Letter to my MP about web censorship

This morning I wrote to my MP, John Hemming, via writetothem.com to express my concern about web censorship:

Dear John Hemming,

I noticed you tweeting that your geek rating is 90%, so I guess I don’t need to explain why David Cameron and Claire Perry’s attempts to censor the Web are so dangerous.

I’d like to know your thoughts on why this isn’t being debated in parliament; why it seems to go against their own policy after a consultation on the issue, and whether you (as my representative) agree with Mr Cameron’s ideas?

I’m deeply concerned at the scope-creep of these policies. We all oppose obscene images of children and rape. But those are illegal, and filtered, already. Is it true that we will have to opt-in to “extremist” material, and material on “smoking”? Who decides what is “extremist”?

I urge you to oppose this censorship by the back door, and I hope you’ll raise it in parliament, which is the proper place to debate such matters.

Yours sincerely,

Bruce Lawson.

To Mr Hemming’s credit, his reply came after a couple of hours:

My understanding is that the proposals relate to the default or factory settings of the domestic broadband router. I don’t think anyone has a problem with this.

Why not write to your MP? Hopefully you’ll get a more sympathetic response.

Added 17 August 2013: I’ve just had an hour long meeting with my MP, John Hemming (both of us lying on his floor as his back was gone, and it was weird for me to sit while he lay) about the plans for a UK-wide Web filter. He agrees with me that it’s a civil liberties problem, and we’ll work together to campaign against it. More detail later.

66 Responses to “ Letter to my MP about web censorship ”

Comment by Patrick H Lauke

i’d write back and kindly point out that his understanding is wrong, and that this is exactly why the issue needs to be properly discussed.

Comment by Matt Wilcox

Jesus, yes, what Patrick said. It terrifies me how complacently ignorant the people who make these decisions are. Just go with a lazy assumption and don’t question it further. Nevermind the fact it leaves the doors wide open for huge abuse of power. But then, I’m sure he thinks only good well meaning people rise to power so theres no need to worry. It’s not like you could potentially be giving an easy, legal, hidden method of mass censorship and information manipulation tools to a future Stalin, Hitler, Pol Pot, or the like. Because in Britain, we somehow guarantee all future governments will uphold the right and good.

Complacent. Short sighted. Dangerous. Awful in every way.

Comment by John Hemming

This is an extract from the briefing:

Protecting children online

Child abuse is a sickening crime, and the coalition government will do all
it can to clamp down on the illegal distribution of vile images.

We are bringing agencies together to work more closely with the police,
introducing a single database of illegal child abuse images, and putting
pressure on industry to redouble their efforts too.

On children accessing pornography:

Liberal Democrats believe that the internet has been a tremendous force for
good in society, and we will always fight to maintain the free, open
internet that is fundamental to a democratic society. Adults are entitled
to watch whatever legal material they want, without government interference.

However, there is a serious problem with young children accessing material
that is meant for adults. This can be distressing for children, and parents
rightly want help to keep their children safe.

That’s why the coalition is determined that all internet users should be
required to decide whether they want adult filters turned on or off. In
households with children, the option to use filters will be pre-selected and
parents will be directed to support and advice on internet safety.

We are not asking internet providers to install network level filters of
legal material, which have been rejected by our independent child safety
experts and parents alike

Comment by Steve

I fail to see why this should be forced at the ISP level.

Anyone that wants to filter their Internet from Porn, hate, violence, or otherwise they can configure their router to use the OpenDNS server… and they can configure exactly what level of filtering they want.

Why should an ISP customer have to declare their interest in potentially viewing pornography when signing up?! Surely that alone is a breach of privacy.

Comment by Jake Archibald

John: Thanks for taking the time to reply here.

Are you sure this filter is to be installed in the home at the router level, and not at the network level?

Cameron has been suggesting “Homesafe” will be the system put into use, which is supported by Huawei and currently adopted by TalkTalk http://www.talktalk.co.uk/security/homesafe-demo.html, this technology IS a network level filter and TalkTalk will be aware of the users’ settings.

If the system is router level, children will soon notice that the property-level blocking can be circumvented by disabling wifi on their phone and going straight to the cell tower.

Comment by John Hemming

I have quoted from the internal briefing:
We are not asking internet providers to install network level filters of
legal material, which have been rejected by our independent child safety
experts and parents alike

Comment by John Hemming

I have now looked at Homesafe. It appears to me that Talktalk maintain a list of sites and whether or not to block them. It also appears that the blocking is done in the domestic router rather than at a network level. There is an issue of privacy which arises from the talk talk network server going off to check sites that are new to it. It is not, however, network level blocking. However, unlike the other systems talktalk are aware of who has and who had not agreed to use it.

I do disagree with having a system whereby the ISP is aware of what levels of content filters people are using. I will raise this issue with the relevant ministers.

Comment by Jake Archibald

If the filters are at the home router level, children can get around them by disabling wifi on their phone.

