FOI reveals ASIC's IP-blocking requests

A Freedom of Information request has forced the Australian Securities and Investment Commission to reveal the notices it sent to Australian ISPs to block IP addresses.

AAPT, Telstra, Optus, Pipe, and Pacnet were all approached by the Australian Securities and Investment Commission (ASIC) to block IP addresses linked to websites that were believed to be in breach of Australian law, a Freedom of Information (FOI) request has revealed.

When the Australian Securities and Investment Commission (ASIC) sought to have a fraud-related website blocked in April, it inadvertently blocked thousands of websites , exposing a secret filtering scheme that the government had implemented without public consultation, using Section 313 of the Telecommunications Act to request ISPs to block websites that were in breach of Australian law.

Since then, the government has said that three agencies have used the power to request ISPs to block IP addresses associated with websites since last year. ASIC itself has used the power 10 times, and in one instance accidentally blocked 250,000 websites at once .

A Freedom of Information request filed by Pirate Party Australia secretary and NSW Senate candidate Brendan Molloy delivered a raft of requests (PDF) issued by ASIC to ISPs to block IP addresses over the past few months.

The first notice, dated October 12, 2012, was sent to Optus, Telstra, and AAPT. In November, this expanded to include Pacnet, and included Pipe Networks by March 2013.

The attached emails reveal very little discussion over the block between the company's legal teams and ASIC, with Optus confirming via email that it had actioned the block as requested by ASIC in an email dated April 3, 2013.

Pipe Networks was more involved in the process, however, informing ASIC that it was only able to block the addresses on its own network and could not block IP addresses on its subsea cable.

At Budget Estimates hearings in May, ASIC revealed that the notices are sent to ISPs via fax, and only the larger carriers are targeted because they believe that these ISPs could control international capacity.

"We send it to the largest ones. Regarding some of the technology aspects, I have to say that I am not totally across them. However, as I understand it, some of the carriers control the pipelines, as they have been described to me, from Australia to the international, overseas providers. By serving on those particular carriers, we get to the majority," ASIC senior executive Tim Mullaly said at the time.

There is no central oversight of the use of Section 313 powers to block websites currently, but the Australian government has committed to looking at how oversight could be centralised.

Before resigning last week, former Communications Minister Stephen Conroy said he was committed to ensuring there was better oversight of government agencies using this power. At this stage, it is believed that only three agencies — ASIC, the Australian Federal Police (AFP), and another unnamed national security agency — are using Section 313 to block websites.