Net filter trials 'unlawful', claims engineer

Net filter trials 'unlawful', claims engineer

Summary: The internet filtering "live trials" conducted by the Federal Government in conjunction with internet service providers (ISPs) were done illegally, according to claims by network engineer Mark Newton.


The internet filtering "live trials" conducted by the Federal Government in conjunction with internet service providers (ISPs) were done illegally, according to claims by network engineer Mark Newton.

Network engineer Mark Newton

Mark Newton(Credit: Supplied)

Newton, who has been a vocal opponent of the Federal Government's mandatory internet filter proposal, has been involved in a year-long dialogue with the government over this claim.

His claim centres on whether the Department of Broadband, Communications and the Digital Economy (DBCDE), in conducting its filter trials with ISPs, intercepted customers' internet traffic.

He claims that one particular device used in the trials and publicly outed by ISPs — the Marshall R3000 series web monitoring, filtering and reporting package — probably intercepted customer's traffic and therefore breached section 7(1)(b) of the Telecommunications (Interception and Access) Act 1979 by authorising, suffering or permitting said equipment to be used in that manner.

He also claims that the department may have breached section 7(1)(c) of the Act by doing "any act or thing" that enabled ISP participants to intercept, namely paying for the equipment they used.

The Marshall R3000 device, Newton said, is designed to sift for blacklisted content by listening to all internet communications to and from the ISP's subscribers who had opted into the trial.

"The complaint has been running for more than a year, and [the] DBCDE has provided at best contradictory responses," Newton said.

"In the first instance it failed to respond at all. Then, under pressure from the Commonwealth Ombudsman, the department indicated its belief that no breach had occurred, but failed to back it up; and, when questioned further, refused to engage in any further discussion."

He said that under additional pressure from the Commonwealth Ombudsman, the DBCDE responded with a further claim that it did "not consider that a breach has occurred". However, the department's claim was accompanied by technical data that strongly suggested a breach had occurred, according to Newton.

Technical information provided by the department to Newton late last month, and sighted by ZDNet Australia, shows the department providing Newton with information from Marshal8e6 (the vendor that builds the M86 R3000) documenting that the device, when used in the trial, had connected to a "mirrored port" in an ISP's network and inspected "a copy of the traffic traversing it".

Newton told the department earlier this month that the vendor's admission that the product was attached to a mirrored port was the "give-away" that a breach had occurred.

"A copy of every single packet of data generated by an end user and sent to the internet is supplied to a network switch's 'mirrored port' and forwarded to whatever device is connected to it," Newton told the department. "Although the vendor makes the unverified claim that the R3000 only 'inspects' outgoing web requests and, in those requests, only examines destination URLs, a complete transcript of all internet data is nevertheless supplied to the R3000 for monitoring."

Newton is yet to receive a response from the department on this.

"My current belief is that DBCDE does not understand the technical data, and is therefore not competent to make credible judgements about whether or not the equipment used in the trials performed unlawful interceptions," Newton said. "Without that competency, the department's claims that it has not breached sections 7(1)(b) and 7(1)(c) of the Act lack veracity."

The department continues to believe its internet filtering live trials had not breached the Act.

"Mr Newton has written to the Department of Broadband, Communications and the Digital Economy on several occasions querying whether the ISP filtering pilot was in breach of the Telecommunications (Interception and Access) Act 1979," the department confirmed to ZDNet Australia yesterday. "The department has informed Mr Newton that it does not consider that there has been a breach of the Act or other Commonwealth legislation."

Newton now wants the matter investigated by law enforcement.

"Ultimately that's what I think should happen," he said.

"If DBCDE can't/won't investigate themselves, how is anyone supposed to get any answers?"

Topics: Censorship, Government AU, Legal

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • If this is the case than Conroy's the pot calling the Google Kettle Black, at least Google only sniffed unsecured packets for a matter of moments, if this is the case then the filter was sniffing our packets for how long?