If that’s the case, this doesn’t impact privacy, but nor does it actually solve the perceived problem, it’s just a big ol’ waste of money to appease the Daily Mail.

Comment by John Popham

Is it too much to ask that legislators take informed advice and think things through before jumping in to make laws about subjects they don’t understand?

Yes, I suppose it is….

Comment by John Hemming

>If the filters are at the home router level, children can get around them by disabling wifi on their phone.

They are then using a different ISP often.

Comment by Jake Archibald

They are then using a different ISP often.

Yes, but at that point they’re not using a router in the home. Any blocking would have to be done on the network.

Comment by kimblim

I believe censorship is fundamentally wrong, although I can obviously see how child pornography is wrong and shouldn’t be on the internet at all.However, setting a restriction on the ISP or on the router is just plain stupid:

ISP:
Easy to bypass by using a different DNS provider – I do it here in Denmark as a matter of principle, as the Danish ISP’s have been forced to shut down access to Piratebay, Grooveshark and other services without the cases being tried in court.

Router:
If one of the purposes is to avoid children being exposed to pornography, why not take the old route of letting parents be parents? If the children don’t have their own computers/smartphones/tablets etc., a computer can easily be configured to require passwords or have some “safe sites” that children can use. Let’s face it, if a 14 year old wants to see porn, he/she will easily do so in some way, and all the technical censorship in the world won’t replace PARENTING!

(I’m a Dane, so not affected, but can see this having consequenses)

Comment by John Hemming

>Yes, but at that point they’re not using a router in the home. Any blocking would have to be done on the network.

Yes, but any proposals for “network” filtering are at the gateways to the net from the ISP. If you use a different ISP it would not use the same gateway.

I copy below the traceroute from my laptop to yahoo. Where would you think a network filter would apply?

Tracing route to ds-eu-fp3.wa1.b.yahoo.com [87.248.122.122]

over a maximum of 30 hops:

1 1 ms <1 ms <1 ms . [192.168.2.1]

2 * * * Request timed out.

3 10 ms 8 ms 9 ms perr-core-2a-ae8-614.network.virginmedia.net [80.1.61.101]

4 17 ms 12 ms 12 ms manc-bb-1c-ae5-0.network.virginmedia.net [62.255.149.65]

5 16 ms 12 ms 11 ms manc-bb-1d-ae2-0.network.virginmedia.net [62.253.174.93]

6 14 ms 13 ms 11 ms brhm-bb-1c-ae9-0.network.virginmedia.net [62.253.174.129]

7 * * * Request timed out.

8 51 ms 16 ms 15 ms 13-126-245-83.packetexchange.net [83.245.126.13]

9 24 ms 24 ms 23 ms so-0-0-0.pat1.ams.yahoo.com [66.196.65.86]

10 53 ms 39 ms 98 ms xe-0-1-0.msr1.ch1.yahoo.com [66.196.65.69]

11 48 ms 52 ms 49 ms te-8-4.bas-a1.ch1.yahoo.com [87.248.127.9]

12 44 ms 106 ms 73 ms ir1.fp.vip.ch1.yahoo.com [87.248.122.122]

Trace complete.

Comment by Bruce

Mr Hemming

thanks for your prompt reply, and engaging with me here. Many MPs wouldn’t, and I’m grateful that you have.

Firstly, from the briefing, I don’t understand its conflating child abuse and pornography. As I said in my original mail, child abuse and child porn is already illegal and filtered. Good. So how do these new measures help that?

Secondly: if I want to view legal porn, now I will have to opt in. I’ll be on a list. Who will have access to that list?

Thirdly: who define what porn is? What are the criteria? Here’s a good article by a friend of mine who transitioned from male to female on why the porn block would have been so dangerous to her http://unaverage.co.uk/2010/12/21/pornblock/.

Lastly, it’s reported that there will be other material blocked – “esoteric material”, “extremist sites” etc. How are these defined, and by whom? Are the EDL extremist? The BNP? The Jehovah’s Witnesses? The Socialist Workers Party?

Comment by John Hemming

What appears to be the case is that systems such as Homesafe have some mechanism whereby the ISP is aware as to what extent people are using it.

This is the issue that causes concern for me (as well as them tracking usage). The filtering appears to still be happening in the home servers, however.

I don’t think that the processing requirements of a individually configurable network wide filter system would allow that to be feasible. It could only work without configuration and with a list of blocked ip addresses.

Comment by Adrian

Virtually all the static content on pages you see in the UK comes via a transparent web proxy – this saves your ISP money on interconnect fees. So they already have the infrastructure in place to intercept all your page requests – only a small hop from there to decide which proxy each connection uses based on their preference – the censored one or the less censored one. This is a far easier solution to maintain them the nightmare of updating the firmware or in memory tables of blocked addresses on commercial home routers – many of which have limited processing power and RAM.

Comment by Bruce

“This is the issue that causes concern for me (as well as them tracking usage)”

me too. But there’s also the problem of who chooses what goes in the categories. By default, everything will be set to be blocked and customer must make the “active choice” to allow content in. Will abortion advice be blocked? Information about safe gay sex? Safe drug use?

