Professional Documents
Culture Documents
a primer
Malcolm Hutty
Head of Public Affairs, LINX
A glossary
• Formally
– “Internet Service Provider”
• Commonly
– “Internet Services Provider”
• Technically
– Provider of Internet Service
– a.k.a Internet access
• Connectivity provider
• Mere conduit
– Legal term, relates to legal liability
• Public Electronic Communications Service provider
– Legal term from regulatory framework
• Transit provider
– An ISP that connects other network operators to each
other; normally to contrast with one who providers
access for consumers and businesses
• Internet protocol
– Communications protocol designed to enable diverse
computer systems to interconnect and exchange data
– Data is split up into small packets
– Packet format defined by Internet Protocol
– Packet header contains:
• a destination address
• a source address (for reply)
• content (could be anything)
• Self-hosting
– A large business may provide its own hosting
• Traditional hosting provider
– Business and consumer hire a hosting company
• “Shared hosting”: multiple customer on one server
• “Co-location”: give the hosting company your server
• User-generated content
• End users upload their content to an open service
e.g. Facebook, YouTube, E-Bay
• Mere conduit
– Does not initiate communication
– Do not select recipient of communication
– Does not modify communication
– NB: Mere conduit’s knowledge is irrelevant
• Hosting provider
– Removes content expeditiously upon gaining
“actual knowledge” of the content
• Cache
– (Follows technical standard practice for caches)
26th January 2011
Nature of Liability Protection
• Pseudo P2P
– User connects to a server to find content
– Server directs them to a user with the content
– User downloads directly from the other user
– Content is not hosted by server
• True P2P
– No central server
– Search other users’ PCs directly
• Protection
– Help users avoid content they do not wish to
encounter
• Compliance
– Prevent users from accessing material they are
actively seeking
• Protection
– User does not want to access blocked material
– User will not deliberately subvert blocking system
– User’s normal usage will usually not strain the
blocking system by introducing difficult cases
• Compliance
– User wishes to access blocked material
– User may deliberately subvert blocking system
• “Phishing”
– E.g. bank impersonation sites
In theory
• Main methods
– Notice & Takedown
– Network level address blocking
– Network level filtering
– End user filtering and blocking
• First three are mandatory for end user; last requires the
end user’s cooperation
• Last three are technical interventions; first is an
institutional procedure
• Method
– Contact the hosting provider
– Identify the content and ask for removal
– Hosting provider removes the content at source
• Outcome
– Content is gone from the Internet
• Problems
– Can of course be re-uploaded, here or elsewhere
– Only works for hosted content
• Method
– Give the ISP a list of addresses to block
– ISP “prevents” Internet traffic reaching those addresses
• Outcome
– In theory, the ISP’s customers cannot reach the destination
device…
– …although there are many ways they can
• Problems
– The content remains on the server
– Other ISPs’ customers can still access it
– Might break “mere conduit”
• Method
– Give the ISP a list of items to filter
– ISP continually monitors its network for those items
– Intercepted in mid transmission and discarded
• Problems
– Not practically possible to do
– Utterly impossible for encrypted communications
– Highly intrusive
– Breaks “mere conduit” (modifies transmission)
– Incompatible with “no duty to monitor”
• Method
– End user installs software on own PC to block and
filter traffic
• Outcome
– User can select own choice of blocking software, and
hence what gets blocked
– If PC is properly configured, hard to get round
• Problems
– Device support e.g. smart phones
– Depends on user cooperation
• DNS blocking
• Web Proxy blocking
• IP address blocking
• Hybrid blocking (“Cleanfeed”)
• Background
– ISPs customarily provide DNS resolvers for their
customers to use
– But others do too e.g. OpenDNS, Google
• Method
– ISP configures their DNS resolver to return a false
result for a site to be blocked
• E.g. example.com
– End user is thus directed to an alternative site, or to
none
• Features
– Low financial cost
– Blocks entire domain, not just web
• Uptake
– Used in Italy, parts of Scandinavia
– Not used in UK (NB: Nominet exception)
• Problems
– Massive overblocking
– Easy to avoid by using alternative DNS resolver
– Surprisingly difficult to implement without errors
26th January 2011
Web proxy blocking
• Method
– Force all web traffic through a proxy operated by ISP
– Intercept particular items and return a false result
• Features
– Granular: blocks individual items
– Centralised, mandatory blocking
– Very expensive: all web traffic through proxy
– Can slow network traffic
– Reduces network reliability
• Method
– ISP configures router to discard traffic destined for a
specified IP address
• Features
– Less expensive than web proxy blocking
– Massive overblocking
• Multiple hosting customers share one IP address
– Blocks access for all protocols, not just web
• But note end user IP addresses change
• DNS poisoning
– Use different ISP’s DNS resolver (LOW expertise)
– Run your own DNS resolver (MODERATE expertise)
– Avoid or confuse DNS (MODERATE expertise)
– DNS-SEC will make this obsolete
26th January 2011 4
3
Avoiding Blocking Systems 2