credibility and partly because they simply don't understand the issue and therefore fail to communicate effectively.
UK ISP associations have developed a centralized blocking solution with IWF providing the decision making of what to filter. 90% of the UK broadband users accept the same "voluntary" decisions about what to filter. On the other hand, US ISP associations have advocated for decentralized blocking solutions, leaving the decision to parents and multiple content filtering companies. US ISP associations have been active in this area since the early 1990's, although US ISP associations seem to only last so long before they disappear and a new association springs up. Is a centralized filtering solution better or worse than a decentralized filtering solution? Schools, libraries, families, etc in the US choose which content filter product to use, which vary greatly how well they work and what they choose to filter. Since its "voluntary," some US families choose not to have any content filters. Other US families choose to filter much more than other families. Cisco, Juniper, Streamshield, NetNanny, etc sell identical products around the world. If an ISP anywhere in the world wants to offer either a centralized or decentralized filtering solution, the products are available. Likewise, if an individual is concerned about what his or her family sees, they can use without their ISP, the products are available.
On Saturday 09 June 2007 16:43, Sean Donelan wrote: [...]
Is a centralized filtering solution better or worse than a decentralized filtering solution? [...]
In my opinion, it is not. With centralized, who gets to decide what is filtered and why? I don't beleive a governmental entity should have to treat it's *adult* citizens like children. with de-centralized, it is the user's perrogative what gets filtered and what doesn't - if the user doesn't want their them or their children seeing certain content, then filtering is their option. As well as it gives the user power over *WHAT* gets filtered and *WHY*. From my view, ISPs should continue their role as "passing the packets" and not say what their users can or cannot view. It's when ISPs start interfering with what their users do is when we will run into legal, political and otherwise issues that I'm sure none of us want to see. And with ISP level filtering: what's to say a legitamate page won't get caught in the filter? i.e. if a news article is covering a child pornography story, what's to stop the filter from picking up on that and blocking the news site due to a false-positive?
Thus spake "Kradorex Xeron" <admin@digibase.ca>
From my view, ISPs should continue their role as "passing the packets" and not say what their users can or cannot view. It's when ISPs start interfering with what their users do is when we will run into legal, political and otherwise issues that I'm sure none of us want to see.
IIRC, AOL got whacked by a court years ago because they censored some chat rooms and not others. The court held that since they censored some content, they lost their status as a common carrier and were liable for other content they didn't censor (either by intent or mistake). This was a particularly interesting case, since the implication was that ISPs who _don't_ censor content _are_ common carriers, which I don't think has otherwise been touched upon in the US. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov
IIRC, AOL got whacked by a court years ago because they censored some chat rooms and not others. The court held that since they censored some content, they lost their status as a common carrier and were liable for other content they didn't censor (either by intent or mistake). This was a particularly interesting case, since the implication was that ISPs who _don't_ censor content _are_ common carriers, which I don't think has otherwise been touched upon in the US.
I would be most interested in a citation of this alleged case. Perhaps you are thinking of the Stratton Oakmont case in which a New York court found Prodigy liable for for postings in some of their online fora. Since there is a section in the 1996 CDA specifically to reverse the outcome of this case, anyone who cites this case as relevant to the current situation in the US is just plain wrong. Also, ISPs in the United States are not common carriers. Even the ISPs that are owned by phone companies (which are common carriers for their phone service) are not common carriers. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly.
On June 11, 2007 at 06:22 johnl@iecc.com (John Levine) wrote:
Also, ISPs in the United States are not common carriers. Even the ISPs that are owned by phone companies (which are common carriers for their phone service) are not common carriers.