Comment by G

Surely what you really want here is a filter which protects young children/innocent or vulnerable others from stumbling across pornography or other unsuitable material by mistake e.g. the seven year old boy who accidentally types ‘sex’ instead of ‘six’ into his search bar.

So having a router-based filter for this would be fine – the computer’s administrator can choose to opt in or out and everything stays nice and routery.

If people can find a way around it, it’s because they want to find the material, so that’s fine (remember, pornography isn’t intrinsically evil), but the filter would stop genuine distress for kids stumbling across disturbing images.

However, getting people to opt in to any sort of list will be a disaster. Lists of names get leaked. Regularly. (Remember the BNP membership list?) And who wants to be on the leaked porn list?

Comment by Adrian

The standard system for this is called ‘supervision’. My daughter has stumbled across adult stuff before. With the participation of dad, she now knows I) there is ‘grown-up’ stuff out there II) what it looks like ( bear in mind that most front pages don’t have the fully explicit stuff, just scantily dressed people the likes of which you see anyway on TV ) III) that the proper response is to close the tab

No harm done, and now she spots the inappropriate content before dad does. She has no curiosity for that, being at the age where it’s still gross to think of kissing.

So my daughter is self filtering.

This is all a transparent excuse to establish a means of influencing the masses by filtering anything the government deems distasteful, like anti capitalism, using the ‘root password’ of the Daily Mail readership – ‘think of the children’.

Comment by Peter

and we will always fight to maintain the free, open
internet that is fundamental to a democratic society

So how on earth did the Greeks cope?

Comment by Tarquin

Only last week, my workplace implemented a company-wide web proxy, including filter. Unfortunately, it blocked by default a website that our team needed access to in order to do our jobs at all. (Without going into details, there were legitimate reasons that the particular website might be blocked from the viewpoint of a person without the appropriate technical expertise, which is in fact part of the point.)

We didn’t have time to wait for the permissions to be granted; it would have cost the company thousands.

So I used an Android mobile to hook to a WLAN I knew not to be proxied, accessed the offending site, grabbed the necessary files, ADB’ed them to a Linux box, SCP’ed them to a Windows box, installed them and carried on working.

I wish David Cameron had been watching; it was a nice microcosm of how (a) a global filter is inevitably going to block the wrong stuff, and (b) anybody who knows what they want and is determined to get it can circumvent the block in minutes without even trying.

Tarquin.

Comment by Jake Archibald

John, I’m aware that mobiles in the home may be using a different ISP. Therefore a child would be able to bypass the local filter and go straight to their cell tower.

So, now they’re on a different ISP. Is this ISP default-on filtered? If so, it would need to be done at the ISP level of the mobile provider, in the case of a mobile cell connection there is no local router in the home.

Therefore, to block sites a child could access on their phone, the filter would either need to be on the mobile device itself, or at the ISP.

Comment by Patrick H Lauke

From all the various soundbites spouted by the PM recently – which have been technologically vague, to say the least – Huawei’s solution was the one mentioned as a good model, as Jake already pointed out. Amother solutions that I believe was mentioned was BT’s CleanFeed. Both of these are ISP-level, as they rely on blocking known lists of IPs (similar to the way the PirateBay has been sort of blocked). As presumably the block against “objectionable” material will also be IP based, I still fail to see how it could NOT be ISP-based…or are we seeing a future where the ISP is sending out regular updates to everybody’s router to have the latest list of naughty IP addresses, hidden behind a settings page that can’t be directly accessed by the customer and requires the ISP to remote-unlock it? And what happens if a customer is using their own router rather than one leased by the ISP itself? All rather vague.

Maybe, as a good starting point for discussion, it would be good to get a clear, accurate statement about EXACTLY what the plan involves on a technical level (and not just in wishy-washy terms). Also, who maintains the list of IP addresses, and where does the oversight and public transparency lie?

Comment by Gegabone

The arguments against this are so many it’s ridiculous, the OBR have just been able to retrieve a list of sites potentially to be blocked and it smacks of a paranoid government with no idea what it’s on about listening to the ban happy fruit cakes and saying yes to their demands for a communist style internet control system.

Next we’ll have people being arrested for distributing software that bypass the blocks or people chipping their modem/routers in brick lane, VPN providers being compelled to allow government access, companies going bust because the blocks destroy their businesses through false positives and the Daily Mail screaming each time it finds content that slips through the censorship systems of the Great UK Porn wall.

I for one am already routing most of my mobile phone data through an encrypted VPN tunnel so I can bypass my mobile network operators ban on VOIP/FTP over 3/4G. If the block comes in I’ll hire a nice fast server in Norway or something, have a secure point 2 point encrypted VPN tunnel and be free of any lists and what not that the government wants.

Censorship is bad, parents are responsible for their children and that should be the focus.

