censorship-evasion.html
9f63d66e384a15abe9dc09d6bb952baba04f46d54c692903d43220db6ccf29f9<html>
<head>
<title>2600 Australia: Evading the Broadcasting Services Amendment (Online Services) Act 1999</title>
</head>
<body bgcolor="#000000" link="#FFFFFF" alink="#FFFFFF" vlink="#FFFFFF">
<center>
<img src="2600-title.gif"
width="600"
height="217"
alt="2600 Australia"
border="0">
<p>
</center>
<p>
<center>
<font size="5" face="verdana,helvetica,arial" color="#FFFFFF"><b>
Evading the Broadcasting Services Amendment (Online Services) Act 1999
</b></font><br>
<font size="2" face="verdana,helvetica,arial" color="#FFFFFF">
by <a href="mailto:webmaster@2600.org.au">Dogcow</a>
</font><p>
</center>
<blockquote>
<font size="2" face="verdana,helvetica,arial" color="#FFFFFF"><b>
Reference Links:
</b><p>
<ul>
<li><a href="http://members.xoom.com/2600aus/censorship-evasion.html">US Mirror</a> - US Mirror of this document (for obvious reasons)
<li><a href="http://www.aph.gov.au/parlinfo/billsnet/99077.pdf">Broadcasting Services Amendment (Online Services) Act 1999</a> - PDF format
<li><a href="http://www.ozemail.com/~mbaker/amended.html">Broadcasting Services Amendment (Online Services) Act 1999</a> - HTML format
<li><a href="http://www.aph.gov.au/hansard/senate/commttee/s-it.htm">Senate Select Committee on Information Technologies</a> - Index
<li><a href="http://www.nlanr.net/Squid/">Squid</a> - an open source proxy server
<li><a href="http://www.nlanr.net/Cache/">NLANR Cache</a> - an open proxy hierarchy
<li><a href="http://ians.978.org/rdrp-c/">Anti CensorWare Proxy</a> - Masks the URL you're accessing
<li><a href="http://www.xs4all.nl/~freeswan">Free S/WAN</a> - an IPSEC implementation for Linux
<li><a href="http://www.replay.com/menu/pgp.html">PGP</a> - International download site
<li><a href="http://www.openssl.org/">SSL</a> - Open Source SSL implementation
<li><a href="ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email">FTP by email</a> - instructions
<li><a href="http://www.netspace.org/lsv-archive/bugtraq.html">BugTraq Mailing List</a> - Web Archive
<li><a href="http://www.anatomy.usyd.edu.au/danny/freedom/censorware/ifilter.html">Words filtered by iFilter</a> - Thanks to Danny Yee
</ul>
<p>
<font size="2" face="verdana,helvetica,arial" color="#FFFFFF"><b>
Introduction
</b>
<p>
Australia's citizens are about to be subject to content regulation on the Internet following the introduction
of an amendment to existing legislation relating to broadcasting services. This legislation defines certain responsibilities
for the ABA (Australian Broadcasting Authority), the OFLC (Office of Film and Literature Classification) and any
company or individual providing public access to "Internet content". All rhetoric aside about "big brother" and how
this legislation spells the end of free speech in this country, it is acknowledged by most if not all participants
in the debate about this legislation that, for a number of reasons it will be very difficult if not impossible
to effectively stem the tide of what the government calls "illegal and offensive material".
<p>
This paper has one aim - to highlight the futility of attempting such content regulation by explicitly describing the legal means
by which citizens can evade the provisions within the legislation.
<p>
<b>
Warning
</b>
<p>
I believe that all Australian laws should be in language understandable by ordinary Australians. This paper is my interpretation of the
Broadcasting Services Amendment (Online Services) Act 1999 and should not be construed as anything more than this. Just as I believe
what you view on the Internet should be your own responsibility, if you choose to follow any of my suggestions here, it's your sole
responsibility to deal with any adverse or unforseen consequences of those actions. That said, if you disagree with anything I've said
here, feel free to contact me.
<p>
<b>
The means of evasion...
</b>
<p>
I should point out that most of these means of evasion assume that the content you want to access is outside the country and
therefore beyond the effective reach of the "take down notices" mentioned in the legislation.