Are you possibly conflating the general legalistic term "common carrier" which applies to taxi cabs, UPS, trains (common carriage, i.e., generally cannot be held responsible for the contents of what they carry) versus telecommunications common carriers as defined under the "Communications Act of 1934" (CA1934) which established the AT&T monopoly? Granted there's no agency or body which takes out a big stamp saying COMMON CARRIER (in the common law, first sense) and sticks it on an ISP's head (in the second sense, CA1934, that'd be the FCC.) The common law sense is more a practical matter of law and precedence. The wikipedia entry has a nice brief summary: http://en.wikipedia.org/wiki/Common_carrier Internet networks are in many respects already treated like common carriers. ISPs are largely immune from liability for third party content. The Good Samaritan provision of the Communications Decency Act established immunity from liability for third party content on grounds of libel or slander. The DMCA established that ISPs which comply with DMCA would not be liable for the copyright violations of third parties on their network. So, although it should be noted that by and large ISPs have resisted being classified telecommunications common carriers as specifically defined in CA1934 they seem to be treated by the law, in practice, as common carriers in the common law sense (i.e., offer their carriage to the general public, can't generally be considered responsible for content etc. any more than a taxi or fedex could be.) It's a very important if somewhat confusing distinction. It'd be a lot easier if we could come up with separate terms for common law common carrier versis CA1934 telecommunications common carrier. That said, nothing is absolute and even an unarguable common law common carrier (say, fedex) has some duty to raise suspicions about a package which is ticking or dripping noxious (or really any) liquid, and to cooperate with law enforcement where properly required (e.g., via warrants.) I think we're less in the realm here of who is or isn't some sort of common carrier and more "what are the responsibilities even within those constraints?". Even the old AT&T monopoly, probably as legally fortressed from liability as possible (other than its broad exposure to regulation) would be required to cooperate with properly executed legal process. (I suppose to be PC I have to say out loud this note is US-centric) -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
So, although it should be noted that by and large ISPs have resisted being classified telecommunications common carriers as specifically defined in CA1934 they seem to be treated by the law, in practice, as common carriers in the common law sense ...
You're right, but the legal setup is flipped around. For a common carrier of whatever variety, the assumption is that they're not responsible for the contents of what they carry, and there's exceptions for obviously dangerous goods, warrants, etc. For ISPs, the assumption is that they're just normal businesses, and there's laws like the CDA that give immunity for various kinds of customer material. R's, John PS:
It's a very important if somewhat confusing distinction. It'd be a lot easier if we could come up with separate terms for common law common carrier versis CA1934 telecommunications common carrier.
Agreed.
In article <18029.40210.45583.17990@world.std.com>, Barry Shein <bzs@world.std.com> writes
It'd be a lot easier if we could come up with separate terms for common law common carrier versis CA1934 telecommunications common carrier.
What you are looking for is probably a US equivalent of the European Union's "Mere Conduit" law. It's a relatively new (doesn't have historical baggage) law, and has the advantage of in effect being negotiated with telcos and ISPs during the drafting. Additionally there are sensible definitions for the liability of intermediaries in the circumstances of caching and hosting. The caching clause was particularly important from an operational point of view, because the threat was that a different approach (as initially promoted by rightsholders) would have either made caches an illegal beach of copyright, or mandated that cache owners get a licence from all copyright holders (perhaps through a central collecting agency set up for the purpose). Luckily[1], sense prevailed. http://ec.europa.eu/internal_market/e-commerce/index_en.htm Topical to the current discussion, and also of crucial operational importance, a subsequent proposal in the UK for sysadmins to be individually licensed in order to obtain immunity[2] from reporting illegal material found on their systems, was lobbied into a more general amnesty for that kind of activity. [1] Actually, no luck involved at all, just sustained lobbying via a network of EU-based trade associations. [2] A bit like seeing a gun in the street and on handing it into the police being prosecuted for possession of an unlicenced firearm; strictly true (if having it in your hand is the definition of possession), but not in the public interest. -- Roland Perry Internet Policy Agency
On Mon, 11 Jun 2007, John Levine wrote:
Also, ISPs in the United States are not common carriers. Even the ISPs that are owned by phone companies (which are common carriers for their phone service) are not common carriers.
The Communications Decency Act, Digitial Millinium Copyright Act, Electronic Communications Privacy Act and even ISP's own Terms of Service give operators substantial protection for "Good Samaritan" acts to filter, screen, allow, disallow or report objectionable material. In addition, under 42 USC 13032, US public electronic communication providers (also known as ISPs) have the *DUTY* to report, not monitor, child pornography to the National Center for Missing and Exploited Children. Failing to file a report could result in a fine of $50,000 or more, except due to a quirk in how the statute was written, apparently no US government agency was given the authority to issue the fines. -- Warning: UltraDNS/Neustar's monthly rates are not month-to-month.
