Study. Internet blocking. balancing cybercrime responses in democratic societies (Executive Summary) Prepared by

Transcription

1 Study Internet blcking balancing cybercrime respnses in demcratic scieties (Executive Summary) Prepared by Crmac Callanan (Ireland) Marc Gercke (Germany) Estelle De Marc (France) Hein Dries-Ziekenheiner (Netherlands)

2 This reprt has been prepared within the framewrk f Open Sciety Institute funding. The views expressed in this dcument d nt necessarily reflect thse f the Open Sciety Institute. Cntact Fr further infrmatin please cntact: Mr. Crmac Callanan Tel: crmac.callanan_at_acnite_dt_ie Mr. Marc Gercke Tel: gercke_at_cybercrime_dt_de The views expressed in this dcument d nt necessarily reflect thse f the Open Sciety Institute. Ms. Estelle De Marc Tel: estelle.de.marc_at_inthemis_dt_fr Mr. Hein Dries-Ziekenheiner Tel: hein_at_vigil_dt_nl Page 2 f 33

3 The Authrs CORMAC CALLANAN IRELAND MARCO GERCKE GERMANY Crmac Callanan is directr f Acnite Internet Slutins ( which prvides expertise in plicy develpment in the area f cybercrime and Internet security & safety. Hlding an MSc in Cmputer Science, he has ver 25 years wrking experience n internatinal cmputer netwrks and 10 years experience in the area f cybercrime. He has prvided training at Interpl and Eurpl and t law enfrcement agencies arund the wrld. He currently prvides cnsultancy services arund the wrld and wrked n plicy develpment with the Cuncil f Eurpe and the UNODC. In 2008, in cnjunctin with c-authr Marc Gercke, he cmpleted a study f best practice guidelines fr the cperatin between service prviders and law enfrcement against cybercrime ( adpted at the 2008 Octpus Cnference. In 2009, in cnjunctin with Nigel Jnes he prduced the 2Centre (Cybercrime Centres f Excellence Netwrk fr Training Research and Educatin) study prfiling internatinal best practice fr IT frensics training t Law Enfrcement ( Crmac was past-president and CEO f INHOPE the Internatinal Assciatin f Internet Htlines ( INHOPE facilitates and c-rdinates the wrk f Internet htlines respnding t illegal use and cntent n the Internet. He c-authred the INHOPE first Glbal Internet Trend reprt in 2007 which was a landmark publicatin n Internet child prngraphy. Crmac was funding Chairman f the Internet Service Prvider Assciatin f Ireland ( in 1997 which he led fr 5 years until February 2003 and served as Secretary General f the Eurpean Service Prvider Assciatin ( He was funding Directr f the Irish service in 1998 respnding t reprts abut illegal child prngraphy and hate speech n the Internet. He wrte the Cde f Cnduct fr the ISPAI. Crmac established the first cmmercial Internet Services Prvider business in Ireland in EUnet Ireland which was sld in He is a bard member f the Cpyright Assciatin f Ireland ( He served n the Rightswatch ( UK & Ireland Wrking Grup develping best practice guidelines fr Ntice and Takedwn prcedures as they relate t Intellectual Prperty Rights (IPR). Dr. Marc Gercke is directr f the Institute fr Cybercrime Law (Institut fuer Medienstrafrecht) - an independent research institute n legal aspects f cmputer and Internet crime. Hlding a PhD in criminal law with a fcus n Cybercrime he has been teaching law related t Cybercrime and Eurpean Criminal Law at the University f Clgne fr several years and is visiting lecturer fr Internatinal Criminal Law at the University f Macau. The fcus f his research is n internatinal aspects f law related t Cybercrime. In this respect he is wrking as an expert fr several internatinal rganisatins amng them the Cuncil f Eurpe, the Eurpean Unin, the United Natins and the Internatinal Telecmmunicatin Unin. One key element f the research are the challenges related t the fight against Cybercrime and the differences in develping a legal respnse in cmmn law and civil law systems. The latest research prjects cvered the activities f terrrist rganisatins in the Internet, Legal respnse t Identity Theft, Mney Laundering and Terrrist Financing activities invlving Internet technlgy and the respnsibility f ISPs. Marc is a frequent natinal and internatinal speaker and authr f mre than 60 publicatins related t Cybercrime. In additin t articles and bks he published several studies including cmparative law analysis fr the Cuncil f Eurpe. The aspect f respnsibility f ISPs in the fight against Cybercrime was the tpic f a study fr the Cuncil f Eurpe that was released in March His latest 255-page publicatin n Cybercrime is currently being translated int all UN languages. Marc was c-chair f the wrking grup set up by the Cuncil f Eurpe t supprt the drafting f the Guidelines fr the cperatin between law enfrcement and internet service prviders against cybercrime adpted at the 2008 Octpus Cnference and member f the ITU High Level Expert Grup. He is member f the German Bar and Secretary f the Criminal Law Department f the German Sciety fr Law and Infrmatics A full list f publicatins and speeches can be fund at: Page 3 f 33