    If an investigation is warranted for Google than we can only assume an investigation into DBCDE is also about to be announced? Yes? Or does this government have no credibility at all.. let me guess...
  • A very interesting read, if the trial was in breach of the TIA it puts the DBCDE's flatout refusal to release the draft versions of the Enex filtering report in a different light.
  • Via FOI that was meant to read.
  • The ISP selected the devices, not the DBCDE. The ISPs installed the devices, not the DBCDE. The ISPs decided how the devices were installed and setup, not the DBCDE. The ISPs decided if and when any data would leave their networks, just like they always do, not the DBCDE. Has Mr Newton read the related EOI and contracts docs that the DBCDE distributed to the ISPs for the trials? He seems to have a pineapple sized chip in his shoulder. These devices can be configured to port mirror only outbound packets, that is easy and he should know that. Shouldn't the technical expertise lie, as always within an ISP, with the ISP? Or is Mark Newton saying that all ISPs are inherently unsafe? ISPs intercept data and manage it continuously.
  • So its fine for Conroy to use software like this to watch and log every move we make online but as soon as Google sniffs a few packets for anonymous statistics its commited a savage breach of privacy? What on earth is Conroy sniffing? I think those in charge of the countries IT future should have to have a Cisco CCNP certification as a manditory requirement. You cant design and build the internet infrastructure for a country if you dont understand networking 101. And dont get me started on the ethics of a manditory filter, there is none. Conroy is the worst thing to happen to the digital age.
  • Why do the media keep printing the rantings of someone who is obviously opposed to anything that the government will say or do in this internet filtering scheme?. He says that the filtering product is presented with "a complete transcript of all internet data" so could be doing evil and devious things with this information. As Mr Newton is a network engineer, then he well knows that many pieces of equipment in his network already have the capability to inspect the data in the packets and are presented with "a complete transcript of all internet data". Does this mean that he is operating his network illegally as well?
  • What worries me is if the trials were being done on a mirrored port, then do we really have a accurate picture of the performance degradation the device introduces? People's connections and the actual data were still going out over the original port and it was only the mirrored port that was doing the filtering.

    So how can we say we have an accurate picture of the performance cost of the filter if the trial wasn't actually filtering people's actual connections?
    Dean Harding
  • whats your point?
    ISPs equipment that are "capable" of inspecting data, don't.
    The marshall system did,

    And why shouldn't zdnet post the "rantings", atleast his rantings are true, correct and run with the grain of todays young society, compare that to the contiuous dribble of lies and hatred that rolls out of conroys mouth.
  • Hi filterman.

    Nice opening gambit with a completely superfluous personal attack there. It's objectively wrong too: I'm on record as saying that I'd have no problem if the government did something that was optional for end users and ISPs. If they're going to put blinkers on and pursue the one and only policy that gets critics energized and ignore all of the palatable alternatives, is the resulting opposition the government's fault or the critics'?

    Moving to the meat of your comment: The TIA contains an extremely broad definition of "communication" in section 5, which includes a "message or any part of a message." Then section 6 defines "interception," again very broadly (including terms like "listen to or record by any means."). Section 7(1) makes interception unlawful, except in a fairly restricted set of limited circumstances.

    The restricted set of limited circumstances include interceptions which are required for installation of networks, fault-finding, discovering the presence of unauthorized listening devices, and investigations of serious crimes. Those exceptions apply to the day-to-day operations of ISPs, who may occasionally need to sniff packets to (for instance) debug a fault.

    But one thing the exceptions DON'T cover is mass interceptions of all traffic just in case someone has said something that upsets DBCDE. Indeed, that's precisely the kind of behaviour which the TIA is intended to prevent.

    Perhaps you can familiarize yourself with those sections of the Act before commenting further, it'd save a lot of time if you knew what you were talking about. Get stuck-in to section 105 while you're at it, in this context that's section is just hilarious.

    - mark
    Mark Newton-c3f35
  • A mirrored port is how the R3000 works. It sniffs a copy of all the data, rather than getting involved in the original datastream. If it finds sessions it doesn't like, it sends forged TCP RST packets to shut them down. Time lag means that the evil nasty sessions might proceed for a few packets before they get killed.

    (and, yes, ignoring TCP RST packets at both ends is an effective way of bypassing the R3000)
    Mark Newton-c3f35
  • Since the R3000 sends forged TCP RST packets wouldn't that also be in breach of UK anti hacking laws? Ie any requests made to servers and such in the UK would be classified as such since the original request may has been modified by sending forged TCP RST packets?

    The Act explains that a hacking offence is committed when “unauthorised modifications” are made to a computer with the “requisite intent and the requisite knowledge.” It goes on to say that this requisite intent exists when the modifications impair the operation of a computer, hinder access to a program or data or impair the operation of a program or “the reliability of any such data.”

    Mark perhaps you could enlighten me?
  • I think Filterman's unfamiliarity with Australian law can be excused, just as most of us can be excused for being unfamiliar with New Zealand law.

    Of course, everything he posted is purely his personal opinion, and has nothing to do with the fact that he has a product to sell.
  • Hey, Ocker.

    I've read the EOI exhaustively. I've also read the TIA. Perhaps you should to.