<p>
<ul>
<li>Use an alternate proxy network - connect to a different proxy server on a non-standard port
<li>Mask web content before entering the proxy network - change some words, change some server names
<li>Encrypt the content - they can't regulate what they can't read
<ul>
<li>Encrypt web content before it enters the proxy network
<li>Use an encrypted VPN/tunnel for streaming content
</ul>
<li>Distribute content by means of a "company" to your "employees"
<li>Offer on-demand, point-to-point email access to content
<li>Flood the ABA with legitimate, appropriate complaints
<li>Use a "recognised alternative access prevention arrangement"
<li>Mirror content so widely as to prevent effective enforcement of the legislation
</ul>
<b>
Use an alternate proxy network
</b>
<p>
You should be able to access any content you wish by connecting to a proxy server network outside Australia either directly
from your browser on a port other than 80, 3128 or 8080 (the most popular proxy server ports, and the ones most likely being
<a href="#transparent_proxying">transparently proxied</a>) or using a <a href="http://squid.nlanr.net/">Squid</a>-like cache
internal to your network that accesses a <a href="http://www.nlanr.net/Cache/">proxy hierarchy</a> outside Australia on a port
other than 3130 (the standard <a href="http://squid.nlanr.net/Squid/FAQ/FAQ-12.html#ss12.2">ICP</a> port).
<p>
This assumes that the government does not mandate the use of a packet level filter, regardless
of how ineffective one might be at locating banned content in a stream of data passing through it and preventing access to it.
If it were to do this, it would most likely be done using an industry standard able to be defined under
<a href="http://www.ozemail.com/~mbaker/amended.html#Part5">Part 5</a> of the legislation.
<p>
<a name="transparent_proxying">
Transparent proxying, for those unsure of it's meaning, is the process of redirecting a users' outgoing web content
request through a network switch capable of what's called layer 3 routing. Layer 3 routing enables the network switch
to invisibly redirect the web content request away from the intended destination into a proxy server which then fetches the
web content for you, assuming it's not been configured to block certain URLs or certain media types (mpg movies, for example).
<p>
<b>
Mask web content before entering the proxy network
</b>
<p>
Assume your ISP uses <a href="#transparent_proxying">transparent proxying</a> methods to pass all web content through a filter of some kind. What about masking the web content
in some way at the server (aka "internet host") end such that when it passes unhindered through the proxy network, your computer can
unmask the information, making it visible to you . A basic example of this, but one that only masks the URL you're trying to access is
accessible <a href="http://ians.978.org/rdrp-c/">here</a>. The Youth Alliance against Internet Censorship offers information on software
for your computer that can disable a proxy server <a href="http://peacefire.org/bypass/Proxy/">here</a>.
<p>
<b>
Encrypt the content before it enters the proxy network
</b>
<p>
Above, I mentioned the ability to mask content on the server side before it passes through the proxy network. The same concept can applied
to any Internet content using encryption. This could be achieved using a traditional <a href="http://www.openssl.org/">SSL</a>-based
transaction between a server and your own computer, by means of a <a href="http://www.replay.com/menu/pgp.html">PGP</a>-based transaction
with an appropriately configured server, or by using any other form of encryption that prevents decryption by anyone other than yourself.
<p>
<b>
Use an encrypted VPN/tunnel for streaming content
</b>
<p>
A VPN is a Virtual Private Network. It allows physically separate networks to operate in a homogenous fashion by encrypting packets
at one particular "endpoint", tunnelling them (sending in a point-to-point fashion) across the internet, then decrypting them at some
other "endpoint", protecting the information being passed between the two networks. A typical use of a VPN is by a company with offices
in different cities or in different countries. VPN technologies are offered by a number of major networking vendors including <a href="http://www.cisco.com/">Cisco</a>,
<a href="http://www.baynetworks.com/">Bay Networks</a> and <a href="http://www.ascend.com/">Ascend</a>, though usually with a fairly
high price tag attached. At a more grass roots level, end users can download and use a product called <a href="http://www.ssh.fi/">SSH (Secure Shell)</a>
to give them secure network access to UNIX shells and set up encrypted tunnels between two hosts. For Linux users, the
<a href="http://www.kernel.org/">kernel</a> comes with tunnelling code built-in and can be made secure with
<a href="http://www.xs4all.nl/~freeswan/freeswan_trees/freeswan-1.00/doc/glossary.html#IPSEC">IPSEC</a>
<a href="http://www.xs4all.nl/~freeswan">patches</a> available from the Netherlands.
