Press Release: Cloud computing consultancy condemns controversial censorship conspiracy

SYDNEY, 24 December 2009: Sydney-based Australian Online Solutions today condemned the government’s plans to introduce draconian Internet censorship laws in Australia.

Senator Stephen Conroy (Minister for Broadband, Communications and the Digital Economy) recently announced the introduction of mandatory Internet Service Provider (ISP) level filtering of Refused Classification (RC)-rated content as well as grants to encourage ISPs to filter wider categories of content. This would require the implementation of complicated, expensive and unreliable, yet trivially circumvented filtering technology at the cost of the taxpayer and Internet user, despite a strong message having been sent that this is both unwanted and unwarranted. Reader polls conducted by the Sydney Morning Herald and The Age newspaper showed a staggering 95% of some 25,000 readers reject the federal government’s plans to censor the Internet in Australia, on the basis that it impinges on their freedom. “There are better and safer ways to tackle the problem, such as educating parents, teachers and children, offering customisable filtering as a value-added option and improving law enforcement (including cooperation with other countries)” said Sam Johnston, Australian Online Solutions’ Founder & CTO.

The full frontal assault on civil liberties aside, Australian Online Solutions has also raised some serious technical concerns about the program. “At a time when individuals and businesses are looking to shed expensive legacy systems in favour of cheap, scalable Internet based services, any action which can only impair performance and reliability while threatening to strangle Australia’s connectivity with the outside world calls for extensive justification”, said Johnston. “Cloud computing, which delivers computing services over the Internet on a utility basis – like electricity – gives its’ users a significant advantage over competitors. However web-based applications such as Facebook, Gmail, Hotmail and Twitter are extremely sensitive to bandwidth and latency constraints introduced by censorship technology”, added Johnston. “The proposed law threatens to exclude Australia from this large and growing industry altogether, both as provider and consumer, at a time when it could emerge as a market leader. Would you buy an Internet-based service from China or Iran, or even use one if you were based there?”. Analysts Merrill Lynch and Gartner estimate the cloud computing market to reach $175 billion in the coming years.

Trials commissioned by Senator Conroy and conducted by “highly reputable and independent testing company” Enex Testlab were also called into question, on both technical and conflict of interest bases. Enex Testlab, a supplier of “independent” evaluation, purchasing advice and product review services, boasts a corporate client list with over a dozen vendors of filtering technology including Content Keeper Technologies, Content Watch and Internet Sheriff Technology (accounting for around one quarter of all clients listed) and offers formal certification for content filters. As such it is believed they have strong motivation to avoid releasing a report directly or indirectly critical of their clients’ offerings.

Furthermore, the scope of the testing was artificially constrained, criticial controls (such as connection consistency) were missing and success criteria were poorly defined or non- existent from the outset, in a trial that appears to be a manufactured success. Nonetheless unflattering results which highlighted serious deficiencies in the proposal were disingenuously touted by Senator Conroy as showing “100 percent accuracy” with “negligible impact on internet speed”.

Other problems with the fatally flawed and heavily criticised report include include:

  • Proof that “a technically competent user could circumvent the filtering technology” while “circumvention prevention measures can result in greater degradation of internet performance”.
  • Admission that all filters were “not effective in the case of non-web based protocols such as instant messaging, peer-to-peer or chat rooms”.
  • False positive rates (over-blocking of legitimate/innocuous content) of up to 3.4% (over 5.1 billion pages per Internet Archive estimates) with failure rates as high as 2% (3 billion pages) considered “low”.
  • False negative rates (passing of inappropriate content) exceeding 20% (over 30 billion pages) with failure rates as high as 30% considered “reasonable by industry standards” (45 billion pages).
  • Admission that 100% accuracy is “unlikely to be achieved” and that the false positive rate increases with sensitivity, with no attempt to scientifically determine acceptable failure rates.
  • Faults being perceptible to end users, with some customers reporting “over-blocking and/or under-blocking of content during the pilot” while considering “mechanisms for self-management” and “improved visibility of the filter in action” to be “important”.
  • Unjustified assumptions including that “performance impact is minimal if between 10 and 20 percent”, while at least one system “displayed a noticeable performance impact”. Some customers “believe they experienced some speed degradation”.
  • Admission of “uncontrollable variables”, including ones that could result in “40 percent performance degradation over theoretical maximum line-rate, or more in some cases”, even at speeds less than 1/12 that of the proposed National Broadband Network (NBN).
  • Admission that reliable recognition of IP addresses to be filtered is unreliable (indeed often impossible), particularly for large-scale websites that use load balancing (e.g. most cloud computing solutions).
  • Results that were “irregular/incorrect” and “highly anomalous with reasonable expectations” (such as physically impossible improvements in performance when transferring encrypted, random payloads).
  • Complete absence of quantitative cost analysis (e.g. what financial load will be borne by both the taxpayer and Internet subscriber, both up front and on an ongoing basis), as well as any secondary costs such as decreased efficiency.
  • Overall results indicating that 1 in 5 customers’ needs were not met, with 1 in 3 opting out of continued use of the filtered service.

