This is part three of a transcription of MMM’s Spoonman show on internet censorship, which aired 13 November 2008. You can download the podcast here.
Spoonman: Now we’re dedicating the first part of the show tonight to, well, effectively wage war on the Government’s plan to censor the internet at the ISP level.
Now, just to be fair to the government here. Just a couple of things I will point out over the course of the next couple of interviews. One of them is some of the other things the Government is spending money on as a part of this package. They’ve allocated 128.5 million dollars for a comprehensive what they call “cybersafety” programme that focuses on a range of things: education, research, ISP filtering (which is what we’ve been talking about tonight, predominantly), and law enforcement.
Now some of the other things in this package include expanding the capacity of the Australian Federal Police child protection operations team to detect and investigate online child abuse. I will talk to an IT forensic investigator about how exactly that might happen shortly, and what are the shortcomings of introducing the kind of system the Government’s talking about, in terms of what alternate ways those producing child pornography might have to mask their whereabouts. They’re also going to add 91 additional AFP members to the online child protection, but that’s not until 2011. So a few years to go.
Obviously the ISP filtering is the bulk of the expenditure. They’re also going to develop education resources and a dedicated helpline, expand the terms of reference for cybersafety consultative working group to include all aspects of cybersafety (more political gobbledygook), and further Australian research. There will also be a Youth Advisory Group to ensure programmes are made relevant and on target. One of those advisory groups that the Government can discreetly ignore whenever they feel like it.
Now, when I mentioned that we were going to do this subject, I got a raft of emails from experts working in the industry who are listeners in their spare time. One of those is Matthew Black, who is an IT professional, and I gotta tell you has more letters after his name – he’s got an MBA, he’s got a Bachelor of Science degree, he’s got all sorts of diplomas, and he is a member, in fact he is a senior member of the Australian Computer Society website, which is http://www.peregrineit.net. [Ed note – I think something got muddled here!]
His name is Matthew Black. G’day Matthew, hi.
Matthew Black: G’day Spoonman, how are you mate?
SpoonMan: I’m very well, my friend. Now just for – I am not an IT expert by any stretch of the imagination. I get a general gist of how the system works and roughly what goes on. Tell me Matthew, specifically: what are the technical limitations with the plan the Government is putting forward?
MB: Yeah, let’s talk about that. Just before we do, let me point out that I’m speaking not on behalf of the ACS, or on behalf of say [?JU], which is the other peak body in Australia; I’m talking tonight as a private individual with knowledge in this area. I just want to make that quite plain.
SM: I understand, Matthew; no problem.
MB: Look, there’s a number of ways around the system. For starters, with the plan being put forward by the Minister at the moment, they’re going to be filtering only at this stage web traffic. Now web traffic only makes up about a third of the internet traffic that is out there at the moment.
SM: What’s the rest of it, Matthew?
MB: The rest of it is peer-to-peer sharing by say things like Bittorrent; it’s email; it’s encrypted web traffic which is different again; and things of that nature. The whole raft of different bits and pieces that we call the internet. And the World Wide Web – webpages – is only roughly about a third of that.
SM: So there’s a massive capacity for those who do wish to transmit material that the Government would deem inappropriate to do so beyond the scope of their plan.
MB: Oh, certainly. That’s one of the main faults of the plan that the Government’s put forward so far.
SM: OK. What about the effect on the speed of the internet, Matthew? And we need to background this with of course the concept that the Federal Government is spending ten billion dollars of our money to create a high speed broadband network, which they seem intent on choking before it even gets up. What sort of effect do you really think it will have on internet speeds, for example?
MB: Well, the Government’s own pilot report specifies that some of the filters that they’re looking at actually slow down the internet by up to 87%. So – call it 80%, call it four-fifths, that’s the first step. Now that particular filter, the one that slows down the internet the most, is also the one that’s the least effective at the filtering.
SM: What about at the most effective end, Matthew? What sort of slowdown are we talking about there, for the package, the process that manages to catch more of the websites that they’re looking for?
MB: Sorry, I just mixed […] The filtering system that slows down the internet the most is the one that is the most effective. My fault.
SM: Oh, I see, ok. So – most effective, but slows down. That’s what I was trying to get at, that makes sense.