<p>
<b>
Distribute content by means of a "company" to your "employees"
</b>
<p>
The legislation allows for information to be distributed to an end-user provided they are within your "immediate circle"
and is described in <a href="http://www.ozemail.com/~mbaker/amended.html#Clause9">Subclause 9(1-4)</a>:
<br>
<blockquote>
<pre>
9 Supply to the public
(1) This clause sets out the circumstances in which an Internet carriage
service is taken, for the purposes of subclause 8(1), to be supplied to the
public.
(2) If:
(a) an Internet carriage service is used for the carriage of information
between 2 end-users; and
(b) each end-user is outside the immediate circle of the supplier
of the service;
the service is supplied to the public.
Note: If a company makes Internet content available for access on the Internet,
and an individual obtains access to the content using an Internet carriage
service, the company and the individual are end-users in relation to the carriage
of the content by the Internet carriage service.
(3) If:
(a) an Internet carriage service is used to supply point-to-multipoint
services to end-users; and
(b) at least one end-user is outside the immediate circle of the supplier
of the service;
the service is supplied to the public.
(4) If:
(a) an Internet carriage service is used to supply designated content services
(other than point-to-multipoint services) to end-users; and
(b) at least one end-user is outside the immediate circle of the supplier of
the service;
the service is supplied to the public.
</pre>
</blockquote>
<p>
The thing to note here are the words "immediate circle". Jumping back up in the document to
the <a href="http://www.ozemail.com/~mbaker/amended.html#immediate_circle">definition</a>, we note
it refers to the Telecommunications Act of 1997. Jumping to the (rather long)
<a href="http://www.austlii.edu.au/au/legis/cth/consol_act/ta1997214/s23.html">definition</a>
in that legislation, we find that your "immediate circle" refers to employees if you are a company:
<br>
<blockquote>
<pre>
Immediate circle
SECT. (1) For the purposes of this Act, a person's "immediate circle" consists of the person, together with the following persons:
(a) if the person is an individual--an employee of the individual;
<i><a href="http://www.austlii.edu.au/au/legis/cth/consol_act/ta1997214/s23.html">continued...</a></i>
</pre>
</blockquote>
<p>
In theory, using this aspect of the legislation, you could create a company and employ individuals
interested in the banned content you have on offer. Far fetched, but apparently possible. The definition, interestingly,
would also allow a University to offer banned content to it's employees and students.
<p>
<b>
Offer on-demand, point-to-point email access to content
</b>
<p>
In the early days of the commercial internet, before the invention of the World Wide Web, not everybody had access
to the FTP sites that contained lots of information. The way most people got around this restriction/limitation was
using a service called ftp-by-email. To use it, you'd send an email to a certain address containing a sequence of
standard ftp commands, as
follows:
<p>
<blockquote>
<pre>
From: 2600 Webmaster (webmaster@2600.org.au)
To: FTP-By-Email (ftpmail@ftp.sunet.se)
open mirror.aarnet.edu.au
cd pub/linux/kernel
cd v2.2
binary
get README
quit
</pre>
</blockquote>
<p>
Following the receipt of this email, any files you had requested with a "get" command would be emailed back to you.
A rundown of how this (still) works can be found <a href="ftp://rtfm.mit.edu/pub/usenet/news.answers/internet-services/access-via-email">here</a>.
<p>
Now, referring to the legislation, we find the following definition of "Internet content":
<p>
<blockquote>
<pre>
<i>Internet content</i> means information that:
(a) is kept on a data storage device; and
(b) is accessed, or available for access, using an Internet carriage service;
but does not include:
(c) ordinary electronic mail; or
(d) information that is transmitted in the form of a broadcasting service.
