The curious case of Internet filtering in Ireland

By EDRi · May 4, 2011

This article is also available in:
Deutsch: [Der seltsame Fall der Internetfilterung in Irland | http://www.unwatched.org/EDRigram_9.9_Internetfilter_in_Irland]

One of the most important developments for freedom of expression online has
been the growth of internet filtering systems, which have rapidly been
adopted by national governments as the “solution” to various forms of
internet wrongdoing. Ireland is no exception to this trend, and last month
it was revealed that the Garda Síochána (the national police force) is now
attempting to introduce a system whereby ISPs would block access to websites
alleged to host child abuse images.

It is somewhat ironic that this news becomes public just as both Germany and
the Netherlands have decided to abandon similar systems, having found that
they are ineffective as a means of tackling child abuse images. Even leaving
aside considerations of effectiveness, however, the proposed Irish system
still presents a number of significant concerns.

A fundamental principle under Article 10 of the European Convention on Human
Rights is that measures which have the effect of restricting freedom of
expression must be “prescribed by law”. In this case, however, the Irish
system would not have any legal basis whatsoever, much less any judicial
oversight or control. Instead, it would involve the police in telling ISPs
what domains to block on a “self-regulatory” basis. Consequently, it would
seem on the face of it that the proposed system would violate Article 10.
The European Commission recently reached the same conclusion about
self-regulatory blocking systems (p.30) as did a government study which was
decisive in causing the Dutch blocking system to be abandoned.

A further problem relates to the secret manner in which the government and
the police have attempted to introduce this system. There has been no public
consultation or debate of any kind regarding blocking – instead, information
has only dripped out in response to freedom of information requests and
leaks from ISPs. This is particularly worrying given that (as Lessig points
out) internet filtering is an inherently opaque process, which is prone to
operating in an unaccountable way and to being extended beyond its original
purposes. In the Irish context, the secrecy surrounding the introduction of
filtering doesn’t bode well for the future.

The nature of the proposed blocking is also worrying. What Irish police have
suggested is based on the CIRCAMP model, which attempts to block material by
using DNS tampering. In short, the police would notify ISPs to block
example.com or subdomain.example.com and the ISP would then
configure their DNS servers to redirect all attempts to visit any material
hosted on those (sub)domains. The effect would be massive overblocking,
where users would be unable to visit any page hosted on a particular domain,
irrespective of whether it had any connection whatsoever with the blocked
material. Last February, a similar approach in the United States saw over
84,000 innocent websites being wrongfully blocked, and there is no reason to
think that the Irish approach would be any more precise.

Finally, one particularly unusual aspect of the proposals is the way in
which the police seek to introduce monitoring of users. According to the
proposals, where a user attempts to view a blocked domain name, police would
“obtain details of other websites visited by the user, along with other
technical details, in order that they can identify any new websites that
require blocking”. This, in effect, seeks the full browsing history of
users – whether or not there has been any attempt on their part to view
child pornography! (Bearing in mind that DNS tampering results in massive
overblocking, it is quite likely that a user may have their browsing history
disclosed due to an attempt to visit example.com/innocent_content when the
entirety of example.com has been blocked due to a single image or page
elsewhere in the site.) This raises fundamental privacy and data protection
concerns, particularly given that a user can often be identified by viewing
their browsing history, and has therefore been referred to the Data
Protection Commissioner for investigation.

Given these problems, it must be hoped that these proposals are abandoned.
But quite apart from these particular proposals, it is now also time to look
at the other systems of internet filtering in Ireland that have developed on
an ad hoc basis. In particular, Irish mobile phone companies have been
engaged in self-regulatory blocking for some time, in a manner which
often affects innocent users due to crude DNS systems. Similarly, the
largest Irish broadband provider Eircom recently settled an action brought
by the music industry by (amongst other things) agreeing to block access to
The Pirate Bay and “related domain names”. These systems have developed
without any real public scrutiny or oversight and it is time to consider the
effect which they have on users, whether they are subject to adequate
transparency and oversight mechanisms and whether or not they are effective
at achieving their goals.

Garda plans to introduce web blocking in Ireland (29.03.2011)
http://www.digitalrights.ie/2011/03/29/garda-plans-to-introduce-web-blocking-in-ireland/

Governmental filtering of websites: The Dutch case (2009
http://cli.vu/pubdirectory/363/manuscript.pdf

Garda plans for web blocking referred to Data Protection Commissioner
(29.03.2011)
http://www.digitalrights.ie/2011/03/29/garda-plans-for-web-blocking-referred-to-data-protection-commissioner/

An Object Lesson in Overblocking (17.02.2011)
http://www.cdt.org/blogs/andrew-mcdiarmid/object-lesson-overblocking

Original article: The curious case of internet filtering in Ireland
(11.04.2011)
http://www.tjmcintyre.com/2011/04/curious-case-of-internet-filtering-in.html

(contribution by TJ McIntyre – EDRi-member Digital Rights Ireland)