Back in July I wrote a blog article “Will Newzbin be blocked?” which discussed the granting of an injunction to a group of movie companies to force BT to block access to “Newzbin2“.
The parties were back in court this last week to hammer out the exact details of the injunction.
The final wording of the injunction requires BT to block customer access to Newzbin2 by #1(1) rerouting traffic to relevant IPs and #1(2) applying “DPI based” URL blocking. The movie companies have to tell BT which IPs and which URLs are relevant.
#2 of the injunction says that BT can use its existing “Cleanfeed” system (which I wrote about here and at greater length in my PhD thesis here) to meet the requirements of #1, even though Cleanfeed isn’t believed to use DPI at all !
#3 and #4 of the injunction allows the parties to agree to suspend blocking and to come back to court in the future, and #5 relates to the costs of the court action.
One of the (few) upsides of this injunction will be to permit lawful experimentation as to the effectiveness of the Cleanfeed system, assuming that it is used — if the studios ask for all URLs on a website to be blocked, I expect that null routing the website entirely will be simpler for BT than redirecting traffic to the Cleanfeed proxy.
Up until now, discovering a flaw in the technical implementation of Cleanfeed would result in successful access to a child sexual abuse image website. Anyone monitoring the remote end of the connection might then draw the conclusion that images had been viewed and a criminal offence committed. Although careful experimental design could avoid law-breaking, it might be some time into the investigation process before this was properly understood by the criminal justice system, and the intervening period would be somewhat stressful for the investigator.
There is no law that prevents viewing of the contents of Newsbin2, and so the block circumvention techniques proposed over the past few years (starting of course with just using “https”) can now start to be evaluated as to their actual effectiveness.
However, there is more to #1 of the injunction, in that it applies to:
[…] www.newzbin.com, its domains and sub-domains and including payments.newzbin.com and any other IP address or URL whose sole or predominant purpose is to enable or facilitate access to the Newzbin2 website.
I don’t expect that publishing circumvention experience here on LBT could be seen as the predominant purpose of this blog… so I don’t really expect these pages to suddenly become invisible to BT customers. But, since the whole process has an Alice in Wonderland feel to it (someone who believes that blocking websites is possible clearly had little else to do before breakfast), it cannot be entirely ruled out.
Surely, the terms of the order are that BT should “block or attempt to block”, access to Newzbin by customers whose service is subject to Cleanfeed, by BT adopting the technical means specified – that is re-routing traffic destined to IP’s that match those notified by the applicants, and then blocking such traffic where a summary DPI of the header reveals a URL that matches one specified by the applicant.
There is no requirement there to block traffic on the basis of IP address alone, or for BT to make assumptions that all traffic to a particular IP address is destined for a particular site.
On its face, traffic addressed by IP alone, or https traffic (assuming that this is checked for IP to start with) that is put through the above process would be passed through because a matching URL would not arise (either there isn’t one there at all, or it cannot be decrypted)
That would accord with the intention stated in paragraph 6 that “IP blocking” is not what is intended or required.
Could this evolve into one of those situations where a respondent obeying an injunction to the letter causes problems for the party who applied for it to start with?
Does this mean that now the CleanFeed system holds sites that have been banned by order of the courts that information is now available? Should it be possible to make a FOI request for a list of banned URLs and the court orders that imposed the ban?
Well it seems BT have started proxying some IPs used by newzbin.com to their Bluecoat proxies, i suppose if they are good enough for the Syrian government, they’re good enough
for the MPA and BT!
They appear to be matching anything ending
.newzbin.com$ and returning:
“””
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Connection: close
Content-Length: 146
Message
Error – site blocked
“””
http://www.lightbluetouchpaper.org doesn’t appear to be in
their blacklist yet.
Requests from their proxies seem to contain the HTTP header
“X-BlueCoat-Via: 6407AD4CF058E13F”
I gather https works fine…
John (1) yes, the ruling on 26th October explicitly stated (para 6):
“Although I said in the main judgment at [73] that this was a hybrid system of IP address blocking and DPI-based URL blocking, it now appears that that description was slightly inaccurate. It would be more accurate to describe Cleanfeed as a two-stage system of IP address re-routing and DPI-based URL blocking. At all events, the Studios now accept that the order should refer to IP address re-routing and not IP address blocking. It appears that IP address blocking could lead to “overblocking” of sites or pages that ought not to be blocked.”
http://www.bailii.org/ew/cases/EWHC/Ch/2011/2714.html
I note the risk of over-blocking increases if the studios attempt to chase-down sites whose “predominate” purpose is to provide access to Newzbin, as such sites are more likely to be transitory than Newzbin, meaning the IP addresses would re-enter the pool for reuse more often, and perhaps more likely to share an IP address with other services.
I note also, having read much of the 3 rulings, whilst there is a procedure for the studios to add IP addresses and URLs used to access Newzbin, there seems to be no obligation on the studios to monitor these additional IP addresses, and notify BT when they are no longer used for this purpose (although could be implied in some earlier point I missed).
James Firth
So much for no over blocking, BT now block http://wikileaks.newzbin.com/ …presuably because the MPA told them too…