iTnews
  • Home
  • News
  • Technology
  • Security

AFP backs proposed guidelines for website blocking

By Allie Coyne on Oct 29, 2014 10:29AM
AFP backs proposed guidelines for website blocking

ASIC error could have been avoided, police say.

The Australian Federal Police has put its support behind a Communications Department-led proposal to introduce whole-of-government guidelines for blocking websites as part of law enforcement efforts.

The guidelines seek to ensure transparency and accountability over agencies using section 313 of the Telecommunications Act to request that carriers and service providers block certain websites deemed to be involved in criminal activities.

The section of the Act has been in place for around 15 years, but agencies - specifically the AFP, ASIC and another within the Attorney-General’s Department which has been kept secret for “national security reasons” (widely believed to be ASIO) - only started using the provision regularly in 2012.

Section 313 came under the spotlight after the Australian Securities and Investments Commission last year admitted it inadvertently blocked 250,000 websites in an effort to block just 1200 - a result of being ‘unaware’ a single IP address could host multiple websites. The error led to the establishment of a parliamentary inquiry into the use of the section.

In response to the criticism of ASIC’s error, the Communications Department has floated ways to improve transparency of the practice with a set of minimum requirements and recommended procedures, which would apply to all federal agencies using the section.

The department suggested agencies:

  • develop specific internal policies outlining their procedure for requesting site blocking
  • seek a one-off clearance from their agency head or minister to block websites prior to implementing a services disruption policy
  • ensure that service disruption is limited to a specific criminal activity
  • consult across government and the telco industry to ensure the technical measures outlined in service disruption policies are “effective, responsible and appropriate”
  • use stop pages on blocked websites where appropriate to identify who requested the block, why it was requested, a point of contact, and how to seek a review of the block
  • have internal review processes in place to quickly review or lift a block
  • publicly announce each instance of a site block where appropriate, and
  • report site blocking to the ACMA, or to the appropriate parliamentary committee

According to the Communications Department, 32 requests over the last two years have been made to block websites - 21 by the AFP, ten by ASIC, and a single request by the unnamed agency.

It did, however, point out that agencies are not obligated to report on their use of the provision.

The department said it saw no problem with agencies continuing to be responsible for issuing their own section 313 notices once the guidelines are implemented.

The department also suggested that site blocking be limited to instances involving serious criminal activity or threats to national security - specifically those carrying a maximum prison sentence of two years, or equivalent financial penalty.

“Each agency is taking their own approaches, and we’re proposing that there be clear guidelines that particular agencies essentially provide information about how they are using the section,” deputy secretary Ian Robinson told a parliamentary hearing into section 313 today.

“One of the problems with the current regime is that there isn’t any public reporting of the number of requests,” assistant secretary of the consumer protection branch Rohan Buettel added.

“Over two years as far as we are aware there were only 32 requests, but I think there is an acceptance that there is a problem with the accountability of public reporting.”

When questioned on how the public could be assured website blocking was not done ‘frivolously’ given the current lack of transparency, Buettel said it was a “very big thing to block a website on the internet”.

“I don’t think in practice any government agency would go ahead and do it without giving some detailed consideration to the particular matter and properly investigating it.”

Representatives from the Australian Federal Police supported the proposed guidelines and said a whole-of-government approach could have prevented the inadvertent blocking of 250,000 websites by ASIC.

National manager of the AFP’s high-tech crime operations Glen McEwen and deputy commissioner of close operations support Kevin Zuccato said while the existing legislation was effective, there was an obvious need to improve transparency of its use.

They stressed that site blocking was only one factor in a range of strategies used to combat - in the AFP’s case - child exploitation online.

“It’s not like we block a site, high-five one another and move along,” Zuccato said. “Blocking of a site is one measure we put in place to ensure people are not defrauded or [able to] view images of children being abused.”

McEwen said ensuring the technological capabilities and knowledge required to block sites effectively were available across the whole-of-government would help prevent a repeat of the ASIC error.

“It’s a question of ensuring due dilligence,” Zuccato said. “If you’ve got a domain name, before you ask someone to do something about it, make sure you’re asking the right questions and what you’re asking is not going to cause a problem.

“We’ve got procedures in place with Interpol for when we block sites on the 'Worst Of' list to ensure we don’t make a mistake.

“And the good thing about the fact that something did go wrong [with ASIC] is we’ve learnt those lessons and we can put protocols in place to ensure it doesn’t occur again.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
afpasicblockcommunicationsdomainips313section 313securitytelco/ispwebsite

Partner Content

The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Allie Coyne
Oct 29 2014
10:29AM
0 Comments

Related Articles

  • Police analyse 19 million messages captured in AN0M encrypted comms sting
  • AFP and FBI sting used encrypted app to intercept crims' comms
  • Albanese elevates cyber security with new standalone minister
  • What to expect from the incoming Labor government
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation

Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early

NBN Co taking orders for 'non-premises' connections

NBN Co taking orders for 'non-premises' connections

Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
The security threat of quantum computing
The security threat of quantum computing
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.