Comment by Sally Jenkinson

John, I saw this mentioned on Twitter earlier and felt that I had to throw my thoughts into the ring. I appreciate that you have made the effort to engage with people on this topic, as I think that the lack of sensible conversation that has happened to date is one of the most concerning elements of this for me.

When I first heard of the proposal, my initial reaction was to laugh. The technicalities of the matter, as well as the way that it was being described by senior politicians, quite frankly made the whole thing sound ridiculous. This theme sadly has continued, to the level where much of the conversation now appears to resemble classic TV/film lines such as “This is in real time. I’ll create a GUI interface using Visual Basic. See if I can track an IP address”. The laughter has long subsided, with my follow-on thoughts being “Seriously, who are their advisors?”, followed by “Ok, surely this is TOO ridiculous, and must be a cover for more evil plans”. Right now I’m still of the opinion that it is a mixture of the two – incredibly misguided and dangerous ignorance, mixed with a platform to use for other power-crazed battles.

Let’s get one thing straight. I, along with many others, have a HUGE problem with web censorship. I work with the web. I am also a person (just in case there’s any confusion over them being mutually exclusive). I have a problem with this on both a professional and a personal level. The arguments against this are numerous, and I would advise you to spend some time reading up on articles by those far more eloquent than I am on the matter. In short, I have a problem with the technical shortcomings, with the lack of an open technical proposal, the definition of ‘inappropriate content’, the assumption that it is ok to wrap us all in cotton wool because we’re not capable of parenting suitably already, and most importantly that this is a horrible step in the wrong direction for a supposedly free society. As a web professional I am concerned about the future of the industry if this is how our mighty leaders view technology, and I think you’ll find that many others share this view. This issue alone will be an election game-changer for many that I have spoken to. Your assertion that nobody has a problem with this, regardless of your interpretation of the proposal, is incredibly misguided.

I for one will be opting out of any bans for as long as I have a choice in the matter. You, the government, will probably label me as some kind of deviant porn fiend, and I will run the risk of being tarred with that brush should the list ever surface. This isn’t a fight with the sex-crazed 18 year old males, no matter how it may be poorly reported on a base-level. As a 30-ish female I have no problem with porn. I prefer other vices and don’t personally seek it out, but I have no issue with those who do. I also trust that parents are able to raise their children how they see fit. The bottom line for me, and the reason that I will not tolerate this ban, is that I don’t want others controlling my online access, whether that’s to do with porn or any other content. It will not work. You have no right to manage access to anything which is legal – let me run my own life, make my own decisions, and protect any children in my care as I feel is best.

Comment by John Hemming

There is an interesting perspective on this which is:
this

I, myself, don’t have a problem with default on as people can simply decide to go with an alternative. I do think much of what is going on at the moment is posturing, however.

Notwithstanding that I am worried that schemes such as Homesafe might operate a central database of what options people have selected, not just about porn, but also about political views. My son did a history lesson studying things like the KKK and the school asked why people were looking at the KKK. (He is in fact mixed race)

At a school level that is not an issue, but when it starts to be at a level involving the state it becomes an issue.

The basic principle that the web should not be filtered until it gets to the local router is a good principle.

>or are we seeing a future where the ISP is sending
>out regular updates to everybody’s router to have the
>latest list of naughty IP addresses
Much like the DNS system operates, you mean.
(as in the DNS identifies IP addresses against domains and as things change then the IP addresses change).
Or indeed various spam filtering systems.

>Therefore, to block sites a child could access on
>their phone, the filter would either need to be on >the mobile device itself, or at the ISP.
True.

It can, of course, be operated simply by preventing a child from having IP access via the mobile phone network on the phone or various other mechanisms.

It remains that I have concerns about the operation of central lists by systems such as Homesafe that I will take further. The technological issues do need transparency. That has to be a market driver as well.

However, substantially I am with Tom Melzer who argues that this is a bit of a ploy with no real impact.

Comment by Simon Oram

If a filtering system is set up this means that should a parent opt to access filtered content then their children also have access to any material they do. This means a significant proportion of the public is in the same place they always were. I am confused about the logic there.

Really, as so many have said, the onus needs to be on parents parenting. Be aware of what kids are doing as much as is possible and educate them. Of course this won’t work 100% either but I believe that is as close as we can get to a sane system.

As a side note – some ISPs are already filtering legal content on the web. O2 for instance will charge you (they credit your bill with the fee after) or ask you to present ID at an O2 store to verify your age with sites they deem to be for suitable for 18+ (the only time I have bumped into this I think their assertion was incorrect).

Mobile phones and age verification – your questions answered

Rather than verify I just opted not to bother and saved viewing for later on my fixed connection.

Comment by Patrick H Lauke

Thanks John, very useful.

Judging by that document about TalkTalk’s Brightfeed, this relies on having a Huawei router which is designed to pass any HTTP requests first through a vetting system to see whether it should allow the connection or not. (now wondering how many sites will switch to HTTPS, as that isn’t currently caught by this system).

