The Daily Show Now Unavailable Online in Australia

Today, The Daily Show website joins a long list of innovative online content services, such as Hulu and Pandora Internet Radio, that are unavailable to Australian residents.

Attempting to view an episode of The Daily Show from an Australian IP address results in the following:

The Daily Show website viewed from Australia

Other services, like iTunes and Audible, offer limited catalogues of content to their Australian users. And movies and television series that are made available to Australians months after they’re made available elsewhere.

The frustration is ineffable.

A number of people have noted that you can use VPN services, such as HotSpotVPN, or other US-based proxies to make these sites believe you’re connecting from within the US. You can, of course. But, other than the extra cost, you’d be in breach of the terms of service:

This Site is offered and made available only to users 18 years of age or older who reside in United States of America. If you are not yet 18 years old, or do not reside in the United States, please discontinue using the Site immediately … by using or attempting to use the Site, you certify that you are at least 18 years of age and meet any other eligibility and residency requirements of the Site.

At least we have Foxtel.com.au, where you can watch ads for Foxtel 24-hours-a-day.

Read full post »

Tags: copyright, online content, television

Exetel Trials Filtering with No Ability to Opt-Out

Exetel announced that it would run its own filtering trial, independently of the Government-run trial with no ability to opt out.

Around noon yesterday, four weeks late for April Fools’, Steve Waddington of Exetel announced that Exetel would run its own Internet filtering trial, independently of the Government-run trial. The kicker? There is no ability to opt-out of the trial.

The announcement states that the purpose of the trial is to give engineers and administrators an opportunity to understand the filtering technology, its implementation, and its costs.

We anticipate that the implementation of this NetClean system will have no impact for any end user. However, if you suspect you have been impacted, please post your experience here and we will investigate and report back.

Most curiously, the announcement states—

Any opinions or comments relating to your personal views on government filtering should be directed to your local MP.

The trial is set to start today and is expected to run ‘a few days to a week’.

Technical Summary

Last Friday, Steven Waddington posted some technical details about the NetClean WhiteBox that Exetel would use. You can get the firsthand information here.

If I understand correctly, the system is set up as a BGP neighbour. It queries DNS servers for the IPs of all blacklisted sites. It then poisons the attached network by advertising hostroutes for these IP addresses with itself as the next hop.

Since ISPs do this kind of routing anyway, so long as the blacklist is small (less than around 10,000 IPs according to the system’s makers), there should be no discernible impact on performance.

When a request is routed to the filtering system, the filter inspects it to determine whether the specific URL requested is on the blacklist. That way, when blacklisted content shares an IP with non-blacklisted content, the non-blacklisted content isn’t blocked.

It’s an elegant solution, insofar as it’s a clever implementation of bad policy.

No Opt-Out

Steven Waddington confirmed in a reply to a comment to his technical post that there’s no ability to opt out. In the forum, it’s explained that it’s technically infeasible for this system to allow end-users to opt-out.

I’m not intimately familiar with this technology, but I don’t see why that would be the case. The system would only have to check for an opt-out preference after it receives a routed IP and has confirmed that the requested URL is blacklisted. This should occur for relatively few requests with a small blacklist.

Of course, you can still ‘opt-out’ by using a proxy server, a VPN, or Tor.

What’s Filtered

Steve Waddington’s technical post states that the makers of the NetClean WhiteBox, Watchdog International (whose motto is appropriately ‘get the worst out of the Internet’), are supplying Exetel with a list of 198 IPs. What does it contain?

It’s a technical trial so it really doesn’t matter. If ever a law is passed that requires Exetel [to] use a list of sites then the Australian Federal [Government] would be the only issuing authority.

So we don’t know what’s on the list, but we do know that the list won’t be expanded during the course of the trial. The system only works with small blacklists, and doesn’t support any kind of dynamic filtering.

Conclusion

The key points are that Exetel is running a filtering trial with no-opt out mechanism. It’s using a blacklist of 198 unknown IPs. There is no dynamic filtering, and seemingly no plans for any trial of such technology.

It’s likely that Exetel customers won’t notice a change, other than a sinking feeling of knowing that they are one step closer to an Orwellian Australia.

This post covers recent events and may contain errors or inaccuracies. Exetel hasn’t provided an official statement detailing this trial, and much of the information posted here is from semi-official sources.
I am opposed to any plan for mandatory filtering of online content.