4 ESTELLE DE MARCO FRANCE HEIN DRIES-ZIEKENHEINER THE NETHERLANDS Dr. Estelle De Marc is an IT legal and regulatry cnsultant and Secretary General f a Centre f research n Infrmatin Security and Cybercrime (CRESIC, Mntpellier). Hlding a Ph.D. in private law and criminal sciences, specialising in civil and criminal law, cmputer law and human rights, she has mre than 10 years experience n IT legal issues and 7 years experience n legal and plicy issues related t Internet illegal cntent (including Internet actrs liability, IPR and data prtectin). She participates in the Eurpl Wrking Grup n the Harmnisatin f Cybercrime Investigatin Training. Estelle was Legal and Regulatry Affairs Cunsel at the French Internet Service Prviders Assciatin (AFA) fr 6 years. She has a strng understanding f IT technical issues. As manager f the AFA s htline against illegal cntent, she was invlved in a day-t-day cperatin with the French plice cybercrime unit and participated in INHOPE prjects. She represented French Internet industry at many internatinal fra. She was a member f the Cuncil f Eurpe wrking grup t supprt the drafting f the Guidelines fr the cperatin between law enfrcement and internet service prviders against cybercrime adpted at the 2008 Octpus Cnference. She cmpleted several legal studies related t child care, cybercrime, IPR and technical threats t supprt the Industry s psitin befre the Ministry f culture, the Ministry f ecnmics r the Eurpean Cmmissin. In crdinatin with AFA members she wrte the Industry plicy n the fight against spam and the first specificatins f the Signal spam mechanism, which allws ISP t receive ntices abut utging spam frm their netwrk ( She participated in the creatin f Signal spam and was a member f its Bard. Estelle als wrked fr 4 years at Mntpellier s cunty Curt. Estelle is a member f Cyberlex ( a French IT legal and technical specialists assciatin, and f the Scientific Cmmittee f Juriscm.net ( an nline IT law specialised revue that regularly publishes cntributins frm prfessinal lawyers, including academics. She has created and maintained fr 10 years the Cmité Réseaux des Universités (Universities Netwrking Cmmittee) webpage n Internet law and ethics, designed fr technical experts ( Hein Dries-Ziekenheiner LL.M is the CEO f VIGILO cnsult, a Netherlands based cnsultancy specialising in internet enfrcement, cybercrime and IT law related issues. Hein hlds a masters degree in Dutch Civil law frm Leiden University and he has mre than five years f technical experience in frensic IT and law enfrcement n the internet. Thrugh his rle as legal and regulatry cunsel and representative f the Netherlands ISP industry assciatin (NLIP), Hein has an extensive backgrund and mre than ten years f experience in internet netwrking and internet plicy as well as law enfrcement related issues. Hein was delegate t the bard f the Eurpean Internet Service Prviders Assciatin (EurISPA) where he actively cntributed t interventins and plicy papers n a variety f tpics including the 2002 regulatry package, the ISP liability regime and privacy related issues. He has represented the Netherlands ISP industry in many ther (inter)natinal fra. As a member f the very successful OPTA (Onafhankelijke Pst en Telecmmunicatie Autriteit), the Dutch telecmmunicatins regulatry authrity, internet-safety team Hein was respnsible fr the first majr spam fine under the 2002 EU regulatry framewrk and was invlved in the infamus DllarRevenue spyware case. He headed several ther anti-spam and anti-malware cases brught by OPTA, the Netherlands Independent Pst and Telecmmunicatins Administratin. Hein prvides regular trainings t authrities in anti-spam and anti-malware frensics and has c-perated with many law enfrcement agencies wrldwide in spam cases, such as the US FTC and FBI, the Australian ACMA and the EU CPC netwrk f cnsumer prtectin agencies. Hein is a member f the Netherlands assciatin fr Law and IT and his cmpany, VIGILO cnsult, is an industry bserver member at the Lndn actin plan n spam (LAP). Hein regularly publishes and speaks n issues relating t internet law enfrcement and cybercrime. Page 4 f 33

5 Cntents Executive Summary Intrductin What is Internet Blcking? Internet Blcking Debate and Mtivatins Technical Aspects f Internet Blcking Internet Blcking and the Law Balancing Fundamental Freedms Cnclusin... 31

6 EXECUTIVE SUMMARY 1.1 Intrductin This reprt explains what Internet blcking is, what the mtivatins fr implementing Internet blcking in sciety are, what technical ptins are available and what the legal issues which affect Internet blcking strategies are. Nte: Qutatins in this executive summary are nt immediately attributed t the authr. These qutatins are clearly presented between qutatin marks and can be fund again in the main bdy f the study, with the deatiled reference t the authr and surce. N further reprductin f theses qutatins are allwed, when taken frm the present study, withut referring t the riginal authr f the qutatin AND the relevant page f the relevant chapter f this study, where the name f the riginal authr f the qutatin is indicated. 1.2 What is Internet Blcking? This study prvides a cmprehensive analysis f the current state f Internet blcking, a review f the current regulatry and legal envirnment relating t Internet blcking and a cmmentary f the effectiveness f Internet blcking and its impact n the fight against cybercrime and the supprt f demcracy and individual safety. The mst apprpriate balance between the prtectin f children and demcratic freedms is a very cmplex issue which needs t be finally determined n a natinal level thrugh extensive debate amng relevant stakehlders in each cuntry and with regard t relevant binding internatinal instruments such as the Eurpean Cnventin n Human Rights. Accrding t the members f the Eurpean Parliament, unimpeded access t the Internet withut interference is a right f cnsiderable imprtance. The Internet is a vast platfrm fr cultural expressin, access t knwledge, and demcratic participatin in Eurpean creativity, bringing generatins tgether thrugh the infrmatin sciety and is prtected by the right t freedm f expressin, even when it is nt currently cnsidered as a fundamental right in itself 1. In recent years, certain demcratic states have prmted the use f Internet blcking technlgies in relatin t varius types f cntent. They cite public interest t request specific blcks be implemented t uphld varius aspects f public plicy where the characteristics f the internet cause (internatinal) enfrcement issues. The subject matters vary frm the availability f Nazi memrabilia via nline marketplaces t gambling websites hsted in cuntries with liberal regimes in relatin t nline gambling. Similarly, states with less pen infrmatin regimes have taken t blcking as a technical resurce fr extending their practice f infrmatin cntrl int the nline wrld. 1 Eurpean Parliament reslutin f 10 April 2008 n cultural industries in Eurpe, 2007/2153(INI), 23, accessible at this address : TA DOC+XML+V0//EN. See sectin Page 6 f 33