In addition to contacting local representatives, Australian Online Solutions encourages concerned individuals and businesses to join and support organisations including Electronic Frontiers Australia (EFA), GetUp and The Pirate Party Australia. The immediate availability of a limited number of sponsorships for founding members of The Pirate Party Australia is also announced for those who want to get involved but, for whatever reason, cannot afford the membership fees in this difficult economic environment. To take advantage of this opportunity please contact membership@pirateparty.org.au with a brief explanation of your situation.

“Anyone who cares about their future and that of their children and grandchildren should take action now”, said Johnston, who applied to both The Pirate Party Australia and Electronic Frontiers Australia (EFA) in response to Senator Conroy’s announcement. “The government’s gift to us this Christmas was draconian censorship, so let’s return the favour in helping The Pirate Party Australia attain official status by acquiring 500 exclusive members”.

###

About Australian Online Solutions Pty Ltd
Australian Online Solutions is a boutique consultancy that specialises in cloud computing solutions for large enterprise, government and education clients throughout Australia, Europe and the USA. Founded in 1998, Australian Online Solutions has over a decade of experience delivering next generation Internet-based systems and is a pioneer in the cloud computing space, whereby technology previously delivered as hardware and software products are delivered as services over the Internet. Cloud computing is Internet (‘cloud’) based development and use of computer technology (‘computing’). For more information refer to http://www.aos.net.au/

About The Pirate Party Australia
The Pirate Party Australia (http://www.pirateparty.org.au/) is a political party with a serious platform of intellectual property law reform and protection of privacy rights and freedom of speech. The Pirate Party Australia aims to protect civil liberties and promote culture and innovation, primarily through:

  • Decriminalisation of non-commercial copyright infringement
  • Protection of freedom of speech rights
  • Protection of privacy rights
  • Opposition to internet censorship
  • Support for an R18+ rating for games
  • Reforming the life + 70 years copyright length
  • Providing parents with the tools to run their own families.

About Electronic Fronteirs Australia (EFA)
Electronic Frontiers Australia (EFA) is a non-profit national organisation representing Internet users concerned with on-line freedoms and rights. The EFA is the organisation responsible for the “No Clean Feed” (http://nocleanfeed.com/) grassroots movement to stop Internet censorship in Australia. They are also dealing with related issues such as the Anti- Counterfeiting Trade Agreement (ACTA) and censorship of computer games. Individual memberships start at $27.50 and organisational memberships are available. For more information refer to http://www.efa.org.au/

About GetUp
GetUp is an independent, grass-roots community advocacy organisation that is actively tackling this and other pertinent issues including climate change. For more information about how to get involved refer to http://www.getup.org.au

About Sam Johnston
Sam Johnston, Australian Online Solutions’ Founder and CTO, is a prominent blogger on cloud computing, security and open source topics. He maintains a blog at https://samj.net/

Press Contact:
Sam Johnston
+61 2 8898 9090
Australian Online Solutions Pty Ltd

For the latest version of this release please refer to http://tinyurl.com/cloudcensor

A word on the Australian Internet censorship scandal


I’ve had a quick scan over Senator Stephen Conroy‘s infamous, long-awaited report on the efficacy of current Internet filtering technology and find it to be nothing short of scandalous. Without getting into the nitty gritty details (for example, how a filtering solution can achieve the impossible by improving rather than degrading the performance of encrypted, random transfers), it reads like it’s a whitepaper for one of the various purveyors of censorship technology.