As my router most definitely doesn’t have this “feature”, I’ll probably be forced by my ISP to replace it then so that I can be opted-in. Now it begs the question if the feature can be turned off at the router directly, or if the customers can only get it disabled by contacting their ISP, who will then remotely switch it off…

Technically then, this can be argued to be a router-level, rather than ISP-level system…although the lines blur, as the list of bad sites that won’t be routed is kept at ISP level and the routers will, by default, route requests through that list first. Or is this splitting semantic hairs? Basically, with the feature on (by default), you’re in China, where traffic of sites deemed objectionable is simply not routed by your ISP…

And it still begs the question: who oversees the list of bad sites? Is there going to be transparency and public review?

Comment by Patrick H Lauke

To clarify: I’m sure nobody would object to having a router that can be switched to filter content based on a BrightFeed style approach. The fact that this is being pushed as opt-out rather than opt-in is patronising, but alas…

But the issue is with transparency: I may have it enabled to stop “porn” and “extremist content”, but all of a sudden legitimate/legal sites find their way onto the list. With no oversight or transparency, who is to know? As it’s opaque to the customer, they may simply not know that certain types of content are just not reachable from their router (unless a clear message comes up, rather than a simple timeout/404, that states what site was blocked, why, what category it fell under, and how to contact the ISP to turn the filter off or to challenge the categorisation).

Far more insidious, though, is the second prong of the censorship attack: secret lists of offensive search terms that should simply return no results in search engines. A completely hidden sanitisation of search results, far beyond safe-search. How can THAT be turned off? My understanding so far is that there won’t be an option to turn this off…and again, the list of search terms needs public review and discussion. Otherwise it will, again, be similar to search results for Tiananmen Square from within the Great Firewall of China.

For both items above, who for instance can guarantee that sites like wikileaks won’t “accidentally” make it onto the list? Consider how in many US military/security networks access to the Guardian website has been blocked…if our big brothers across the pond can and will do it (in the name of security), what would prevent the same happening here?

tl;dr: the systems should be opt-in, not opt-out, but as long as they’re BOTH turn-off-able, fine. But the key is transparency, oversight and accountability of what goes on the “naughty list”.

Comment by Patrick H Lauke

Last point: for both initiatives, where is the actual hard evidence that this is needed to protect children? The real hard/illegal stuff is practically absent from Google/Bing/etc, as they already actively remove results to illegal material and have been doing so for years.

The idea of the legal stuff (and the occasional illegal stuff that slips through the existing measures temporarily) being a “gateway drug” is contentious, at best. Or are we seriously arguing that a person who is prepared to abduct, rape and murder young girls will think twice when getting a splash screen “this search term is naughty and has been blocked, contact your ISP to unblock it”? That a sick individual who is prepared to do unspeakable things to another human being will come to their senses after being told that their search is questionable? Please…

Comment by John Hemming

Patrick is right that there is an issue about transparency. However, blocked sites would still come up on search engines and through hyperlinks hence it would be obvious if a site is blocked.

I do think, however, that the politics of this are a key driver. Reading on the net implies that a minority of talktalk users use it and there are also quite a few problems with it.

Commercially, however, I would be surprised if Talktalk were to say that you must use a talktalk broadband router.

The first step in https before it goes into http is to do an encryption handshake. That exchanges keys, but also checks the site certificate. Hence you cannot put in a proxy without either a false certificate or it being highlighted to the user. A proxy, of course, gives rise to the possibility of a MITM attack which is not good for commercial transactions.

Comment by John Hemming

http://www.guardian.co.uk/commentisfree/2013/jul/21/david-cameron-war-internet-porn

There is an interesting perspective on this which is the URL above.

I, myself, don’t have a problem with default on as people can simply decide to go with an alternative. I do think much of what is going on at the moment is posturing, however.

Notwithstanding that I am worried that schemes such as Homesafe might operate a central database of what options people have selected, not just about porn, but also about political views. My son did a history lesson studying things like the KKK and the school asked why people were looking at the KKK. (He is in fact mixed race)

At a school level that is not an issue, but when it starts to be at a level involving the state it becomes an issue.

The basic principle that the web should not be filtered until it gets to the local router is a good principle.

>or are we seeing a future where the ISP is sending
>out regular updates to everybody’s router to have the
>latest list of naughty IP addresses
Much like the DNS system operates, you mean.
(as in the DNS identifies IP addresses against domains and as things change then the IP addresses change).
Or indeed various spam filtering systems.

>Therefore, to block sites a child could access on
>their phone, the filter would either need to be on >the mobile device itself, or at the ISP.
True.

It can, of course, be operated simply by preventing a child from having IP access via the mobile phone network on the phone or various other mechanisms.

It remains that I have concerns about the operation of central lists by systems such as Homesafe that I will take further. The technological issues do need transparency. That has to be a market driver as well.

However, substantially I am with Tom Melzer who argues that this is a bit of a government ploy with no real impact.

Comment by John Hemming

There is a link on twitter which indicates the kit that people believe is being used. That does put the processing into Talktalk’s router rather than a domestic router.