7 What is Internet Blcking? Internet Blcking (smetimes called Internet filtering) is nt a new activity. It has been arund fr many years. Hwever, the term cvers such a brad range f plicies, hardware, sftware and services and it wuld be a mistake t think that all types f Internet blcking are the same r equally effective, legally equivalent r even that ne system can easily be used in relatin t mre than ne type f cntent. The primary bjective f Internet blcking is that cntent is blcked frm reaching a persnal cmputer r cmputer display by a sftware r hardware prduct which reviews all Internet cmmunicatins and determines whether t prevent the receipt and/r display f specifically targeted cntent. Fr example, an might be blcked because it is suspected t be spam, a website might be blcked because it is suspected f cntaining malware r a peer-t-peer sessin might be disrupted because it is suspected f exchanging child prngraphic cntent. The term Internet Blcking itself is smewhat a misnmer since it seems t suggest that Internet blcking is easily implemented and it is simply a chice t switch n r switch ff. Nthing culd be further frm the truth since the capabilities f Internet Blcking technlgies are quite cmplex and ften can be bypassed with little effrt. There are varius reasns fr this, the mst fundamental being that the Internet was designed t be decentralised, with a build-in capacity t ensure that data can flw arund any barriers that are put in their way. 2 Attempting t blck Internet cntent that is legally made available utside the cuntry but is cnsidered t be illegal inside the cuntry may smetimes als be cnsidered as a pssible ptin fr cuntries t attempt t maintain their wn natinal cultural standards in times f glbal access. It can be said that Internet blcking began ver 2 decades ag with the blcking f unslicited s (spam). This was started fr many reasns but initially it was t prevent verlading f netwrk capacity. This has been a cnstant area f research and develpment and an nging cmpetitin between anti-spam initiatives and spam activities. Despite these extensive initiatives ver a lng perid f time, everyne wh uses tday knws that spam blcking has nt been ttally successful since it has nt eradicated spam frm the Internet. It is imprtant t nte that all Internet blcking systems are subject t false-negatives 3 and false-psitive 4 prblems and in advanced systems these are minimised during the design f the blcking technlgies in use. Hwever, these prblems can becme mre prnunced and have greater impact when Internet Blcking systems are applied t the public Internet and applied mandatrily t all users f the Internet in an area. They are therefre a significant issue fr sciety as a whle t cnsider. Since these systems are ften implemented with minimum and ften inadequate public versight r debate and applied withut direct permissin f the users f these Internet services, they need t be designed, develped, managed, implemented and audited in a much mre transparent and accuntable way. There are different styles f Internet blcking. Persnal filtering and netwrk blcking are the tw main styles f systems which are in everyday use. There are als systems which are hybrids f these tw styles. 2 The cmplex range f technlgy issues are summarized in Chapter 5 3 A false-negative is when an is allwed thrugh the spam filter because when it is checked and scred negative t cntaining spam but nne-the-less is actually spam. Therefre it is a false negative. 4 A false-psitive is when an item which shuld nt be blcked is actually blcked by the filter because it scres a psitive result by the blcking filter. Since the psitive result is incrrect it is called a false-psitive. Page 7 f 33

8 Blcking perfrmed by the end-user enables the user t decide which type f cntent is blcked based n criteria assigned t each individual cmputer user and can be individually tailred and cnfigured fr different categries f users (parent, child, teacher, student, etc). This type f blcking is the mst specific but des nt prevent users frm accessing cntent which, thugh maybe illegal, they still chse t see and dwnlad. With netwrk-based Internet blcking, the service-prvider (Internet access prvider, emplyer, club, etc) can determine which type f cntent r activity will be blcked fr ALL users f the service, at least with regard t cntent accessed directly via the upstream netwrk equipment f the prvider where the blcking technlgy is implemented. (Smetimes the system can be tailred t decide the blcking criteria based n identified users). There are tw key issues t debate when we cnsider Internet blcking: Hw d we technically specify what t blck? The prcesses which cllect, review, assess and catalgue cntent, t identify which cntent shuld be blcked, are cmplex and resurce intensive. These prcesses need t be develped, tested and implemented and persnnel need t be identified and trained. Blck lists are the mst cmmn blcking strategy Autmated identificatin is n the drawing bard, but with limited results Rating systems have been available fr many years but have nt succeeded Wh shuld chse what shuld be blcked n the Internet? In cuntries where the judicial authrity is independent frm the legislative authrity and the executive authrity, which shuld be the case f all liberal demcracies, nly a judge shuld have the cmpetence t declare a piece f cntent, a situatin r an actin t be illegal. This issue creates ne f the majr challenges fr Internet blcking systems. Current natinal and internatinal legal prcesses rarely wrk adequately with the crss-brder challenges f the Internet r the cmmunicatins speed f Internet services. As a result there is rarely sufficient participatin by the judicial authrities in Internet blcking decisins. The Internatinal Netwrk f Internet Htlines (INHOPE) rganisatin crdinates a netwrk f htlines in ver thirty cuntries prcessing reprts abut child prngraphy n the Internet. The htlines received ver 500,000 reprts during 2005 and 850,000 reprts in 2006, ver 1m reprts in 2007 and these numbers are increasing each year. Exact numbers fr 2008 have nt been published yet. Of the reprts received frm September 2004 t December 2006 less than 20% were cnsidered illegal OR harmful and nly 10% f the ttal was cnsidered illegal by the htlines. A critical issue surrunding blcking lists is security and integrity. A list f such cntent is highly sught after by thse with a dispsitin t experience such material. Even withut blck lists being leaked directly n the Internet research indicates that it might be pssible t reverse engineer the blck list used by any services prvider. Internet Blcking f Child Prngraphy des nt cause child abuse t stp. It des nt cause the images t disappear r be remved frm the Internet. The mst effective respnse t child prngraphy/ child abuse images is t cause them t be remved frm the Internet, cmbined with a criminal investigatin f the prducer f the images and t remve the child frm an abusing situatin t a safe envirnment fr treatment and recvery. Internet blcking smetimes makes it mre difficult t access such cntent (depending n the blcking system adpted) s that nly mre determined and technically aware persns will Page 8 f 33