The cynic in me insisted I take a quick look at who these Enex Pty Ltd jabbers are anyway – who knows, they could be an industry lobby group for all we know. Sure enough, a quick look at their corporate client list reveals (based on some quick Google searching) over a dozen companies who make a living selling commercial censorship technology:

  • Anthology Solutions
  • Content Keeper Technologies
  • Content Watch
  • F-Secure Corporation
  • Internet Sheriff Technology
  • Manaccom
  • MessageLabs
  • NetBox Blue
  • Netgear
  • Netsweeper
  • PC Tools Software
  • Raritan (?)
  • Secure Computing Corporation (McAfee)
  • Symantec
  • Trend Micro

To put things in perspective, this represents around a quarter of their published client list, and that’s not including half a dozen or so service providers that could arguably be thrown in with this bunch. Who in their right mind would risk upsetting one in four of their paying customers by writing a report critical of their products? And does anyone really believe that these vendors resisted the urge to apply pressure? Or that there were not personal relationships involved? I don’t, not for a second. In my opinion this report was rigged from the outset to succeed, and in doing so deprive Australians of essential civil liberties.

The report itself is fatally flawed; the error margins are significant (e.g. “a conservative +/-10 percent”), critical controls were missing (e.g. “as much as 40 percent of an internet service performance could be lost [due to factors outside of our control]”), outrageous assumptions were used (e.g. “performance impact is considered minimal if between 10 and 20 percent”) and perhaps most importantly of all, it’s creator has an obvious conflict of interest. I don’t consider it to be worth the paper it’s [not] printed on.

Another deeply concerning development is government grants that would encourage ISPs to go beyond the mandatory filters, despite all censorship systems tested reporting 2.5-3.5% false positive rates (that is, where innocuous/legitimate content is filtered). To put that in perspective, the best part of a billion legitimate pages would be improperly filtered (according to Wikipedia stats), or around 1 page in 30.

Speaking of Wikipedia, many of the systems are hybrid which means that hosts known to be clean would be ignored by IP (which is much more efficient). If, however, even a single page were problematic then the entire site (and all others sharing its’ IPs) would be forced through a filtering proxy. This would affect some of the most popular sites on the Internet (such as Wikipedia and YouTube), not to mention other increasingly useful services like WikiLeaks (no doubt silencing such services is seen as a fringe benefit to our self-appointed censors). Need I remind you that similar filters in Britain caused severe problems for Wikipedia over a single CD cover only last year.

Another consideration that has not been covered anywhere near enough is the performance impact on cloud computing services. Web interfaces like Facebook, Twitter and Gmail are extremely sensitive to latency introduced by proxies and raw computing services like Amazon’s S3 are sensitive to bandwidth limitations. Then you have the problem of platforms like Google App Engine, Google Sites & Microsoft Web Office which are both difficult to identify (they have many IPs which are not disclosed and difficult if not impossible to enumerate) and which host content for a massive number of customers. If even one person shares a document deemed obnoxious to their sensibilities then the performance will be reduced to unacceptable levels for everyone until it is removed (and then some).

It is my contention that censorship is completely incompatible with cloud computing, and that this alone is reason enough to scuttle it. In the mean time Electronic Frontiers Australia (EFA) has just landed themselves a new life member and I encourage anyone who cares about their future and that of their children to join as well (my friends in the USA may want to take a look at the EFF and Europeans the FFII).

Thanks to Gizmodo Australia for the image above, used without permission but with thanks. No thanks to Gizmodo for breaking the link.