Essentially talktalk are already running a lot of what was rejected in the communications data draft bill.

Comment by Bruce

[all previous comments taken out of moderation queue. I was out with the kids and my spam filter is somewhat zealous. Which is perhaps apposite as it shows how many false positives machines make.]

Comment by John Hemming

I do think we have got to the bottom of the technical issue which is the TalkTalk approach does involve filtering within the TalkTalk network. That does not happen with other services.

This also means that all port 80 http conversations are monitored by talktalk for all of their customers.

Comment by Barry Collins (PC Pro)

Mr Hemming,

I’m afraid you are fundamentally wrong about TalkTalk’s technology. The filtering is performed at the network level, not at the router.

TalkTalk’s material on HomeSafe is very opaque, but you can see in this press release that it makes reference to network-level filtering: http://www.talktalkgroup.com/press/press-releases/2012/17-04-2012.aspx

Indeed, Claire Perry’s independent inquiry paper made repeated references to it: http://www.claireperry.org.uk/downloads/independent-parliamentary-inquiry-into-online-child-protection.pdf

All of the major ISPs will be introducing such network-level filtering in due course.

I’d be happy to talk you through the technology and how it differs from router-level filtering if you wish.

Barry Collins
Editor – PC Pro
http://www.pcpro.co.uk

Comment by Jake Archibald

John Hemming wrote:

It can, of course, be operated simply by preventing a child from having IP access via the mobile phone network on the phone or various other mechanisms.

So we’re saying that parents need to be proactive to filter their childrens’ access to the internet? Then why have default-on filtering if parents need to be proactive in order for it to be effective?

Comment by Paul Chambers

Both huawei and talktalk are pretty clear on the homesafe system being at the network level. Indepdent analysis by the well respected Security Research Department at the University of Cambridge also confirms that it is at the network level.

Here is the huawei success story on the talktalk implementation

This is the network hardware referred to in the previous link.

Technical Analysis by the University of Cambridge.

Various webmaster forums/blogs have noticed traffic from the system and that traffic comes from the following netblock:

inetnum: 62.24.181.128 – 62.24.181.143
netname: OPAL-DSL-PARENTAL-IRL01
descr: TalkTalk Parental Control

The scanning requests use the user-agents ‘TalkTalk Virus Alerts Scanning Engine’ or ‘HuaweiSymantecSpider’

While you could implement a hybrid system where the domestic router monitored traffic and passed all URLs to a network level system that replied with allow/block this does not appear to be what talktalk have implemented and I would be suprised if any ISPs attempted to implement a system in this way given the issues with this approach such as:

Customers replacing the router.
The cost of rolling out new routers to all customers.
The system acting as a oracle to reveal blocked sites.

Comment by Patrick H Lauke

To pin the issue down then, let’s assume that the solution that the ISPs will be “encouraged” to implement are those of BrightFeed. If the loophole for customers to avoid the automatic opt-in is to have different routers, the next logical step would be for the PM to demand that those with non-ISP routers be automatically put on a filtered DNS list matching the BrightFeed whitelist – and only those who use the official ISP router will get the option to opt out and get the uncensored access. Speculation, perhaps, but not unlikely as a follow-up in the next Ofcom review about the effectiveness of the opt-out approach.

> blocked sites would still come up on search engines and through hyperlinks hence it would be obvious if a site is blocked

but this is where the second prong of the current situation is coming in: the blacklist of search terms that Google/Bing/etc should not return results for. There is likely going to be an overlap between sites that are BrightFeed blocked AND that happen to trigger a keyword match against that secret list.

In any case, I believe the best move forward now is to ensure safeguards and oversight are clearly in place. There needs to be transparency, public scrutiny, and an independent body tasked with maintaining and monitoring the list of banned IP addresses and search terms – and this body must be accountable, have clearly publicised processes for appeals (“my business site is wrongly blocked, how can I remove the block / sue for lost revenue / etc”), and have representatives from organisations such as the open rights group.

Also, the issue of how someone can opt out of the censored search engine results is still up in the air…I assume the PM’s demands will go beyond simply allowing this to fall under the safe-search on/off option.

Comment by Jake Archibald

Here’s my worry, an overzealous filter will block resources about children and teens want access to, even some legitimate things such as sex education and drug advice. This will force them onto darknets that can’t be filtered.

I did some research into darknets after the government threatened to block web content during periods of state unrest (the London riots). Guess what darknets are riddled with? Child abuse imagery :(

If you force people to go underground to access legitimate content, they’re more likely to be exposed to illegal material.

Comment by AlastairC

+1 for Patrick’s summary:
“the systems should be opt-in, not opt-out, but as long as they’re BOTH turn-off-able, fine. But the key is transparency, oversight and accountability of what goes on the “naughty list”.”

As a parent I want to be in charge of my child’s experiences.

Perhaps transparency is an area where the tech community should propose a solution to Government?

