news The Australian Federal Police has sought to prevent the public from ascertaining the identities of ISPs participating in the Federal Government’s voluntary filter scheme for child abuse materials, through redacting the ISPs’ details from relevant documents released under Freedom of Information laws.

In November last year, Communications Minister Stephen Conroy formally dumped the Government’s highly controversial mandatory Internet filtering scheme, instead throwing his support behind a much more limited scheme which sees Australian ISPs voluntarily implementing a much more limited filter which Telstra, Optus and one or two other ISPs had already implemented. Vodafone is also believed to be implementing the filter, and the process is also believed to be under way at other ISPs such as iiNet.

The ‘voluntary’ filter only blocks a set of sites which international policing agency Interpol has verified contain “worst of the worst” child pornography — not the wider Refused Classification category of content which Conroy’s original filter had dealt with. The instrument through which the ISPs are blocking the Interpol list of sites is Section 313 of the Telecommunications Act. Under the Act, the Australian Federal Police is allowed to issue notices to telcos asking for reasonable assistance in upholding the law. It is believed the AFP has issued such notices to Telstra and Optus to ask them to filter the Interpol blacklist of sites.

In mid-January this year Delimiter filed a Freedom of Information request seeking the complete text of all notices issued by the AFP under Section 313 of the Telecommunications Act over the two years preceding 14 January 2013 that mentioned the Interpol blacklist; as well as any responses sent by ISPs to the AFP in response to the issuing of those notices, and any subsequent communication from the AFP in response.

In response, the AFP this month published two documents; a decision letter (download PDF here) relating to the request and a longer document compiling all of the Section 313 notices and responses. The second document is 10.6MB in size and is available to download here in PDF format.

The documents reveal that the AFP has issued only a small number of Section 313 notices under the scheme; and certainly not enough notices to cover most of the ISPs operating in Australia. The AFP appears to have issued Section 313 notices in two tranches; in June 2011, shortly before Telstra and Optus implemented their Interpol filters in July that year, and more notices in mid-October 2012, shortly before Conroy announced the Government’s plans to abandon its more comprehensive filtering plans in November.

However, in all cases the AFP has removed all references to the specific ISPs which it targeted with its notices, citing several sections of the applicable FOI legislation. The two principal sections cited by the AFP in its redactions to its documents include subsection 37(2)(b) of the FOI Act, and subsection s47E(d), as well as section 47F.

In its letter, the AFP stated that portions of the documents released — namely, the identities of the ISPs — constituted information that would disclose methods and procedures used by the AFP in investigations of breaches of the law. With reference to another subsection, the AFP noted that while there was a public interest in the information being released, there was a need to ensure “continued cooperation during police investigations and the effectiveness and integrity of current procedures”.

It is unclear why the AFP considers that the identities of ISPs would cause an impact on its ability to undertake its operations, given that no customer data is collected by the ISPs in their implementation of the Interpol list; the list acts only as a block to stop the ISPs’ customers from accessing offensive sites on the list.

Lastly, with respect to individuals employed by the ISPs who received Section 313 notices from the AFP, the AFP noted that again, while there was public interest in the issue, the AFP had not received consent regarding those individuals’ personal information, and their identities would therefore be exempt under the FOI Act.

Delimiter has filed an application for the AFP to conduct an internal review of the FOI decisions, stating: “… the decision document I received did not provide sufficient detail to explain why these sections of the Act apply to the identities of the ISPs concerned. I do not believe that releasing the identities of the ISPs which the AFP has contacted regarding these trials would either be likely to prejudice the effectiveness of the AFP’s operations in this area.”

The decisions appear to contradict earlier AFP decisions on the issue of releasing ISPs’ identities. In documents released in December 2011 under FOI laws, for example, the AFP stated that iiNet, Internode and Primus had also “expressed interest” in the scheme and were “preparing to use the list”. It also revealed that Internet gateway filter manufacturer ContentKeeper had already implemented the scheme. At that Telstra and Optus were publicly known to have implemented the filter.

In addition, Delimiter made the following additional reply to the AFP: “Section 47F is also cited in the decision document as a rationale for withholding information in this regard; however, I would point out that the individuals contacted by the AFP as part of the process of issuing Section 313 notices are publicly known members of large corporations with public positions. It is irrational to suggest that releasing their identities would be an “unreasonable disclosure of personal information”; there is no personal information being released here; rather, the information being released relates solely to their professional role.”

The AFP’s FOI documents also revealed that the ISPs would need to sign a relatively straightforward confidentiality agreement regarding the contents of the Interpol list, as a condition of being part of the program.

Background

Since Telstra and Optus implemented the Interpol filtering scheme in mid-2011, there have been no known public complaints about the system and no sites known to have been wrongfully added to the Interpol list apart from known child abuse sites. In addition, users of both ISPs have not complained publicly about speed issues with respect to the Internet filtering system. However, some segements of the community are still concerned about specific details of the Interpol filtering scheme.