</pre>
</blockquote>
<p>
and of "ordinary electronic mail":
<blockquote>
<pre>
<i>ordinary electronic mail</i> does not include a posting to a newsgroup.
</pre>
</blockquote>
<p>
Are you thinking what I'm thinking? Assuming the content is not accessible to the public by any means other than point-to-point, user-requested
email, you could be very well within the law to offer content that is otherwise banned in any other forum.
<p>
<b>
Flood the ABA with legitimate, appropriate complaints
</b>
<p>
I'll start describing this means of evasion by displaying Clause 26. Take particular note of Subclause 26(2b):
<p>
<blockquote>
<pre>
26 Investigation of complaints by the ABA
(1) The ABA must investigate a complaint under Division 1.
(2) However, the ABA need not investigate the complaint if:
(a) the ABA is satisfied that the complaint is:
(i) frivolous; or
(ii) vexatious; or
(iii) not made in good faith; or
(b) the ABA has reason to believe that the complaint was made for the purpose, or for
purposes that include the purpose, of frustrating or undermining the effective
administration of this Schedule.
(3) The ABA must notify the complainant of the results of such an investigation.
(4) The ABA may terminate such an investigation if it is of the opinion that it does not have
sufficient information to conclude the investigation.
</pre>
</blockquote>
<p>
Okay, so they thought people might flood them with frivolous complaints... Fair enough. But isn't it the case
that every site that is not investigated by the ABA remains unregulated and therefore free? I'm sure you can put two
and two together on this one.
<p>
<b>
Use a "recognised alternative access prevention arrangement"
</b>
<p>
I'll start this one by displaying two rather lengthy but important subclauses of the legislation, both of which
describe possible means to evade content regulation by installing (but presumably not using) one of the
currently-available end-user filtering pieces of software. Firstly Subclause 40(4-7):
<p>
<blockquote>
<pre>
40 Action to be taken in relation to a complaint about prohibited content hosted outside Australia
<a href="http://www.ozemail.com/~mbaker/amended.html#Clause40">(1) - (3)</a>
Recognised alternative access-prevention arrangements
(4) An Internet service provider is not required to comply with a standard access-prevention
notice in relation to a particular end-user if access by the end-user is subject to a
recognised alternative access-prevention arrangement(as defined by subclause (5)) that
is applicable to the end-user.
(5) The ABA may, by written instrument, declare that a specified arrangement is a recognised
alternative access-prevention arrangement for the purposes of the application of this Division
to one or more specified end-users if the ABA is satisfied that the arrangement is likely to
provide a reasonably effective means of preventing access by those end-users to prohibited
content and potential prohibited content.
Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901.
(6) The following are examples of arrangements that could be declared to be recognised alternative
access-prevention arrangements under subclause
(5):
(a) an arrangement that involves the use of regularly updated Internet content filtering software;
(b) an arrangement that involves the use of a "family-friendly" filtered Internet carriage service.
(7) An instrument under subclause (5) is a disallowable instrument for the purposes of section 46A
of the Acts Interpretation Act 1901
</pre>
</blockquote>
<p>
and Subclause 60(3-8):
<blockquote>
<pre>
60 Matters that must be dealt with by industry codes and industry standards
<a href="http://www.ozemail.com/~mbaker/amended.html#Clause60">(1) - (2)</a>
Designated alternative access-prevention arrangements
(3) An industry code or an industry standard may provide that an Internet service provider is not
required to deal with Internet content notified under paragraph 40(1)(b) of this Schedule or
clause 46 by taking steps to prevent particular end-users from accessing the content if access
by the end-users is subject to an arrangement that is declared by the code or standard to be a
designated alternative access-prevention arrangement for the purposes of the application of this
clause to those end-users.
(4) An industry code developed by a body or association must not declare that a specified arrangement
is a designated alternative access-prevention arrangement for the purposes of the application of
this clause to one or more specified end-users unless the body or association is satisfied that the
arrangement is likely to provide a reasonably effective means of preventing access by those end-users
to prohibited content and potential prohibited content.
Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901.