    It doesn't matter who selected the devices, installed them and set them up: Sec 7(1) of the TIA makes it unlawful to "authorize, suffer or permit another person to intercept," and "do[ing] any act or thing that will enable ... another person to intercept." By approving each ISPs trial configuration, and by paying for the equipment, I reckon there's a pretty strong case to say that DBCDE did those things, and I'd like to see them investigated.

    As for whether it's only port-mirroring outbound packets: How does that make a difference? The TIA makes it unlawful to intercept "a message or any part of a message," which certainly covers one-way traffic.

    I'm not entirely convinced that most internet users would be comfortable with a system which intercepts and reads every single email message they ever send, listens to every single VoIP call they ever make, and monitors every single website they ever visit.

    Say what you like about RC content, but if that's what's required to restrict it, don't you think that's just a small bit over-broad?

    - mark
    Mark Newton-c3f35
  • Mark Newton for Comm's Minister !!!!! At lest you know what your talking about mark unlike that bible bashing tosser .. every time i see his evil two faced mug i feel a cold shiver running down my spine, that and some chuck coming up into my mouth.
  • It appears that Julia (The Boss) may now have to reconsider the competence of Mr Conroy in at least the filter policy arena. One clear strategy would be to split the filter policy area off to Lundy before Conroy damages her GenY credentials even further. This will clearly erode votes in marginal seats, backbenches on small margins are already doing the math. How long with it take Julila to figure out Conroy is a liability.
  • Hi Mark,

    You said that the R3000 read all the packets of the subscribers participating in the oxymoronic (opted into mandatory filtering) trial. This would imply they consented to be filtered.

    So three questions:

    1. Did their consent to be filtered amount to consent to be (otherwise illegally) searched?

    2. Did all subscribers get searched by the R3000 or just those who consented to be filtered?

    3. Is it legal to consent to have your data searched by an ISP?

    If the trial participants property consented, (which implies they knew what they were signing up for) and consent is sufficient to authorise the content (there are some things you just can't consent to) and noobody who was not participating in the trial had their packets read; then DBCDE is probably in the clear.

    If not, then it is time to [--- FILTERED ---]....
  • Hi Mark

    Point taken. I apologise for the personal attack as I hadn't read any statements of yours supporting the Government on this project so thanks for enlightening me.

    I have read the act and am familiar with it. I understand what you are saying and am not a lawyer so not qualified to comment. However that is not the point that I am making. I am saying that if what the R3000 does qualifies as interception, and that is to inspect the packet to look at the source IP address to determine what profile is to be used and the URL to see if the site is allowed or blocked, then many other network devices in ISP networks that inspect packets in a similar way to make routing or traffic control decisions will also qualify as interception. Like the R3000, these devices are used by ISPs to deliver their service to their customers.

    You also need to understand what the intended application of the R3000 is. These devices are designed to filter ISP and corporate networks for content that the users choose to block. We installed them at these ISPs for the purpose of testing the optional family-safe filtering that you tell me that you are in support of. They are not usually used for the filtering of whole ISP networks for illegal content. The NetClean Whitebox is an example of the hybrid BGP and URL filtering technology designed for this purpose so as you do not support sort of filtering that I would have thought that this technology would be more of interest to you.

    @Kussie - if what you say is correct then transparent proxy servers are also in breach of the UK anti hacking laws.
  • Hi Mark,
    Now it's obvious why the govt want to legalise monitoring and retaining data for web pages, email and VoIP calls.
  • I agree 100% with peterniss. " think those in charge of the countries IT future should have to have a Cisco CCNP certification as a manditory requirement."
    I whole heartedly agree. I've allways thought how the heck did Conroy get this job? Can I lie on my resume too like him?? LOL only to get busted on the lie because clearly he knows very little about Networks.
  • Don't forget that Google's breach of privacy led to Conroy demanding a copy of all the data collected during said breach...

    The problem with any Ministerial position like this is that you can't expect the Minister to understand all the technicalities, that's why they have people working for them.

    The issues here are:

    1. The concept of internet filtering is nothing more that state sponsored censorship.
    2. The reasons given for filtering are flawed.
    3. Conroy is either ignoring his technical advisors and/or they are scared of losing their jobs (probably hoping for an election to bring in a rational minister)
    4. The technical expertise is poor or non-existant, I'm sure some of these advisors are contractors looking at the long term profits to be made overseeing a major censorship regime (THINK OF THE POWER! THINK OF THE DATA MINING OPPORTUNITIES! MUA HA HA HA).
    Scott W-ef9ad