Read full post »

Tags: censorship, clean feed, politics

Classification Board Website Finally Back Online

Nearly a full month after it was hacked, an overhauled version of the Classification Board website is finally back online.

On 26 March 2009, the Classification Board website was hacked, and the text on the homepage was replaced. The altered site was available for around three-and-a-half hours before it was taken offline. And, five days later, a placeholder page was posted.

Today, nearly a full month after the site was hacked, the site is now back online:

Updated Classification Board website

The entire website appears to have been overhauled. Most notably, the design and layout of the site has been updated. Presumably, attention was given to security too.

While I hadn’t spent much time on the old Classification Board website, the new site appears to be an improvement. It’s certainly better than the Courts Administration Authority of South Australia website, which is still firmly lodged in the ’90s.

Read full post »

Tags: censorship, clean feed, defaced sites, security

Why ACMA Probably Won’t Fine You $11,000 a Day

A detailed look at the regulation of Australian-hosted prohibited content, and why ACMA probably won’t fine you $11,000 per day for hosting it.

In March 2009, ACMA issued a notice to Bulletproof Networks, who host the popular Whirlpool online discussion site. The notice required Bulletproof Networks to remove a link to a blacklisted anti-abortion site, and threatened an $11,000 per day fine if it failed to comply.

After this, some people expressed concern that they’d be fined for linking to a site on a secret blacklist. For example, this blog said—

ACMA plans to fine any site that links to a blacklisted site up to A$11,000 per day. The catch is—doubtless you saw this coming, citizen—the blacklist’s contents are secret. If you link to its prohibited sites, you won’t know until ACMA fines you.

To explain why this isn’t the case, I have provided a summary of the regulation of prohibited content and potential prohibited content hosted in Australia found in Schedule 7 of the Broadcasting Services Act 1992 (Cth).

I detailed the definition of ‘prohibited content’ and ‘potential prohibited content’ in a previous post that dealt with such content hosted overseas. Recapping briefly, ‘prohibited content’ is—

  • content rated RC or X 18+;
  • content rated R 18+ and not subject to a restricted access system; and
  • content rated MA 15+ provided by certain commercial services and not subject to a restricted access system.

When ACMA finds prohibited content or potential prohibited content, or links to such content, hosted in Australia, it issues the provider a notice that requires them to cease providing the content. The provider must comply with the notice by 6 pm the next business day or face fines up to $11,000 per day.

So it’s not an offence to host or link to such content in Australia. It’s only an offence to fail to comply with a notice from ACMA directing you to cease doing so. You won’t get a surprise fine.

Below, I provide a detailed look at the regulation.

Australian Connection

The first thing about the regulation of prohibited content and potential prohibited content in Schedule 7 is that it applies only to content services and hosting services that have an ‘Australian connection’. Clause 3 provides—

  • (1) For the purposes of this Schedule, a content service has an Australian connection if, and only if:
    • (a) any of the content provided by the content service is hosted in Australia; or
    • (b) in the case of a live content service—the live content service is provided from Australia.
    Note: A link is an example of content. If a link provided by a content service is hosted in Australia, the content service will have an Australian connection (see paragraph (a)).
  • (2) For the purposes of this Schedule, a hosting service has an Australian connection if, and only if, any of the content hosted by the hosting service is hosted in Australia.

Prohibited Content

The action taken by ACMA depends on whether the content is prohibited content or potential prohibited content. In relation to prohibited content, clause 47(1) provides—

  • If, in the course of an investigation under Division 2, the ACMA is satisfied that:
    • (a) content hosted by a hosting service provider is prohibited content; and
    • (b) the relevant hosting service has an Australian connection;
    the ACMA must:
    • (c) if:
      • (i) the content does not consist of an eligible electronic publication; and
      • (ii) the content has been classified RC or X 18+ by the Classification Board;
      give the hosting service provider a written notice (a final take-down notice) directing the hosting service provider to take such steps as are necessary to ensure that a type A remedial situation exists in relation to the content

Essentially, a ‘type A remedial situation’ is one in which the provider no longer provides the content. Since the content has actually been classified by the Classification Board, the notice to stop hosting the content is final.

