When the Australian Securities and Investment Commission (ASIC) sought to have a fraud-related website blocked in April, it inadvertently blocked thousands of websites, exposing a secret filtering scheme that the government has implemented without public consultation.
In April, it was reported that more than 1,200 sites, including one belonging to independent learning group Melbourne Free University, were being blocked by a number of internet service providers (ISPs), including AAPT, Exetel, Telstra, and Optus.
It was reported at the time that this was because the IP address that hosts the website also hosts a range of other websites, and all websites with that IP address were blocked.
The block was lifted soon after, but the cause of the original block had not been disclosed. Last night, Delimiter reported that the block came at the request of the federal government using Section 313, Part 3 of the Telecommunications Act 1997.
This part of the act states:
A carrier or carriage service provider must, in connection with:
(a) the operation by the carrier or provider of telecommunications networks or facilities; or
(b) the supply by the carrier or provider of carriage services;
give officers and authorities of the Commonwealth and of the states and territories such help as is reasonably necessary for the following purposes:
(c) enforcing the criminal law and laws imposing pecuniary penalties;
(ca) assisting the enforcement of the criminal laws in force in a foreign country;
(d) protecting the public revenue;
(e) safeguarding national security.
An ASIC spokesperson confirmed to ZDNet this afternoon that it was behind the request to the Australian Federal Police (AFP) to use this power to issue a notice to Australian ISPs to block an IP address that was linked to a fraud website.
"A request to Australian telecommunications carriers to block the IP address was made by ASIC, who were targeting one specific URL for a scam website that was hosted at that address," the spokesperson said.
"The Melbourne Free University site was also hosted on this IP address. Once ASIC were made aware of the unintended consequences of their notification, they lifted the original blocking request."
The spokesperson said ASIC is reviewing its processes used to "disrupt access to fraudulent websites to ensure that inadvertent impact is not caused to any innocent website".
The organisation said that it has used the power in cases of fraud, where Australian investors get cold calls from fraudulent financial services that point investors to websites, such as the one blocked in April. The financial regulator estimated that between September 2009 and April 2013, 17 cases of this nature alone cost Australian investors AU$8 million.
The office of Communications Minister Stephen Conroy also confirmed that this was how the sites were being blocked in a statement to ZDNet this morning, but the office has yet to provide a statement on the matter.
The Section 313 notice scheme is the process that the government has now opted to use to enforce a block on the Interpol "worst of the worst" child abuse websites, instead of the much broader AU$4.5 million mandatory internet filtering scheme that was scrapped late last year.
There had been growing concern about the transparency of issuing Section 313 notices to ISPs. Last week, Greens communications spokesperson Scott Ludlam told ZDNet that it has the potential for scope creep.
"That framing could arguably be used against people torrenting their favourite TV shows," he said. "To my mind, where we ended up with the Interpol filter is vastly better off than where the agenda was being driven to, but I still feel like it is unfinished business in terms of where it could go, particularly where it could go under Attorney-General George Brandis."
In answers to questions on notice provided to Ludlam in March, the government confirmed that at least 13 ISPs have been issued with the Section 313 notices since the announcement of the Interpol filter in November last year. No ISP has sought or been given compensation from the government for complying with these requests.
Today, Ludlam said that the ASIC case has opened the door to "wide-scale banning of sites" with no oversight or public accountability.
"It also means no one is effectively in charge; other government agencies could demand sites be blocked with no coordination or accountability in place," he said.