If there is to be a central list (as seems necessary to achieve the filtering), let’s have a central (gov.uk) site to show how it’s being used.

The film board (BBFC) provides a good model, where you can see how a site is classified, e.g:
http://www.bbfc.co.uk/releases/conjuring-2013
“Contains strong horror”, so is classified as 15.

They have transparent guidelines on how they classify things, published on the site.

This site could enable people to check what’s filtered by searching for domain names (rather that providing a browse-access to ‘naughty’ sites), and see what the issue with the site was.

People would then be able to appeal, and it would go to a “jury” of people to make a decision, and publish that decision.

NB: I still have the 12 year old router that Blueyonder (pre-Virgin media) sent me, I doubt they could implement router based filtering on that! Are they going to have to send out millions of new routers?

Comment by Bruce

Mr Hemming, given that there is significant suggestion that this *is* a network-level filter, I trust that you will ask why the briefing material you was sent was wrong? And, back to my original question, how will this filtering stop child porn which is illegal and filtered anyway?

Who will decide which sites are considered “extremist” and “esoteric”? Will this site be blocked (it’s blocked in Oman, and Oslo airport)? If it is blocked, what is my recourse? Who would I sue for loss of business? My ISP? Huawei? The government?

Why did the government choose a policy that contradicts its own consultation?

I think we all need more information about the technical details and the oversight mechanisms.

You say “I am with Tom Melzer who argues that this is a bit of a ploy with no real impact.”

It is a ploy to the right-wing moralists; as Jake writes above, it forces people to the darknet where there are far murkier things to be found. The tech-savvy will find a way round it.

But it’s untrue that it has “no real impact” – it turns off whole swathes of the web, by default, seemingly with no accountability, for the vast majority of people. The web is Britain’s greatest contribution to the world for a very long time. It is also many people’s primary mechanism of accessing information.

Shouldn’t this be discussed at a parliamentary level?

Comment by The Open Sourcerer

It’s refreshing, perhaps even *unique*, to witness an MP who has a decent grasp of the technology involved. Thanks.

I have a few points to add to this discussion of the ludicrous proposal by *our* government:

1. Suppose by company website gets hacked and is used to deliver illegal or “extremist” (what does that mean?) material for a period of time. Presumably my site will then get blocked. How do I as a legitimate business owner get it unblocked? Who is responsible? What’s the process?

2. Legitimate sites are often incorrectly blocked by systems such as those used by Mobile operators. I have had to request the “adult” content filter be removed from both O2 and Vodafone just so I could visit forums about Open Source Software! Users will quickly tire of whatever process will be involved in getting stuff unblocked from several independent ISP’s system, and simply turn the whole filter off.

3. Do the government really believe that illegal porn is readily available via a common search engine such as Google? Don’t they appreciate that being illegal it would not be visible to the casual or sadly inquisitive observer but would, I would assume anyway, be hidden behind rather complex layers of obfuscation…

4. In response to John Hemming’s initial comment “I don’t think anyone has a problem with this.”. I have only read messages expressing concern, criticism, worry & outrage on this proposal. I have not seen *anyone* (apart from MPs) saying it’s all fine and dandy.

5. Who asked our government to do this? I didn’t. The consultation they did last year didn’t. I suspect there is something else driving this but I don’t get it. The Daily Mail surely doesn’t have that much influence does it…?

Comment by Alan

I work in web, currently working on site for a company and although I have a pretty much open web for research etc, I still hit “blocked under category adult or some other category” notices when accessing some sites that are nothing to do with said categories. This is a company with about 900 employee’s. Think about the population of the UK and how many times things will cock up.

Oops, apologies, this page now mentions cock and may be scheduled for future censorship because someone thought it was a good idea to filter at keyword level and his cronies and lobbyers agreed.

I have a 0% confidence that the government, any think tank etc can get this right. They never do, it’s over budget, it’s done badly, ALWAYS poorly thought out and executed on a whim.

There are far more important things to be looking at.

Comment by John Hemming

MPs have been told that network filtering is not being involved. It is, however, clear that TalkTalk does operate at the network level. I have, therefore, put in a call to the Whips office who are contacting the Special Advisors who handle this area.

I shall also try to contact Barry Collins to discuss this further.

Comment by Bruce

Thanks John – please keep us posted; we’re relying on you. (BTW, I’ve pruned some of your duplicate comments from when my spam filter was being over-zealous.)

Comment by Guitaraholic

I liken this idea to trying to change the way we lay roads so it wont allow stolen cars to drive on them = this would stop people stealing cars.

Sounds great in that sentence but it is impossible in reality to do it. You can’t filter the ‘highway’ that the traffic goes down I.e = the ISP. You need to police it.

Policing the net involves:
1, Parents policing their local machines and network to filter for children
2. Police body or charities to work with hosting companies to remove ‘bad’ destination sites.

Cameron has NO idea how this will work – it will never work. its simply a ploy to gullible voters, who also don’t understand how the internet really works, to try win votes.