  • (d) if:
    • (i) the content does not consist of an eligible electronic publication; and
    • (ii) the content has been classified R 18+ or MA 15+ by the Classification Board;
    give the hosting service provider a written notice (a final take-down notice) directing the hosting service provider to take such steps as are necessary to ensure that a type B remedial situation exists in relation to the content

A ‘type B remedial situation’ is essentially one in which the provider either no longer provides the content or makes the content subject to a restricted access system. This is because content classified R 18+ or MA 15+ isn’t prohibited content if it’s subject to a restricted access system.

  • (e) if:
    • (i) the content consists of an eligible electronic publication; and
    • (ii) the content has been classified RC, category 2 restricted or category 1 restricted by the Classification Board;
    give the hosting service provider a written notice (a final take-down notice) directing the hosting service provider to take such steps as are necessary to ensure that a type A remedial situation exists in relation to the content.

The different classification level here matches the different definition of prohibited content applicable where the content is an eligible electronic publication, as explained in my previous post. Briefly, an ‘eligible electronic publication’ is an electronic version (or an audio recording) of a book, magazine, or newspaper that is or was available to the public in Australia.

Potential Prohibited Content

In relation to potential prohibited content, the procedure is essentially the same, except that the notice is only an interim notice until the content is actually classified by the Classification Board. Clause 47(2) provides—

  • If:
    • (a) in the course of an investigation under Division 2, the ACMA is satisfied that:
      • (i) content hosted by a hosting service provider is potential prohibited content; and
      • (ii) the relevant hosting service has an Australian connection; and
    • (b) the ACMA is satisfied that, if the content were to be classified by the Classification Board, there is a substantial likelihood that:
      • (i) if the content does not consist of an eligible electronic publication—the content would be classified RC or X 18+; or
      • (ii) if the content consists of an eligible electronic publication—the content would be classified RC or category 2 restricted;
    the ACMA must:
    • (c) give the hosting service provider a written notice (an interim take-down notice) directing the provider to take such steps as are necessary to ensure that a type A remedial situation exists in relation to the content until the ACMA notifies the hosting service provider under subclause (4) of the Classification Board’s classification of the content; and
    • (d) apply to the Classification Board under clause 22 for classification of the content.

Type A and type B remedial situations are the same as for prohibited content, so the effect of the above is that the provider must cease providing the content until it’s actually classified by the Classification Board.

Clause 47(3) continues—

  • If:
    • (a) in the course of an investigation under Division 2, the ACMA is satisfied that:
      • (i) content hosted by a hosting service provider is potential prohibited content; and
      • (ii) the relevant hosting service has an Australian connection; and
    • (b) the content does not consist of an eligible electronic publication; and
    • (c) the ACMA is satisfied that, if the content were to be classified by the Classification Board, there is a substantial likelihood that the content would be classified R 18+ or MA 15+;
    the ACMA must:
    • (d) give the hosting service provider a written notice (an interim take-down notice) directing the provider to take such steps as are necessary to ensure that a type B remedial situation exists in relation to the content until the ACMA notifies the hosting service provider under subclause (4) of the Classification Board’s classification of the content; and
    • (e) apply to the Classification Board under clause 22 for classification of the content.

The effect here is that the provider must either cease providing the content or make it subject to a restricted access system until the content is actually classified by the Classification Board.

Actual Classification

Once the Classification Board classifies the content (which used to be potential prohibited content), ACMA must notify the provider and, if the classification is such that the content is now prohibited content, issue a final take-down notice.

Clause 47(4) provides—

  • If, in response to an application made as required by subclause (2) or (3), the ACMA is informed under paragraph 23(b) of the classification of particular content, the ACMA must:
    • (a) give the relevant hosting service provider a written notice setting out the classification; and
    • (b) in a case where:
      • (i) the content does not consist of an eligible electronic publication; and
      • (ii) the effect of the classification is that the content is prohibited content because it has been classified RC or X 18+ by the Classification Board;
      give the hosting service provider a written notice (a final take-down notice) directing the provider to take such steps as are necessary to ensure that a type A remedial situation exists in relation to the content; and
    • (c) in a case where:
      • (i) the content does not consist of an eligible electronic publication; and
      • (ii) the effect of the classification is that the content is prohibited content because it has been classified R 18+ or MA 15+ by the Classification Board;
      give the hosting service provider a written notice (a final take-down notice) directing the provider to take such steps as are necessary to ensure that a type B remedial situation exists in relation to the content; and
    • (d) in a case where:
      • (i) the content consists of an eligible electronic publication; and
      • (ii) the effect of the classification is that the content is prohibited content because it has been classified RC, category 2 restricted or category 1 restricted by the Classification Board;
      give the hosting service provider a written notice (a final take-down notice) directing the provider to take such steps as are necessary to ensure that a type A remedial situation exists in relation to the content.

