[AusNOG] Understanding lack of Aus connectivity to melbournefreeuniversity.org.

[Danny O'Brien]

On Fri, Apr 12, 2013 at 8:07 PM, McDonald Richards <
McDonald.Richards at vocus.com.au> wrote:

>  I think you're reading far too much into this.
>

I hope I'm not confusing matters here. I'd be as surprised and as shocked
as you would be if this turned out to be a case of a secret government
order to block an IP. I'm just trying to clarify the statements made by
others in this thread that implied that, actually, secret government orders
to block IPs are something for which there is an established precedent.

It is absolutely the case that there are many many reasons for IPs being
blocked, including DDOS mitigation, and responses to abuse reports. We all
understand this.  The only reason this one particular issue raised any
questions at all is because AATP apparently told their downstream provider
that this IP was blocked because of a government order and that they aren't
allowed to talk about it, a message which downstream apparently relayed to
their customers. Then Robert said on this list and to me privately that
he'd raise a ticket, and would give the number out, then followed that by
simply announcing that the IP was blocked, and adding nothing more. Tim
later spoke to a representative (I'm assuming it was Robert) who stated
that it wasn't the voluntary blacklist but "something else", but would not
say what it was, and refused to confirm or deny it was a government order.

As far as this particular block is concerned, I am pretty much still just
looking for, as I asked at the very beginning of this thread, a message
that said "yes we blocked this IP for operational reasons", and give some
reasoning behind it. I'm not even going to expect that right now, because
it's a weekend.  I assume we'll find out more on Monday.

Meanwhile, Bevan came on this thread and said that "You get a notice to
block.  You block or either get fined, go to jail or lose your carrier
licence.  It is a blunt instrument and it is a condition of being at "the
big boys table" i.e. you're a carrier or a carriage service provider."
Taking him at his word, I asked if law enforcement orders blocking websites
happens outside the voluntary filter, in order to understand a little more
about the judicial oversight and minimization processes that goes into
managing such blocks. Even Tim is saying that LEAs sometimes require ISPs
to blackhole IP addresses. People do seem to oscillate between claiming
this happens as a matter of course, and then talking about interception
orders, which are an entirely different kettle of fish.

I'm trying very hard not to read too much into ISPs telling me they are
responding to government blocking orders, and other people who run ISPs
rushing to confirm that this is the case. There seems a pretty easy way to
settle this argument though:

Could someone who has experience dealing with such requests explicitly
confirm or deny that the Australian government or judiciary sometimes
expects and/or requires Australian ISPs to block IPs or websites as part of
their obligations under the law, entirely apart from the voluntary
blacklist regime?

d.