9 find it (depending n the client sftware in use). Where the images cntain persnally identifiable infrmatin abut the victim, blcking such images can prtect the victim frm further feelings f explitatin. 5 Unfrtunately, sme f the illegal cntent relating t child prngraphy n websites is currently hsted in cuntries and by Internet hsting prviders where natinal legislatin and plitical versight and interventin is nt cmparable t current best practice in internatinal standards and where direct ntice-and-take-dwn prcedures are underdevelped r d nt wrk. Initiatives addressing this issue need t be encuraged. It is imprtant t nte the intrusive nature f many blcking strategies. This is especially true fr the mre granular, cntent based filtering mechanisms which require insight int the cntent f the material being exchanged between users. This is nt nly prblematic frm an investment perspective (the required investment is, invariably, high in these scenaris) but als frm a brader, scietal pint f view. The prprtinality f an Internet blcking measure is generally difficult t assess, because it mainly depends n the particular legitimate aim 6 t preserve within each situatin, n the usefulness f the measure t reach that legitimate aim in a particular circumstance, and n the blcking characteristics and their impact n ther rights and freedms. The cnsequences f an Internet blcking measure in terms f interference in fundamental freedms are highlighted in Chapter 6 and 7. Hwever, ther pssible interferences are enabled by several Internet blcking measures, due t the nature f the mechanisms put in place t implement the blcking. The prprtinality f each measure which interferes with sme freedms has t be evaluated firstly as regards its stated legitimate aim, and secndly as regards its general effect, which must nt g beynd what is necessary t reach the pursued legitimate aim and, in any case, must leave sme scpe fr the exercise f the restricted freedm and nt extinguish the latter. Each time a blcking measure is allwed because f its value in pursuing a legitimate aim, its mre basic functining must nt limit ther freedms in a disprprtinate way and sme guarantees must be implemented t prevent this blcking measure frm being used in a way that wuld further endanger freedms. In any case, it shuld be nted that n strategy identified in this reprt that seems able t cmpletely prevent ver-blcking. This is f prime cncern when balancing the needs fr blcking child prngraphic cntent versus the need fr human rights and free speech. It seems inevitable that legal cntent will be blcked where blcking is implemented. Since Internet cntent can be exchanged ver several Internet technlgies, the practice f blcking nly a limited number f these (such as blcking nly traffic t web-servers) may als easily cause substitutin f an alternative cntent distributin methd. Thse wh have set their mind n distributing illegal cntent n the internet have a myriad f ptins t d s despite the netwrk blcking taking place. Frm a technical perspective, blcking attempts can, therefre, nly achieve prtectin fr users wh might access cntent inadvertently. It seems unlikely that blcking strategies, as utlined in this dcument, are capable f substantially r effectively preventing crime r re-victimisatin. Attempts t blck cntent can be characterised as an act f re-territrialisatin where cuntries aim t ensure that the natinal standards apply with regard t glbal cntent available t Internet users inside the cuntry. 5 This is discussed mre in Chapter 6 6 Refer t Sectin 1.6 Page 9 f 33

10 All types f blcking attempts are nt the same, all types f cntent are nt the same and all types f crime are nt the same. 1.3 Internet Blcking Debate and Mtivatins The debate abut Internet blcking can nt be limited t ne specific issue. The debate is as cmplex as the tpic itself. There are widely different areas f cncern and the challenges faced by plicy makers t respnd t Internet cntent prblems are cmplex. There are many mtivatins why sciety currently believes (r in sme cases hpes) that Internet blcking attempts might slve sme majr scial cncerns since ther appraches d nt appear t be very successful. There are many different entities wh have currently implemented blcking. There is a wide range f material which is the target f such blcking attempts. Internet blcking attempts can be apprached in many different ways depending n wh wuld be the intended target f the blcking initiatives. Several cuntries have already adpted Internet blcking systems. The Internet is a vast cmplex netwrk f netwrks with a myriad f hardware systems, prtcls and services implemented. The first step with an Internet blcking initiative is t select where blcking can be attempted n the Internet. A secnd key cncern is t determine wh chses what shuld be blcked and t determine the varius levels f knwledge and ability f different users and rganisatins t blck Internet cntent. A wide range f cntent can cause different cncerns in different scieties and each blcking measure needs t describe the variety f cntent which it targets and hw sme gvernments have turned t Internet blcking attempts as a pssible slutin t sme f these prblems. The primary mtivatins which cause plicy makers t cnsider Internet blcking are imprtant t nte and why, in sme cases, alternative appraches appear t have failed. An Internet blcking measure is usually targeted at either the prducers r cnsumers f illegal cntent and has different levels f effectiveness depending n this chice. The cmplex range f appraches and mtivatins twards Internet blcking attempts need t be clearly differentiated in rder t enable a cmparisn between these different appraches. The first criterin that can be used t differentiate between the different blcking appraches is the target f the blcking instrument. In general there are fur different targets blcking culd fcus n: Service-based apprach e.g. , Cntent-based apprach e.g. hate speech, child prngraphy, gambling websites User-based apprach e.g. users wh dwnlad illegal music, send spam Search Engine based apprach e.g. preventing search results fr illegal websites A secnd criterin that can be used t differentiate between the different Internet blcking appraches is t fcus n the rle f the decisin-maker abut illegal cntent. The decisinmaker is the persn r institutin which makes the decisin abut what shuld be blcked. Individual Driven Institutin Driven Legislatr / Curt Internet blcking is discussed as a technical slutin with regard t a wide range f illegal activities. T a large extent but nt necessarily - these acts are criminalised in the cuntry that is intending t implement r has already implemented blcking technlgy but is nt always criminalised in the same way in the cuntry where the cntent is hsted. Child Page 10 f 33

11 prngraphy is amng thse categries f cntent where the cntent blcked is cvered by criminal law prvisins. Enfrcement is difficult n the Internet where material is ften legally made available n servers utside the cuntry. This is a direct cnsequence f different natinal standards implemented with regard t the publicatin f material. Attempting t blck cntent that is legally made available utside the cuntry but is cnsidered t be illegal inside the cuntry culd be seen as a pssible ptin fr cuntries t attempt t maintain their wn natinal cultural standards in times f glbal access. Other cntent which is the target f Internet blcking attempts include: Spam - prvider rganisatins reprt that currently as many as 85 t 90 per cent f all s sent are spam. Mst spam blcking is perfrmed with custmer cnsent. Ertic and prngraphic Material - ften cnsidered by plicy makers within the cntext f preventing minrs frm getting access t cntent that is cnsidered harmful. In sme cuntries adult verificatin systems have been develped t prevent minrs gaining access t adult cntent. Other cuntries criminalise any exchange f prngraphic material even amng adults. Child Prngraphy - is universally cndemned and ffences related t child prngraphy are widely recgnised as criminal acts. Despite substantial effrts and csts, thse initiatives seeking t cntrl the netwrk distributin f child prngraphy, have prved little deterrent t perpetratrs. Cntrversial plitical tpics / hate speech / xenphbia - Sme cuntries criminalise the publicatin f racial hatred, vilence and xenphbia while such material can be legally published in ther cuntries that have a strng prtectin f freedm f expressin such as the US. Illegal Gambling - The Internet allws peple t circumvent gambling restrictins. Online casins are widely available, mst f which are hsted in cuntries with liberal laws r n regulatins n Internet gambling. Libel and publicatin f false infrmatin - Websites can present false r defamatry infrmatin, especially in frums and chat rms, where users can pst messages withut verificatin by mderatrs. Cntent published by terrrist rganisatins - the publicatin f prpaganda and the publicatin f infrmatin related t the cmmissin f crimes is cmmn. Cpyright vilatins - include the exchange f cpyright-prtected sngs, files and sftware in file-sharing systems and the circumventin f Digital Rights Management systems. Peer-t-Peer (P2P) technlgy plays a vital rle in the Internet. Why Cnsider Internet Blcking? Missing Cntrl Instruments n the Internet Since the Internet was riginally designed based n a decentralised netwrk architecture, resilient t failure and disruptin, the Internet is resistant t external attempts at cntrl. Blcking attempts culd be cnsidered as an apprach t implement such cntrl instrument that was nt freseen when the netwrk was develped. Internatinal Dimensin Internatinal cperatin based n principles f traditinal mutual legal assistance is ften very slw and time cnsuming. The frmal requirements and time needed t Page 11 f 33

