Responding To Web Filtering At ISP Level

anti-filteringThis blog post is about a provision on the soon-to-become law on Anti-Child Pornography where our Internet Service Providers (ISPs) are mandated to filter or block unwanted sites at their level. I had already tackled the issue in many of my blogs here and again I wish to say that I am only against such provision and not against the law itself. The Internet café industry is bound to suffer further service degradation by their ISPs while individuals and organizations can suffer undue surveillance once the law gets implemented.

I am happy to report that the responses I am receiving regarding this issue on Internet surveillance has so far been very encouraging. I am publishing here an email I received from Mr. Winthrop Y. Yu of the Philippine Internet Commerce Society.

Even the best intentions can have unintended consequences, “collateral damage”.  Legislation is often a balancing act.  Proposed bills not only have to do the job, they also should not conflict with other laws (or the constitution) or adversely impact civil liberties.  Consider, if you will, the following:

“All Internet Service Providers (ISPs) shall notify the PNP or the NBI within seven (7) days from obtaining facts and circumstances that … [a specified criminal act] … is being committed using its server or facility.”

Not too bad if it were clear that this was limited to ISPs acting as utilities in their normally non-intrusive fashion, however …

“Nothing in this Section may be construed to require an Internet Service Provider (ISP) to engage in the monitoring of any user, subscriber or customer, or the content of any communication of any such person …”

ISPs are not *required* to do the monitoring on behalf of government, but they are now *allowed* and *encouraged* to do so.  There is even a clause that gives ISPs and telcos a civil carte blanche for online surveillance …

“provided that no Internet Service Provider (ISP) shall be held civilly liable for damages on account of any notice given in good faith in compliance with this Section.”

The above provisions are in “Section 8 – Responsibility of Internet Service Providers” in SB# 2317 — the Anti-Child Porn Act authored by Sen. Jamby Madrigal.  The congress version HB# 6440 authored by Cong. Monica Prieto- Teodoro has likewise passed, and includes these provisions:

“An ISP shall, upon the request of proper authorities, furnish the particulars of users who gained or attempted to gain access to an Internet address which contains child pornography materials.”

“… it shall be unlawful for any editor, publisher, and reporter or columnist … announcer or producer …  or director … or any person using the tri-media facilities or information technology to cause publicity of any case of child pornography.”

Both bills also mandate filtering of child porn by ISPs. Censorship certainly, but the monitoring and surveillance is far more dangerous.

Granted that the objective is laudable, will these specific technical provisions work and how do they affect the civil landscape?  Are certain dangerous provisions being smuck-in under the guise of an otherwise good law?

Until now, ISPs and telcos do not monitor the contents of online activity. They can and do inspect Internet packet headers (for routing info).  This is like looking at the outside of an envelope (for the address), but not opening the envelope and peeking inside at its contents.  The ISPs are utilities and do not monitor our online activities.  Also, ISPs avoid inspecting content as this may be construed as wire-tapping or may require a warrant.

With these provisions, ISPs and telcos are now obliged to become monitoring and surveillance (perhaps later, even enforcement) arms of the government.

Arguably, the intended purpose and target of this bill is very specific — child pornography.  But it is fairly easy to use this as a pretext for general monitoring and to then abuse the system.  Is this so far-fetched in a country where the military wire-tapped its own commander-in-chief?  Let’s posit a hypothetical scenario …

Telcos have a blacklist of child porn sites and report those accessing them to the government.  Government discovers “Juan P. ListRep’s” name on that list. It doesn’t matter that Juan P. ListRep visited that site for something else and didn’t know that there was porn there.  Government now has justification and instructs telco to monitor *all* of Juan P. Listrep’s online activities. (email, forum and site visits, etc.) and report everything, including contacts.

Clearly these technical provisions present a conundrum, how do we reconcile:

  • Stamping-out Child Porn = Good
  • Monitoring & Surveillance = Bad

Given the draconian nature of these provisions, another critical question is — will the technical means be effective?  The spread and reach of spam, Internet scams, virus and malware attacks, etc. tend to reinforce the dictum that there is no simple (technical) cure for social ills.  There is no “magic bullet”, technology itself is a moving target.

Certainly worth careful consideration, lest we unwittingly slide into a Big Brother (or Big Sister?) regime, without even achieving our original aims.

You have read a stand on the issue of web filtering at ISP level. Can we hear your opinion on the issue?