Since the content has now actually been classified by the Classification Board, the notices are all final.

Type A and Type B Remedial Situations

I have briefly summarised what type A and type B remedial situations are, but the specific wording of the definitions may be important. Clause 47(6) provides—

  • For the purposes of the application of this clause to a hosting service provider, a type A remedial situation exists in relation to content at a particular time if:
    • (a) the provider does not host the content; or
    • (b) the content is not provided by a content service provided to the public (whether on payment of a fee or otherwise).

And clause 47(7) provides—

  • For the purposes of the application of this clause to a hosting service provider, a type B remedial situation exists in relation to content at a particular time if:
    • (a) the provider does not host the content; or
    • (b) the content is not provided by a content service provided to the public (whether on payment of a fee or otherwise); or
    • (c) access to the content is subject to a restricted access system.

Compliance

Clause 53 provides—

  • (1) A hosting service provider must comply with an interim take-down notice that applies to the provider as soon as practicable, and in any event by 6 pm on the next business day, after the notice was given to the provider.
  • (2) A hosting service provider must comply with a final take-down notice that applies to the provider as soon as practicable, and in any event by 6 pm on the next business day, after the notice was given to the provider.

Clause 53(6) provides that subclauses (1) and (2) are designated content/hosting service provider rules.

Criminal Offence

Clause 106 then provides—

  • (1) A person commits an offence if:
    • (a) the person is a designated content/hosting service provider; and
    • (b) the person engages in conduct; and
    • (c) the person’s conduct contravenes a designated content/hosting service provider rule that applies to the person.
    Penalty: 100 penalty units.
  • (2) A person who contravenes subclause (1) commits a separate offence in respect of each day (including a day of a conviction for the offence or any later day) during which the contravention continues.

Since section 4AA(1) of the Crimes Act 1914 (Cth) defines ‘penalty unit’ as $110 and section 4B(3) of that Act provides that the maximum penalty is five times the specified amount when the person convicted is a body corporate, the maximum penalty here is $11,000 per day for an individual and $55,000 per day for a body corporate.

Civil Penalty

Clause 106 discussed above creates a criminal offence that requires the prosecution to prove its case to the criminal standard (that is, beyond reasonable doubt). In addition to clause 106, clause 107 provides—

  • (1) A person must not contravene a designated content/hosting service provider rule if:
    • (a) the person is a designated content/hosting service provider; and
    • (b) the rule applies to the person.
  • (2) Subclause (1) is a civil penalty provision.
  • (3) A person who contravenes subclause (1) commits a separate contravention of that subclause in respect of each day (including a day of the making of a relevant civil penalty order or any subsequent day) during which the contravention continues.

Section 205F(1) of the Act provides that where a person contravenes a civil penalty provision, the Federal Court may order the person to pay the Commonwealth a pecuniary penalty on application by ACMA. This is called a ‘civil penalty order’.

The most important thing about civil penalty orders is that the Court will apply the civil rules of evidence and procedure during the hearing, as provided by section 205K. This means that the Court has to be satisfied of the contravention only to the civil standard (that is, on the balance of probabilities).

Section 205F(3) lists the factors relevant to determining the amount of the penalty, but subsection (4) provides that the amount cannot be higher than the maximum penalty for the corresponding criminal offence.

Finally, section 205L provides such an order cannot be made against a person if that person has been previously found guilty of the corresponding criminal offence, though section 205N provides that a person can be convicted of the corresponding criminal offence after a civil penalty order has been made.

Links Services and Live Content Services

The regulation summarised above is the general regulation. There are separate provisions dealing with links services and live content services, which I won’t set out in as much detail since they operate much the same way.

A ‘links service’ is merely a content service that provides one or more links to content. Under Division 5 of Part 3, ACMA must issue a link-deletion notice if—

  • (a) end-users in Australia can access content using a link provided by a links service; and
  • (b) the content is prohibited content or potential prohibited content; and
  • (c) the links service has an Australian connection.