12 cllabrate with freign law enfrcement agencies ften hinder investigatins. Blcking attempts might therefre be cnsidered as an apprach t act even in thse cases where the limitatins f current internatinal cperatin prevent measures t be taken in a timely manner. Decreased Imprtance f Natinal Hsting Infrastructure The publicatin f cntent that is perfectly legal in ne cuntry might be criminal act in anther cuntry. Attempts t blck cntent can therefre be characterised as an act f re-territrialisatin where cuntries aim t ensure that the natinal standards apply with regard t glbal cntent available t Internet users inside the cuntry. Wh t blck? Blcking f illegal Internet cntent can nt nly be seen as an instrument related t the ffenders that make cntent available nline (prducers) but als as in instrument aiming t prevent the user frm dwnlading illegal cntent (cnsumers). The prducer f illegal cntent - the illegal cntent prvider. The Internet has becme a majr tl fr the distributin f child prngraphy as it ffers a number f advantages t the perpetratrs that make investigatins challenging. In an analgus way, the mdern digital camera and digital camcrder have becme the majr tl fr the prductin f child prngraphy. The reasn t implement blcking technlgy is therefre similar t the reasns t criminalise the exchange f child prngraphy i.e. t reduce the vlume f crime and t prtect children. The cnsumer f illegal cntent. In additin t the prductin, publicatin and making available f child prngraphy, a significant number f cuntries criminalise the pssessin f child prngraphy. The demand fr such material culd prmte its prductin n an nging basis. Furthermre a number f cuntries g beynd the criminalisatin f the pssessin f child prngraphy and even criminalise the act f gaining access t child prngraphy. While the fact that Internet blcking des nt remve cntent at the surce hinders the instrument frm being able t prevent the ffence f making cntent available the instrument, if technically effective, has the ptential t prevent ffences cmmitted by sme users, that are trying t access a website t either watch r dwnlad child prngraphy. The success f this depends n the effectiveness f the blcking technlgies in frce and the level f mtivatin and knwledge f the user. The main cncerns abut blcking are the missing remval f the cntent at its surce and the many pssibilities t circumvent the technlgy. These aspects have several implicatins: The cntent can still be accessed by using cnnectins that d nt blck access. Once blcking technlgy is develped and implemented it culd be used fr ther purpses. One f the main reasns fr this cncern is related t the nn-transparent implementatin f such technlgy. The fact that the cntent is nt remved enables users t seek access by circumventing the technical prtectin slutins. There are several ways hw these blcking appraches that are currently discussed can be circumvented. Page 12 f 33

13 The fact that cntent is nt remved, suggests t users that these are safer websites t access since the authrities have clearly failed t have them remved and investigated. Exchange f child prngraphy via file-sharing systems r encrypted exchanges are nt cvered by the current web based appraches. making such material invisible might mislead the plitical debate as it culd create the impressin that the prblem f nline child prngraphy has been adequately addressed and thereby reducing civil cncern in this area. In additin t systemic limitatins f blcking appraches technical and legal cncerns need t be taken int cnsideratin. Other nn-blcking appraches imprving the means f internatinal cperatin in rder t narrw the time gap between the identificatin f illegal cntent stred abrad an the remval. wrking twards the remval f such cntent t hinder serius ffenders frm getting access t it. Investigating child prngraphic images t ensure the victims in thse images is identified and remved frm the abusive situatin. Several Eurpean cuntries such as Finland, Nrway, Sweden, Switzerland, United Kingdm and Italy as well as nn Eurpean cuntries such as Australia, China, Iran and Thailand use Internet blcking. The technical appraches, the aim f filtering as well as the level f industry participatin varies. In Australia, fr example, a blck-list generated by ACMA (Australian Cmmunicatins and Media Authrity (ACMA) is likely in future t becme mandatry fr all ISPs. In the UK the blck-list is generated by the IWF (Internet Watch Fundatin). The technlgy used is BT Cleanfeed r URL filtering. In Denmark the blck-list is generated by Natinal High Tech Crime Centre f the Danish Natinal Plice and Save the Children Denmark. In Finland blcking was initially based n a list f dmains supplied by the Finnish plice. Mst ISPs tday participate in the apprach but based n DNS blcking. 1.4 Technical Aspects f Internet Blcking The develpment and implementatin f varius types f Internet blcking technlgy n the internet is nt a recent develpment. Fr a lng time, spam, internet-based viruses and malware and many ther cntent-types that are unwanted and unrequested by the end-user have been targets f blcking effrts undertaken by industry fr security and usability reasns, r by the state in its rle f develper and enfrcer f laws and plicies. A technical verview f the majr Internet blcking systems in use tday is essential, as is an explanatin n hw these are applied t different Internet services. In additin t cncerns abut the effectiveness f such blcking systems, there are als significant technical impacts and challenges created by these systems. There are als many ways t evade these blcking systems and an analysis f the effectiveness f these systems is included. Demcratic states have prmted the use f Internet blcking technlgy in varius plicy areas, citing public interest t demand certain blcks be implemented t uphld varius aspects f public plicy where the characteristics f the internet caused (internatinal) enfrcement issues. Similarly, states with less pen infrmatin regimes have taken t blcking as a technical resurce fr extending their practice f infrmatin cntrl t nline media. Page 13 f 33

