Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/14/2006
03:15 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Restricting All but the Predators

Child-porn filters proposed in UK law don't extend to email, IM, P2P, or encrypted links, which some say undermines the whole effort

Good intentions that fall woefully short: That's the quickest summation of a proposed U.K. law intended to get pedophiles offline.

The British government wants domestic ISPs to voluntarily introduce content filtering software to stop people from viewing child pornography by the end of 2007. Net and personal security experts, however, say that software only stops accidental viewing of such sites; and that the approach doesn't prevent content delivery over encrypted connections, email, instant messaging, or seemingly innocent P2P sites.

This turn has led some to question exactly who the government is trying to protect, and whether the millions that it will cost ISPs to install this software might be better spent elsewhere.

At the moment, the U.K. government is not requiring ISPs to install filtering software, but a private members bill that got its second reading before the House of Commons last month would "require Internet service providers and other commercial organizations to declare whether or not they have taken steps to prevent access to Websites containing indecent images of children," regardless of where in the world these pictures are hosted. As it stands, however, the government is only asking for the measure to cover home broadband users, not business users or dial-up accounts.

Vernon Coaker, Parliamentary Under-Secretary at the Home Office, said last month that the government wants all U.K. ISPs, large and small, to have such protections in place by the end of 2007. "If it appears that we are not going to meet our target through co-operation, we will review the options," Coaker said in a written answer to Parliamentary questions on May 15, 2006.

The Internet Watch Foundation (IWF) has been leading the charge to remove illegal material from U.K.-hosted sites and block harmful content from outside the British Isles. The not-for-profit group claims that a hotline where Internet users report suspected illegal images has been largely successful in stopping pedophile images being hosted in the U.K. The group claims that today only 0.4 percent of child abuse images on the Internet are hosted in the U.K., down from 18 percent in 1997.

Images hosted in the U.K. aren't really the main problem; rather, images hosted in the rest of the world are the main source of "illegal content" seen in the U.K. So the IWF has put together a "dynamic list" of "around 6,000 URLs" hosted outside the U.K. on servers in Russia, the U.S., and many other parts of the world that can be blocked by U.K. ISPs.

"We also pass reports on to police in the country involved via Interpol," says a spokeswoman for the IWF.

Filtering such URLs presents challenges, however, because an offensive image may be hosted on a large Web-hosting site, such as Tripod or Geocities. An ISP cannot, under English law, block access to all Geocities pages, only those pages or images that are deemed illegal.

So in 2004, BT came up with a two-stage filtering system called "CleanFeed," which filters the Internet requests from customers and checks for items on the IWF list. BT has never revealed exactly how the system works.

However, Richard Clayton, a researcher at the University of Cambridge Computing Laboratory, caused a minor media storm last year when he put out a paper detailing what he believes is BT's filtering system and how it could be used by tech-savvy pedophiles as an "oracle" of illegal sites.

Clayton says that under BT's system, suspect traffic is filtered onto a second level that returns an error message for illegal pages or images requested but returns all other requests normally if only part of a particular site is blocked. Clayton says those searching for child pornography can deduce whether a site is on the blacklist by seeing if it is routed through CleanFeed. He has written a program, which he refuses to release, to demonstrate the ways in which the system could be abused. "It's an inherent property of a two-tier system," he says.

Talking to us this week, however, Clayton suggests that people looking for such material would not have to go to the lengths of reverse-engineering the BT blocker to access child-porn. Merely using an SSL-encrypted connection could be enough, he says. "If it's encrypted they can't block at all."

Users could also resort to third-party Web proxy software that routes their requests through servers in a different country, and the people running the Websites can keep changing URLs and IP addresses in a cat-and-mouse game with the watchdogs, Clayton notes.

"In the end, the people who want to see this stuff have simply moved from BT," he says.

This suits BT just fine. "I don't think we make any pretense that there are ways around this for the most committed person," says a spokesman for British Telecom. "But we want to keep this material off our network."

It begs the question, however, of just who the government, watchdogs, and operators are trying to protect. "The innocent and the curious who just happen to be browsing and come across something wicked online," reckons Clayton.

Since the system does not currently block FTP or peer-to-peer servers, pedophile networks still have an effective means to deliver their illicit content. Meanwhile, their potential victims are still under threat via IM, email, and more recently, fast-moving social networking sites like MySpace.com.

"The popularity of social networking sites makes kids vulnerable in new ways," declares Michelle Boykins, Director of Communications at the National Crime Prevention Council (NCPC) in Washington, in a statement this week.

"The things that might actually damage children -- chatting to people online -- they can't block that," says Clayton.

Speaking of the proposed legislation, he says, “My general view is that this is a waste of time and money that doesn’t stop people who really want to see this material from viewing it.”

Parry Aftab, an Internet privacy and security lawyer and executive director of WiredSafety.org, argues that educating children about potential dangers online is the way to keep them safe. "No one in any country, no matter how well meaning they are, can block everything," she says. "It's about education. And most of it has to be done at a home, school, or kid level. It's the only way to protect them."

— Dan Jones, Site Editor, Unstrung. Special to Dark Reading

Organizations mentioned in this article:

  • BT Group plc (NYSE: BT; London: BTA)
  • Internet Watch Foundation (IWF)
  • National Crime Prevention Counci
  • WiredSafety.org

    Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials. But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 11/19/2020
    New Proposed DNS Security Features Released
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
    The Yellow Brick Road to Risk Management
    Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: He hits the gong anytime he sees someone click on an email link.
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-29128
    PUBLISHED: 2020-11-26
    petl before 1.68, in some configurations, allows resolution of entities in an XML document.
    CVE-2020-27251
    PUBLISHED: 2020-11-26
    A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
    CVE-2020-27253
    PUBLISHED: 2020-11-26
    A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.
    CVE-2020-27255
    PUBLISHED: 2020-11-26
    A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the b...
    CVE-2020-25651
    PUBLISHED: 2020-11-26
    A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest...