Sky blocks Newzbin, important legal and technical questions need answering

Francis Davey fjmd1a at
Thu Dec 15 23:17:06 GMT 2011

2011/12/15 Igor Mozolevsky <mozolevsky at>:
> But you can't `know' what IP addresses you need to filter without
> looking at all address+port pairs (you certainly wouldn't pass non

As I understand it, Cleanfeed work by having a first list of "suspect"
IP addresses. Only those addresses are passed to the second stage.
That is a process which is implicit in the order as I understand it -
i.e. the MPAA will have to pass an IP list with suspect URL's

> HTTP traffic to an HTTP proxy, for example), having done that, you
> pass those packets that match criteria to the proxy to do packet
> assembly (remember that packets may be fragmented,  out of order, or
> corrupt) followed by application layer inspection (looking through
> HTTP headers like GET and Host:). Like I said, I think it makes no
> difference if 2 & 3 are outsourced to be performed on behalf of cf.
> the ISP itself.

Right, but from a legal perspective, proxying http by looking at GET
requests is much less invasive than matching on the body of the return
http result. Sure, *private* information travels in GET etc requests
(I doubt very much if this is properly understood by the legal
establishment yet, but I try to get the message out when I'm giving
talks about it) but I assume that only very simple URL's will be in
the list supplied to BT by the order.

The open-ended nature and lack of supervision are bigger problems.

> I was thinking of Sky's situation here, the order is only against the BT, right?

The order I was talking about, yes. I understand that Sky has received
another. I don't know what's in it. If anyone cares to dig it out of
the Court Service, that will be excellent.

> I see what you are saying, but the judicial feature creep into the
> function of a private entity that was set up, apparently, solely for
> the purpose of filtering child porn and membership in which is
> entirely voluntary seem strange. A few more features and I'm guessing
> people will start arguing that IWF is a `Datafin' public authority ;-)

I'm sure the IWF is a datafin public authority, but the IWF have
nothing to do with this order. Cleanfeed is a mechanism that can be
used to implement an IWF block, but its not mandated.

> If IWF was created by statute then that would be different, of
> course... Also, I'm not entirely certain that if the order only
> applies to BT, Cleanfeed could/would only perform the block on BT
> traffic...

This is an RTFM right? The wording of the order is:

"In respect of its customers to whose internet service the system
known as Cleanfeed is applied whether optionally or otherwise ...". If
you read the body of the judgment you'll see that BT apply Cleanfeed
to some of their traffic but not to all of it. The order requires the
block to be used exactly where Cleanfeed is.

All of that traffic is "BT traffic" because the order is directed at
BT and no-one else, but of course some of that traffic might "belong"
to others in some sense. i.e. its not just BT Home customers.

> You could potentially collude with "trusted" CAs to provide fake SSL
> certs for the purpose of filtering illegal content... Whether CAs

Yes, indeed. Though that would open another can of worms.

> would do that or not is a separate issue... The idea of blocking
> sites, at least technically, is rather naive and only serves to drive
> illegal activity from being detectable and actionable to underground
> by extension in-actionable.

Oh yes. Its an insane idea. It all is. I'm afraid I don't have the
expertise to dissuade policy makers from mad ideas. All I can do is
tell people what certain laws will do (and try to persuade judges to
make them do that).

Francis Davey

More information about the ukcrypto mailing list