14 All f these develpments hinge n the availability f internet blcking technlgy. Depending n their technical characteristics, they differ in effectiveness and ptential fr circumventin. Techniques fr blcking child prngraphic cntent are the main fcus, but it is imprtant t nte that many blcking technlgies can be deplyed fr ther types f cntent r activity with limited additinal investment. Specifying cntent In rder t attempt t blck cntent, identifiers are needed whereby a blcking decisin can be implemented. The cntent that this reprt fcuses n is usually visual in nature, meaning that it cntains either still pictures r vide ftage f child sexual abuse. IP addresses Dmain names and DNS URLs File cntent and Filename Keywrds Cntent Signatures (hash values) Measuring Effectiveness 1. It is nt pssible t express effectiveness as the amunt f cntent that is blcked crrectly in cmparisn t the ttal amunt f available illegal cntent since the ttal vlume f available illegal cntent is unknwn. 2. Since it is ften unclear where hits n a website cme frm, figures quting vlume f hits n an existing list are a very crude indicatr at best. 3. Analysis f ver-blcking and under-blcking ptential can be used as indicatr f the effectiveness f Internet blcking technlgies. 4. Anther indicatr fr effectiveness is the ease f circumventin f a blck. If it is easy t circumvent r disable a blck, the availability f the blcked material is likely t remain unaffected. 5. The availability f alternative methds f access t the same cntent, by whatever means, can be seen as a measure fr effectiveness f blcking in the absence f precise data. 6. The availability f ther enfrcement ptins that ffer ther mre effective methds f preventing access t the material can als be assessed - especially if they are less cstly, less intrusive r mre effective twards the availability f the material. Characteristics f Blcking Strategies Allw-list versus Blck-list - Filters that are cnfigured by default t allw cntent t pass unhindered but have specific lists f cntent t blck are usually called blcklists, whereas filters that are cnfigured by default t blck all cntent except specific listed cntent are called allw-lists. Human interventin (dynamic and nn-dynamic blcking) - Typically, child prngraphy filters are based n cnsumer cmplaints and law enfrcement investigatins. The cntents f the filter will usually be manually selected since the cntent is reviewed and matched against the blck-list criteria persnally by the list administratr. On the ther hand, many filters such as filters and certain virus scanners will ften use pre-defined criteria t filter the cntent t blck withut human interventin. These criteria can be multi-faceted and cmplex. Blcking Pint - Blcking strategies can be differentiated by the level at which they are executed. User level filters allw parents and cmputer administratrs t select and Page 14 f 33

15 blck cntent types. Other filtering techniques are emplyed at the rganisatin, ISP r even state level. They typically require sending all traffic thrugh central machines that analyse incming traffic. Level f Detail r Specificity IP Addresses - Blcking an IP address means that ther Internet services and users that use the same address will als be blcked. Dmain-Names - Blcking by a dmain-name will blck all cntent residing under that dmain. Unifrm Resurce Lcatrs (URL s) Best results in terms f specificity will be btained by filtering n a URL basis. Due t the ease f evading these filters, blcking by this identifier can lead t a significant risk f under-blcking. Cntent Signatures - cntent can be blcked using signatures that allw fr classificatin f cntent that was previusly categrised as illegal. New cntent is easily missed by the filter. Encryptin f the cntent will render this methd useless. Keywrds - blcking based n keywrds fund either in the filename r the URL r the text at the lcatin f the cntent being accessed. Cmplex analysis f the recgnised keywrds in the cntext f their use needs t be perfrmed. Internet distributin methds fr Child prngraphy Child prngraphy can be distributed acrss the Internet using varius methds via high speed bradband Internet cnnectins. In additin t the distributin f static cntent (pictures and vide material), they als serve as a launch pad fr ther, related activities such as grming and cyber bullying. The increased use f scial netwrks is especially imprtant in this latter area. Websites Websites are ne f the fremst distributin methds fr cntent n the internet. Usually, web cntent resides n the server but cntent can als be retrieved dynamically r created dynamically, whereby a database is ften used t hld relevant data. It is cmmn fr many different web-servers perated by different wners t be attached t ne IP address. and Spam (unslicited ) is still the mst widely used service n the Internet, even mre than web r scial netwrking websites. Usenet Newsgrups The imprtant difference between newsgrups and is that streams f messages passed between Usenet servers (ften called newsfeeds ) are rganised int grups that suggest references t the cntent f the messages being exchanged. Peer t Peer netwrks (P2P) Peer-t-peer file-sharing is based arund the exchange f files directly between end users cmputers, bypassing intermediate servers. Althugh the technlgy has legitimate uses it lends itself t the sharing f music and mvie files, causing majr challenges fr cpyright hlders. Search engines By indexing the cntent f websites, search engines are able t identify relevant cntent by way f keywrd searches and cmplex search algrithms. Page 15 f 33

16 IM and Other Anther imprtant tl fr exchange f child prngraphic cntent is instant messaging. The IM channel serves mre as a vetting and intrductin mechanism, whereas cntent is exchanged directly, using ther technlgies. Blcking Strategies & Effectiveness Website Blcking Blcking f websites is usually executed using ne f tw different identifiers. the server that cntains the website culd be blcked at the level f its IP address, preventing anyne using the filter frm accessing that address. A blck-list wuld then cntain nly IP addresses f knwn illegal cntent. a blcking measure culd be adpted based n the dmain name r even n the URL f a specific file r page hsted n a website. If this type f blcking attempt takes place in the access netwrk rather than in the user s equipment, circumventin is, relatively speaking, mre challenging fr the user since the user wuld need sme basic knwledge abut hw the Internet wrks. Blcking Mst filters perate n, r right befre, the receiving mail-server that takes incming mail fr users n a netwrk. There are tw ways f filtering: there are cnnectin based filters that check the riginating IP address f the sending mail-server against a number f blacklists. filters can use the cntent f messages t filter ut unwanted cntent. Ptential fr ver-blcking is present where IP addresses r even entire riginating mailservers are blcked due t incidents invlving child prngraphy. Usenet Blcking Blcking attempts f Usenet cntent is traditinally dne by blcking access t parts f the grup hierarchy r refusing t hst a particular newsgrup. Internet Access Prviders have bserved that, when deprived f access t mre suspicius hierarchies, users will be inclined t mve their illegal cntent under less cnspicuus names, ptentially leading t mre incidents f accidental access t illegal material. Search engine results blcking It is pssible t prevent access t search results at the level f search engine prviders. An imprtant questin is the visibility f filtering, as displayed in the results pages f search engines. Sme prviders clearly state their plicy regarding the filtering f results, thers d nt. Circumventin f this filter is easy: simply accessing the cntent directly wuld be sufficient. Peer-t-peer and IM Blcking Blcking attempts f peer-t-peer traffic is a substantial task. Many p2p prtcls are distributed - meaning that files being dwnladed will be cnstructed frm several surces and s n ne stream f data cntains the whle file. The first ptin t attempt t blck access t P2P cntent is by analysing the p2p netwrk cntent by acting as a user f the service. By requesting certain files r mnitring the request and answers frm ther users it is pssible t find users that have parts f a file n their hard drive. Blcking access t their IP address r discnnecting these users if legally and technically feasible, hwever, is then the nly extreme remedy available. Page 16 f 33