(5) An industry standard made by the ABA must not declare that a specified arrangement is a designated
alternative access-prevention arrangement for the purposes of the application of this clause to one
or more specified end-users unless the ABA is satisfied that the arrangement is likely to provide a
reasonably effective means of preventing access by those end-users to prohibited content and potential
prohibited content.
Note: For specification by class, see subsection 46(2) of the Acts Interpretation Act 1901.
(6) The following are examples of arrangements that could be declared to be designated alternative
access-prevention arrangements:
(a) an arrangement that involves the use of regularly updated Internet content filtering software;
(b) an arrangement that involves the use of a "family-friendly" filtered Internet carriage service.
(7) For the purposes of this Schedule, if an industry code:
(a) deals to any extent with procedures to be followed by Internet service providers in dealing
with Internet content notified under paragraph
40(1)(b) of this Schedule or clause 46; and
(b) makes provision as mentioned in subclause (3);
then:
(c) the code is taken to deal with the matter set out in paragraph (2)(d); and
(d) the code is taken to be consistent with subclause (2).
(8) For the purposes of this Schedule, if an industry standard:
(a) deals to any extent with procedures to be followed by Internet service providers in dealing
with Internet content notified under paragraph
40(1)(b) of this Schedule or clause 46; and
(b) makes provision as mentioned in subclause (3);
then:
(c) the standard is taken to deal with the matter set out in paragraph (2)(d); and
(d) the standard is taken to be consistent with subclause (2).
</pre>
</blockquote>
<p>
Now, if you've made it through all of that, you'll note a single key thing - that subject to appropriate industry codes
and standards, it may be possible to have an unfiltered internet feed delivered to you if you have an end-user filtering
system installed on your computer. The means of evasion here? Turn the filter off. Not exactly rocket science, is it?
<p>
<b>
Mirror content so widely as to prevent effective enforcement of the legislation
</b>
<p>
As with the two previous means of evasion, I will begin by displaying several pieces of the legislation. First up is Clause 36:
<p>
<blockquote>
<pre>
36 Anti-avoidance-special take-down notices
If:
(a) an interim take-down notice or a final take-down notice relating to particular Internet
content is applicable to a particular Internet content host; and
(b) the ABA is satisfied that the Internet content host is hosting in Australia, or is proposing
to host in Australia, Internet content (the similar Internet content) that is the same as,
or substantially similar to, the Internet content identified in the interim take-down notice
or the final take-down notice, as the case may be; and
(c) the ABA is satisfied that the similar Internet content is prohibited content or potential
prohibited content;
the ABA may give the Internet content host a written notice (a special take-down notice) directing the
host not to host the similar Internet content at any time when the interim take-down notice or final
take-down notice, as the case may be, is in force.
</pre>
</blockquote>
<p>
Clause 36 appears to apply to mirrored information or, quite possibly, a website consisting of different layout/text
but identical images. I'll now move onto Clauses 46 and 47:
<p>
<blockquote>
<pre>
46 Anti-avoidance-notified Internet content
(1) If:
(a) particular Internet content has been notified to Internet service providers as mentioned
in Paragraph 40(1)(b) of this Schedule; and
(b) the notification has not been withdrawn; and
(c) the ABA is satisfied that Internet content (the similar Internet content) that is the same
as, or substantially similar to, the first-mentioned Internet content is being hosted
outside Australia; and
(d) the ABA is satisfied that the similar Internet content is prohibited content or potential
prohibited content; and
(e) a code registered, or standard determined, under Part 5 of this Schedule deals with the
matters referred to in subclause 60(2);
the ABA must notify the similar Internet content to Internet service providers under the designated
notification scheme set out in the code or standard, as the case may be.
(2) If:
(a) particular Internet content is notified to Internet service providers as mentioned in
Paragraph 40(1)(b) of this Schedule; and
(b) as a result of the application of subclause (1) to that content, the ABA notifies similar
Internet content to Internet service providers in accordance with subclause (1); and
(c) the notification of the first-mentioned content is withdrawn;
the notification of the similar Internet content is taken to have been withdrawn.
(3) If:
(a) a notification of Internet content is withdrawn under subclause (2); and
(b) a code registered, or standard determined, under Part 5 of this Schedule deals with the
matters referred to in subclause 60(2);
the ABA must notify the withdrawal to Internet service providers under the designated notification
scheme set out in the code or standard, as the case may be.
