Tonnerre Lombard


Archive for the ‘Censorship’ Category

German anti-censorship petition hits 100’000 signers

Thursday, June 4th, 2009

The petition against censorship which was filed to the German parliament from April 24th, 2009 has finally passed the 100’000 signers. On June 4th, 12 days before the end of the petition, 110’298 people have signed it.

The powers that be however decided to ignore the petition so far. Apart from a lapsus of the German minister of economy, von Gutenberg, who declared that everybody who was against censorship is a pedophile, none of the politicians of the social democrats (SPD) or the christian union (CDU), the governing parties in Germany, has mentioned the petition in any way. Family minister Ursula von der Leyen, who is currently campaining for her reelection, even removed the time for questions from her campaign events.

Since the petition has passed the necessary limit of 50’000 signers, the petition committee of the German parliament will at least have to consider it. The result of this will be very interesting.

German petition against Internet censorship attracts attention

Wednesday, May 6th, 2009

A petition against Internet censorship launched on the petition web site of the German parliament has recently gained a lot of attention, and consequently, a lot of signatures.

The subject of the petition is a proposal of the German federal police, which aims to introduce an infrastructure using which the government can block arbitrary sites on the infrastructure of all ISPs in Germany. The basic idea is that if cases of child pornography or similar are brought to the attention of the federal police, the sites are added to a blacklist. This blacklist is then distributed to all ISPs in Germany, which consequently have to redirect the users to a server of the federal government using DNS spoofing. This server will then record the IP address of the person visiting the site as a suspected consumer of pornographic material involving minors.

Ineffective measures

The Chaos Computer Club, as well as a lot of other organizations and computer magazines such as c’t, have already protested against the proposal, calling it ineffective — which is indeed the case. Any potential consumer of child pornography can simply configure their own  name server or set one of a server hosted by a friend or not located in Germany, thus escaping the measure. Also, the whole material remains on the Internet, for everybody not living in Germany to see. In order to stop the abuse of the children in question, the only effective measure would be to ask the content provider, which means the company providing hosting or housing to the web site owner, to take down the web site. Experience shows that in the vast majority of cases, this happens immediately.

Moreover, the proposal will simply not work, for a very simple reason. What the German government wants to impose here is simple basic DNS spoofing, just like the DNS spoofing attack presented by Dan Kaminsky. Since susceptibility to DNS spoofing is a serious security issue, measures have been proposed and built into major DNS servers and clients now. The principle, nowadays known as DNSSEC, is a simple public key infrastructure by the means of which every DNS zone owner (i.e. every person hosting host name records for a domain) signs their zone digitally using a so-called zone key. The public part of this key is then published to a special, cryptographically secured, service which can then subsequently be queried for such keys. If the presence of the DNS Security extension is detected on a domain, the client host will then request the public key and verify the signature of the queried data.

Since there is no way the federal police could forge such a signature, the modified DNS data would be noticed immediately and cause an error to be displayed to the user. But not only will this ruin the use case of finding people visiting child pornography sites, it will also potentially affect other data in the same zone, thus having a serious effect on the end user experience.

Creating terrorists

Another case which could be brought against these measures is that they enable an arbitrary attacker to generate terrorists. The procedure is very easy to implement, hard to notice and can be used by any random home page owner. The only thing one needs to do is to include a small iframe or image on one’s home page which leads to a server on the child pornography block list. This will get every visitor of the web site onto the list of suspected consumers of child pornographic material.

If this appears too offensive, it is possible to have a server side include or CGI script which only includes the iframe or image every once in a while. This will make the mechanism very hard to detect.

Another method would be to include an URL to the site in a banner exchange facility. This would mark a small fraction of the visitors of every web site which is a member of the banner exchange as a suspected consumer of child pornographic material.

As a summary, the mechanisms are very easy to overcome and carry a massive inherent potential for abuse. (The government could for example block the web sites of political activists, automatically, and nobody would be able to tell.) The fact that the governmental agencies threatened to sue everybody who receives, owns or publishes a copy of the list does not really help to establish the trust that this list will not be abused for somebody’s agenda.