17 Summary The secnd ptin with maximum effectiveness in the attempt t blck cntent in these netwrks is t use technlgies akin t Deep Packet Inspectin t recgnise the files as they are being exchanged This table lists characteristics f every blcking strategy discussed. It shws the likelihd ff ver- and under-blcking accrding t ur estimates, lists the resurces required t execute the blcking strategy, the blck-list type and maintenance effrt required fr such a list and, in the last clumn indicates whether the cmmunicatins cntents needs t be analysed extensively fr this strategy (DPI technlgy r alike) fr blcking t be effective. Medium Blcking Effectiveness Blcklist DPI OVERblcking UNDERblcking Resurces required Circumventin Maintenance effrt Identifier Web DNS VERY LIKELY LIKELY LOW EASY MEDIUM Dmainname - Dmain VERY LIKELY LIKELY MEDIUM MEDIUM MEDIUM IP address t dmainname URL LESS LIKELY VERY LIKELY MEDIUM MEDIUM HIGH URL + IP VERY LIKELY LIKELY LOW MEDIUM MEDIUM IP address - Dynamic VERY LIKELY VERY LIKELY HIGH MEDIUM LOW Keywrds, graphics recgnitintect echnlgy r ther Signatures LESS LIKELY VERY LIKELY HIGH MEDIUM HIGH Hash + Hybrid (IP+signat ure/url) LESS LIKELY VERY LIKELY MEDIUM MEDIUM HIGH Dynamic LIKELY LIKELY MEDIUM HARDER LOW Ip and Hash r URL Keywrds r ther URL LIKELY LIKELY MEDIUM HARDER HIGH URL - IP address VERY LIKELY LIKELY MEDIUM HARDER HIGH IP address - Signatures LESS LIKELY LIKELY HIGH HARDER HIGH Hash + Usenet Per Grup LIKELY LIKELY LOW EASY LOW Grupname - Per hierarchy VERY LIKELY LESS LIKELY LOW EASY LOW Grup hierarchy Search Keywrd VERY LIKELY VERY LIKELY HIGH EASY MEDIUM Keywrds - P2P Per prtcl VERY LIKELY LESS LIKELY MEDIUM HARDER LOW Prtcl recgnitin Per file (signature) LESS LIKELY VERY LIKELY HIGH HARDER HIGH Hash + Per file (dynamic) LIKELY VERY LIKELY VERY HIGH HARDER LOW Advanced algrithms Whilst the distributin methds may vary, each methd can functin as a reasnable substitute fr each ther methd. Regardless f the effectiveness f blcking the cntent n ne f the media, any flaw in blcking the same cntent n any f the thers will lead t changing the distributin methd. Mst child prngraphic activity n the Internet tday invlves the use f multiple Internet services and systems. There are several investigated cases where cntact between an adult and a child started in public chat rms, mved t private chat rms, prgressed t persnal s and private SMS (Shrt Messaging Service) text messages acrss the mbile phne netwrk with final face-t-face meetings arranged via persnal phne calls n mbile phnes. Page 17 f 33

18 Investigating such activity is very challenging and requires brad knwledge n behalf f the investigatrs f all aspects f internet technlgies and telecmmunicatins. Evading Internet Blcking Prxy-Servers Circumventing this type f filter is quite trivial. T circumvent a filter blcking access directly, a user can ask a freign prxy server t access the blcked cntent n his/her behalf and, as lng as that freign prxy server itself is nt being blcked, and the user can thus gain access t the cntent t bypass lcal filtering. Tunnelling Tunnelling sftware allws users t create an encrypted tunnel t a different machine n the Internet which prevents the filtering sftware frm seeing web requests. Once a tunnel is created t the ther machine, all Internet requests are passed thrugh the tunnel, thrugh the machine n the ther side, and n t the Internet. Hsting r URL rtatin Frm the pint f view f the cntent publisher, changing the website cnfiguratin t a different address (dmain-name, URL r even IP address) is als trivial, and wuld effectively bypass IP, URL r dmain-name based filters. Btnets Dmain name rtatin r IP address hiding is ften dne using btnet technlgy whereby cmprmised inncent end-users machines are used t act as a prtal t the cntent f the web server. In essence, the user s cmputer is turned int a nn-caching prxy. Evading DNS based filters Even easier t bypass is blcking at the level f the DNS query. Merely changing the DNS server f the prvider t a different ne (which is nt part f the blcking system) is enugh t ttally circumvent this blcking methd. Where blcking is dne n anything ther than a full url (path name) r a cntent signature, there is a significant ptential fr ver-blcking. Hwever, cnversely, url r cntent signature blcking ffers significant ptential fr under-blcking. Blcking web traffic effectively, (i.e. blcking the access f the user t the cntent and nt merely using DNS filters) requires significant investment in prxy deep packet inspectin infrastructure and substantial interceptin f all Internet cmmunicatins. Filters have the pssibility f prviding useful intelligence t criminals perating illegal child prngraphy websites. If they perate a website which has been placed n a blcking list they then knw that the website has been identified by the authrities and is then highly pssible t be under investigatin and mnitring by law enfrcement. The criminals can then take steps t destry any evidence AND take steps t relcate their services t a new lcatin anywhere else in the wrld. They can test their hiding technlgies against the detectin system t research which techniques prvide lnger prtectin against detectin and blcking. Blcking activities als cause disruptin t thse accessing such websites thereby frcing the web peratrs t mve their cntent mre frequently. These mvements can als be tracked and can ffer useful intelligence t investigatrs tracking their mvements and may prvide useful research data. The resurces and effrt required as a result f cnstant evasin f blcking activities whilst staying annymus shuld nt be underestimated. It is likely that this will lead t mistakes ccurring sner. Hwever, it is imprtant t nte that the resurces and effrt are t create Page 18 f 33

