Nart Villeneuve, director of technical research for Citizen Lab in Toronto, took the stage during a tense moment in the Expression Under Repression discussions. Rebecca announced that we’d be cancelling the planned break in the middle of our session – after the fact, I learned that our colleagues at Hivos were concerned that, if we paused the session, we wouldn’t be able to begin again as Tunisian plainclothed security forces had been threatening to shut the session down. We were also told that no one could hand out any papers, cards or other information during the session – again, trying to keep from provoking the Tunisian authorities. With extra time for questions, a Tunisian guest – from the Association of Tunisian Mothers – stood and read a long, prepared statement in French. Elijah Zarwan of Human Rights Watch offered a translation of her key point – that Tunisia’s decision to filter the internet had to do with matters of national security.
We’d expected Nart’s talk to be the most provocative, but we hadn’t counted on the context in which he’d need to deliver it. But Nart presented an overview of internet filtering with calm professionalism, referencing the recent ONI study on filtering in Tunisia, but being sure to focus equally on filtering regimes around the world.
Nart’s focus is on technical means of internet control, leaving aside non-technical means, like legislation. Specifically, he’s focused on content filtering, rather than service filtering (blocking things like Voice over IP telephony.) Content filtering takes place for reasons of cultural preservation – preventing a culture from the influence of pornography or gambling – or for political reasons – silencing dissidents or independent media.
Filtering occurs at different levels within the Internet – at the level of a personal machine, an ISP, or near a national gateway. Generally, sites are filtered using the DNS system, blocking IP addresses or URLs. DNS filtering, Nart points out, is fairly ineffective – if you tell a national DNS server not to resolve the name ethanzuckerman.com, the IP address – 126.96.36.199 – will still get you to my site. So most nations who filter the internet block specific server IPs, or specific URLs.
ONI tests what filtering is taking place by obtaining connections from various ISPs within a country and seeing what URLs are blocked – the results can tell them what technique, and sometimes what software, is being used to do the blocks. Generally speaking, nations that are just now connecting to the Internet frequently optimize their networks for URL-based filtering, which is more fine-grained and accurate, but costly in terms of computer processing power. Countries already widely net connected tend to use IP filtering instead, which is easier to implement on a widespread basis. The software used, most often, is imported from the US – SmartFilter, WebSense and Cisco are all widely used by governments to filter net sites.
Nart mentions Saudi Arabia’s policy of blocking pages with an explicit message, making it clear that content is being blocked by a national firewall and offering users a chance to have the URL in question reviewed. Most countries – including Tunisia – don’t do this – they simply give you a generic error page. And most countries don’t have a set of consistent policies of what they block, or how they review blocked sites.
Generalizing from all the sites ONI has surveyed, the largest category of sites blocked are pornographic sites, followed by anonymizer sites, gambling, sex, alcohol and drug-related sites. In sheer numerical terms, political and religious sites don’t register as major categories. Censorship, Nart believes, usually begins with pornography, then moves to other topics as the temptation to block gets stronger. He gives the example of Thailand, where a panel of government and civil society organizations made the reasonable decision to block violent pornographic sites. Some months later, Thailand also started blocking sites critical of the king, or attempting to expose political corruption. Once the power exists, the tempation to block is very strong.
Nart’s greatest concern is overblocking. When countries block by IP, they block all the sites associated with that IP. Try to block a page on Blogger and you can inadvertently block all blogs. When trying to block 31 sites that contained North Korean propoganda, South Korea blocked over 3000 sites by accident. Nart is concerned that the lists used to block IPs and URLs aren’t published – in fact, they’re protected as trade secrets by the companies that compile them. And there’s no transparent review process to get sites taken off these lists.
I missed the end of Nart’s talk, dealing with some of the circumstances surrounding the Tunisian opposition to our discussions, so I’m very much looking forward to his workshop tomorrow on circumventing firewalls.