Internet Content Blocking:

a primer
Malcolm Hutty
Head of Public Affairs, LINX

26th January 2011

 About LINX

• A membership organisation for ISPs and network

operators
– Includes hosting companies and large content businesses
e.g. BBC, Google, Facebook.
• 380+ members (as of January 2011)
• Technical infrastructure
– Internet Exchange Point, supports interconnection and peering
• Public policy advice
– Briefs members on policy developments
– Represents members on matters of public interest

26th January 2011

 Right from the start

A glossary

26th January 2011

 What is an ISP?

• Formally
– “Internet Service Provider”
• Commonly
– “Internet Services Provider”
• Technically
– Provider of Internet Service
– a.k.a Internet access

26th January 2011

 Other terms for an ISP

• Connectivity provider
• Mere conduit
– Legal term, relates to legal liability
• Public Electronic Communications Service provider
– Legal term from regulatory framework
• Transit provider
– An ISP that connects other network operators to each
other; normally to contrast with one who providers
access for consumers and businesses

26th January 2011

 Business and consumer ISPs

• Consumer broadband market is heavily concentrated

• Business market is more fragmented

– Large number of niche providers
– Solutions providers that include connectivity

• Business connectivity is basic infrastructure

– Mechanical control systems
– Distributed business units (e.g. supply chain management)

26th January 2011

 What is Internet service? (1)

• Internet protocol
– Communications protocol designed to enable diverse
computer systems to interconnect and exchange data
– Data is split up into small packets
– Packet format defined by Internet Protocol
– Packet header contains:
• a destination address
• a source address (for reply)
• content (could be anything)

26th January 2011

 What is Internet service? (2)

• ISP provides connectivity

– Receive packets of data
– Route those packets to their destination
• ISP network is a series of connected routers
– “The Internet” consists of end points connected by a
series of routers
• Routers receive packets and pass them on
• Routers inspect packet header to determine where
to send them
• Routers do not inspect packet contents
26th January 2011
 What is Internet service? (3)

• Internet Protocol packet contents can be anything

– Contents can be data formatted according to another
communications protocol (e.g. web, e-mail)
– Thus, Internet protocol is application agnostic
– And so is ISP
• Destination device (end point)
– Receives packets
– Reassembles contents into a message (e.g. web page)
– Interprets message, and acts on it
– Thus, destination service is application specific

26th January 2011

 What is hosting?

• Usually refers to web hosting

– Connecting a web server to the Internet
– A web server is a computer that runs a web site
• Hosting services may include
– Physical space for the computer system
– Technical operation/maintenance
• But does not itself include
– Originating the content (authorship)
– Selecting, correcting the content (editorial control)

26th January 2011

 Types of hosting

• Self-hosting
– A large business may provide its own hosting
• Traditional hosting provider
– Business and consumer hire a hosting company
• “Shared hosting”: multiple customer on one server
• “Co-location”: give the hosting company your server
• User-generated content
• End users upload their content to an open service
e.g. Facebook, YouTube, E-Bay

26th January 2011

 The E-Commerce Directive

• Provides protection from liability to

– “mere conduits”
– Hosting providers
– Caches
• No duty for “Internet intermediaries” to monitor
their networks

26th January 2011

 Qualifying for legal protection

• Mere conduit
– Does not initiate communication
– Do not select recipient of communication
– Does not modify communication
– NB: Mere conduit’s knowledge is irrelevant
• Hosting provider
– Removes content expeditiously upon gaining
“actual knowledge” of the content
• Cache
– (Follows technical standard practice for caches)
26th January 2011
 Nature of Liability Protection

• Complete protection from liability

• Applies to civil and criminal liability
• Courts can still grant injunctions
– “to terminate or prevent infringements”
• Interpretation dispute
– Is “liability” restricted to monetary damages?
– Or does it also prevent general filtering injunctions?
– Ongoing litigation

26th January 2011

 Internet addressing

• Each Internet device has an “IP address”

– E.g. 216.154.60.109
– Used by Internet routers to send data to the right location
• Domain name system (DNS) provides names
– E.g. example.com
– DNS server translates names to IP addresses
– Names are more memorable
– Underlying address can be changed without changing the
name
• Individual applications have their own addressing
schemes e.g. e-mail, Instant Messaging

26th January 2011

 The web is not the Internet!