19 and maintain an Internet blcking system are just as significant especially when required t cnstantly respnd t evading activities. Implicatins fr a demcratic sciety Security issues The infrastructure required t execute a blcking strategy is capable f interfering with many critical elements f end users internet cnnectins. In additin, the cntent f blck-lists is f prime interest t paedsexual ffenders since they have strng mtivatin t use the blcking list fr the ppsite reasn t the ne that it was designed: Over-blcking and Under-blcking N strategy identified in this reprt that seems able t prevent ver-blcking. This is a majr cncern when balancing the need t prtect children versus human rights and freedms. It seems inevitable that legal cntent will be blcked where blcking is implemented. Under-blcking is als a universal phenmenn especially present in the mre prprtinate and fcussed blcking strategies. Missin creep ptential and re-territrialisatin Many f the blcking strategies are very intrusive int Internet cmmunicatin. The mre granular, cntent-based filtering mechanisms require insight int the cntent f the material being exchanged between users. It is imprtant that public debate take place and that this debate cnsider the essential technical and legal differences between different types f cntent and the prprtinality f blcking t ther methds f harm reductin, crime preventin, and cybercrime investigatins. 1.5 Internet Blcking and the Law Attempting t blck illegal material is nt the definitive remval f access t specific images, vides r web pages. The inevitable circumventin pssibilities, under-blcking, verblcking, missin creep, cnflicts f laws and the prblem that blcking leaves material nline all mean that the issue at stake is nt simply t blck r nt t blck but rather what blcking measures can be intrduced that are prprtinate and acceptable in a demcratic sciety. As a result, it is crucial t review the legal and demcratic challenges that Internet blcking raises. A cmprehensive verview f Internet blcking and the law requires a review f relevant legal instruments which affect Internet blcking systems. Mdern liberal demcracies play a key rle by their active respect fr fundamental freedms and civil liberties. Bth natinal and internatinal instruments need t be cnsidered t determine what fundamental rights are in ppsitin t Internet blcking and which fundamental rights supprt Internet blcking. The rle f Internet Service Prviders is fundamental t Internet blcking measures and they perate in cnfusing circumstances with regards t cmpeting and smetimes cntradictry legal requirements. In the eyes f the law, Internet blcking is a measure that wuld give, in the aim f prtecting a particular interest, a right t blck, a right t chse the technlgical means t achieve this and the right t chse the cntent t blck, in the knwledge that this will result in sme citizens being deprived f a right f accessing cntent r the right t make available sme cntent. Internet blcking therefre is a measure that wuld be prvided fr t prtect particular rights r freedms, while having direct and immediate impact n ther rights and freedms. Since rights and freedms are gverned by law, the analysis f the legitimacy f Internet blcking Page 19 f 33

20 (therefre) requires a thrugh analysis f the elements f law that are relevant t, and culd be in cnflict with, such a measure. Since Internet blcking is a measure which is internatinally debated, this study will especially fcus n internatinal law and Eurpean law, while sme examples f applicatin by sample natinal laws will be given. Within these legal systems, Internet blcking may be incnsistent with tw areas f law, namely human rights and fundamental freedms and sme specific prvisins related t electrnic cmmunicatins. It might be cnsistent with sme f aspects f these rights and freedms depending n the prprtinality f the Internet blcking measure adpted. The challenge is t determine t which extent ne freedm can be limited in rder t preserve anther. Each f these freedms needs t be reviewed in detail t enable a cnclusin n the cnditins under which Internet blcking might be cnsidered acceptable under legal principles. Numerus natinal legal systems, as well as the Eurpean and internatinal legal systems, give an imprtant place t Human Rights and Fundamental Freedms, which might be invked t justify a blcking measure, r which wuld be inapprpriately affected by such a measure. The preservatin f Human Rights, and in particular the nes that culd be in cnflict with an Internet blcking measure, i.e. the right f private life r the right t freedm f expressin, are ften cnsidered as intrinsic in demcracy. There are three aspects where the relatinship between demcracy and freedms can be seen. Electins - The principle f participatin f everybdy in public life. Separatin f Pwers - The institutinal structures fr the separatin f pwers Fundamental Rights - The State s willingness and engagement t respect freedms The difference between Human Rights, Fundamental Freedms and Civil Liberties mainly lies in the hlder f the rights, wh depends n the cntent f the awarded right, and in the legal value f the text and the imprtance f its prtectin. A particular right can receive the three qualificatins, as the rights t prtectin f private life and f freedm f expressin d in numerus cuntries. Civil liberties are limitatins f the pwers f the public authrity twards citizens. T the ntins f Human Rights and Civil Liberties, has been added the ntin f Fundamental Rights r Fundamental Freedms. Fundamental Rights and Freedms are, prtected against the executive and against the pwer f the Parliament; are guaranteed nt nly by the Law but abve all by the Cnstitutin r by internatinal and supranatinal texts. secured frm the executive and the legal pwer, thrugh the applicatin f the Cnstitutin (r internatinal texts), the cmpetence nt nly f the rdinary judges, but als f cnstitutinal judges and even internatinal judges The first texts that declared Human Rights and Fundamental Freedms were natinal. Internatinal texts came after the Secnd Wrld War and cntributed t mdifying natinal legal systems. Their cntent was als recgnised by the Eurpean Unin institutins. Internet blcking attempts need t be analysed in the light f the main fundamental freedms that seem in cnflict with it including Freedm f Expressin and Right t Respect fr private and family life - r which seem t supprt f it including children s right t be prtected against vilence and explitatin. Page 20 f 33