References

If you want to help fighting this, here are some links:

Germany wants stronger age verifications and bans on foreign providers

Sunday, December 9th, 2007

The German Federal Court of Justice has decided in case Az. I ZR 102/05 that even stronger age verification mechanisms are required for providing access to adult content on the Internet. According to the Federal Court, the current practice of verification of ID card numbers and bank accounts are not sufficient, because any minor could gain access to this information easily.

The court proposes a verification process which involves the local postal delivery services. The deliverer is supposed to verify the age of the future web site user in an eye-to-eye process.

For the various providers of adult content which are not subject to German law, the Federal Court sees the Internet Service Providers in the responsibility to block the web sites in question.

Data Retention in Germany adopted

Thursday, November 15th, 2007

It has been a couple of days already, but on November 9th, around noon (finally not in a midnight session!), the German Parliament has adopted the law on data retention (VDS: Vorratsdatenspeicherung) with a lower limit of 6 monthes of retention. This legislation requires all connection metadata to be saved for 6 monthes before they may get deleted.

During the vote, which was held around noon, the parliament was an astonishingly empty place. This legislation, which can serve to turn Germany into a surveillance state, did not even raise enough interest among the parliamentarians to cause a significant majority of them to vote on the issue, which is a rather sad thing.

According to the German federal police, there is «no alternative» to the data retention policy. The same argument could be applied to death row, so it is utterly worthless as an argument.

I invite everyone who has talked to his local parliamentarian in Germany to have a word with him about why he did not appear in Parliament or why he voted in favor of the proposal (if so): have a look at the voting list for the German data retention law.

Not all is lost

But there is still a way to influence the legislation even after it has been passed. The Arbeitskreis Vorratsdatenspeicherung has a press release on their preparation of legal action against the law. According to the Arbeitskreis Vorratsdatenspeicherung, the legislation is in disagreement with the German constitution and thus cannot be adopted as it has been presented right now.

And the Arbeitskreis Datenspeicherung is not alone with this opinion: Parliamentarians of the Socialist Party (SPD) mentioned that they also don’t think the law is compatible with the constitution, but expressed that the Constitutional Court would take care of it.

The Internet without Net Neutrality

Monday, October 1st, 2007

An illustration of the Internet without net neutralityFredy Künzler has found a nice illustration of why Net Neutrality is such an important aspect. This drawing shows what network access would be like if the marketing departments had the final word.

The search engine providers express their opinions on Censorship

Monday, October 1st, 2007

Questioned about privacy laws and censorship, search engine providers can indeed give out weird messages. This became clear after an inquiry to Google, Microsoft and Yahoo about their search politics relating to China. All of these search engine providers have separate search engines for display and use in China which respect the local legal framework. However, this framework demands both censorship and reports on who searched what. People searching for keywords such as «democracy» are to be turned in by the search engine provider.

Google

Inquired about China, Google hands out a lenghty document typed up personally which explains that business pressure demands Google to operate in China. However, Google would not be allowed in China unless they implement the legal framework. The situation is called unsatisfactory, and a solution is said to be seeked but has to take place on an international, political level.

Also, Google says that the request to turn in people searching for certain keywords is not binding, and thus Google does not implement it.

Yahoo

Yahoo chose not to respond at all to inquiries related to China.

Microsoft

Questioned about China, Microsoft returned a prepared letter endorsing censorship as a perfect tool to keeping undesirable content away from the users. According to Microsoft, one should also look at the positive side of censorship. However, just like Google, Microsoft does not turn in users based on search requests.

Summary

It appears that Google is the only company which really has some kind of sense of corporate responsibility on the subject of censorship. It is however a fact that Google still plays with the dragons in this game, and hopefully Google will participate in any effort to clear up this issue in the future. The most unacceptable answer was probably that of Microsoft. Censorship is not acceptable under any circumstances, especially since it is not appropriate for any enterprise to decide on what a customer is willing to look at or not, for whatever reasons.