ASIC 'unaware' blocking a single IP address would hit multiple sites

ASIC 'unaware' blocking a single IP address would hit multiple sites

Summary: The Australian Securities and Investment Commission has said that the staff members who asked ISPs to block websites were unaware that blocking a single IP address would block thousands of websites.

SHARE:

Despite accidentally blocking thousands of websites in one hit, the Australian Securities and Investment Commission (ASIC) has argued that it should still keep the controversial power to request ISPs to block websites contravening Australian law.

The power to compel ISPs to block websites contained in Section 313 of the Telecommunications Act only gained public attention after it was revealed that ASIC had accidentally blocked 250,000 websites in April 2013 when seeking to block websites associated with investment fraud, including the website of Melbourne Free University.

Unlike child abuse websites blocked by the Australian Federal Police (AFP), websites that were being blocked by ASIC did not inform people who attempted to reach those pages of why the sites were blocked.

Thus far, the blocking power has only been used by ASIC, the AFP, and an as-yet-unnamed national security agency. Since April 2013, it is believed that the AFP is the only organisation that would continue using the power.

Following criticism of the lack of transparency and central oversight of this power, a year later, Communications Minister Malcolm Turnbull has established a parliamentary inquiry into the use of Section 313.

In ASIC's submission to the inquiry, published today, the agency explained that it did not intend for so many websites to be blocked, and that it was due to a lack of knowledge in the agency of how IP addresses work.

"Our internal review identified that the ASIC teams requesting s313 blocks were not aware that a single IP address can host multiple websites," ASIC stated.

ASIC said that although it hasn't used the power since April 2013, if in future websites are to be blocked, ASIC will work with the ISPs to ensure that only the target websites are blocked.

The commission has recommended to the committee that agencies should still have access to the website-blocking power directly to ensure that websites are blocked in a "timely manner", but suggested that the government should specify which agencies should have access to that power, in a similar way that the Telecommunications Interception and Access Act details what agencies can request stored telecommunications customer "metadata" without a warrant.

In future, ASIC said that websites blocked should only be those that are related to serious criminal activity or are a threat to national security, and those websites blocked should then have a notice informing the user as to why the site has been blocked.

iiNet said in its submission that Section 313 is "too broadly framed", with access allowed to too many government agencies, and said a standard approach should be set out that requires a court order before a request is sent to an ISP to block a website.

The Communications Alliance and the Australian Mobile Telecommunications Association said in their joint submission that Section 313 notices should be restricted to government enforcement and national security agencies, with guidelines, safeguards, and reporting on the blocking of websites.

Topics: Censorship, Government, Government AU, Australia

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • This is what happens...

    ... when you put people who don't know or don't care about technology regulating technology. Looks like it's a mess over there, any agency doing whatever they want...
    andradedearthur
    • Basic Web Tecnology 101

      Someone needs to give ASIC a run down on the concept of VirtualHosts
      GTurrill
      • Make That Technology

        I should check spelling before clicking 'Submit'
        GTurrill
  • Another incompetent Government department

    What will it take for us to get some decent, accountable, intelligent people working in Government?
    Swarvester
    • Vote more minority parties in.

      Eg Greens, Pirate Party, GetUp. If the government of the day has to have Senate Committees with these on it, they'll be asking the questions to embarrass ASIC, etc. EG Scott Ludlum.
      meski.oz@...
  • Telstra, Optus and Vodaphone complied

    without doing their due diligence. It's a request to co-operate, not an order, those ISP's should have been aware of the ramifications of blocking by IP and bounced the request, asking for a more specific request. The law leaves the ISP to decide what is reasonable action, they were just lazy.

    Section 313 states that ISPs must co-operate with government officers to "help as is reasonably necessary".
    t205
  • You HAVE to be joking!?

    The Federal Govt is doing the equivalent of giving a 6 year old a loaded shotgun and then using the ignorance plea when the trigger is pulled.

    If ignorance of the law is no excuse in a court system, why is TOTAL ignorance by Federal Govt Depts an ALLOWED excuse? I say those sites "accidentally" blocked have recourse to sue the Govt for not properly vetting their staff, training them or having even the idea to go get someone who WORKS in the industry to tell them what may happen when the trigger is pulled.

    Why do we HAVE to put up with MORONS who decide it is BETTER to fix it later than to do the research first?

    Greg.
    greg-w-h
  • These comments seem a little harsh to me - fuzzy req'ts need IT help, no?

    So someone who doesn't understand the nuts and bolts of system architecture wrote and said "people are accessing this IP address and getting illegal content, block it". Shouldn't an IT professional elicit just a little bit more info about that requirement, if s/he knows that the IP involved is e.g. a proxy that covers many sites?

    Maybe they did, and the gov't was insistent. But we don't know on which side the lapse was, based on the info given.

    Jus' sayin'.
    daboochmeister
  • I don't agree

    If ASIC had to know everything, it would have to employ everyone in the country.. or is IP addressing knowledge simple enough.. what then does it say about ASIC? Is the lack of knowledge in this area, representative or haven't they employed enough technical experts? Following belief that ASIC employs the best graduates, does it reflect on our education, human intelligence, organisation skills or other? An interesting story for a perspective.
    phil73