May 22 2013
Technology news website Delimiter this week revealed the Australian Securities and Investments Commission (ASIC) last month used a telco law to ask major internet service providers (ISPs) to block a website it believed was defrauding Australians.
This isn’t a random oopsie. This is a complete cock-up. Technology commentator Stilgherrian
Telstra, Optus and Vodafone, who are known to have been asked to block it, complied.
Communications Minister Stephen Conroy’s office says the blocking is legal. Photo: Mal Fairclough
Do you know more? firstname.lastname@example.org
The use of the little-known law to block the website’s access in Australia was uncovered only after ASIC inadvertently caused the blocking of the Melbourne Free University website and 1200 other websites, which were hosted on the same web server as the allegedly fraudulent website.
ASIC caused the blocking by giving ISPs the IP address of the shared server the websites were hosted on, rather than disclosing the allegedly fraudulent website’s domain name, which would have resulted in only blocking it and not other websites.
Greens Senator Scott Ludlam is outraged with the way the law is being interpreted.
ASIC has since revealed it has used the little-known section of the Telecommunications Act “numerous times over the past nine months” to block websites. Section 313 states ISPs must co-operate with government officers to “help as is reasonably necessary”.
How section 313 of the Telecommunications Act can be used was largely unclear to ISPs until Communications Minister Stephen Conroy revealed in November that he would use it via the Australian Federal Police to get major ISPs to block a list of online child pornography web pages that are contained on a “worst of” list compiled by Interpol.
At the time, Dr Mark Gregory, senior lecturer at RMIT University’s school of electrical and computer engineering, wrote on The Conversation that the decision “may have inadvertently opened the door for unlimited government and police control of the internet”.
“The government’s announcement on November 9 appears to indicate an interpretation of Section 313 that subsection (1) and (2) stand alone and provide broader powers than may be understood if all of the subsections were read together”, he wrote in November.
Jasmine-Kim Westendorf and Jem Atahan, convenors of the Melbourne Free University website, an independent, community-based organisation that hosts free public lectures, said they were at first confused when their website was not able to be accessed.
After persistent questioning, their ISP told them that the IP address of their website had been blocked by the Australian government.
“Even more alarmingly, [our ISP] said they were legally unable to ‘provide the details regarding who has blocked the IP or why’,” both Westendorf and Atahan wrote on ABC’s The Drum website.
“Our first thought was, what have we done to draw the eye of the authorities? Who have we had speak at the [Melbourne Free University] that might be on a blacklist? In that instant, we glimpsed the everyday reality of living under a totalitarian government.
“The [Melbourne Free University] was gagged by the exercise of an unaccountable and opaque authority.”
Westendorf and Atahan said that in their case, not only was their site inaccessible, but there was no official avenue to seek any information about what was happening. “At various times, the Attorney-General’s office, the AFP and ACMA all denied responsibility for the block. This lack of transparency was actually scary. This is what totalitarianism feels like.”
The block on their site lasted nine days in April until ASIC realised what had occurred after Melbourne Free University raised concerns, via their ISP and various media outlets.
Before now, it is understood there has only been one other publicly known occasion in Australia’s history when section 313 of the act was used to block access to internet content. In July 2011, then Attorney-General Robert McClelland wrote to the Australian Communications and Media Authority in an attempt to restrict access to an online do-it-yourself terror magazine.
A number of ISPs are understood to have received soon after a federal police section 313 notice to block the magazine, and complied.
Steve Dalby, chief regulatory officer at iiNet, told Fairfax Media he could count on one hand the number of section 313 notices issued by federal police to iiNet over the past few years. All of the notices issued to iiNet were deemed “valid” and were complied with, Mr Dalby said.
Websites asked to be blocked under the notices hosted content inciting violence and terrorism “clearly proven to be illegal”, he said, but which hadn’t been proven in a court of law.
Mr Dalby added that iiNet did not receive ASIC’s section 313 notice concerning the allegedly fraudulent website.
Peter Black, a senior lecturer of internet law at the Queensland University of Technology, said on the ABC’s PM radio program on Thursday that ASIC appeared to be using section 313 of the Telecommunications Act “to effectively introduce some form of [internet] filter” — such as the federal government’s abandoned mandatory web filter — “through the back door”.
“The big problem, in my opinion, with going down this particular path is that we’re not seeing proper parliamentary or public scrutiny about this process,” Mr Black said.
Greens communications spokesman Scott Ludlam said ASIC’s interpretation of the law — and ISPs’ acceptance of ASIC’s interpretation — opened the door “to wide-scale banning of sites” on the internet. “It also means no one is effectively in charge; other government agencies could demand sites be blocked with no co-ordination or accountability in place,” Senator Ludlam said.
Section 313 of the act states that an ISP must “give officers and authorities of the Commonwealth and of the states and territories such help as is reasonably necessary” for enforcing criminal law.
Section 313 also states that ISPs must give the same help when assisting the enforcement of the criminal laws in force in a foreign country, and if the matter relates to “protecting the public revenue” or “safeguarding national security”.
Senator Ludlam said officers and authorities of the Commonwealth and of the states and territories were a very broad scope of people who could ask for websites to be blocked.
“What this effectively says is that any officer in any state, territory or Commonwealth department could issue one of these notices and a service provider arguably then has a legal obligation to block websites,” he said. An officer could be any public servant.
Senator Ludlam added that the government had effectively introduced an internet filter “by stealth” — one of which had “caught 1200 perfectly legal websites in its net” — and called for an end to the use of section 313 of the Telecommunications Act to block access to websites.
An Australian internet industry source said they believed section 313 notices did not compel, or require, ISPs to block websites. They said the notices were not “orders”, but instead “requests”, which ISPs could choose to act on using their own discretion.
ASIC told Fairfax Media it was reviewing its processes to “disrupt access to fraudulent websites to ensure that inadvertent impact is not caused to any innocent website” in the future.
Senator Conroy’s office told Delimiter it was “working with enforcement agencies to ensure that section 313 requests are properly targeted in future” but “websites that breach Australian law can be blocked”.
Stilgherrian, a technology journalist, commentator and podcaster at ZDNet Australia, wrote in a column that in the operation of serving the Australian people ASIC had “acted recklessly” in its accidental blocking of the more than 1000 individual websites.
“This isn’t a random oopsie. This is a complete cock-up. To call ASIC’s effort ‘ham fisted’ would be an insult to people whose fists are actually made of ham,” he wrote.
Renai Lemay, editor of Delimiter, opined that it would be “very easy to foresee that other federal government agencies would like to follow the example set by ASIC and quietly use section 313 notices to block other sites on the borderlines of legality”.
Mr Lemay listed examples, like the Department of Health and Aging blocking pro-euthanasia sites or the Tax Office blocking sites promoting methods of tax evasion. The Department of Defence may also like to use the law, he said, and block sites which expose details of military misconduct.
“The list is endless, and I am sure that there are at least a couple of agencies closely examining what ASIC has done here, with a view to potentially doing the same in their own portfolios in future,” he said.
Ben Grubb - Sydney Morning Herald