The New Zealand Government has quietly implemented a country-wide internet filtering system, designed to filter illegal content from the public, such as Beastiality and Child Pornography. The filter is opt-in by ISP's, and is governed by New Zealands "official censors" (Although, according to Ars Technica, you too can be a censor for a day!).
The internet filter system is a manually maintained blacklist of sites, which is kept up to date by government appointed censor officials. ISP's do not have to sign up to the filter, as it is still voluntary, but many ISP's are currently performing tests of the filter before implementation, including TelstraClear, and Vodafone NZ.
"Filtering out child pornography is also very much in line with our company values—our customers would be disappointed to hear if we weren’t participating. So participation for us has always been a no-brainer." said Maxnet CEO John Hanna to Computerworld New Zealand.
Ars Technica reports that the filtering system uses a BSD Unix-based appliance called WhiteBox from Swedish company Netclean, and uses the BGP protocol (Border Gateway Protocol) to advertise itself to ISP's.
The filter was implemented quietly, and without notification beginning in February 2010, and many are not happy about this. A group called "Tech Liberty" have spoken up, and have noted that the filter has it's faults, and is very easy to bypass. According to Thomas Beagle, head of Tech Liberty:
- The filter can’t intercept encrypted web traffic (https). It’s not hard to change your website from non-secure http to secure https. And, if you do, the DIA filter server can’t intercept it.
- The filter can’t intercept the file sharing, email, chat, instant messaging or anything other than unencrypted web traffic. (Although it does intercept people accessing those services via websites.)
- Adding new entries to the filter is a manual process. When websites are so easy and quick to set up, we don’t see how it’s possible for them to do a good enough job to keep the filter list up to date enough.
- The filter will only be used by some ISPs. If a number of major ISPs don’t use the filter, is there any point in implementing it for the ones that do?
- A motivated person can easily get around the filter. It is relatively trivial for a motivated person to use tools freely available on the Internet to circumvent the filter.
Tech Liberty also notes that the filter provides a single point of failure for the entire New Zealand internet, and could be prone to attacks such as DNS poisoning and DDOS. The government is being very secretive about the block list and is refusing to share it with individuals, due to the fact that it could aid the public to find disallowed websites.
TechLiberty believes that this allows a lot of room for government abuse of the control, as have been the cases in places such as the United Kingdom where Wikipedia was inadvertently blocked for a week.