Wednesday, July 14, 2010

Access controlled

The new book Access Controlled from the OpenNet Initiative is now available for free download to read free online. The sequel to the superb Access Denied, it describes a system of state control of the internet which is developing rapidly - from the relatively crude first generation of controls based on filtering and blocking towards a more sophisticated next-generation system which adds features such as built-in surveillance, control of users by contractual terms of use, and authority delegated to private bodies to oversee the net. As the introduction puts it:
States no longer fear pariah status by openly declaring their intent to regulate and control cyberspace. The convenient rubric of terrorism, child pornography, and cyber security has contributed to a growing expectation that states should enforce order in cyberspace, including policing unwanted content... Internet censorship is becoming a global norm.
As with Access Denied, the book is divided into two parts: opening with analytical chapters examining developments from data retention to the Global Network Initiative and followed by individual country and regional profiles. The latter are extremely useful overviews of the state of play worldwide - for me, however, the real strength of the book lies in the first six chapters in which a strong line up of authors consider international developments. Colin Maclay's chapter Protecting Privacy and Expression Online: Can the Global Network Initiative Embrace the Character of the Net? was a particular highlight, shining a light on a promising but as yet immature and relatively unexamined development.

Strongly recommended.

Friday, July 02, 2010 2009 Annual Report has just published its annual report for 2009 which makes for interesting reading. 2009 marks the 10th anniversary of the Hotline, which started operations in November 1999.

By way of background, is an industry self-regulatory body (or perhaps co-regulatory: the boundaries are fluid) run by the ISPAI using funding from members and from the European Commission. The role of the Hotline is to receive complaints from the public about illegal content online and to act as a filter for those complaints - for example, if illegal material is found to be hosted in Ireland it will be notified to the Garda Síochána and/or the ISP; if hosted abroad it will be notified to the local authorities via either the INHOPE network or the Garda Síochána. Although it deals with reports of illegal content generally the primary focus of the Hotline is on preventing the distribution of child pornography.

Key statistics from the report:
* 2117 total number of reports processed by the Hotline.
* 284 of the above were determined as illegal under Irish law.
* 9 of the 284 proved to be duplicate reports, resulting in,
* 275 unique illegal reports. Of these:
* 9 were other issues (such as racism, threats of violence against individuals and financial scams that had an Irish connection).
* 267 were assessed as child sexual abuse and were forwarded for action through INHOPE or to An Garda Síochána for national investigation or forwarding via Interpol to other jurisdictions. One of these reports was of child grooming, all others were cases of child pornography.
Although the number of complaints had increased, the number of child pornography images reported was significantly reduced:
the reports assessed as illegal under Irish law numbered 536 in 2008 compared with 284 in 2009, a very significant drop of 252. Analysis of the figures suggests that the decline reflects that the public simply do not encounter illegal content with the same frequency as in previous years. Similar observations have been reported by other INHOPE hotlines. This could be a turning point reflecting some degree of success due to the sustained worldwide effort to counter child abuse images on the Internet.
One complaint related to child pornography on the web hosted in Ireland (the first time this had been detected):
The problem of weak log-on/password security was highlighted last October when the Hotline had its first absolutely confirmed report of a child pornography website in Ireland. The Garda investigation discovered that because of weak log-on/passwords the site had been hacked by criminals based outside the jurisdiction. The CSAM had been placed in a separate directory which was not navigatable from the shop website. However, clicking on the link in the banner site which held the full URL led directly to the planted directory. This contained PHP routines which created a pay-site portal with preview images pulled in from hosts in other countries.

The UK hotline, the International Watch Foundation (IWF), received a report about a banner site advertising a wide range of different child pornography sources. One of the banners linked to an IP address in Ireland. The IWF forwarded the report to Our content analysts verified that the content was indeed illegal under Irish law and confirmed the trace. The ISP was a major data centre in Dublin but we discovered that the IP was in fact sub-leased to a web developer/small hosting service in Co. Cork who had created and maintained the website on behalf of the client, a small retail business.
The complaints, as in previous years, overwhelmingly related to images hosted on the web and via spam emails, with complaints relating to p2p and Usenet being a vanishingly small proportion of the total:

(This statistic, however, appears to reflect the passive role of the Hotline, which is limited to receiving complaints from members of the public - it has no proactive role to actively search out child pornography. Recent media coverage of Irish p2p users downloading and uploading child pornography suggests that a significant number of Irish users may be sharing child pornography via p2p but that this is not registering on the Hotline radar.)

One particularly interesting part of the report was its analysis of those countries where child pornography is most often found to be hosted. Until recently the US and Russia were generally regarded as the worst offenders in this regard - recently, however, Russia appears to have improved its enforcement somewhat. Although the US continues to head this list, there has been a striking fall in the number of child pornography websites detected there, which may suggest that US procedures for taking down these sites are becoming more effective: