Part 2 - Mrs Grundy Goes To Canberra
The Great Firewall is an instance of the time honoured
Military-Industrial-Hollywood-Complex tactic of getting the government
to legislate a market for your products. The anti-virus and "desktop
nanny" companies managed to get free money by convincing the previous
government to subsidise supply of their products. The compromise
reached on the Liberal government's attempts to filter the internet
was that ISPs were required to offer filtering software to
customers, paid for by government subsidy.
The network-level filtering firms saw this happening and wanted in at
the trough. During the Howard administration the idea was formed to
lobby for a national network-level porn filter, by bad-mouthing the
effectiveness of home firewalls and desktop filtering. When it became
apparent that the argument was not having an effect on the then
communications minister and department, and with an election due, the
industry instead focused its lobbying efforts on the then-opposition,
particularly shadow minister Stephen Conroy.
To give the industry some credit for not being complete crunts, they
were at least only lobbying for the same opt-in subsidy as was
available to desktop filter vendors. The mandatory single
filter part is as far as I know, Senator Conroy's own brainchild.
I want to focus on the "secret blacklist" today. Many people have
asked how we can trust the government to be allowed the power to
secretly block speech and publishing without oversight. For several
years I maintained a filter vendor's copy of the secret list, and I
can tell you firsthand about the feelings of trust this engendered.
A national filter of course requires a list of things to be filtered.
The national blacklist has been a reality for many years, born out of
the previous government's censorship legislation, as the ability to
block everything on it was a condition of eligibility for the subsidy
created by previous legislation. The list is maintained by the
Australian Communications and Media Authority (ACMA) under the the
Broadcasting Services Act of 1992. It is distributed to filter
vendors (both desktop and network) who build it into their products.
Typically a vendor has their own classification database which they
can block in addition to the mandatory list provided by ACMA. A
filter vendor may classify millions of URLs, far beyond the tens of
thousands on the ACMA list, and provide configurable levels of
blocking to subscribers.
Much of the content of the ACMA blacklist is child porn, a distressing
amount of it. I'm not talking about photos of girls soccer teams, or
even illicit upskirts, I mean pictures of little girls and boys with dicks
in their mouths (and worse). But the list is by no means all undeniably
vile. Some of it is mainstream adult sites. There's a smattering of
teen grossout sites. Some of it is drug or medical information. Some
of it is political speech. Some of it was listed for no reason I
But what is more concerning than the content of the list is the way it
was managed. Additions were sent out weekly, in plain email addressed
to a list of filter companies. There appeared to be no real process
for removals---instead the list would, once or so each year, be
"washed" and replaced with a new master list, then weekly additions
I did not observe evidence of coordinated intent informing additions;
I believe added URLs came purely from public complaints, and maybe
results of law enforcement investigations . There did not appear to
be any proactive plan for discovering material to be added to the
list. You or I could probably name a few famous sites we think would
be on the list but aren't.
Every week I would receive the list of added URLs, typically between
five and thirty new URLs each week. There was no set format to the
mail, sometimes it was text, sometimes it was HTML, sometimes with
protocol leaders, sometimes without. Font size was random and would
vary within the list. It appears that somebody was manually pasting
URLs into an email, resulting in haphazard spacing and formatting.
Automating the process of amending the vendor's copy of the blacklist
was quite a challenge.
The URLs themselves did not appear to be intelligently vetted or
canonicalised--a common mistake was a domain.name..with.double.dot.
Presence or absence of www. leaders or trailing slashes was
inconsistent. Often an entire domain was listed, but other times an
update would list just two or three pages at one site, but by no means
all the objectionable pages. Often URLs containing query strings, or
usernames, or denoting single media files were listed. URLs
representing search engine queries were listed.
It was only a requirement for compliant filters to block the
exact listed URLs, so if http://example.com?ref=othersite.cc
was listed, then http://example.com would remain unblocked.
Sometimes you would see http://ickysite.tld/ added, and then months
later several URLs of the form http://ickysite.tld/gross.jpg would be
The email always stressed that "the Australian Communications and
Media Authority has conducted an investigation into internet content
located at the following addresses" and that each of those URLs had
been reviewed and deemed to be "prohibited or potentially prohibited
content as defined by the Broadcasting Services Act 1992". The review
process however did not seem to extend to conscious thought.
The people maintaining this list either have no volition to modify the
URL in the complaint, or no clue what they are doing. Blocking the
userpage of a particular YouTube user, for example, does not block
their videos, which presumably are the actual objectionable content.
One update would selectively block three or four pages at a really
objectionable site, while another would block the entire domain of a
"mainstream" non-extreme adult site. Adult sites Redtube,
fleshbot, stileproject, youporn all received
a blanket block. But, and I am not making this up, ACMA
"investigation" revealed that only the single page
I do not know whether the behaviour I observed from ACMA was a
consequence of the constrained scope of the current opt-in blocking
legislation or prima facie evidence of incompetence. In either case I
am not inspired to trust ACMA one whit to do a comprehensive or
Aside from the political and moral justifications for or against
censorship, what Australian internet users are faced with here is
either submission to a capricious, incompetent and ineffective censor
that blocks content largely at random, or blind rubber-stamping of
any vaguely risqué URLs nominated by anonymous complainants.
Either of those alternatives is a nightmare.
In 2008 ACMA responded to concerns from filter vendors that their
distribution mechanism for this purportedly secret information was
insecure and too labour intensive. Their response was to switch to
emailing a password-protected ZIP archive (sometimes wrapped as
self-extracting-executable), and require filter vendors to reply
giving a cellular telephone number to which the password could be sent
They appeared genuinely baffled as to why a emailing .ZIP or .EXE
file, with password via SMS was not acceptable to vendors as a
"security" solution. Never mind that neither of those technologies is
even vaguely secure, as a professional business communication
procedure it is laughable. Briefcases in the park would be preferable(*).
Handing ACMA any more power than they already have is putting the
Village Idiot in charge of the nuclear power plant.
Next time I want to talk about why a national filter cant work no
matter what URLs are added to any lists.
* To their credit I understand that, shortly after I left the industry
in 2009, ACMA consulted with vendors and chose a new distribution
method involving modern web protocols.