IMHO, unless it's something blatantly illegal such as kiddie porn and the like I don't think content filtering is the responsibility of the ISP's. Besides all of the conspiracy theories that are bound to surface, I think forcing ISP's to block content is a bit like forcing car makers to police what can be played on the radio. I think that giving parents the option of manually turning off porn sites would be an improvement. Although still not within the responsibility of the ISP they are in the best place to implement such a technology. However, I don't like the idea of a mandatory global traffic filtering initiative. Sean Donelan <sean@donelan.com> Sent by: owner-nanog@merit.edu 06/09/2007 04:43 PM To nanog@merit.edu cc Subject UK ISPs v. US ISPs (was RE: Network Level Content Blocking) On Fri, 8 Jun 2007, michael.dillon@bt.com wrote:
In this case I would suggest that it is in ISPs best interests to get involved with network content blocking, so that ISPs collectively become deep experts on the subject. We are then in a position to modify these activities in a way that is beneficial to ISPs and their customers (who happen to be voters too). And we are in a position to advise government on future actions as well. If ISPs choose not to get involved, then they are less likely to be listened to by government partly because they have less credibility and partly because they simply don't understand the issue and therefore fail to communicate effectively.
UK ISP associations have developed a centralized blocking solution with IWF providing the decision making of what to filter. 90% of the UK broadband users accept the same "voluntary" decisions about what to filter. On the other hand, US ISP associations have advocated for decentralized blocking solutions, leaving the decision to parents and multiple content filtering companies. US ISP associations have been active in this area since the early 1990's, although US ISP associations seem to only last so long before they disappear and a new association springs up. Is a centralized filtering solution better or worse than a decentralized filtering solution? Schools, libraries, families, etc in the US choose which content filter product to use, which vary greatly how well they work and what they choose to filter. Since its "voluntary," some US families choose not to have any content filters. Other US families choose to filter much more than other families. Cisco, Juniper, Streamshield, NetNanny, etc sell identical products around the world. If an ISP anywhere in the world wants to offer either a centralized or decentralized filtering solution, the products are available. Likewise, if an individual is concerned about what his or her family sees, they can use without their ISP, the products are available.
On Sat, 9 Jun 2007 17:38:20 -0400 Keegan.Holley@sungard.com wrote:
IMHO, unless it's something blatantly illegal such as kiddie porn and the like I don't think content filtering is the responsibility of the ISP's. Besides all of the conspiracy theories that are bound to surface, I think forcing ISP's to block content is a bit like forcing car makers to police what can be played on the radio. I think that giving parents the option of manually turning off porn sites would be an improvement. Although still not within the responsibility of the ISP they are in the best place to implement such a technology. However, I don't like the idea of a mandatory global traffic filtering initiative.
I think in the home is the best place to implement the technology - a power switch or BIOS password. Here is a true analogy. My father worked for a TV station, so you'd think we'd have the TV on all the time, yet right through up until after I left high school, my parents wanted to limit my TV watching ... significantly. How did they do it ? (a) they didn't buy a TV set and put it in my bedroom - the TV was in a common area of the house i.e. the lounge and/or dining room (b) they didn't allow me to watch the TV unsupervised So what I don't understand is why parents put computers in their childrens' bedrooms and don't supervise their children's Internet use. Substituting a piece of filting software that won't ever do as good a job as a parent in enforcing parental responsibility is just bad parenting in my opinion, and not the responsiblity of government or ISPs. Regards, Mark. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"
IMHO, unless it's something blatantly illegal such as kiddie porn and
Keegan Holley Network Engineer, Network Managed Services SunGard Availability Services Mezzanine Level MC-95 401 N. Broad St. Philadelphia, PA 19108 215.446.1242 (office) 609.670.2149 (cell) Keegan.Holley@sungard.com ___________________________________________ Keeping People and Information Connected® http://www.availability.sungard.com Mark Smith <nanog@fa1c52f96c54f7450e1ffb215f29991e.nosense.org> 06/11/2007 09:01 AM To Keegan.Holley@sungard.com cc Sean Donelan <sean@donelan.com>, nanog@merit.edu Subject Re: UK ISPs v. US ISPs (was RE: Network Level Content Blocking) On Sat, 9 Jun 2007 17:38:20 -0400 Keegan.Holley@sungard.com wrote: the
like I don't think content filtering is the responsibility of the ISP's.
