Australian government caught blocking websites on the sly
The federal government has been caught quietly blocking access to websites, leading some to declare that it has attempted to sneak mandatory web filtering in on the sly.
What’s more, the filtering was only revealed when the government accidentally blocked access to 1200 other websites at the same time.
Last month, Australian Securities and Investments Commission (ASIC) used Section 313 of the Telecommunications Act 1997 to request that certain ISPs block access to a website it “believed … was operating in breach of Australian law”.
Section 313 of the Act states that carriers or carriage service providers must “give officers and authorities of the Commonwealth and of the States and Territories such help as is reasonably necessary” for the purposes of “enforcing the criminal law and laws imposing pecuniary penalties”, among others purposes.
Section 313 has already seen public use - when the government abandoned its mandatory web filter plans last year, it used Section 313 to request that ISPs block the “worst of the worst” child pornography websites, based on a black list supplied by Interpol.
But evidently, at least one government agency has been using Section 313 to quietly block websites outside of that purview.
In last month’s incident, ASIC supplied the ISPs with the IP address corresponding to the website in question, and at least some ISPs complied.
But by blocking that address, the ISPs also blocked around 1200 other websites hosted on the same web server.
Since the news came to light, ASIC admitted that over the past nine months it has blocked “numerous” websites that it suspected contained illegal material, according to Delimiter.
The Melbourne Free University was one of the 1200 websites inadvertently blocked. The convenors of the website contacted their ISP and were told that the Australian government had blocked their website. The ISP also said it was legally unable to divulge who specifically had blocked it, or why.
The block lasted from 4 April to 12 April. It was lifted after Melbourne Free University raised concerns through its ISP and the media.
Peter Black, a senior law lecturer at the Queensland University of Technology, told the ABC: “It does seem as though, since the government formally abandoned their policy of mandatory ISP level internet filtering, they do seem to seem to be moving towards using section 313 to effectively introduce some form of filter through the back door.
“The big problem, in my opinion, from going down this particular path is that we’re not seeing proper parliamentary or public scrutiny about this process,” Black said.
Greens senator Scott Ludlam said: “Any officer in any state, territory or Commonwealth department could issue one of these notices and a service provider arguably then has a legal obligation to block websites.”
“No-one is effectively in charge; other government agencies could demand sites be blocked with no coordination or accountability in place,” he said.
The extent to which an ISP must comply with such a directive is not entirely clear, however. The SMH quotes industry one source who said the notices are “requests”, rather than “orders” that they must obey.
The office of Communications Minister, Stephen Conroy, said: “The government is working with enforcement agencies to ensure that Section 313 requests are properly targeted in future.”
According to Delimiter, ASIC’s use of Section 313 in this manner “appears to open the door that any federal government department or agency could request Australian ISPs to block websites which are believed to contain illegal material”.
“There is currently no known civilian oversight of the Section 313 notifications scheme, no method of appeal and no way of ascertaining whether and why sites have been blocked under the legislation,” Delimiter reporter Renai LeMay writes.
“It is very easy to foresee that other federal government agencies would like to follow the example set by ASIC and quietly use Section 313 notices to block other sites on the borderlines of legality.
“The ASIC case may just be the tip of an existing iceberg; the example where someone actually got caught, because of a false positive,” LeMay writes.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.