The Internet The web

• Many services • One service (web pages)

– Streaming video (e.g. iPlayer)
– Instant Messaging (e.g. MSN) • Viewed via a web browser
– Voice [VoIP] (e.g. Skype)
– Games (e.g. World of Warcraft)
• One technical communications
– Business (e.g. supply chain)
protocol (HTTP)
– Control systems (e.g. SCADA)
– P2P (e.g. eDonkey)
• Each has its own protocol

26th January 2011

 Peer-to-peer (P2P)

• Pseudo P2P
– User connects to a server to find content
– Server directs them to a user with the content
– User downloads directly from the other user
– Content is not hosted by server
• True P2P
– No central server
– Search other users’ PCs directly

26th January 2011

 Two contexts for content blocking

26th January 2011

 Purposes of Content Blocking (1)

• Protection
– Help users avoid content they do not wish to
encounter

• Compliance
– Prevent users from accessing material they are
actively seeking

26th January 2011

 Purposes of Content Blocking (2)

• Protection
– User does not want to access blocked material
– User will not deliberately subvert blocking system
– User’s normal usage will usually not strain the
blocking system by introducing difficult cases

• Compliance
– User wishes to access blocked material
– User may deliberately subvert blocking system

26th January 2011

 Examples of protection

• “Phishing”
– E.g. bank impersonation sites

• Viruses and other malware

• Protecting ordinary users from viewing child abuse

images (child pornography)

• Helping children not to mistake “gambling” for “computer

games”

26th January 2011

 Examples of compliance

• Preventing terrorists accessing “bomb making”

instructions

• Preventing paedophiles accessing child pornography

• Preventing gamblers accessing gambling sites

26th January 2011

 Examples of mixed cases

In these cases, some users may wish to be

blocked, some may not:

• Preventing teenagers accessing pornography

• Preventing Muslims accessing extremist ideologies
• Preventing the “curious” accessing banned material

26th January 2011

 Content Suppression

In theory

26th January 2011

 Content suppression

• Main methods
– Notice & Takedown
– Network level address blocking
– Network level filtering
– End user filtering and blocking

• First three are mandatory for end user; last requires the
end user’s cooperation
• Last three are technical interventions; first is an
institutional procedure

26th January 2011

 Blocklists (1)

• All address based blocking methods depend on

being supplied with a list of addresses to block
– Who supplies this list?
– Who supervises?
• Is list publicly available?
– What criteria?
– What appeals?
• Is appeals process real or merely theoretical? (If you don’t
know you’re being listed you won’t appeal)

26th January 2011

 Blocklists (2)

• All blocking systems are a machine for censorship

– May be limited to certain types of content
– But only by choice of what goes on blocklist
– Change in listing policy technically easy…
• …but change in size of list may overload system
• And switch from user protection to enforcement will
compromise outcome
• Change in protocol (e.g. from web to P2P) not the same as
a change in listing policy, and not easy

26th January 2011

 Notice & Takedown

• Method
– Contact the hosting provider
– Identify the content and ask for removal
– Hosting provider removes the content at source
• Outcome
– Content is gone from the Internet
• Problems
– Can of course be re-uploaded, here or elsewhere
– Only works for hosted content

26th January 2011

 Network level address blocking

• Method
– Give the ISP a list of addresses to block
– ISP “prevents” Internet traffic reaching those addresses
• Outcome
– In theory, the ISP’s customers cannot reach the destination
device…
– …although there are many ways they can
• Problems
– The content remains on the server
– Other ISPs’ customers can still access it
– Might break “mere conduit”

26th January 2011

 Network level filtering

• Method
– Give the ISP a list of items to filter
– ISP continually monitors its network for those items
– Intercepted in mid transmission and discarded
• Problems
– Not practically possible to do
– Utterly impossible for encrypted communications
– Highly intrusive
– Breaks “mere conduit” (modifies transmission)
– Incompatible with “no duty to monitor”

26th January 2011

 End user filtering

• Method
– End user installs software on own PC to block and
filter traffic
• Outcome
– User can select own choice of blocking software, and
hence what gets blocked
– If PC is properly configured, hard to get round
• Problems
– Device support e.g. smart phones
– Depends on user cooperation

26th January 2011

 Types of address blocking

26th January 2011

 Address-based blocking methods

• DNS blocking
• Web Proxy blocking
• IP address blocking
• Hybrid blocking (“Cleanfeed”)

26th January 2011

 DNS Blocking (1)

• Background
– ISPs customarily provide DNS resolvers for their
customers to use
– But others do too e.g. OpenDNS, Google
• Method
– ISP configures their DNS resolver to return a false
result for a site to be blocked
• E.g. example.com
– End user is thus directed to an alternative site, or to
none

26th January 2011

 DNS Blocking (2)

• Features
– Low financial cost
– Blocks entire domain, not just web
• Uptake
– Used in Italy, parts of Scandinavia
– Not used in UK (NB: Nominet exception)
• Problems
– Massive overblocking
– Easy to avoid by using alternative DNS resolver
– Surprisingly difficult to implement without errors
26th January 2011
 Web proxy blocking

