By EDRi

This article is also available in:
Deutsch: [Dänischer Kinderpornographiefilter sperrt Google und Facebook | https://www.unwatched.org/EDRigram_10.5_Daenischer_Kinderpornographiefilter_sperrt_Google_und_Facebook]

In the morning of 1 March 2012, about 8000 websites, including Google and
Facebook, were blocked by the Danish child pornography (CP) filter. When the
customers of the affected ISPs, Siminn Denmark and Tele Greenland, made
Google searches or accessed their Facebook pages, they were met by the STOP
page for the Danish CP filter. The STOP page warns people that they are
trying to access websites with CP content, and that even viewing such
content is illegal under the Danish law.

The Danish CP filter is implemented using DNS hijacking (DNS redirection).
The participating ISPs (which are all mainstream ISPs with private customers
in Denmark) receive a list of domains to be blocked from the Danish police,
and the ISPs implement this list in their DNS resolvers. This is done in a
completely automatic process, and the ISPs believe that the Danish police is
responsible for the domains on the blocking list (although the police
usually claim that they are merely simply providing a “service” to the ISPs,
so the legal ramifications of who is responsible for what remain unclear).

The police made a serious error when they added the 8000 legitimate domains
to the blocking list, including google.com and facebook.com. The error only
affected two smaller ISPs in Denmark, because they were the first to do the
daily CP list update on their DNS resolvers, but this was sheer luck. It
could just as well have affected TDC, the largest Danish ISP. The vigilant
technical support staff at Siminn Denmark immediately alerted the Danish
police about the error, so that the blocking list was not pushed to the rest
of the Danish ISPs.

The Danish police have issued a public statement about their error and made
some comments to journalists. A police officer was investigating a number of
websites, and by accident he copied the list with 8000 legitimate domains to
a file directory that was used for updating the CP domain blocking list. The
human error combined with sloppy procedures escalated into something that
can almost be described as a “kill switch” for the Internet in Denmark.
Attempts to censor the Internet always create an artificial single point of
failure.

The Danish police in a press statement assured the public that they would
implement additional checks in their updating procedures, so that this error
cannot happen again. However, it is not the first time that the Danish
police have added legitimate domains to the CP block list.

In 2010 AK Zensur thoroughly examined 167 internet domains that were blocked
in Denmark and Sweden. Only three domains contained CP pictures, and two of
those were found on the Danish CP list leaked to Wikileaks in 2008. This
means that the websites had been on-line for more than two years, despite
the fact that the Danish police had investigated the sites and put them on
the Danish CP block list in 2008 or earlier. AK Zensur was able to take down
the three CP websites by sending a few emails to the hosting providers. If
the Danish police are just adding domains to the CP block list, without
taking any further action, they are providing a “valuable” early-warning
system to the organized crime organizations that are behind the distribution
of CP content.

The EDRi-member IT-Political Association of Denmark (IT-Pol) has fought the
Danish CP filter since its inception in 2006. Officially, it is voluntary
for Danish ISPs to participate in the blocking scheme, but it is well know
that the Danish government has threatened with legislation if the ISPs did
not (“voluntarily”) implement a blocking scheme for alleged CP content. In
reality, the blocking scheme is mandatory, but unlike blocking of websites
with copyright infringing material (another Danish speciality), the CP
filter is updated without any oversight from the courts, and even the number
of domains on the list is kept as a secret by the Danish police.
Participating ISPs have to sign a contract requiring them not to distribute
the CP domain list to anyone. On 1 March 2012 the Danish police even refused
to confirm that Google and Facebook were affected by the block, but this is
known from the complaints received by the customer service department of
Siminn Denmark.

Official statement by the Danish police (only in Danish, 1.03.2012)
http://www.politi.dk/da/aktuelt/nyheder/Fejl+blokerer+internetsider+kortvarigt.htm

A human error blacklisted in the morning 8000 innocent websites (only in
Danish, 1.03.2012)
http://www.comon.dk/art/214435/politiet-stemplede-facebook-som-boerneporno-spaerrede-8-000-lovlige-hjemmesider

Wrong file folder: The police blocked Facebook (only in Danish, 1.03.2012)
http://www.version2.dk/artikel/tog-fejl-af-filmapper-politiet-kom-til-spaerre-facebook-44026

Facebook blocked by the child porn filter (only in Danish, 1.03.2012)
http://www.bt.dk/krimi/facebook-blokeret-af-boerneporno-filter

Blocked for two years, then taken down in just 30 minutes – a disastrous
result of Internet Blocking policy (30.09.2010)
http://ak-zensur.de/2010/09/looking-away.html

(Contribution by Jesper Lund – EDRi-member IT-Pol Denmark)