Australian Internet censorship trial participant feedback

I forwarded my last post to the six trial participant ISPs and promptly received the first comprehensive response from one Andrew Robson, Managing Director of TECH 2U, which is no surprise given the terse explanation I included:

Dear Sir/Madam,

I write to register my disapproval of your participation in the Internet Service Provider (ISP) Filtering Live Pilot which I consider to be a full frontal assault on the rights of all Australians as well as a potentially serious inhibitor for the next generation of cloud computing solutions. I have written about this important issue on my popular blog and called for a boycott of your services due to your participation in this pilot.

Your support of this ill-conceived program is inexcusable and I hope that the Australian public will exact a heavy toll on your business as a result.

Sam

I figured it only fair that he be given the right of reply here, though not without a response from me. I did consider the possibility that (like larger ISPs iiNet, Internode and Telstra) they were not ‘supporting’ the filtering as such, rather gathering data and possibly even preparing a case against it, but at least one of them prides themselves as being “Australia’s first content filtered ISP”. It’s also not at all clear what financial support/incentives were provided (it doesn’t help that they “are not contractually able to discuss” the details either) and times are tough in this cutthroat industry so it wouldn’t take much to convince a smaller ISP to participate. So without further ado:

Mr Johnston

Thank you for your email outlining your concerns regarding the particpation of TECH 2U Pty Limited in the upcoming government internet filtering trial.

We note from our files that before writing to us in such a tone you have not actually asked if we are in favour or against internet filtering. Nor have you asked why we are particpating in the trial in the first place.

Over the last six months we have read with real interest the debate over internet filtering and have noted the lack of any hard evidence either way of its operation in a real world enviroment. We like everyone else have firm views on what is possible and what is not.

This of course puts aside the very real question of whether or not the internet should be filtered at all. Nor whether parents should take responsibility for their own children.

In this case we see this trial as the first real test of a real world scenario and the first real chance for people to either prove or disprove the various theories. Provided with a golden once in a life time opportunity to be part of this process we found it hard to decline. It was better to be part of the test team than to be on the sidelines yelling (or emailing) while someone else determined our destiny.

We spoke to our customers who agreed. Better to be part of it than not.

We will of course conceed that not many of our customers are “cloud computing” application users and supporters such as yourself. (In fact many would never have heard of it). It therefore follows that in our test base no impact will be seen on “cloud computing” at all. Mathematically and technically correct but in fact perhaps a skewed test result. As you would agree. When the test results are colated they will show no impact on “cloud computing”. More likely they will not even mention it.

My suggestion is that you would be better to actually join one of the ISPs particpating in the trial than not. Once you join ensure you are part of the test trial and then be part of the proof that it does not work. Have your say and make it count. Fill out the customer surveys, answer the questions. Demonstrate why it caused a problem and not just state an opinion. Governments want hard facts to back their case either way (read here cover arse) and sometimes emotion alone while admired does not do it.

We joined this trial to obtain the facts.

The real problem we now face is that the very people who should be in the trial with their expertise have turned their back on it. Worse still they are now “calling for a boycott of your services”. If this really does occur it may distort the test results in a way that we will all regret later on. Watch this space as they say.

For your information we are not contractually able to discuss the specific tests involved but it would take about 500 -1000 users to have any impact on the test results for any individual ISP. The tests will actually vary from ISP to ISP but most will occur in the March to May 09 time period.

Kindest regards

Andrew Robson
General Manager
TECH 2U Pty Limited

What I took from this was that they don’t take a firm stance either way on Internet censorship, but they are aware of its limitations and they preferred to be involved than a spectator. I’ve said before that I don’t think the trials will be representative as without significant load performance may well be adequate, without extended duration outages may be avoided and without those of us having the requisite expertise (like myself and many of you) the feedback will be largely useless.

Andrew claims that “not many of [their] customers are ‘cloud computing’ application users” but he probably didn’t realise that cloud computing includes Facebook, Google Apps (including Gmail), Hotmail and many of the web applications that your average Internet user uses every day. These applications will all suffer to varying degrees with Internet filtering – it is simply not possible that their performance could improve (as may have previously been the case with caching proxy servers) as each request is dynamic and needs to be processed by the servers as quickly as possible. With more ‘moving parts’ reliability will also suffer – again it is not possible that inserting complex (relatively) unreliable systems into the data flow will help.