• Method
– Force all web traffic through a proxy operated by ISP
– Intercept particular items and return a false result
• Features
– Granular: blocks individual items
– Centralised, mandatory blocking
– Very expensive: all web traffic through proxy
– Can slow network traffic
– Reduces network reliability

26th January 2011

 IP address blocking

• Method
– ISP configures router to discard traffic destined for a
specified IP address
• Features
– Less expensive than web proxy blocking
– Massive overblocking
• Multiple hosting customers share one IP address
– Blocks access for all protocols, not just web
• But note end user IP addresses change

26th January 2011

 IP address/web proxy hybrid
(“Cleanfeed”) (1)
• Method
– ISP uses same technology for IP-based blocking to
send selected traffic to a web proxy; the proxy
decides what to block
• Features
– Cheaper than web proxy blocking
– As granular as web proxy blocking
• i.e. overblocking greatly reduced

26th January 2011

 IP address/web proxy hybrid
(“Cleanfeed”) (2)

26th January 2011

 IP address/web proxy hybrid
(“Cleanfeed”) (3)
• Uptake
– Initially implemented in UK by BT
– Some version of this implemented or planned by all
the largest UK consumer broadband providers
• Fed by IWF blocklist of URLs of child abuse images
– Some international uptake (e.g. Canada)
• Issues
– Allegedly breaks “mere conduit”
– Success has bred demands for blocking of other types
of content (e.g. copyright material)

26th January 2011

 But does it work?

How hard is it to avoid so-called

mandatory blocking?

26th January 2011

Proficiency levels required for avoidance

VERY HIGH Advanced network software research

HIGH Good understanding of networking

principles. Basic software development
skills.
MODERATE Can search for and find obscure or
complex software. Can follow complex
instructions. Capable of imagining
secondary uses of “dual-purpose”
software.
LOW Aware of common applications e.g.
peer-to-peer. Capable of following
written instructions to download, install
and use such software.
VERY LOW Can use web browser, e-mail. Cannot
set up own computer to use Internet
26th January 2011
 Avoiding Blocking Systems 1

• End User Filters

– Removal by PC owner (LOW expertise)
– Surreptitious by-pass by PC user (MODERATE to VERY HIGH expertise)

• DNS poisoning
– Use different ISP’s DNS resolver (LOW expertise)
– Run your own DNS resolver (MODERATE expertise)
– Avoid or confuse DNS (MODERATE expertise)
– DNS-SEC will make this obsolete
26th January 2011 4
3
 Avoiding Blocking Systems 2

• All address-based methods except End-User Filters

– Use Peer-to-Peer (LOW expertise); only provides access to
content, not applications such as gambling sites

– “Anonymizer.com” style tunnel (VERY LOW expertise)

– Create your own encrypted tunnel (MODERATE expertise)

– Confuse the blocking system with technical attacks1

(MODERATE to VERY HIGH expertise, variable effectiveness)
1
Simple examples include URL Character encoding, web file-path traversal with “..” etc
26th January 2011 4
4
 Avoiding network filtering

• No known successful implementations of network level

content filtering on ISP scale
• Depends on realtime monitoring / DPI
• Encryption thwarts monitoring
– Some P2P networks already include encryption by default
• Onion-routing systems provide IP address concealment
– Onion-routing is a technically sophisticated technique
– Some advanced P2P systems have onion-routing built-in
• E.g. i2P

26th January 2011

 Broader policy questions

26th January 2011

 Geopolitical concerns

• Many undemocratic non-EU countries engage in

censorship for domestic purposes
– Blocking in the EU is cited as legitimising their censorship
(e.g. China)

• Blocking material hosted in another county could be

viewed as an “attack” on that country’s Internet access
– Analogous to radio jamming
– Especially credible if the effect of blocking “spills over”
across jurisdictions, because EU networks serve non-EU
countries too

26th January 2011

 Undermining the end-to-end principle

• The end-to-end principle is a basic organising principle of

the Internet
• It says that intelligence occurs at the network edges, not
in the core routers
• It permits technological development, including invention
of web, VoIP, etc
• Requiring blocking at the network level undermines the
end-to-end principle and the capacity for invention
• Arguably, it invites network operators to subvert the
end-to-end principle further

26th January 2011

 An end-run around justice system

• Court system is designed to be fair

– Procedures developed over centuries
– Can be slow, expensive, but for a reason
• Direct remedies from ISP obviate need for
complainant to go to court
– Faster, cheaper than court
– Reduced evidence and changed procedures
• Right to be heard?
• Presumption of guilt?
– Remedies designed by complainants

26th January 2011