>  If you spam, and you cause abuse tickets, your IP is probably going to
> get blocked.
>
>  If you host questionable content (and its not "controversial viewpoints"
> - I'm talking the stuff we all know should not even exist, let alone be on
> the web), your IP is probably going to get blocked.
>
>  If you run an open DNS resolver and you participate in DDOS activity,
> your IP is probably going to get blocked.
>
>  If you participate in port scanning activities and trigger alarms from
> overseas honeypots and dark nets, your IP is probably going to get blocked.
>
>  Most networks have acceptable usage policies, and if they don't, their
> upstream providers probably do. If activity on a shared host triggers any
> sort of alarms upstream, it's generally easier to act first and ask
> questions later to contain the amount of background noise we already have
> on an increasingly noisy Internet.
>
>  If your content is important and you're worried about impact to service
> due to shared hosting activity, put it on a dedicated host. You get what
> you pay for. Buyer beware. Etc etc.
>
>  They should be taking this up with their host, and their host with their
> NSPs. If the content is that important, move it to a new IP and update your
> DNS record.
>
>  There's no government conspiracy and nothing to see here.
>
>  Macca
> Someone who blocks hosts that shit up the Internet from time to time
>
>
>
>
>
>   From: Danny O'Brien <danny at spesh.com>
> Date: Saturday, 13 April 2013 12:56 PM
> To: Nathan Nogic <nathan at mds.au.com>
> Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
>
> Subject: Re: [AusNOG] Understanding lack of Aus connectivity to
> melbournefreeuniversity.org.
>
>   On Fri, Apr 12, 2013 at 7:40 PM, Nathan Nogic <nathan at mds.au.com> wrote:
>
>>  Hi Danny,****
>>
>> ** **
>>
>> Re your question, absolutely, every carrier that has a telco licence is,
>> by law, required to provide interception capabilities to comply with lawful
>> direction from the courts or a number of law enforcement agencies as a
>> condition of their telco licence. That also governs what they can and can’t
>> say just like any other action taken on behalf of law enforcement or in
>> compliance with a court order.
>>
>
> Just to be clear, again. I understand the procedure for an interception
> warrant, and the judicial oversight that takes place under those
> conditions, which are carefully spelled out in the Act.
>
> What we're apparently talking about here, however, is an ad hoc government
> process to *block* an IP, which has no such clear process defined in law,
> has been an extremely controversial topic in Australia as elsewhere
> (leading to the recent abandonment of a proposed mandatory blacklist regime
> in favour of a voluntary ISP agreement), has clear risks of overreach and
> collateral damage (almost certainly what we're seeing here), and, it is
> being implied here, being conducted under the terms of a private agreement
> the details of which no-one has yet made public.
>
> Was the judge in this case made aware of the collateral damage of the
> order they were signing? Was a judge involved at all? If it was solely the
> act of the Attorney-General, what is the process to ensure that this is
> proportional?
>
> Even if the terms of this particular order are secret, it would seem to be
> extremely unlikely (and very worrying) if the process to conduct these
> blocks is entirely secret, and kept secret and separate from the
> pre-existing blacklist agreements. Is the process documented, as seems to
> be indicated by 314(3)? Can we see this documentation?
>
> d.
>
>
>>  ****
>>
>> ** **
>>
>> At the risk of going off on a tangent, while I can understand why this
>> debate stirs up emotion, what I’m keen to understand from members of this
>> group is why, because it relates to the internet, the emotional response
>> seems to be much greater than if a law enforcement organisation (or any
>> organisation complying with a court order) enforces a legally binding
>> request to do just about anything else that affects shared infrastructure
>> in society at large.****
>>
>> ** **
>>
>> My guess is that we feel that freedom of expression and access to
>> information on the internet should override certain obligations (not saying
>> I support mandatory filtering, etc), however, I suspect that we overlook
>> countless incidents on a daily basis which now fall into the same ‘societal
>> infrastructure’ category as the internet. On a daily basis Police shut down
>> a roads to stop motorists getting to the scene of a crime or accident,
>> restrict access to public or private premises for any number of reasons,
>> tap phone lines to listen in on criminal organisations, etc but we don’t
>> see the same sort of response. I suspect that’s because actions on these
>> public utilities has become ingrained within society as part of our day to
>> day lives and an accepted level of law enforcement action is considered
>> normal for the safe and smooth running of society in general. I’m not sure
>> this attitude has translated to the internet as yet (or ever will).****
>>
>> ** **
>>
>> The facts that we know is that ultimately, we don’t know why or who the
>> block was targeted at other than the IP address and why enforcement was
>> only taken up by specific ISPs. That could have been haphazard filtering or
>> it could have been targeted at certain end users. Without specific
>> information, we don’t, and most probably will never, know any other
>> circumstances surrounding the action and that is probably not going to
>> change unless it gets to court and someone reads the transcripts (not me!)
>> J. ****
>>
>> ** **
>>
>> Cheers****
>>
>> ** **
>>
>> Nathan ****
>>
>> ** **
>>
>> ** **
>>
>> *From:*ausnog-bounces at lists.ausnog.net [mailto:
>> ausnog-bounces at lists.ausnog.net] *On Behalf Of *Danny O'Brien
>> *Sent:* Saturday, 13 April 2013 12:11 PM
>> *To:* Bevan Slattery
>>
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] Understanding lack of Aus connectivity to
>> melbournefreeuniversity.org.****
>>
>> ** **
>>
>> On Fri, Apr 12, 2013 at 6:28 PM, Bevan Slattery <bevan at slattery.net.au>
>> wrote:****
>>
>>  Nope – wrong.  You get a notice to block.  You block or either get
>> fined, go to jail or lose your carrier licence.  It is a blunt instrument
>> and it is a condition of being at "the big boys table" i.e. you're a
>> carrier or a carriage service provider.  You don't ask too many questions,
>> you don't post it to Ausnog and have a decision by committee.  You block
>> the IP address as you are required to by law and you do it immediately.**
>> **
>>
>> ** **
>>
>>
>> Bevan,
>>
>> Just to clarify here: are you saying there is an established process
>> under the Telecommunications Act whereby Internet ISPs in Australia have
>> been required to block specific IPs by law enforcement, with a secrecy
>> requirement attached? And that's it's separate from the voluntary, DNS,
>> filter agreed to by some ISPs?
>>
>> It would seem, given the extremely strong public reaction to the public
>> filter proposals, that this might be something of a matter of public
>> interest. At the very least, it would be hard to keep a list of /32
>> blackholes secret, given the number of people that BGP feed might be shared
>> with. Are internal BGP route databases also covered by this secrecy
>> requirement?
>>
>> d.****
>>
>>
>> <snip>****
>>
>> ** **
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130412/0a2b47f3/attachment.html>