Internet Content Blocking: a primer

Malcolm Hutty
Head of Public Affairs, LINX

26th January 2011

About LINX
‡ A membership organisation for ISPs and network operators
± Includes hosting companies and large content businesses e.g. BBC, Google, Facebook.

‡ 380+ members (as of January 2011) ‡ Technical infrastructure
± Internet Exchange Point, supports interconnection and peering

‡ Public policy advice
± Briefs members on policy developments ± Represents members on matters of public interest

26th January 2011

Right from the start
A glossary

26th January 2011

What is an ISP?
‡ Formally
± ³Internet Service Provider´

‡ Commonly
± ³Internet Services Provider´

‡ Technically
± Provider of Internet Service ± a.k.a Internet access

26th January 2011

Other terms for an ISP
‡ Connectivity provider ‡ Mere conduit
± Legal term, relates to legal liability

‡ Public Electronic Communications Service provider
± Legal term from regulatory framework

‡ Transit provider
± An ISP that connects other network operators to each other; normally to contrast with one who providers access for consumers and businesses

26th January 2011

Business and consumer ISPs
‡ Consumer broadband market is heavily concentrated ‡ Business market is more fragmented
± Large number of niche providers ± Solutions providers that include connectivity

‡ Business connectivity is basic infrastructure
± Mechanical control systems ± Distributed business units (e.g. supply chain management)

26th January 2011

What is Internet service? (1)
‡ Internet protocol
± Communications protocol designed to enable diverse computer systems to interconnect and exchange data ± Data is split up into small packets ± Packet format defined by Internet Protocol ± Packet header contains:
‡ a destination address ‡ a source address (for reply) ‡ content (could be anything)

26th January 2011

What is Internet service? (2)
‡ ISP provides connectivity
± Receive packets of data ± Route those packets to their destination

‡ ISP network is a series of connected routers
± ³The Internet´ consists of end points connected by a series of routers

‡ Routers receive packets and pass them on ‡ Routers inspect packet header to determine where to send them ‡ Routers do not inspect packet contents
26th January 2011

What is Internet service? (3)
‡ Internet Protocol packet contents can be anything
± Contents can be data formatted according to another communications protocol (e.g. web, e-mail) ± Thus, Internet protocol is application agnostic ± And so is ISP

‡ Destination device (end point)
± ± ± ± Receives packets Reassembles contents into a message (e.g. web page) Interprets message, and acts on it Thus, destination service is application specific

26th January 2011

What is hosting?
‡ Usually refers to web hosting
± Connecting a web server to the Internet ± A web server is a computer that runs a web site

‡ Hosting services may include
± Physical space for the computer system ± Technical operation/maintenance

‡ But does not itself include
± Originating the content (authorship) ± Selecting, correcting the content (editorial control)
26th January 2011

Types of hosting
‡ Self-hosting
± A large business may provide its own hosting

‡ Traditional hosting provider
± Business and consumer hire a hosting company
‡ ³Shared hosting´: multiple customer on one server ‡ ³Co-location´: give the hosting company your server

‡ User-generated content
‡ End users upload their content to an open service e.g. Facebook, YouTube, E-Bay
26th January 2011

The E-Commerce Directive
‡ Provides protection from liability to
± ³mere conduits´ ± Hosting providers ± Caches

‡ No duty for ³Internet intermediaries´ to monitor their networks

26th January 2011

Qualifying for legal protection
‡ Mere conduit
± ± ± ± Does not initiate communication Do not select recipient of communication Does not modify communication NB: Mere conduit¶s knowledge is irrelevant

‡ Hosting provider
± Removes content expeditiously upon gaining ³actual knowledge´ of the content

‡ Cache
± (Follows technical standard practice for caches)
26th January 2011

Nature of Liability Protection
‡ Complete protection from liability ‡ Applies to civil and criminal liability ‡ Courts can still grant injunctions
± ³to terminate or prevent infringements´

‡ Interpretation dispute
± Is ³liability´ restricted to monetary damages? ± Or does it also prevent general filtering injunctions? ± Ongoing litigation

26th January 2011

Internet addressing
‡ Each Internet device has an ³IP address´
± E.g. ± Used by Internet routers to send data to the right location

‡ Domain name system (DNS) provides names
± ± ± ± E.g. DNS server translates names to IP addresses Names are more memorable Underlying address can be changed without changing the name

‡ Individual applications have their own addressing schemes e.g. e-mail, Instant Messaging
26th January 2011

The web is not the Internet!
The Internet
‡ Many services
± ± ± ± ± ± ± Streaming video (e.g. iPlayer) Instant Messaging (e.g. MSN) Voice [VoIP] (e.g. Skype) Games (e.g. World of Warcraft) Business (e.g. supply chain) Control systems (e.g. SCADA) P2P (e.g. eDonkey)

