ACS: ISP-filtering could affect Internet speeds and prices

Federal Government's plan faces numerous technical challenges and lacks clear policy articulation

The Federal Government’s Internet filtering scheme is likely to impact ISP networks speeds, and ultimately, the cost of Internet access for consumers, a new report from the Australian Computer Society (ACS) e-security Task Force has found.

According to the Technical Observations On ISP Based Filtering Of The Internet report, while ISP-based filtering could help prevent "inadvertent exposure" to illegal material, doing so would come at a “dollar cost for ISPs to implement relevant filters and the potential impacts on the ISP networks, depending on the type and extent of filtering required by the Government”.

"Mandating or architecting a network so that all packets pass by a filtering point can create performance problems, duplicated traffic paths and may increase the bandwidth costs for ISPs," the report found. “Not all applications work well with a proxy server and so the performance of the ISP can degrade. Proxies can degrade ISP performance particularly during periods of high traffic – they become bottlenecks and can reduce Internet speeds.”

The report found that while smaller ISPs may have enough network performance to ensure that an ISP filter would not create a bottleneck and significantly affect user speeds, a failure in the Internet filter – based on the ISP side of the network – would become a source of service disruptions for customers.

ISPs operating with faster backbones would be required to invest in expensive higher capacity filters if they wished to filter all traffic at their maximum speed, the report found.

Larger ISPs running filters in the core if the networks would need to invest in load balancing and server clustering gear to ensure that filter placement did not lead to a single point of failure, and subsequent service disruption. However, having a single load balancer would introduce another single point of failure, while having multiple load balancers would lead to a complex network topology that may only be feasible for large ISPs, the report found.

“While filtering at the [ISP’s Points of Presence] would be another option, for a large ISP, this would require installation of dozens of gatekeeper boxes, which can make this option somewhat impractical,” the report reads.

“Another concern with filtering at the ISP core is the potential for it to necessitate changes in the ISP’s routing (depending on their existing routing, traffic flows, transit & peering arrangements and international gateways), and performance impacts as traffic is forced into sub-optimal paths in order to pass by or through the filtering systems. This could necessitate costly upgrades to backhaul capacity and increased transit costs.”

Technical challenges

The report also found that ISP-based Internet filtering faced a number of technical challenges including the ease of which websites could change their addresses that they no longer matched black or white list and the fact that not all users access the Internet via an ISP. “Push technologies (such as RSS) often bypass the proxy server and deliver content directly to the user so circumventing the filtering process,” the report found. “Many sites have mirrors and multiple URLs and if these are not included in the black list then the filtering process can be circumvented.”

Imperfect language translation tools, which were often automated, also resulted international sites may not be filtered effectively, the report found. Not all white and black lists contained domain names as well as IP addresses, meaning they were less effective.

“Although ISP-level filtering can reduce the likelihood of inadvertent exposure, it cannot completely prevent inadvertent exposure as it is only feasible to filter out those sites and pages that have been identified at an earlier time…” , the report reads.

“The technical assessment of the Task Force is that there is no single mechanism that can filter out or block illegal material on the Internet accurately 100 per cent of the time. A multi faceted approach is needed to address this issue that will involve filtering technologies at the ISP, user and enterprise levels, increased professionalism and tighter controls around domain name registration, education at all levels of society and parental oversight.”

The report also found that there was no technological substitute for appropriate education and parental supervision of young people who are using the Internet.

“Education and oversight remains the best method of ensuring that children (and other end users) are aware of online safety and are not viewing inappropriate material or engaging in inappropriate behaviour online,” the report reads.

ISP Filtering policy needs better articulation

The report also called on the federal government to clearly articulate whether the policy objective for filtering was based on avoiding inadvertent or unintended viewing of RC or illegal content; preventing, detecting, blocking and prosecuting deliverable access, publication or circulation of RC or illegal content; or, deterring both inadvertent and/or deliberate interaction with a wider ambit of RC, illegal or prohibited material using any method of Internet access

“It is vitally important to understand the policy for filtering, as the means of realising the filtering to achieve the policy will be quite different in each case,” the report reads.

According to the report, the Federal Government’s ISP filtering program objectives needed to be clearly defined including performance standards, clarity around the definition of material to be filtered, reporting processes and filtering processes to be used.

“However, even with the best ISP level and PC based security systems and education programs in place, it is unrealistic to expect that all illegal material will be caught,” the report reads. “A set and forget solution simply does not exist and filters do not replace adequate parental supervision.

“People will still open suspicious emails and click on malicious code. Empowering people with adequate knowledge of e-security threats and how they can take responsibility for reducing those threats remains the best defence against Internet security threats.”

Sign up for Computerworld newsletters here.

Got a news tip? Email Computerworld or follow @computerworldau on Twitter.

More about: ACS, Australian Computer Society
References show all

Comments

1

gnome

Mon 12/10/2009 - 14:03

@ACS report: “However, even with the best ISP level and PC based security systems and education programs in place, it is unrealistic to expect that all illegal material will be caught.”

No, of course it won't, so Canute Conroy is the only one who thinks it will (or acts as if he does). But the biggest problem to be emphasised is that it is not just illegal material that will be on the blacklist.

Conroy & Co have made it clear that they will use their filter to secretly ban anything that they (or some fundamentalist pressure group) considers to be "inappropriate". There's a big difference between what the law already says is illegal, and the desire of the wowsernazis to stop us from saying rude words, or whatever.

2

Fitzy

Mon 12/10/2009 - 14:27

If a website has some material deemed illegal on one small part of it then the whole site is banned?
I would have thought the Government would have seen how stupid the idea is (noting that most illegal stuff occurs peer to peer which won't be caught) and backed down long ago with minimum egg ocn it's face. Such stupidity is breathtaking.

3

Anonymous

Mon 12/10/2009 - 16:35

As Conroy puts it "This is not a silver bullet". I think some serious questions need to be asked - if this is not a silver bullet then what actually is it?
The beginning of a more Draconian filtering system that might actually make it somewhat effective?
A cheap vote grabber?
Sheer incompetence and ignorance on what the internet actually is? And perhaps a giant waste of taxpayers money which would be better spent on, I dunno, THE POLICE!

Or all of the above.

4

Anonymous

Mon 12/10/2009 - 21:05

well isn't all this BLATANTLY OBVIOUS!!
like the privatisation of telstra, WHO COULDN'T SEE THAT ONE COMING!!
Politicians in this country are too short sighted to think about any future ramifications/consequences that their policies could result in.
why should i rant though? i'm leaving this soon to be 3rd world country and going somewhere the people still have some freedom.

so long suckers!!

5

sonke

Mon 12/10/2009 - 21:13

yep - with you on this one... later christian police nation... hello berlin...

6

ACS Rubbish

Tue 13/10/2009 - 12:09

What a load of crap ACS. I barely made it past the first page where you over rate who you are and what you do. What is the point?

7

Anonymous

Fri 16/10/2009 - 14:53

"Federal Government's plan faces numerous technical challenges and lacks clear policy articulation"
Yeah..! ie, the normal Status Quo..! So what's your point...?????

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: acs, internet content filtering, internet filtering, isp
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/160/ultraiso/

UltraISO

UltraISO is an ISO CD/DVD image file tool that creates, edits and converts. It is also a bootable CD/DVD maker that has the ability to ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia