1
Site Blocking
 to reduce online copyright infringement
 A review of sections 17 and 18 of the Digital Economy Act
The Department for Culture, Media and Sport has redacted some parts of this document where it refers to techniques that could be used to circumvent website blocks. There is a low risk of this information being useful to people wanting to bypass or undermine the
Internet Watch Foundation‟s blocks on
child sexual abuse images. The text in these sections has been blocked out.
 Advice
 
Date: 27 May 2010
This version of the document has been unredacted.. the sections which were suppressed remain with a black background but the text is now visible. Since OFCOM are merely reporting on what is widely known, this will make no practical difference to the IWF or anyone else. 3 AUG 2011
 
 
3
Section
 1
1. Executive summary
The Secretary of State has asked Ofcom to consider a number of questions related to the blocking of sites to reduce online copyright infringement.
The Secretary of State for Culture, Media and Sport has asked Ofcom to report on certain technical matters relating to sections 17 and 18 of the Digital Economy Act 2010 (DEA). Sections 17 and 18 provide the Secretary of State with the power to grant the Courts the ability to require service providers, including internet service providers (ISPs) and other intermediaries, to prohibit access to sites on the internet that are found to be infringing copyright. Specifically, we have been asked to consider the following questions:
 Is it possible for internet service providers to block site access?
 Do sections 17 and 18 of the Act provide an effective and appropriate method of generating lists of sites to be blocked?
 How robust would such a block be
 –
 in other words, would it have the intended effect, and how easy would it be to circumvent for most site operators?
 What measures might be adopted by internet service providers to prevent such circumvention?
 Can specific parts of web sites be blocked, how precise can this be, and how effective?
There are several techniques available for blocking access to internet sites
We have focused on four currently-available techniques that ISPs could use within their network infrastructure to block sites (we refer to them as primary techniques).
 
Internet Protocol (IP) address blocking
: modifying ISP network equipment to discard internet traffic destined for the blocked site. An IP address is analogous to a telephone number as it uniquely identifies a device attached to the internet. An example IP address is the Ofcom website 194.33.179.25.
 
Blocking via Domain Name System (DNS) alteration:
 changing the ISP service that translates domain names e.g. www.example.com into IP addresses e.g. 192.0.32.10. The ISP DNS server, when blocking, tells the requesting computer or device that the site does not exist or redirects the request to an informational web page, for example one which explains why access to the site has been blocked.
 
Uniform Resource Locator (URL) blocking:
the blocking of specific items, such as web sites or addresses e.g. http://www.example.com/pirate.zip. ISPs already block URLs (supplied by the Internet Watch Foundation) that link to web content relating to child sexual abuse.
 
Packet Inspection:
blocking techniques which examine network traffic either at a high level, (Shallow Packet Inspection (SPI)), or more detailed level (Deep Packet Inspection (DPI)). We also consider three hybrid options: 1. DNS blocking coupled with shallow packet inspection; 2. DNS blocking coupled with URL blocking; and 3. DNS blocking coupled with deep packet inspection. We have assessed each of the techniques against seven criteria: speed of implementation; cost; blocking effectiveness; difficulty of circumvention; ease of administrative or judicial process; the integrity of network performance; and the impact of the block on legitimate services. A summary of our findings is illustrated below in Tables 1 and 2.
View on Scribd