The web
‡ One service (web pages) ‡ Viewed via a web browser ‡ One technical communications protocol (HTTP)

‡ Each has its own protocol

26th January 2011

Peer-to-peer (P2P)
‡ Pseudo P2P
± ± ± ± User connects to a server to find content Server directs them to a user with the content User downloads directly from the other user Content is not hosted by server

‡ True P2P
± No central server ± Search other users¶ PCs directly

26th January 2011

Two contexts for content blocking

26th January 2011

Purposes of Content Blocking (1)

‡ Protection
± Help users avoid content they do not wish to encounter

‡ Compliance
± Prevent users from accessing material they are actively seeking

26th January 2011

Purposes of Content Blocking (2)
‡ Protection
± User does not want to access blocked material ± User will not deliberately subvert blocking system ± User¶s normal usage will usually not strain the blocking system by introducing difficult cases

‡ Compliance
± User wishes to access blocked material ± User may deliberately subvert blocking system

26th January 2011

Examples of protection
‡ ³Phishing´
± E.g. bank impersonation sites

‡ Viruses and other malware ‡ Protecting ordinary users from viewing child abuse images (child pornography) ‡ Helping children not to mistake ³gambling´ for ³computer games´
26th January 2011

Examples of compliance
‡ Preventing terrorists accessing ³bomb making´ instructions ‡ Preventing paedophiles accessing child pornography ‡ Preventing gamblers accessing gambling sites

26th January 2011

Examples of mixed cases
In these cases, some users may wish to be blocked, some may not:
‡ Preventing teenagers accessing pornography ‡ Preventing Muslims accessing extremist ideologies ‡ Preventing the ³curious´ accessing banned material

26th January 2011

Content Suppression
In theory

26th January 2011

Content suppression
‡ Main methods
± ± ± ± Notice & Takedown Network level address blocking Network level filtering End user filtering and blocking

‡ First three are mandatory for end user; last requires the end user¶s cooperation ‡ Last three are technical interventions; first is an institutional procedure
26th January 2011

Blocklists (1)
‡ All address based blocking methods depend on being supplied with a list of addresses to block
± Who supplies this list? ± Who supervises?
‡ Is list publicly available?

± What criteria? ± What appeals?
‡ Is appeals process real or merely theoretical? (If you don¶t know you¶re being listed you won¶t appeal)

26th January 2011

Blocklists (2)
‡ All blocking systems are a machine for censorship
± May be limited to certain types of content ± But only by choice of what goes on blocklist ± Change in listing policy technically easy«
‡ «but change in size of list may overload system ‡ And switch from user protection to enforcement will compromise outcome ‡ Change in protocol (e.g. from web to P2P) not the same as a change in listing policy, and not easy

26th January 2011

Notice & Takedown
‡ Method
± Contact the hosting provider ± Identify the content and ask for removal ± Hosting provider removes the content at source

‡ Outcome
± Content is gone from the Internet

‡ Problems
± Can of course be re-uploaded, here or elsewhere ± Only works for hosted content
26th January 2011

Network level address blocking
‡ Method
± Give the ISP a list of addresses to block ± ISP ³prevents´ Internet traffic reaching those addresses

‡ Outcome
± In theory, the ISP¶s customers cannot reach the destination device« ± «although there are many ways they can

‡ Problems
± The content remains on the server ± Other ISPs¶ customers can still access it ± Might break ³mere conduit´
26th January 2011

Network level filtering
‡ Method
± Give the ISP a list of items to filter ± ISP continually monitors its network for those items ± Intercepted in mid transmission and discarded

‡ Problems
± ± ± ± ± Not practically possible to do Utterly impossible for encrypted communications Highly intrusive Breaks ³mere conduit´ (modifies transmission) Incompatible with ³no duty to monitor´

26th January 2011

End user filtering
‡ Method
± End user installs software on own PC to block and filter traffic

‡ Outcome
± User can select own choice of blocking software, and hence what gets blocked ± If PC is properly configured, hard to get round

‡ Problems
± Device support e.g. smart phones ± Depends on user cooperation
26th January 2011

Types of address blocking

26th January 2011

Address-based blocking methods

‡ ‡ ‡ ‡

DNS blocking Web Proxy blocking IP address blocking Hybrid blocking (³Cleanfeed´)

26th January 2011

DNS Blocking (1)
‡ Background
± ISPs customarily provide DNS resolvers for their customers to use ± But others do too e.g. OpenDNS, Google

‡ Method
± ISP configures their DNS resolver to return a false result for a site to be blocked
‡ E.g.

