On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu







Thursday, 15 December 2011

Sky blocks Newzbin, important legal and technical questions need answering

Expanding the blocking order for Newzbin to cover other ISPs seems a no-brainer, but fundamental differences in the way each ISP manages its network are small details that may have serious consequences for other unrelated websites.

Yesterday I started to see reports on twitter that Sky's broadband service was blocking access to Newzbin, an overseas website which rights holders acting for the film industry forced BT to block with an injunction coming into force last month.

The reports of a Sky block would be no surprise, a representative of the Motion Picture Association of America (MPAA) told a round table meeting hosted by Communications Minister Ed Vaizey last week that legal action against other ISPs was ongoing (my report from the meeting here).

Today trefor.net spotted an official announcement from Sky confirming the block:
"We have received a court order requiring us to block access to this illegal website, which we did on 13th December, 2011"

Important legal and technical questions 

It appears that Sky waited for the court order, but the big questions are:
  1. Did they fight the order?
  2. Was the order modified in any way to take into account that the blocking technology at Sky is, as far as I understand, significantly different to BTs?
On point (1), Sky could be forgiven for rolling over easily.  BT were hit by a potentially massive costs ruling, making them liable for a large proportion of the rights holder's legal costs for adopting a stance of "all-out opposition" to the order (see paragraph 54 of the October 2011 ruling).

These types of costs rulings are unhelpful when there's a public interest in testing an application with a strong challenge.  The ISPs don't want to risk tens or hundreds of thousands of pounds in costs liability simply for mounting a robust defence, yet without a robust defence, censorship requests are more likely to be nodded through on unchallenged evidence presented by rights holders.

On (2), there is a serious risk of "overblocking" (blocking more services than just Newzbin).  The risk of overblocking was explored in detail in Justice Arnold's earlier rulings in July and October 2011. (Thanks to BT forcing the exploration via their stance of "all-out opposition" - see the public interest, now?)

Justice Arnold heard how BT's blocking system, commonly known as Cleanfeed, minimised the risk of over-blocking by using a 2-stage process.  As I understand it, first the IP address is matched against a list.  If a match is made, the request to access the website is re-routed via a proxy server.  The proxy server then looks more closely at the request to see if the URL (the text typed into the web browser) matches.  If so, access if blocked.

Justice Arnold heard arguments from both sides.  Should the IP address be blocked wholesale, or should it be re-routed via the proxy servers so that the URL can be matched too?  He ruled (para 6, October 2011):
"At all events, the Studios now accept that the order should refer to IP address re-routing and not IP address blocking. It appears that IP address blocking could lead to "overblocking" of sites or pages that ought not to be blocked"

"Overblocking" and IP address recycling, serious issues for other unrelated websites

The risk of overblocking is not an ethereal academic concept.  It is highly likely to occur because of two factors.

The first is that Newzbin will - and there's strong evidence they have done already, several times - change their IP address.  It is well known that IP addresses have all but run out.  Nearly all IP addresses allocated are recycled - they've been in use before.

Pity the website owner who picks up Newzbin's old IP address.  Under Arnold, J's BT ruling the new owner of the IP address would have some solace in that the URL would not match, therefore BT customers would still be able to access the website, albeit via a proxy.   Re-routing via the proxy may cause some minor problems, but that's a bit of a side issue.

In the case of Sky, unless Sky happen to also use a 2-stage blocking system - and my contacts tell me they do not - then whoever picks up the old recycled IP addresses from Newzbin will find themselves blocked.

The judgements together are very long. I read them both and didn't find anything about much in the earlier rulings about IP address recycling and

In fact whilst I could find no mechanism described for removing IP addresses and URLs should they be no longer used by Newzbin, there was a mechanism for adding new IP addresses and URLs to the block list without re-applying to the court.

Not only that, but sites "whose sole or predominant purpose is to enable or facilitate access to the Newzbin[2] website" (para 10) can find themselves blocked, again without re-application to the court.  If someone creates a website explaining how to work around the block, and this website did very little else but explain how to access Newzbin, it too could be blocked.

So we're not just talking about recycling of IP addresses used by the main Newzbin site, we're talking about other websites.  Other websites highly likely to be transient and therefore recycle their IP addresses more frequently.

BT reported at a recent round table meeting on web blocking, where I was present, that:
"We've recently received an additional list of IP addresses and URLs under the Newzbin ruling orders of magnitude longer than the original list"
As if this wasn't worrying enough, there's no independent oversight of the IP addresses and URLs added to the list.  In fact Justice Arnold said BT wasn't responsible for verifying IP addresses and URLs added to the block list (para 12):
"I do not mean that BT will be obliged to check IP addresses or URLs notified by the Studios."

Conclusions

There is a financial disincentive for ISPs to mount robust legal challenges to blocking applications.  Whilst this is the case, important legal and technical issues might not be properly addressed and there is a very real risk that innocent websites unrelated to Newzbin could be blocked.

As I've explained many times before, anyone desperate to access blocked material will find a way of doing so.  Numerous reports, including a government-commissioned report into web blocking, support this.  At the same time, innocent net users who find broken links to websites perhaps won't be aware that the site is a victim of overblocking.  In fact the site owner may not notice either.

These are serious questions which need addressing now the courts and government has decided to go down the route of blocking.  And the risk will increase with every new site added to the block, as I doubt the rights holders will rest until many more websites are added to the block list.

@JamesFirth

1 comment:

  1. http://wikileaks.newzbin.com/ does not load on Sky, it's hosted on the same IP address as http://www.newzbin.com/ . So it looks like overblocking is already happening.

    ReplyDelete

Comments will be accepted so long as they're on-topic, do not include gratuitous language and do not include personal attacks or libellous assertions.

Comments are the views of the commentator and not necessarily the view of the blog owner.

Comments on newer posts are not normally pre-moderated and the blog owner cannot be held responsible for comments made by 3rd parties.

Requests for comment removal will be considered via the Contact section (above) or email to editorial@slightlyrightofcentre.com.