Voluntary filtering removes the controversy

by Stilgherrian

After nearly four chaotic years, Australia's internet filtering scheme is finally coming together in a way that makes sense technically and politically, if not necessarily for effective child protection.

The chaos wasn't all communications minister Senator Stephen Conroy's fault. The "clean feed" was announced as Labor policy back in March 2006 by then-leader Kim Beazley. ISPs would filter out the nasties hosted overseas, where they couldn't be hit with a takedown notice from the Australian Communications and Media Authority (ACMA).
But Conroy's name was on Labor's Plan for Cyber-safety published just five days out from the federal election in late 2007, and once in government it was Conroy's job to explain that plan and sell it to voters. Everyone presumably imagined it'd be a protect-the-kiddies no-brainer.
Problem was, neither the plan not Conroy's explanations were clear.
Two rather different child protection objectives were being lumped together. Tackling the heinous crime of producing, distributing and consuming child exploitation material, and helping parents ensure their children only see age-inappropriate content. A single technical solution was supposed to solve two very different problems.
As the debate unfolded, terms like "prohibited content", "illegal", "refused classification", "harmful" and the vague "inappropriate" were used interchangeably. They have very different meanings.
To geeks, the lack of precision smelled like dishonesty. Conroy dodged and weaved as he tried to sort out the mess, claiming the policy was still the same. But it wasn't, a process documented in gloriously nosebleed-inducing detail at Libertus.net
For two and a half years, Conroy couldn't open his mouth on any topic without being hit with questions about the filter, without every changed word being read as further dishonesty. He must've hated it.
Then almost exactly a year ago, he grabbed those politically toxic plans and hurled them not just past the looming 2010 federal election but well into the future. It was a masterstroke.
The contentious Refused Classification content category, of which child pornography is just one component, would be reviewed. ACMA's process for maintaining its blacklist of prohibited online content would be improved. That'd take a couple years to sort out. Meanwhile, he'd ask ISPs to voluntarily tackle child exploitation material, nothing else.
It was a much-needed breather.
Today, a year later, Telstra and Optus are reportedly just days away from turning on their filters, and the the Internet Industry Association (IIA) is on the verge of  extending voluntary filtering across most of the industry. They'll use Interpol's blacklist, not ACMA's, so they can't be accused of going beyond "the worst of the worst". They'll filter by domain, not individual URLs, which means it'll be slightly harder to defeat and can be handled by existing DNS infrastructure with no performance hit.
It's hard to argue against.
Meanwhile, parliament's Joint Select Committee on Cyber-Safety has looked at mandatory filtering and questioned the point of it.
"There is no evidence of reluctance by ISPs to take down Refused Classification material," says their  report, "and it is not clear that legislation would be any more effective than a voluntary arrangement." Large multi-national websites already take down a "much wider range" of material just by following their own user policies.
Mind you, blocking the domains where child abuse material is published on the open web will only be a partial measure at best.
As has been explained many times before, filters can be bypassed with a virtual private network (VPN) to a service provider that doesn't filter, anywhere in the world. Dedicated pedophiles know their activities are illegal, and will continue to trade via more covert methods.
IIA chief executive Peter Coroneos admits that filtering will only stop the curious, and perhaps reduce the additional traumatisation of abuse victims through knowing that the images of their abuse can still easily be found.
As for helping parents regulate their children's internet use, the select committee noted that ACMA's surveys show that between 40 and 50 percent of parents already filter in the home, with many commercial and free filtering options available. "However, there is a lack of awareness," they write.
The committee chose not to endorse the government's mandatory filtering policy or even make recommendations.
For a year or more now, I've thought that Conroy's strategy has been to put to replace the chaos with a proper policy-development process and, perhaps, let mandatory filtering die a natural if lingering death as a result. The news this past fortnight supports that theory. It's smart politics after a shaky start.


Join the CSO newsletter!

Error: Please check your email address.

Tags conroyIIAvoluntary filteringsecurityinternet filteringprohibited contentoptusTelstrachild protection

More about etworkIIAInternet Industry AssociationInterpolOptusTelstra Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stilgherrian

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts