Why government plans to censor internet connections are a bad idea (Updated)

This blog post is a bit late, because government plans to turn on censorship on all home internet connections have just been scrapped. [Edit: not so – see update at the end.] However I know people who are disappointed about this and so I want to give my reasons why I think it is a very bad idea.

A censored connection is already available for those that want it. Mobile phone companies for the most part block access to sites that may contain content unsuitable for children on all new connections. They do this censoring at their end of the connection, before the web page in question ever reaches the mobile phone handset or computer. They will turn off the censoring when given proof of age.

Large Internet Service Providers (ISPs) mostly offer censoring of some kind too. Some such as TalkTalk will block unwanted web pages at their end of the connection in the same way that mobile providers do. Others such as BT, Sky and Virgin provide software to be installed on home computers that will block inappropriate pages within the home but before the end user sees them.

The original plan by government and campaigners was to require all ISPs to censor web pages at their end of the connection such that every device in the home would be censored. The justification is that children would not be exposed to unsuitable material, even in households where the parents have not made that choice. The filtering would happen unless the customer asked for an uncensored connection. However, despite the fact that censorship is an additional feature, I notice the campaigners for the filter have twisted the language. They refer to opting in to pornography but you don’t opt-in to pornography, it’s the filter that is the addition and they really mean that you opt out of that. I think it is important to keep this language the right way around.

Censorship of this kind is fraught with problems. There are several methods of blocking inappropriate content: whitelists, blacklists, keywords, and automatic recognition of pornographic material.

The ideal would be for a computer to be able to look at any given web page and recognise pornography or inappropriate text however computers are actually pretty useless at this. They tend to either allow the inappropriate content to slip through, or block completely innocent content. Most filters end up doing both. Whether recognising the amount of skin on show in images or picking out keywords from the text computers are unable to tell whether what they are looking at is actually sexual / violent etc, or perhaps is a support forum or an educational web site that should be allowed.

Because of this most filters rely on blacklists containing the addresses of web sites that are to be blocked. The problem here is that the internet is vast and always changing and so no-one can list every inappropriate page. Blacklists work to some extent but frequently fail to block pages that appear on a new server and they are easily bypassed using a proxy server (Which is not itself blocked and relays the pages desired) or a VPN. (Virtual Private Network – an encrypted “tunnel” which web pages pass through without being checked.) Blacklists also have something of an all or nothing approach. For example most block whole websites like YouTube and Facebook because some things contained within are more adult. They can’t tell and so they block the whole lot. They also tend to block Google Image Search and even Google Search because Google can show image and text previews from inappropriate websites. Google does have a “Safesearch” option and some filters only allow Google to be accessed if Safesearch is turned on but Safesearch is itself a filter with all of the related problems which that brings.

The harshest method is a whitelist containing just the web pages to which someone has been granted access. This is an extremely restrictive method and involves a lot of frustration when resources cannot be accessed and a lot of work for the person maintaining the whitelist in checking and adding necessary websites.

In practice most filters contain a combination of all of these methods – blacklists, whitelists, keywords and image recognition. The proposed national filter imposed by law would have been just a blacklist, but with government ultimately in control of what websites were put on it. In fact there is already such a list, which blocks child pornography and is run by the Internet Watch Foundation – an unaccountable and privately-run group – and implemented by all the large ISPs. Even this small amount of blocking which few would argue against is flawed and open to abuse. For example in 2008 the IWF blacklisted an image on Wikipedia, a 1976 album cover which depicted a naked child, despite the album cover never having been subject to any censorship or prosecution. As a result of this blocking and the method used by the ISPs to implement the filter many people in the UK were no longer able to edit Wikipedia until the block was reversed.

The IWF blacklist is also subjective and dependent on the personal opinions of a few people who are employed by the IWF to classify images. We are not allowed to see the list or the images and so we must trust that they are only blocking illegal images but there are claims that many images that are not illegal have been blocked too.

This blocking already in place at big ISPs has also been subject to a slow creep into other areas. Courts have ordered the main ISPs to block torrent website The Pirate Bay and file sharing site Newzbin and so these have been added to the system too. Some ISPs like Sky don’t even tell the end user that the site has been blocked, it just never appears on screen. (Try clicking those links to see f your ISP blocks them.) Again, they are easily circumvented and there is even a proxy server dedicated to allowing access to The Pirate Bay.

As an IT manager I once was made to set up a filter at the company where I worked. The filter used a combination of blacklists, whitelists, image recognition and keywords as described above. In addition to pornography it also blocked social networking, games and a few other things which the management felt were being abused by staff. The result was constant stress and frustration both on my part and the part of all the staff at the company. For a month I had multiple requests every day for websites to be unblocked because they were necessary for work. Staff still used social networks, only on their mobile phones instead of the company computers. I was often unable to find important information about computer maintenance and support because it was blocked by Google SafeSearch, which the filter forced to be switched on. After a month management conceded that the filter did far more damage than good and instructed me to turn it off.

A few years ago I was at a conference in the middle of rural Hereford with no transport available. I needed to access twitter on my Orange mobile to send a message to someone but I was horrified to find that it was blocked. I phoned Orange to get the filter turned off but was given only two ways to prove my age to them (Despite it being a contract phone which you must be over 18 to sign up to) – to provide a credit card number or to go into an Orange shop with a passport or birth certificate. I was unable to do the latter since I was stranded far from civilisation, and I was unable to do the former because I did not have a credit card. Orange’s view was “tough luck”. Fortunately for me I remembered that a web browser called Opera Mini happens to have a proxy server on tap, not to bypass censorship, but to compress web pages before sending them to a mobile phone to speed things up and reduce the phone bill. I installed Opera Mini and connected to twitter through that straight away. I hope it is clear from this that the filter was a huge inconvenience in preventing a legitimate use, and was easily bypassed with a little thought.

Many teachers find that the resources they wish to use in schools are blocked by the school’s filters. It is common for teachers to want to use video from YouTube (Such as the excellent Periodic Table of Videos) but be unable to show them in class. I helped my wife to download videos from YouTube (unofficially) on several occasions so that she could make use of them with her class. School connections are usually filtered by RM Education and so there are no exceptions to the filter and sites cannot be whitelisted. School children are not stopped for long by these filters either, swapping addresses for proxy servers as a matter of course.

I hope I have explained why website blocking of this nature does more harm than good. Filters do not work well at all, blocking desired sites and failing to block unwanted sites. They are easily bypassed with a little knowledge (or knowledgeable friends) and in any case don’t apply to other methods of swapping data such as encrypted emails or disks physically handed over or posted. Filters applied to the whole connection affect parents as well as children, and also to people who don’t have children, at least until they get the filters turned off. Last but not least, censorship is available to anyone that wants it simply by asking their internet provider, or even installing free software from Microsoft or turning on the filters that are built in to Macs. Parents are free to use these methods to protect their children although I would never advise trusting such software with your children’s internet access without supervision. I should also point out that smarter children (and those with smart friends) can work out how to bypass the software installed on their own computers.

For all of these reasons I believe that the plan to turn on website blocking on all internet connections until asked not to was a mistake and I am happy to see it go.

UPDATE
Writing in the Daily Mail, David Cameron says [Tech week link] he has hired Claire Perry MP to force computer manufacturers to pre-install software that will ask if there are children in the house and turn on porn blocking software on the computer itself. This is an even worse idea than blocking at the ISP end.