I work for an ISP and the fact is this IS network level filtering – your ISP can decide what you can / cant see and each ISP will block different sites / sources. To do this at Home level involes Software on the PC – it cannot be done on a Modem. The size of the blocking lists alone would be impossible to push out to modems and every modem would have to be physically replaced to handle this type of change.

So in short
- Web filtering wont work
- Stop blaming the ‘highway’ when its the users.
- It will always be network level filtering

PS – any request to a server based solution WILL log out what you try access – the big question is will this data be harvested or not?

Comment by Mo

Another interesting (and, depending upon your perspective on all of this, potentially more concerning) facet of TalkTalk’s setup is that every HTTP URL that any customer (opted in to HomeSafe or not) visits is automatically spidered shortly after the customer does, so that its content can be evaluated according to the filtering heuristics. I’m still not entirely convinced that it can be legal (even if as a customer you should always assume the network is insecure, as the operators of websites you use are often not nearly so savvy).

[This is fairly trivial to see if you have your own web server (and can view its access logs) and are or know a TalkTalk customer.]

Comment by Patrick H Lauke

Mo, just wondering on what basis this automatic spidering would not be legal?

John, thank you very much for engaging in this discourse and for taking our concerns forward.

Comment by Mo

Patrick: RIPA; it’s a grey area, because they’re able to collect logs, and I suspect only a protracted legal battle would tell you whether logging the contents of HTTP packets and then acting on those logs without specific authorisation of the Home Secretary or Justice Minister constitutes unlawful interception of communications.

More on this from 2011, incidentally:

http://neva.li/post/11311177442 (on Cameron’s then-new plans for porn filtering — how time flies!)

http://neva.li/post/11311449816 — on TalkTalk’s filtering, including quotations from their statement which make it absolutely clear it’s network-level.

http://www.techweekeurope.co.uk/news/talktalk-snoops-on-customers-web-activity-8654 — from 2010, on the automatic spidering.

Comment by Dave

As a Canadian this UK issue does not affect me directly.

However since Canada has a “Constitutional Monarchy” with Queen Elizabeth II as our head of state there are serious potential fallouts from this.

If John Hemming (and other British MP’s) continue to pursue the censoring of the Free & Open Internet based on an absurd principal that Legitimate Consensual Pornography viewed by Adults is in anyway related to Illegal child pornography and rape then we (Canada) have a serious issue being associated with a Country that has it’s blinders on.

If this absurdity continues I will be requesting to my government representatives that we (Canada) fully detach ourselves from any Constitutional Monarchy with the UK.

YES! It is *THAT SERIOUS* and issue!

Utter ridiculousness – I can’t believe a single British Sterling Pound is being wasted on even contemplating this. If I was a British citizen I would be up in arms over this.

Comment by Bruce

Cheers John.

Any word on my further questions – how the wrong briefing got sent to MPs, how sites will be categorised, and what is a site owner’s recourse if they believe their site has been mis-categorised and blocked?

Comment by Pete

Mr Hemming, may I applaud you for your willingness to discuss this matter, listen to our arguments, make efforts to fully understand the ramifications and look into the issues around how the proposals have come about.

My local MP, Mr Richard Graham has decided to draw a veil over the matter and no longer wishes to communicate with me on the matter as he “disagrees with my Libertarian views”.

My “Libertarian views” are nothing more than believing that education is a better solution than stuffing something under the carpet in the belief that will make it all better.

I am debating whether or not to publish our “email ping-pong” (his words after an exchange of 2 emails) because frankly I find his attitude to be rather disappointing.

So, Mr Hemming, I challenge you to attempt to convey the rather good understanding you have and your willingness to actually research the matter to your fellow MPs. I appreciate it is a rather monumentous task but they don’t seem to want to listen to us.

If only more of our “representatives” represented us.

Comment by Pete

Apologies, I misquoted Mr Graham in my previous post here. He did not say he “disagrees with my Libertarian views”.

His actual words were; “I don’t agree with the libertarian argument on this one”

I do not feel I had made a Libertarian argument, just a sensible one after I had considered the issue.

Comment by John Hemming

I am trying to find out what Sky, Virgin and BT are working on. I have not yet got responses from all three and the responses are really superficial so far.

It appears that a solution that is DNS based, but in the network rather than in the router is the most common solution.

I am working with Barry Collins on this and hence he may wish to write about the conclusions first. However, we are still working on this.

Comment by Bruce

I’ve just had an hour long meeting with my MP, John Hemming (lying on his floor as his back was gone) about the plans for a UK-wide Web filter. He agrees with me that it’s a civil liberties problem, and we’ll work together to campaign against it. More details TBA.

Comment by Chris Hunt

Coming a bit late to this one, but this caught my eye in Mr Hemming’s first answer (my emphasis):

the coalition is determined that all internet users should be required to decide whether they want adult filters turned on or off. In households with children, the option to use filters will be pre-selected and parents will be directed to support and advice on internet safety.

How will my ISP know whether my household is a “household with children” ?