Essentially, this means that ACMA will issue a link-deletion notice if a link hosted in Australia allows end-users in Australia to access prohibited content or potential prohibited content irrespective of where that content is actually hosted.

Relevantly, the definition of ‘content service’ in clause 2 explicitly excludes Internet search engines and directories, so long as they don’t specialise in prohibited content or potential prohibited content.

A ‘live content service’ is a content service that provides live content, unsurprisingly. Under Division 4 of Part 3, ACMA must issue a service-cessation notice if—

  • (a) live content provided by a live content service is prohibited content or potential prohibited content; and
  • (b) the live content service has an Australian connection.

Both link-deletion notices and service-cessation notices operate fundamentally the same way as take-down notices. That is, a final or interim notice is issued depending on whether the content has actually been classified by the Classification Board and the provider must comply as soon as practicable but no later than 6 pm the next business day or risk a fine or civil penalty.

Maintaining Our Implied Freedoms

Finally, because Parliament had a sense of humour, clause 121(1) provides—

  • This Schedule does not apply to the extent (if any) that it would infringe any constitutional doctrine of implied freedom of political communication.

We don’t have a right to freedom of expression in Australia. We only have a limited implied freedom to communicate on political matters, which is much narrower in scope:

Political views

Conclusion

While it’s not an offence to host or link to prohibited content or potential prohibited content in Australia, the effect of the current regulations is that prohibited content and potential prohibited content isn’t hosted in Australia. No one will invest time or money in such a site, only to be required to take it down when ACMA inevitably issues a notice.

However, the definition of ‘Australian connection’ is such that Australian-controlled sites can still provide prohibited content and potential prohibited content to Australians, so long as all of the content that the sites provide is hosted outside Australia.

As explained in my previous post dealing with overseas-hosted prohibited content and potential prohibited content, it’s not an offence for Australians to view such sites, so long as the content in those sites isn’t illegal under some other law.

Update: You can see an example of a final link-deletion notice here.

While I have attempted to write this post (except the cartoon) without bias, I am opposed to any plan for mandatory filtering of online content.
This post is not intended as legal advice. I make no representations whatsoever as to its quality, and will not be liable for any loss, injury, or damage howsoever resulting from it. Seek independent legal advice.

Read full post »

Tags: ACMA, Broadcasting Services Act 1992 (Cth), censorship, clean feed

Force CommSec to Use HTTPS with NoScript

Use the NoScript add-on for Firefox to force the CommSec website to use HTTPS.

On 20 March 2008, I wrote about CommSec’s use of non-SSL frames pages for its online banking. Although the CommSec homepage is delivered using SSL with an Extended Validation Certificate, once you log in you’re presented with a non-SSL frames page:

CommSec without SSL

gHacks posted recently that you can use NoScript, an add-on for Firefox, to force the browser to use HTTPS for specified domains. You can use it to force CommSec to use HTTPS too.

To do this, download NoScript from here. Open the options for NoScript and go to the HTTPS sub-tab on the Advanced tab. Under ‘Force the following sites to use secure (HTTPS) connections’, enter *.comsec.com.au:

NoScript HTTPS options

Now, the CommSec website should always use HTTPS:

CommSec with SSL

You can use this same method to force other websites to use HTTPS too, like Facebook or Twitter.

Remember, though, that NoScript’s primary function is to block scripts and other active content found on most websites. This is useful for security conscious users, but it’ll break most websites.

If you want to force certain websites to use HTTPS but don’t want to block scripts or other active content, you have to disable that blocking in the NoScript options.

Update: It turns out that forcing HTTPS connections for *.comsec.com.au breaks some functionality. Forcing HTTPS connections for only www.comsec.com.au achieves the same goal, but without breaking anything (that I know of):

Updated NoScript HTTPS options

The reason why *.comsec.com.au doesn’t work is that CommSec doesn’t support HTTPS connections to prices.comsec.com.au. So when you try to get a stock quote, your browser will attempt an HTTPS connection, which will fail.

Now, quotes should work, but they will be delivered over HTTP. And your browser will give you a warning to that effect.

Read full post »

Tags: CommSec, online banking, security, SSL