The System Administrators Guild of Australia (SAGE-AU) has raised strong concerns regarding a report issued by the Australian Communications and Media Authority (ACMA) entitled, “Closed Environment Testing of ISP-Level Internet Content Filtering”.

SAGE-AU says the artificial conditions of the testing methodology, together with unacceptable limitations in the test's terms of reference, combine to reduce the usefulness of the report for real-world conditions.

Mark Newton, SAGE-AU member and network expert, pointed out, “The baseline performance test featured 30 users on a gigabit switch saturating the test web server at 425 megabits per second, and stated that that would be equivalent to around 20,000 end users each on 1.5 Mbps connections. However, 425 Mbps divided among 20,000 end users actually gives each user 21,250 bits per second, around half of what can be achieved with a dial-up modem.”

“While it's probably true to say that filtering software doesn't present noticeable performance degradation when you've already artificially constrained the offered traffic rate to below dial-up speeds, it's difficult to see the relevance of that conclusion in a world where the Minister wants everyone in Australia to connect over 500 times faster,” Newton said.

The guild added that the interpretation of the results is also cause for significant concern. “The most accurate filter tested by ACMA incorrectly blocked Internet access three per cent of the time. The report noted that the overblocking result was a significant improvement on previous surveys, but failed to consider that medium-to-large Australian ISPs routinely carry in excess of 100,000 HTTP requests per second during peak times.”

According to ACMA's results, under ideal conditions with the best-of-breed filter in place, those ISPs would be incorrectly blocking over 3000 HTTP requests every second. “It is difficult to believe that the helpdesk requests required to manually unblock that volume of errors will not come at a significant cost, or that that cost won't increase Australian Internet access prices, increasing the ‘digital divide’ for sections of the Australian public already disadvantaged in terms of Internet accessibility and affordability.”

“The fact that few of the tested products are capable of performing their filtering functions on non-HTTP data streams is also a significant issue. In 2008, less than one third of the traffic carried by a typical Australian ISP's backbone is HTTP. The most prevalent means of distributing online content, including the content unsuitable for minors which Senator Conroy claims to want to address, is BitTorrent (a peer-to-peer networking protocol). Short of blocking peer-to-peer and instant messaging systems outright, none of the systems tested were able to filter these protocols.”

David Jericho, an expert in high performance networking and member of SAGE-AU, has questioned the benefits of the touted Fibre to the Node (FTTN) network under a filtering regime, saying that “any benefits from a faster FTTN network will be undone by the delays and processing required by any content filters.”

Don Gingrich, SAGE-AU member and lecturer in System Administration at RMIT University, says “Why should we, at significant expense, significantly reduce the performance of every part of the Internet in Australia for the dubious goal of possibly blocking part of the overall traffic in questionable material, when there is no absolute standard of what should be blocked?

“From past experience in looking at how this has played out in other regions, there seems to be a near certainty that legitimate and useful educational sites will be inadvertently blocked as a part of any effort of this sort 'A little bit censored' seems a lot to me like a 'little bit pregnant,'”. Gingrich concluded.

The guild also has privacy concerns with the filtering of secure web (HTTPS) traffic. “Effective filtering of a HTTPS data stream can only be performed by compromising end user privacy, further affecting secure web applications including legitimate Internet financial transactions which are otherwise not the subject of any filtering or scrutiny. That is, HTTPS data streams can only be filtered by requiring individual ISPs effectively engage in a ‘Man in the Middle attack,’ making encrypted sensitive or confidential data available to eavesdropping within ISP networks.”

“Public debate on the topic of the Federal Government's currently planned mandated Internet content filtering has existed for almost a year, and the Internet industry has consistently stated that the massive deployment costs required to build filtering into Australia's Internet infrastructure would require significant price increases to be imposed on families seeking Internet access from ISPs. In that environment, it is incredibly surprising that the Federal Government has not even started to address the question of cost.”

Newton asked, "How is it possible that we have come this far, and covered this much ground, over this much time, without any attempt by the Government to address industry concerns about the on-the-ground practicalities of implementing its plan?"

Donna Ashelford, SAGE-AU president, has called on the government to reconsider: "It is not too late to consider policy alternatives which meet the Government's stated aims without the deficiencies that accompany mandatory ISP-level filtering. Aside from the commercial and technical impact such legislation will have on a variety of sectors within the IT Industry in Australia, technical band-aids are invariably ineffective in addressing the root causes of social problems.”

0 comments Leave a comment