Besides all of the conspiracy theories that are bound to surface, I think forcing ISP's to block content is a bit like forcing car makers to police what can be played on the radio. I think that giving parents the option
of manually turning off porn sites would be an improvement. Although still not within the responsibility of the ISP they are in the best place to implement such a technology. However, I don't like the idea of a mandatory global traffic filtering initiative.
I think in the home is the best place to implement the technology - a power switch or BIOS password. I guess that would go for the cell phone and the computer at the friends house as well... Here is a true analogy. My father worked for a TV station, so you'd think we'd have the TV on all the time, yet right through up until after I left high school, my parents wanted to limit my TV watching ... significantly. Did you ever have to do homework or check you grades on the TV? Did your mother ever pay bills with the TV? Also, did any child molesters ever try contacting you during the commercials. How did they do it ? (a) they didn't buy a TV set and put it in my bedroom - the TV was in a common area of the house i.e. the lounge and/or dining room (b) they didn't allow me to watch the TV unsupervised And you never got up after they went to bed to see what you were missing.. So what I don't understand is why parents put computers in their childrens' bedrooms and don't supervise their children's Internet use. Substituting a piece of filtering software that won't ever do as good a job as a parent in enforcing parental responsibility is just bad parenting in my opinion, and not the responsibility of government or ISPs. I agree but there are many houses where both parents work and the kids for better or worse spend alot of time alone. I think it would be a good thing to give them a way to filter what comes into their living rooms. I'm probably showing my age with this one but my parents actually caught me downloading porn and tried some of those filters. I actually found a website that explained how to disable it. I think we have come a long way from cable TV, both in terms of accessibility and what is deemed appropriate content. Also I think teenagers are different now then they were a few years ago. While a content filtering solution will never be able to replace good parenting and plain common sense. I have no objections to having all three in the same household. Keegan
Sean Donelan wrote:
UK ISP associations have developed a centralized blocking solution with IWF providing the decision making of what to filter. 90% of the UK broadband users accept the same "voluntary" decisions about what to filter.
I have not seen any evidence presented that *any* "UK broadband users" either *know* about or "accept" the "voluntary" decisions of their ISP, made for them in their 'Net Nanny role. Could you point to the URL for this scientific polling data?
On the other hand, US ISP associations have advocated for decentralized blocking solutions, leaving the decision to parents and multiple content filtering companies. US ISP associations have been active in this area since the early 1990's, although US ISP associations seem to only last so long before they disappear and a new association springs up.
And that has not worked out well for us. No continuity, no effective lobbying organization. Where, oh where, are CIX, ISP/C, et alia?
On 6/10/07, William Allen Simpson <william.allen.simpson@gmail.com> wrote:
Sean Donelan wrote:
UK ISP associations have developed a centralized blocking solution with IWF providing the decision making of what to filter. 90% of the UK broadband users accept the same "voluntary" decisions about what to filter.
I have not seen any evidence presented that *any* "UK broadband users" either *know* about or "accept" the "voluntary" decisions of their ISP, made for them in their 'Net Nanny role.
Could you point to the URL for this scientific polling data?
I learned of it this week from NANOG and UKNOF.
participants (29)
-
Adrian Chadd
-
alex@pilosoft.com
-
Alexander Harrowell
-
Barry Shein
-
Chris L. Morrow
-
David Freedman
-
Deepak Jain
-
Donald Stahl
-
Florian Weimer
-
Iljitsch van Beijnum
-
James Blessing
-
Jeroen Massar
-
Joe Abley
-
John Levine
-
Jon Lewis
-
Keegan.Holley@sungard.com
-
Kradorex Xeron
-
Leigh Porter
-
Mark Smith
-
Matthew Palmer
-
michael.dillon@bt.com
-
Neil J. McRae
-
Owen DeLong
-
Roland Perry
-
Sean Donelan
-
Simon Waters
-
Stephen Sprunk
-
Valdis.Kletnieks@vt.edu
-
William Allen Simpson