25 Under 25 (2017) by Internet Society ©Tsutsumida Pictures (CC BY-NC-SA 2.0) https://flic.kr/p/Y5wvzo

25 Under 25 (2017) by Internet Society ©Tsutsumida Pictures (CC BY-NC-SA 2.0) https://flic.kr/p/Y5wvzo

News

CRTC Website Blocking Submissions Confirm Over-Blocking Risks: “Every Blocking Technique Suffers from Over-blocking and Under-blocking”

With broad-based criticism of the Bell website blocking plan, supporters have tried to dismiss the opposition by characterizing much of their analysis as “misinformation”. Yet a review of many expert submissions reveals widely held concerns regarding the proposal. Many point to the absence of court orders as a key flaw and no one – whether supporter or critic – disputes that the majority of countries that have used site blocking require court orders. Further, claims that human rights concerns are unfounded ring hollow in light of the critical submission from the U.N. Special Rapporteur on Freedom of Expression. Efforts to dismiss the cost implications of site blocking are undermined by the clear position of the majority of Canadian Internet providers that the expenses associated with blocking are likely to lead to increased consumer costs and reduced competition.

Many submissions similarly point to the risks of over-blocking legitimate content. For example, CIRA’s technical review notes that “both over-blocking and under-blocking are significant risks to any blocking regime.” A similar theme arises from the Internet Infrastructure Coalition, which states “even in cases where mass takedowns do not occur, the landscape is littered with small entrepreneurs whose businesses are shattered by ‘accidental’ takedowns.” In fact, even Telus, which supports the application, acknowledges that the potential for over-blocking is a “legitimate concern.”

The submissions provide both anecdotal and technical evidence on the risks of over-blocking. For example, the Wikimedia Foundation warns:

We at the Wikimedia Foundation are familiar with overbroad and disproportionate website blocking systems. Since April 2017, Wikipedia has been blocked, in all languages, 12 in Turkey. The block, which did involve a court order, was initiated due to alleged issues reporting on government activity in two Wikipedia articles. The Turkish Internet regulator was not able to block access to only the disputed articles, because all connections to Wikipedia are encrypted. Due to that encryption, the Turkish regulator could not tell which Wikipedia articles users were reading and therefore could not block access to only the articles at issue. As a result, the regulator ordered ISPs in the country to block access to all of Wikipedia. Preventing Turkish residents from reading any of the millions of Wikipedia articles due to alleged issues with a few of them is clearly disproportionate. We do not want similar measures to be taken in Canada. 

FRPC’s excellent submission highlights over-blocking experience in France:

In France, yet another case of mistaken blacklisting led to users being unable to access websites such as Google.fr, Wikipedia, and a cloud provider, among other popular and legal services. Not only that, but these sites were blocked due to appearing on a terrorism blacklist, and when users tried to access them, the ISP redirected visitors to a government webpage that stated the sites were blocked due to “providing instructions for carrying out terror attacks or celebrating acts of terrorism”

From a technical perspective, the Internet Society states:

Every blocking technique suffers from over-blocking and under-blocking: blocking more than is intended and, at the same time, less than intended. They also cause other damage to the Internet by putting users at risk (as they attempt to evade blocks), reducing transparency and trust in the Internet, driving services underground, and intruding on user privacy. These are costs that must be considered at the same time that blocking is discussed.

The Internet Society Canada has a similar message:

the blocking of a particular IP address can lead to the blocking of communications to and from legitimate sites that share the same IP address. Network Address Translators essentially hide potentially thousands of IP addresses behind a common point of contact. No matter how ostensibly fair and public any process leading to a blocking order may be, it is unlikely that innocent third parties will have effective notice of the peril an application for a blocking order may pose to their business or leisure activities. In the case of hosting services in foreign countries, it is doubtful if most innocent third parties, even if they had notice, would be able to intervene in a process taking place on an expedited basis before a Canadian court – let alone before a Canadian administrative tribunal.

Canada’s Internet providers focus on the technical limitations of site blocking. For instance, CNOC warns:

Blocking IP addresses as a method of blocking copyright infringing websites must also be rejected as it will inevitably result in the blocking of large amounts of legitimate content on the Internet, which is an problem that could have significant legal ramifications for ISPs and that CNOC explores in greater detail further below. In the modern Internet, in which IPV4 address exhaustion is a serious issue, it is very common for many websites to be linked to a single IP address. Therefore, if an ISP were directed to block a particular IP address, it would also risk blocking access to many legitimate websites associated with that IP address that do not host any copyright infringing content.

It adds:

The inadvertent blocking of legitimate websites can also occur as IP addresses are routinely, and quickly, recycled by hosting services. For example, if an IP address, (“IP Address #1”) used by a copyright infringing website was blocked, that copyright infringing website may quickly transition to another IP address, (“IP Address #2), which is an extremely easy thing to do. In this situation, the hosting service controlling IP Address #1 would, likely in a matter of days, make IP Address #1 available to other customers. The new customers using IP Address #1 may very well be legitimate websites, and if IP Address #1 was ordered to be blocked, the legitimate content of those new customers would then be blocked by all ISPs in Canada while the copyright infringing website carried on its activities safely from IP Address #2. Given the necessary amount of time and process before a decision to block an IP address could be taken, this is a real concern.

While some copyright lawyers insist that over-blocking is not a concern, those views are not shared by technical experts from around the world. Their message is clear: every blocking technique suffers from over-blocking and under-blocking, creating a significant risk with the Bell coalition website blocking plan.

2 Comments

  1. Kelly Manning says:

    The BC Government found itself blocking email from one of its own production servers during an an annual IT Continuity Server Recovery Test.

    The automation that decides what is likely to be spam gave email from the recovery test server a high score as probable spam.

    When that happens the automation usually blocks an entire range of IP addresses registered to the same entity, so it blocked its own production server in addition to the recovery test site.

    Apparently one of the spam tests is for financial amounts in the body of the email, so end of job status reports giving amounts in the millions were rated as spam. The automation wasn’t even smart enough to white list the governments own IP address range.

    My advice to clients was that while email is great when it works, it is not a reliable form of business communication. If you have to use it tell the recipient to look in a secured file server for the latest report, don’t include critical business information in the email itself.