Re: one-to-many messaging
In article <024e01c8932f$4a6e7cc0$e57ea8c0 <at> Jinja>, James Firth
>On Mon, 31 Mar 2008 13:29:00, Roland Perry wrote:
>> I wonder why such an easy-sounding inspection of traffic data was
>> regarded as "too difficult" by ISPs, before BT came up with its rather
>> complex platform to implement "Cleanfeed"?
I think the main reason that people thought it was complicated task, was
because it IS a complicated task -- unless of course you merely wish to
block a relatively small number of sites that are not taking active
steps to avoid being blocked; and you don't mind that the system is
trivial for customers to evade.
BT apparently took the view that providing some blocking was better than
providing no blocking at all. They apparently hoped that this might
prevent a few accidental visits (despite there being no evidence that
people ever encountered these sites "by accident") and it might stop the
curious from viewing the sites and becoming corrupted (despite the fact
that the best way of achieving this latter aim is to persuade the search
engines not to display search results that lead to illegal images, as is
now the case).
At the time that BT rolled out their system (and they were not the only
ISP to roll out architecturally similar systems at that time, just the
first to go on the record [because a campaigner leaked news of the
system to one of the Sunday papers]), it could at least be said that the
blocking didn't do much harm (assuming that the IWF list could be
trusted -- which [unlike the recent situation in Finland] does seem to
be the case), and it might do a little good....
However, since that time, I have found [see Chapter 7 of my PhD thesis!]
that it is possible to use the BT system (and other related two-stage
systems) as an "oracle" that will allow you to reverse engineer the
identity of sites on the IWF list -- viz: you can locate illegal image
sites (and since there is a lack of truth in advertising in this area,
that might be a useful service for consumers of this material).
It seems to me that this makes the justification for running such
systems (which never did all that much good to begin with) somewhat
flaky... however, BT (and indeed the Government) do not agree with me!
>And now I don't quite see what you're saying. From what I understand,
>Cleanfeed was necessarily complicated for both performance reasons
Indeed so -- the only way that the system could get the necessary
precision to prevent overblocking was to use a proxy to inspect the URLs
being requested, and so (for reasons of economics, performance, and to
avoid other difficulties with proxies) it is necessary to have an
initial stage which arranges that only a small proportion of all
customer traffic passes through the proxy machine.
The amount of traffic is very much an issue here: in a second phase of
their system, BT had to significantly soup up the performance of their
proxies in order to be able to block sites on a very large free-
hosting site, because there is very substantial entirely legitimate
traffic to and from that site.
AIUI (and I have never signed an NDA about this system, so some of the
detail I have may be incorrect -- or indeed now significantly out of
date) there was no way around the fact that the "Cleanfeed" system
(Cleanfeed is in fact someone else's trademark, so BT never call it this
in public) drives a coach and horses through any claim for "mere
conduit" exemptions for web traffic.
Their official position was that if this became a significant risk for
them, they'd turn off the system. Since it is still operating, this will
be because they have found that in practice they still have sufficient
other legal coverage for their activities.
>The content of normal traffic is left uninspected. IP address matching
>(clearly traffic information) re-routes packets to suspected sites hosting
>images of child abuse. In order to avoid accusations of censorship and
>logistics of IP address recycling, this traffic is then "shunted" via a
>proxy server, which then decodes HTTP layer and checks specific URLs against
>the IWF list.
I don't think it could be said that the system avoids accusations of
"censorship" -- it's just that very few people are prepared to stand up
and say that suppressing access to child abuse images is "censorship".
>The two-stage process ensures there are good grounds for intercept before
>the content of a data packet is inspected.
BT would (I've no doubt) say that the blocking system was part of their
service, and hence the exemption in RIP s3(3) means that their
interception was lawful... if indeed there is any interception of
content since in practice the system works entirely by inspection of
>Even ardent liberals like myself have to agree that such a system offers a
>good compromise, safeguarding individuals' rights of privacy
At the outset BT declared that their policy was not to log any details
of traffic through the proxy. They do however count the number of URLs
that are blocked per day. Early on they published this number, which was
considerably higher than anyone expected....
... the likely explanations for this high number include there being
very large numbers of people who wish to view illegal images , that
the system was blocking access to material that was to be displayed
within otherwise legal pages [the most likely explanation in my view] or
that prefetching software (designed to speed up web viewing) was
fetching stuff "one click away" from legal sites.
No-one knows which of these explanations is correct (or indeed whether
it was just errors in IWF list causing overblocking!) because no-one
wants to collect the logs and do the research lest they not like what
they find :(
>and access to
>(legally available) content, gives some protection for IP address owners who
>pick-up dodgy IP addresses
>and helps to some degree prevent access to
>illegal abuse images.
see above -- the degree is somewhat limited IMHO
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin