A discussion started on a network operators list I frequent, about a case where an apparently innocent party, Melbourne Free University, had had its website blocked. Aside from a terse “yes it’s blocked” from one provider concerned, no further information was forthcoming. Here’s one report about it.
It turns out that one or more providers had blocked a shared IP address – one address which was used by well over a thousand different websites. Presumably one of those other websites was the actual target of the block, but the result was that access to all of them was blocked. Rather ineffectively, as there were many paths to that website and many users were completely unaffected. But for many users, the effect was that well over a thousand websites became inaccessible.
From the nature of the block and the fact that providers would simply not discuss the matter, it seems that the block was most likely requested by a law enforcement agency with jurisdiction in Australia, either to disrupt an illegal operation of some sort or in an attempt to censor one of the websites at that address. Of course, no-one knows which agency it might be.
A participant on the list wrote:
You get a notice to block. You block or either get fined, go to jail or lose your carrier licence. It is a blunt instrument and it is a condition of being at “the big boys table” i.e. you’re a carrier or a carriage service provider. You don’t ask too many questions […]. You block the IP address as you are required to by law and you do it immediately. […]
This is a legal requirement of being a Carrier or CSP in this country.
The problem is not the block as such. The problem is the total lack of recourse that an affected party is left with. Not only are they blocked, but the provider responsible for the block will not tell them why, nor by whom – they refuse to engage in any discussion on the matter, and in fact are legally bound not to discuss it. There is thus nowhere for the blocked party to go. Well, they could change providers, but that’s a big step, costs money, and may not even solve the problem.
Maybe that’s all OK in the case of the party who is the direct target of the block, though that’s arguable – what if they are innocent? It’s certainly not OK for the rest of the affected parties.
An arbitrary amount of collateral damage seems to have become acceptable. This kind of action is the digital equivalent of blowing tear gas through an entire apartment building to drive out one specific resident. What happened to the idea that we should rather let the guilty go free, than punish the innocent?
Yes, it’s a political question, not a technical question, but it is a question that network operators in all jurisdictions should be interested in. “Should” both in the ethical sense and in the business sense. To shrug and say “it’s a condition of being at the big boys’ table” is vaguely disingenuous. Obviously a carrier must obey the law. That doesn’t mean they have to like it, nor that they should not be involved in changing bad laws that affect them and their customers.
Let me be clear that I am not saying no IP address should be blocked, or even that silence is not necessary when they are. I am saying that there should be some recourse available to an affected party when an action such as this is taken. Laws that shut the door on the ability of citizens to find out why they have been constrained, and by whom, are bad laws and should be modified. They are bad laws because they render the agency concerned unaccountable.