± End user is thus directed to an alternative site, or to none
26th January 2011

DNS Blocking (2)
‡ Features
± Low financial cost ± Blocks entire domain, not just web

‡ Uptake
± Used in Italy, parts of Scandinavia ± Not used in UK (NB: Nominet exception)

‡ Problems
± Massive overblocking ± Easy to avoid by using alternative DNS resolver ± Surprisingly difficult to implement without errors
26th January 2011

Web proxy blocking
‡ Method
± Force all web traffic through a proxy operated by ISP ± Intercept particular items and return a false result

‡ Features
± ± ± ± ± Granular: blocks individual items Centralised, mandatory blocking Very expensive: all web traffic through proxy Can slow network traffic Reduces network reliability

26th January 2011

IP address blocking
‡ Method
± ISP configures router to discard traffic destined for a specified IP address

‡ Features
± Less expensive than web proxy blocking ± Massive overblocking
‡ Multiple hosting customers share one IP address

± Blocks access for all protocols, not just web
‡ But note end user IP addresses change

26th January 2011

IP address/web proxy hybrid (³Cleanfeed´) (1)
‡ Method
± ISP uses same technology for IP-based blocking to send selected traffic to a web proxy; the proxy decides what to block

‡ Features
± Cheaper than web proxy blocking ± As granular as web proxy blocking
‡ i.e. overblocking greatly reduced

26th January 2011

IP address/web proxy hybrid (³Cleanfeed´) (2)

26th January 2011

IP address/web proxy hybrid (³Cleanfeed´) (3)
‡ Uptake
± Initially implemented in UK by BT ± Some version of this implemented or planned by all the largest UK consumer broadband providers
‡ Fed by IWF blocklist of URLs of child abuse images

± Some international uptake (e.g. Canada)

‡ Issues
± Allegedly breaks ³mere conduit´ ± Success has bred demands for blocking of other types of content (e.g. copyright material)
26th January 2011

But does it work?
How hard is it to avoid so-called mandatory blocking?
26th January 2011

Proficiency levels required for avoidance
Advanced network software research Good understanding of networking principles. Basic software development skills. Can search for and find obscure or complex software. Can follow complex instructions. Capable of imagining secondary uses of ³dual-purpose´ software. Aware of common applications e.g. peer-to-peer. Capable of following written instructions to download, install and use such software. Can use web browser, e-mail. Cannot set up own computer to use Internet

26th January 2011

Avoiding Blocking Systems 1

‡ End User Filters
± Removal by PC owner (LOW expertise) ± Surreptitious by-pass by PC user (MODERATE to VERY HIGH expertise)

‡ DNS poisoning
± ± ± ± Use different ISP¶s DNS resolver (LOW expertise) Run your own DNS resolver (MODERATE expertise) Avoid or confuse DNS (MODERATE expertise) DNS-SEC will make this obsolete
4 3

26th January 2011

Avoiding Blocking Systems 2

‡ All address-based methods except End-User Filters
± Use Peer-to-Peer (LOW expertise); only provides access to content, not applications such as gambling sites ± ³´ style tunnel (VERY LOW expertise) ± Create your own encrypted tunnel (MODERATE expertise) ± Confuse the blocking system with technical attacks1 (MODERATE to VERY HIGH expertise, variable effectiveness)

examples include URL Character encoding, web file-path traversal with ³..´ etc
4 4

26th January 2011

Avoiding network filtering
‡ No known successful implementations of network level content filtering on ISP scale ‡ Depends on realtime monitoring / DPI ‡ Encryption thwarts monitoring
± Some P2P networks already include encryption by default

‡ Onion-routing systems provide IP address concealment
± Onion-routing is a technically sophisticated technique ± Some advanced P2P systems have onion-routing built-in
‡ E.g. i2P

26th January 2011

Broader policy questions

26th January 2011

Geopolitical concerns
‡ Many undemocratic non-EU countries engage in censorship for domestic purposes
± Blocking in the EU is cited as legitimising their censorship (e.g. China)

‡ Blocking material hosted in another county could be viewed as an ³attack´ on that country¶s Internet access
± Analogous to radio jamming ± Especially credible if the effect of blocking ³spills over´ across jurisdictions, because EU networks serve non-EU countries too

26th January 2011

Undermining the end-to-end principle
‡ The end-to-end principle is a basic organising principle of the Internet ‡ It says that intelligence occurs at the network edges, not in the core routers ‡ It permits technological development, including invention of web, VoIP, etc ‡ Requiring blocking at the network level undermines the end-to-end principle and the capacity for invention ‡ Arguably, it invites network operators to subvert the end-to-end principle further

26th January 2011

An end-run around justice system
‡ Court system is designed to be fair
± Procedures developed over centuries ± Can be slow, expensive, but for a reason

‡ Direct remedies from ISP obviate need for complainant to go to court
± Faster, cheaper than court ± Reduced evidence and changed procedures
‡ Right to be heard? ‡ Presumption of guilt?

± Remedies designed by complainants
26th January 2011