MB: Sorry, I misspoke. Um, so yeah. Even the most effective filter still lets through roughly two percent of the stuff it should be stopping; and it stops roughly three percent of the stuff that it should not be stopping. To put that in perspective, some estimates put it that there are two billion – that’s billion with a b – two billion websites out there. So three percent of two billion is sixty thousand legitimate websites that will be inappropriate stopped, or blocked, or censored, if you prefer that term. [Ed Note: it’s actually sixty million]
SM: And they could be relatively innocent, say health-related websites, for example, that get caught up because of a key word?
MB: Exactly. I mean the classic example everybody uses is sites about breast cancer. Um, the word “breast” obviously can be used both medically and for pornographic reasons, and so that’s one word, one example of a potential site that will be blocked inadvertently.
SM: So clearly Matthew at the end of the day what we’re talking about here, in terms of the optimal system for parents or others concerned about the type of content appearing on their home PC, is a PC based software package like a Net Nanny that has nothing to do with blocking anything at the ISP level?
MB: That’s correct. And what makes this argument so interesting is that if parents want to have a filtered internet feed, that’s available in the market right now. There are ISPs out there that provide this feed. Webshield, for example, is a perfect example. Also, the last government, the Liberal government, made available free of charge – and it’s still free of charge, I might add – a whole bunch of PC based filtering that parents could download from netalert.gov.au. So no matter, if parents want to filter the internet at their own PC, they can do so for free. If they want to subscribe to a filtered internet link, it’s already available. Why is this being forced on the rest of us when there’s no call for it? That’s my question.
SM: And as I understand it, the one the Government developed last year that you’re referring to, there was roughly, if I’m not mistaken, around about 140 000 downloads of that, but subsequent figures indicated that a very small percentage of those people are still actually actively using it.
MB: That’s correct. Um, look, the bottom line is, the point of view I have and a lot of others have, is that there’s actually no problem to deal with in the first place; and there’s certainly no call for the problem to be dealt with. So again I come back to – why are we going down this path? Why are we spending millions of dollars to basically affect the internet in such a way as to make us less competitive in the world market – that’s one effect that the Government doesn’t seem to want to acknowledge – and a whole raft of other issues that are in a similar vein?
SM: Matthew, I very much appreciate your time, Sir, thankyou.
MB: Thanks, Spoonman.
SM: Good on you. That’s Matthew Black, who is an IT professional, speaking as an individual, although he is a member of a number of organisations that I and he mentioned.
Now, I mentioned a couple of email addresses before for Stephen Conroy who is the Senator and Minister for Communications responsible for implementing this plan, I’ll give you his email address shortly. Also Michael Atkinson, who is the Attorney-General in South Australia, who is the stick-in-the-mud at this stage for the creation of an R category for computer games.
But right now, I want to talk to a licensed investigator who specialises in IT forensics and security. I might have given you the impression before that he’s actually doing the forensic work chasing paedophiles. Obviously the police do that. But there are people who work doing exactly the same kind of thing that Adam Darbyshire does, who’s the director of eNinja, who have to preserve this kind of evidence discovered on computers.
Adam, welcome to the show, thankyou.
Adam Darbyshire: Thanks, Spoonie. Long time listener, first time being called. [laughs]
Spoonman: [laughs] Good on yer, mate. I appreciate you contacting the programme, too. Can you just explain quickly what an IT forensics and security expert does?
AD: Well, from the forensics point of view, the idea is to track down and find any evidence which can prove a case, be it in my area, which is civil cases, usually interlinked with property theft; or in the case of criminal investigation you’ve got the police who now search computers these days for murder investigations, or anything really, any major crime, they’ll do an investigation of a computer, if there’s one there.
SM: OK. Now what is the real risk in terms of child pornography for example, should this planned policy get up? What’s likely to happen? Because obviously the system as I understand it will only block websites. OK. Now is that likely to cause maybe some producers of child pornography who are currently using websites, to use some of the more clandestine aspects of the internet to continue doing what they’re doing?
AD: Well, in my understanding of everything at the moment, as far as that world goes, is that very few images, videos of that nature are actually on websites. As well as, the filter as it’s designed, only targets the major website ports – so they’re port 80, port 8080, and 8010, which web servers run on. Most of the nasties out there on the internet aren’t actually on web servers, they’re on different platforms like peer-to-peer mostly, IRC has got a little bit here and there, […] on a few things, so it’s not really going to have much effect whatsoever.
