Recommendations include creation of oversighting system & annual auditing of black lists

Monday, 12th October, 2009 - The ACS (Australian Computer Society) today released a report by leading cyber safety experts, which recommends the creation of an independent oversighting system and an annual auditing process for black lists if compulsory ISP filtering is introduced. Developed by the ACS E-Security Taskforce, the Report provides technical observations on the issues associated with ISP filtering and says education and oversight by parents is as crucial to addressing cyber safety concerns for children as any filtering mechanism.

"Filtering alone is unlikely to adequately address cyber security issues or significantly impact those who deliberately produce, distribute or search for illegal material," said ACS Chairman & President, Kumar Parakala.

"The Taskforce recognises there is no silver bullet when it comes to cyber security and solutions to providing a safer and more secure Internet. Addressing this challenge will require an ongoing, multi-faceted approach involving government, industry and social (end user) initiatives using both technical and education based tools. There is a need for greater transparency around blacklists, and a reporting system that measures the impacts of filtering and how it is working if compulsory filtering is introduced. Ultimately, ISPs should be encouraged to provide options that will suit all their end users, by introducing different and graduated levels of filtering and products over and above that which is compulsory," said Mr Parakala.

The ISP Filtering Report highlights the current challenges associated with filtering or blocking of internet content, which include:

• Lack of a clear definition of the types of content that are subject to filtering


• Limitations of automated techniques for analysing video, pictorial and audio content


• Need for clear and consistent criteria behind labelling and rating of content


• Where filters are placed within the network architecture, there is an impact on network performance (efficiency, speed etc)


• Avoiding ‘over blocking’ and ‘under blocking’ and achieving consistency in blocking of material


• The rate at which new Internet-accessible content is being generated makes it difficult to maintain up-to-date black lists, white lists, keywords and phrases etc used by analysis algorithms


• Effectively managing user-generated material, which is created ‘on the fly.’ The labelling/rating of these sites and content is practically impossible; and


• How to deal with encrypted traffic and secure channels, as encryption impedes filtering.

1. Multi- faceted approach using filtering technologies to address the distribution of illegal material - A multi faceted approach is needed to address filtering out or blocking of illegal material on the Internet using filtering technologies at the ISP, user and enterprise levels. This includes increased professionalism and tighter controls around domain name registration, education at all levels of society and oversight by parents.



2. Education and oversight are the best methods to ensure online safety for children - There is no technological substitute for appropriate education and parental supervision of young people who are using the Internet. Education and oversight remains the best method of ensuring that children (and other end users) are aware of online safety and are not deliberately viewing inappropriate material or engaging in inappropriate behaviour online.



3. Objectives of any ISP filtering program should be clearly defined. Based on recommendations 1 and 2, the Taskforce believes the policy objective for filtering should be clearly articulated; for instance, whether it is:
   
   
   
   • to avoid inadvertent or unintended viewing of Refused Classification (RC) or illegal content while surfing the web;
   
   
   • to prevent, detect, block and prosecute delivery, access, publication or circulation of RC or illegal content;
   
   
   • to deter both inadvertent and/or deliberate interaction with a wider ambit of RC, illegal or prohibited material using any method of Internet access.
   
   
   In addition to clear objective(s), this program should also include: performance standards, clarity around the definition of material to be filtered, reporting processes, type of traffic and filtering mechanisms to be used.
   


4. Development of minimum standards to measure filtering efficiency - Different filtering processes achieve varying results in terms of impacts on speeds, resource usage and accuracy of filtering (over blocking and under blocking). In mandating or regulating for ISP level filtering, the Federal Government should develop a set of minimum standards to be achieved against which the efficacy of filtering can be measured.



5. Planning for location of content filters - The Taskforce believes considerable thought needs to be given to location of filters within the ISP architecture (depending on the size, speed and level of redundancy) to avoid multiple filtering of feeds, filter failure which causes service disruptions and significant performance reduction due to filter operations.



6. Implementing a national, voluntary content rating system - As part of any ISP filtering program, a national, content rating system could allow content providers to rate the material on their sites. Any rating scheme used should be standardised and easy to use so content developers can self-rate their content.



7. Transparent guidelines and auditing process - The Government should establish clear, unambiguous guidelines on sites and material that will be included on the ACMA black list. In addition, there should be an independent and transparent auditing process for the black list and an ability for complaints about those sites included on the black list to be lodged and assessed in a timely manner.



8. Ability to customise filtering levels - The Government should strongly encourage ISPs to provide products that allow users to select/customise their preferred level of filtering (above that which is mandatory).



9. Education on protection and threats – As filtering is only one level of protection, the community needs to better understand the factors associated with threats, computer and network vulnerabilities and how countermeasures work and what they can do to protect themselves, if they are going to adequately protect their identities and their activities online.

• Prof Vijay Varadharajan, Microsoft Chair in Innovation; Director of Information and Networked Systems Security Research, Macquarie University


• Mr Graham Ingram, CEO, AusCERT


• Ms Holly Raiche, CEO, ISOC-AU


• Dr Paul Brooks, Director, ISOC-AU; Managing Director, Layer 10


• Mr Alastair MacGibbon, Internet Safety Institute


• Mr Philip Argy, CEO ArgyStar.com; Immediate Past President of ACS

About the ACS
The ACS (Australian Computer Society) is the recognised professional association for those working in Information and Communications Technology, seeking to raise the standing of ICT professionals and represent their views to government, industry and the community. A member of the Australian Council of Professions, the ACS is the guardian of professional ethics and standards in the ICT sector, committed to ensuring the beneficial use of ICT for all Australians. It provides both members and non-members with opportunities for professional education, networking and certification, as well as enabling them to contribute to the development of their profession. Visit www.acs.org.au for more information.