Furthermore it should not be too difficult to mount a (deliberate or inadvertent) denial of service attack against these devices. It is well within the realm of possibility that one of the many viruses in the wild today could generate enough requests to take down even the largest filtering system, and that’s just in the course of their ‘work’ spamming blogs, wikis and websites – let alone a malicious attack consisting of many small, random requests. Indeed it is likely that someone able to control even a relatively minor botnet could ‘take down the Internet’ for a large portion of the Australian population, leaving the ISPs essentially powerless to stop it without running afoul of the law.

Anyway I appreciate the time that Andrew took to respond and encourage people to take up the matter with their ISPs even if only so as to give them the right of response.

Cloud Computing Doghouse Updates (Incoming): Australia’s Clean Feed

Today was a sad day for all Australians (and not just becuase of the horrific bushfires) – Senator Stephen Conroy (Minister for Broadband, Communications and the Digital Economy, above) announced the start of the Internet Service Provider (ISP) Filtering Live Pilot. I’m not going to go into the myriad reasons as to why this is a full frontal assault on our rights, nor explain all the reasons why it can never work and why a limited opt-in trial is not representative of reality, talk about collateral damage or even point out the many ways that a tool like this could (and almost certainly will) be repurposed to invade our privacy and monitor our every (online) move – Wikipedia’s Internet censorship in Australia article does a great job of covering the main issues.

I will however point out that such systems can only have a detrimental affect on cloud computing which is heavily reliant on low latency, high bandwidth connections. I’m surprised that others have not focused on this before, but with consumers and business alike moving en-masse to cloud computing solutions like Google Apps, who in their right mind would interfere with the pipes that make it all work? Filtering systems are complex, orders of magnitude slower than dedicated network equipment, largely ineffective, easily circumvented and perhaps most importantly, prone to catastrophic failure.

Google’s recent high profile outage which rendered the Internet unusable for the majority of Internet users for almost an hour was due to a SINGLE ‘/’ CHARACTER misplaced in a filtering system. For many businesses, Internet connectivity is getting to be as important as other utilities like water, gas and electricity – without it they are completely paralysed. Even spikes in latency which affect functions like address auto-complete and interactive interfaces (think Gmail) can render cloud computing applications unusable. Forget the children (who could be filtered selectively anyway), think of the cloud! Besides, education is a better strategy.

For those of you who (like me) take offense to this latest attack on our liberties, here’s what you can do:

If you need a starting point, here’s what I sent to my old local member, Malcolm Turnbull (who happens also to be the leader of the opposition) back in October last year:

Dear Sir,

I write to register my strong objection to the “clean feed” proposal which is already once again already making Australia the “global village idiot“. A certified security professional I assure you that you are trying to achieve the impossible and as an Australian citizen I am concerned that this measure, sold as protection for society, will actually erode its very core. The scope for abuse of such technology is virtually unlimited and though today’s objective may be a noble (if unattainable) goal, inevitible future repurposing is a very serious risk that far outweighs any percieved benefit; it is indeed a slippery slope and short step from here to the systemic abuse of the most oppressive of regimes.

Furthermore, as an active proponent of the next generation of technology known as cloud computing I can assure you that any such system will impair both performance and security while being easily bypassed, damaging the country’s competitive edge and forcing business and personal consumers to pay more for already extortionate Internet access (in France for example a complete, unrestricted telephone/television/internet package costing hundreds in Australia is only €29.99).

Please reconsider this misguided proposal and divert funding to countermeasures such as education which will certainly be far more effective, in the same way that funds diverted to first responders would be a far more beneficial response to the threat of terrorism.

Kind regards,

Sam Johnston

And here’s what I heard back a few days later:

Thanks Sam for your email. There are many concerns about the manner in which a blanket arbitrary determination about web content will be imposed by the Government.

The coalition fully supports guarding our children from being exposed to inappropriate internet content and is of the firm belief that parental and adult supervision and guidance should be front and centre of all efforts.

We will continue to monitor the progress of this trial with great interest and make a considered assessment based on its outcomes. This will include analysis of the specifications and performance of the filtering methods tested.