SM: OK. Now, would it be fair to say that some of the child porn networks, if I can use that phrase, they are using encrypted protocols to transmit their material from one place to another?
AD: Some definitely would be using it. However the average person won’t have to worry about that as far as they’re concerned, they think “oh, maybe just once in a while, I’ll never get caught”, but thankfully they’re pretty stupid. So they usually do get caught pretty easily. But encryption is definitely a very large problem out there for these sorts of issues.
SM: Now am I correct in suggesting that if – and I won’t mention specifically, but I am aware of some encryption protocols that actually prevent the various law enforcement agencies, including the Australian Federal Police, to monitor and observe what they’re up to?
AD: Oh, there are heaps out there that do it. There are lots of programs out there which are designed to do this stuff, you can use some of the really old technology of the internet as well to hide stuff on, and to be perfectly honest the police are at this moment incapable of breaking through those encryptions to find what they’re looking for.
SM: One of the things I commented on when I first heard about this plan was the fairly obvious outcome, which is that preventing people that obviously have – sickos, for want of a better phrase – we would be far better off, would we not, putting the 128 million dollars that the Government has allocated in total to this programme, into greater law enforcement in a co-ordinated international fashion, rather than trying to prevent say end-users, if I can use that term, from accessing child pornography? We might stop people from looking at these sorts of images and videos, but it’s not going to save one child or arrest one producer of this material, is it?
AD: Oh, definitely. All the money which is being put toward the filter could easily be put toward different groups, like many of the Australian investigating groups, like Vicpol, the Feds, New South Wales has got a computer crimes department as well. They could really use the income, sorry, the cash from the budget to hire new staff, get better equipment… they really are screaming out for all this extra money.
SM: And it occurs to me that we’d probably have, at least at a global level, better outcomes if there was more co-ordination in this area, and certainly a lot more resources and hard cold cash thrown at it. It just strikes me as spending a huge amount of money to try to prevent people from looking at something that is being produced – children are being abused in the process of the production of that material – and there is, ok, notwithstanding the fact that some of the moneys allocated by the Federal Government will go to an increase in policing, it seems to me that at the end of the day the overwhelming amount of cash will go to the administration of the filter rather than active police action to shut these people down.
AD: Yeah, um, it’s – what is it, 44 million dollars, a figure I saw thrown around? I think that was just one year only.
SM: Yes, that’s right, that’s one year only, and of course you’ve got the maintenance of ACMA, you’ve got the maintenance of the blacklist, there’s a whole bunch of factors in here that are costly, I would argue.
AD: Yeah, and there are a lot better ways to implement a filter like that, which won’t affect the internet at all, than throwing 44 million dollars away per year towards creating some filter, when that money can really better be spent in a lot of other places. As you mentioned before, policing, international co-operation, that always works. There’s been a few major stings in the last year which have been the direct results of international co-operation.
SM: So it is definitely doable if the money and the resources are put to the effort?
AD: It’s never 100% doable.
SM: No of course not. But if we can save a handful of children around the world from being abused in such a fashion?
AD: Oh yeah, then it’s definitely worth it. I mean, if we can save one kid then throwing that 44 million dollars is definitely worth it. But, um, just towards police departments would be a lot better than trying to block the average sicko from looking at something.
SM: I completely agree with you, Adam. We’ve got a pretty crappy phone line here, which is unfortunate, so I’ll leave you there. But I do appreciate your time, sir.
Director of eNinja is Adam Darbyshire, and he is a licensed investigator who specialises in IT forensics and security. Let me just make the point I’m trying to make here.
The government is spending this money to ostensibly – and I use the term quite deliberately – ostensibly stop people from looking at child pornography. It’s painfully obvious that they might be able to prevent that 100% in an ideal world, ok, even if they could, it’s technically impossible – but if they could, it is not going to stop the images being produced. It will not stop the producers producing more of it. It will not stop the abuse of one child anywhere. All it will do is stop people from looking at the images, and again, as we’ve already discovered throughout the course of the discussions this evening, it’s likely, this type of net filter here, is likely to cause people to use encrypted protocols (when I say “people”, paedophiles and child pornography producers) to use encrypted software, encrypted programs, to mask what they’re up to. To hide even deeper inside the internet than many of them are hiding now.