47 Anti-avoidance-special access-prevention notice
(1) If:
(a) a standard access-prevention notice relating to particular Internet content is applicable
to a particular Internet service provider; and
(b) the ABA is satisfied that the Internet service provider is supplying an Internet carriage
service that enables end-users to access Internet content (the similar Internet content)
that is the same as, or substantially similar to, the Internet content identified in the
standard-access prevention notice; and
(c) the ABA is satisfied that the similar Internet content is prohibited content or potential
prohibited content; the ABA may give the provider a written notice (special access-prevention
notice) directing the provider to take all reasonable steps to prevent end-users from accessing
the similar Internet content at any time when the standard access-prevention notice is in force.
Note: The ABA may be taken to have given a notice under this clause-see clause 51.
(2) For the purposes of subclause (1), in determining whether particular steps are reasonable, regard must be had to:
(a) the technical and commercial feasibility of taking the steps; and
(b) the matters set out in subsection 4(3).
(3) Subclause (2) does not, by implication, limit the matters to which regard must be had.
recognised alternative access-prevention arrangements
(4) An Internet service provider is not required to comply with a special access-prevention notice in
relation to a particular end-user if access by the end-user is subject to a recognised alternative
access-prevention arrangement (as defined by subclause 40(5)) that is applicable to the end-user.
</pre>
</blockquote>
<p>
The means of avoidance here would be purely and simply mirroring content so widely and in so many derivative (and possibly dissimilar)
forms that even the process of generating take-down notices and notifying internet services providers would bog down the ABA
and the OFLC.
<p>
<b>
Commentary
</b>
<p>
The intent of this legislation, as stated by the government, was to prevent children accessing "illegal and offensive" material
on the Internet. More specifically, they made reference in various forums to pornographic material. My concern is not that responsible
adults will be prevented from accessing this material, but that the legislation does not explicitly
define what else might be regulated on the whim of a misguided Government minister or influential moral crusader within the ranks
of the ABA or OFLC.
<p>
One example of what might be banned is the <a href="http://www.netspace.org/lsv-archive/bugtraq.html">BugTraq</a> mailing list. This
list contains "full disclosure" discussions of computer software bugs, including in some cases explicit instructions on how
to break into computers. What might be easily overlooked in any such government review of this material is the fact that in most cases,
such information is accompanied by further instructions on how to secure any vulnerable computers.
<p>
Another oft-quoted example of how an overzealous filter might exclude important content is in the area of health. Breast cancer.
Sexually-transmitted diseases. Contraception. If it's got any of the words filtered by Senator Alston's favoured filtering solution, iFilter (a number of them listed
<a href="http://www.anatomy.usyd.edu.au/danny/freedom/censorware/ifilter.html">here</a>), chances are your friendly neighbourhood ISP will be told to ban it long before you see it.
<p>
<b>
Conclusion
</b>
<p>
As you can see, there's a number of loopholes in the legislation that our government has pushed through parliament, and most of them allow
a mildly intelligent citizen to quite legally evade any form of content regulation. Far from suggesting that this legislation should
be heavier-handed than it already is in restricting people from accessing the information they want, I am suggesting that
it should have been thrown out by the Paliament on the basis that it is fundamentally flawed and unenforceable.
<p>
Instead, and without fear tactics or moralist rhetoric, the Government could have instituted a public education
campaign informing parents about the need to restrict unsupervised/unfiltered access to the Internet with young
children (5-13) and begin a dialogue about personal responsibility and self moderation with older ones (13 and up).
As a young person that has grown up in the midst of computers and communication technologies, I believe this
would have achieved a much more productive outcome.
<p>
<b>
Feedback
</b>
<p>
Given that this is a layperson's analysis of the legislation, I invite any and all comment from similarly concerned citizens, and in particular
citizens familiar with legal matters that may be able to provide further insight.
<p>
Please feel free to make comments to <a href="mailto:webmaster@2600.org.au">webmaster@2600.org.au</a>.
</font>
</body></html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed