How Even Highly-Targeted Censorship Can Lead To Overblocking

from the unintended-consequences dept

As the battle rages over SOPA and PIPA, censorship is very much on people's minds. But there are many different kinds of censorship, operating at different levels of precision. For example, while some forms are crude and inexact, like Homeland Security's shutdown of 84,000 sites, others are highly targeted, and designed to block in a very specific way.

That's the case for the attempted blocking of Newzbin2 in the UK. The judge, Justice Arnold, ordered the ISP BT to take a two-stage approach (possible thanks to the pre-existing "Cleanfeed" system it had set up to block child pornography).

If an IP address matches one of those contained in the blocking list, the request to access the site is routed to a proxy server where the exact URL – the specific address including the directory and filename – is examined. If that matches too, access is denied. The judge specified this technique, rather than simply ordering the IP address to be blocked, for an important reason, which he explained in one of his rulings:

the Studios now accept that the order should refer to IP address re-routing and not IP address blocking. It appears that IP address blocking could lead to "overblocking" of sites or pages that ought not to be blocked.
However, as James Firth notes in a blog post, overblocking is still likely to occur thanks to the combination of two factors:
The first is that Newzbin will - and there's strong evidence they have done already, several times - change their IP address. It is well known that IP addresses have all but run out. Nearly all IP addresses allocated are recycled - they've been in use before.

Pity the website owner who picks up Newzbin's old IP address. Under Arnold, J's BT ruling the new owner of the IP address would have some solace in that the URL would not match, therefore BT customers would still be able to access the website, albeit via a proxy. Re-routing via the proxy may cause some minor problems, but that's a bit of a side issue.

In the case of Sky, [another UK ISP now blocking Newzbin2] unless Sky happen to also use a 2-stage blocking system [like BT] - and my contacts tell me they do not - then whoever picks up the old recycled IP addresses from Newzbin will find themselves blocked.
As Firth points out, one of the many worrying aspects of the Newzbin2 judgment is that there doesn't appear to be any mechanism for removing IP addresses once they have been placed on the blocking list – even if they are no longer used by Newzbin2. Adding new ones, by contrast, is explicitly permitted:
sites "whose sole or predominant purpose is to enable or facilitate access to the Newzbin[2] website" (para 10) can find themselves blocked, again without re-application to the court. If someone creates a website explaining how to work around the block, and this website did very little else but explain how to access Newzbin, it too could be blocked.
That would lead to yet more IP addresses being added to the list, which might then be handed out again to new users as they are recycled from ephemeral sites that pop up and then disappear.

What Firth's analysis shows is how even relatively "sophisticated" censorship systems that aim to minimize damage to other sites can lead to overblocking because not every situation can be foreseen or planned for. Now imagine what SOPA/PIPA will do.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: blocking, censorship, copyright, ip blocking, ip filtering, overblocking, pipa, protect ip, redirects, sopa, uk
Companies: bt, newzbin, sky


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Homeland Security Public Relations Office, 23 Dec 2011 @ 6:12pm

    If you want a domain name or IP formerly used by a pirate or pedophile then you must be one yourself. It is our longstanding policy to never purge our database of bad or old information. We keep a file on everybody. Just ask anyone named Yusuf Islam if they've been able to get on a plane lately! HAHAHAHA!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2011 @ 7:09pm

    What about HTTPS?

    Making it impossible to determine "the specific address including the directory and filename" is one of SSL's design goals. And the Internet is gradually moving towards using more and more HTTPS. Overblocking is unavoidable.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Dec 2011 @ 8:57pm

    it's completely avoidable. stop trying to break the bloody interwebz. problem solved.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Dec 2011 @ 1:31am

      Re:

      No.. that won't work... The only true anser is to give control of the internet to Hollywood. Let them hand out the IPs to the people that need them (plus a cut of any profits) that is the only way the internet will be free of pirates.

      Of course this is a pipe dream for those folks but hey they be smokin' the pipe this long.....

      link to this | view in chronology ]

      • icon
        The eejit (profile), 24 Dec 2011 @ 2:13am

        Re: Re:

        And yet, they made propaganda about smoking the pipes too long back in the 1930s.

        link to this | view in chronology ]

        • icon
          The Devil's Coachman (profile), 24 Dec 2011 @ 5:48am

          Re: Re: Re:

          I've watched Reefer Madness many times in the long ago past, and always while tuned up with a fatty. Even though I haven't done so in decades, I'd bet it's still a scream while straight.

          link to this | view in chronology ]

  • identicon
    Brett Glass, 24 Dec 2011 @ 8:20am

    Sounds like you're complaining about a non-problem.

    The system, as you describe it, would NOT block legitimate new holders of an IP address. What's more, it could automatically "learn" that the illegal material was no longer at its old IP and stop re-routing traffic for that IP

    link to this | view in chronology ]

    • identicon
      abc gum, 24 Dec 2011 @ 10:56am

      Re: Sounds like you're complaining about a non-problem.

      "it, would NOT block legitimate new holders of an IP address"

      Who determines what constitutes legitimacy, and who pays for this automagic learning system which is impervious to the wanton discrimination of those put in charge?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Dec 2011 @ 8:18am

    If the IP block holder wants to re-assign an address that was blocked, they would just have to show the court that they have "cleaned" it. Not really a big deal.

    It's like a court order to hold a car, which is later sold at auction. It was okay, it was seized, and then it is okay again.

    Sorry Glyn, but this is simple scare mongering.

    link to this | view in chronology ]

    • icon
      Atkray (profile), 25 Dec 2011 @ 8:37am

      Re:

      No, it is not like a court order to hold a car.

      A car is a physical object that takes up space and is easily noticed.

      An IP address is a string of numbers of little consequence to anyone except the poor sap that was assigned that IP address for his myfamilyblog.info site he decided to set up because his brother in law told him he should. Now he sits trying to figure out why no one in his family can access the site, but since to him url and IP are the same thing he has no clue how to proceed. No one is going to bother cleaning up IP addresses, least of all those that were responsible for getting them blocked in the first place.

      His only hope is that someone like you that has an overarching desire to set things right in the world will invest the necessary time and effort to resolve his problem.

      Sorry AC but if we leave it to the likes of you to set things right we have every reason to be scared.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Dec 2011 @ 10:42am

    What is the combo you would use to defeat SOPA in Mortal Kombat?

    link to this | view in chronology ]

  • identicon
    HMTKSteve, 26 Dec 2011 @ 6:04am

    Dirty IP

    As a webmaster I can not begin to tell you what a pain it is when your ISP assigns a dirty IP to you.

    I have had so many problems with email due to a previous user of an IP being a spammer. It is a lot of work to clear an IP off of a blocked list.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.