For example, when Telstra and Optus implemented the Interpol filter, neither explicitly communicated with customers to let them know that the scheme was in operation and that their Internet connections were actively blocking a small list of sites; and neither is known to have updated their terms of service with customers.

In addition, in contrast with the mandatory Internet filtering policy (which was to have been administered by the Australian Communications and Media Authority) there is currently no known civilian oversight of the scheme, which is administered by the Australian Federal Police and international policing agency Interpol, apart from questions which parliamentarians may put to the Federal Police.

Furthermore, Section 313 of the Telecommunications Act does not specifically deal with child pornography. In fact, it only requires that ISPs give government officers and authorities (such as police) reasonable assistance in upholding the law. Because of this, there appears to be nothing to stop the Australian Federal Police from issuing much wider notices under the Act to ISPs, requesting they block other categories of content beyond child pornography, which are also technically illegal in Australia but not blocked yet.

A number of sites which were on the borderlines of legality — such as sites espousing a change of legislation regarding euthanasia, for example — were believed to be included as part of the blacklist associated with the Federal Government’s much wider mandatory filtering policy. It is not clear what safeguards exist to prevent the Interpol filtering scheme being extended by the Australian Federal Police to include such extra categories of content.

The current attitudes of ISPs apart from Telstra and Optus towards the Interpol filtering scheme are also currently unknown, with it being unclear whether they would implement the scheme if the Australian Federal Police issued them with a request to do so. Last year, ISPs such as TPG and Exetel said right out that they would reject such an attempt, while others such as iiNet and Internode said they were unclear as to the specifics of the situation.

The efficacy of the Interpol filter has also been publicly questioned. Optus has admitted that users would be able to defeat its implementation of the Interpol filter merely by changing the DNS settings on their PC. And information released under Freedom of Information laws by the AFP late last year shows as time went on, less and less requests were made by Telstra customers to access child abuse material on the list — presumably, as Telstra customers attempting to access the offensive material became aware that the telco had implemented a filtering system to block the requests.

For the first five weeks it operated, from 1 July through to 7 August last year, Telstra’s filter blocked a total of 52,013 requests to access child abuse materials online, with 10,402 average requestsper week. Average requests per day were 1,405, with the highest day recorded seeing 2,443 requests blocked and the lowest seeing 915 blocked.

However, over the succeeding weeks through to mid-October last year, fewer and fewer requests were made. In the week commencing 13 August, 8,649 requests were made, but by September the figure was down to between 1,193 and 3,452 requests per week, and in the week beginning 15 October, just 989 requests were made — which had previously been close to the lowest requests received in one day, in the filter’s first month of operation. In the period from mid-September to mid-October, the lowest day saw just 99 requests made by Telstra customers to access the blocked material.

Delimiter has encouraged the Minister to hold an open press conference on the issue to take questions from the media, as well as to issue a discussion paper on the issue which would allow the public to comment on the scheme formally. In addition, we have invited the Minister to respond to the following questions in writing:

Given the wide-ranging nature of the Interpol filter — affecting most Australian Internet users — why was no public consultation held before the Government decided to take take this step? I note that the Government has never held a formal public consultation into Internet filtering in general.

How would the Government respond to the claim that there will be no civilian oversight of this Interpol filtering scheme, with key information about it only being released over the past several years through Freedom of Information requests filed with the Australian Federal Police?

ISPs such as iiNet, Internode, TPG and Exetel have declined to participate in this scheme so far over the past 12 months, with some citing uncertainty of the legal situation. How would the Government address the claim that the legal ground of this Interpol filtering scheme, notably the process whereby the AFP issues notices to ISPs, is not clear?

Which further ISPs will the AFP issue notices to? Has the Government already received support from those ISPs for the scheme? How will the Government react if an ISP declines the notice?

How would the Government respond to the claim that there is the potential for the AFP to issue notices beyond the Interpol list to ISPs, in an approach which could be dubbed ‘scope creep’?

Neither Telstra nor Optus explicitly notified customers that they had implemented the Interpol filter when they did so last year. What guidelines will the Government be placing around ISPs’ participation in this scheme?

However, so far Conroy has declined to respond to the questions.

opinion/analysis

In July 2011, when Telstra and Optus implemented the voluntary Interpol filter, I wrote the following about it:

“We are talking about a filtering scheme here which is being implemented behind closed doors, with little notification to customers, with no civilian oversight, an unclear legal framework, the potential for scope creep and a limited and secretive appeals process overseen by the agency which drew up the list to start with.”

None of this has changed. Communications Minister Stephen Conroy will not answer basic questions about the scheme. The Australian Federal Police will not answer basic questions about the scheme. And Australians are apparently not even allowed to know which ISPs have implemented it and which have not. Plus … there is also a lot of evidence to show that the new filter is trivial to circumvent.

Personally, I think the voluntary Interpol filter is a good idea; and it’s certainly a much better idea than the mandatory ISP filtering idea the Government came up with last time around. However, the scheme is far from perfect, as the AFP’s current reticence to disclose an appropriate level of detail about it shows. Australia can do better on this issue.