Telecommunications Consumer Consultation Meeting, Sydney 10 March 2008
Cyber Savvy: Building Confidence in the Internet
Monday 10 March 2008
Sydney Mechanics' School of Arts
Level 1, 280 Pitt Street, Sydney NSW
Welcome and Introduction
~~~~~~~~~~~~~~~~~~~~~~~~
Tony Hill welcomed participants to this meeting, and said that this discussion
is supported by the Australian Government through the Consumer Representation
Grants program of the Department of Broadband, Communications and the Digital
Economy.
The theme of this meeting is Cyber Savvy: Building Confidence in the Internet.
The speakers will be talking about what Government and the Regulators are doing
to deal with both harmful and illegal Internet content, followed by discussions
on what can - and cannot - be done to address the issues.
ABUL RAZVI, Department of Broadband, Communications and the Digital Economy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download presentation here (.ppt, 0.10 Mb).
For the purpose of this conference, we will focus on the Government's policies
relating to children and the Internet. Some research has been done on the
issues, looking both at usage, parental concerns and the threats to children.
However, existing research has not been sufficiently robust. To gather
evidence-based information, the Government is looking at undertaking quality
research including a much larger survey, learning from the work being done
internationally and trialling/testing options. The Government will also use a
highly consultative approach with all stakeholders including youth, other
community groups and industry.
There are four aspects to government policy for children (and parents) on the
Internet: education, law enforcement, international cooperation and IPS
filtering.
The most important part of the strategy is education - including awareness
raising. The policy includes:
* Improving what's available on existing sites - including looking at the
material through childrens' eyes
* Availability of online and telephone help
* Empowering parents - helping them to understand what they can do
In the law enforcement area, there is an effective take down regime, following
up on alerts and looking at ISPs taking a more active role in monitoring
content (looking at what AOL is doing now as a model).
Because very little material is hosted in Australia, international cooperation
is important. The problem is that many other countries (particularly where
such material is hosted) either do not have as effective a take down regime, or
they do not want to get involved.
ISP filtering is not now mandatory. Only two ISPs offered that service. The
issues in moving to IPS filtering are:
* determining what is to be filtered
* The impact on Internet speed
* The cost and accuracy - which depends on what and how filtering is to be done
* The ease of circumvention
* The suitability to meet parental need
RICHARD FRASER, Manager Content Assessment Section, ACMA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download presentation here (.pdf, 0.54 Mb).
ACMA has several roles in relation to the Internet, including its anti-spam
activities, its security (including involvement in cyberstorm activities). He
will focus on offensive and illegal content.
Overall, the Internet is reliable, but there are risks, including both content
and contact risks. The content risks are about inappropriate material,
particularly that accessed by children. If the material involves children and
sexual activity, it can also be criminal activity.
ACMA's role is under Schedule 5 of the Broadcasting Services Act. The role has
several elements - with the combination of those elements unique to Australia.
Material is classified using the Classification Board to define prohibited
material. For material hosted in Australia, ACMA can issue take down notices
that can be enforced. For material hosted overseas, ACMA cooperates with law
enforcement agencies (as detailed by Abul Rizvi).
Under ISP codes of practice, the ISPs must provide their customers with online
tools, including filters that will block access to URLs on a blacklist (which
is periodically reviewed and updated) and information to deal with harmful or
illegal material. Filters are seen as a useful tool that can be used with
parental guidance. They aren't perfect, and can be circumvented. ACMA has
recently commissioned consultants to look at how different filters work on
various types of materials, with the final report due midyear. ACMA does not
actively search and monitor sites for inclusion on the blacklist.
ACMA also has education strategies, including 'cyber smart kid' and one of the
very successful strategies - an online game 'cyber smart detectives' that uses
a chat room in which kids can interact in real time with law enforcement and
other experts. ACMA also has sessions to teach parents.
ACMA also runs a hotline for complaints. The last statistic was that they had
handled 6,200 complaints, with numbers remaining fairly static. They are also
working on promoting the hotline. Most complaints received are genuine, and
they have taken action on 4,500 items. Most of the material complained about
is hosted overseas, mainly the US but also increasingly, Russia.
PAUL BROOKS, Head, Layer10 Consultants
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Download presentation here (.ppt, 2.65 Mb).
The discussion so far has been about what is on the web (http). That should
not be confused with what's on the Internet - including emails, USENET,
peer-to-peer, RSS, podcasts, Instant messenger, Skype, and many other services
- all of which can also be used to distribute inappropriate content. Paul
reviewed network filtering, user-side filtering/user filtering. After
discussing the network diagram for ISPs, Paul reviewed the issues for ISP
filtering.
If the site domain name for harmful material is known, the difficulties then
are:
* Thousands of domain names can point to the same IP address
* The domain name request can be bypassed by typing in the IP address
* The blocking then blocks every website on that machine name (e.g., www.bigpond.com)
* If the user asks for the domain name, and its IP address is blocked;
* The ISP first has to know the IP address - and needs prior knowledge of the
site for that
* Thousands of sites can be hosted on one IP address
* HTTP can use any port number - not just port 80 which is under control of the
site - so would have to block all connectivity for all applications
If the ISP wants to filter content as it is being downloaded:
* The bandwidth and number of images required to be scanned are huge
* Filtering for still images (difficult) are being overtaken by streaming movies,
moving images (far more difficult)
* All content must go through a gatekeeper box - unreliable
* The blocking is indiscriminate - winds up blocking access to medical sites,
health information sources, baby photos etc.
The next issue for ISPs is where to put a filter:
* An upstream link - but most ISPs have 3-30 upstream providers and if they
peer - there would be no 'provider'
* In the ISP core - would result in poor performance and huge traffic increase,
and would still miss content generated by other users of the same ISP
* At the POP - would need 5 - 30 gatekeeper boxes
The fundamental issues with ISP filtering:
* The filters can't tell if you are accessing harmful material - or health
information on the human body or your own baby pictures
* The ISPs can't tell the age of the user
* The filters are easily circumvented
On user-side filtering:
* Can be put onto a user's PC and customised per user (parents can have a
different level of filtering to their children - with caution)
* However, are relatively easy to work around and complicated to install and
keep up to date
* And there are the other threats outside of the web - emails, USENETS, chat
rooms etc.
GRAHAM INGRAM, General Manager, AusCert
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Graham talked about the growth of threats in using the Internet, with broadband
penetration in Australia almost the same as cyber crime. Identity theft the
biggest threat, followed by attacks on availability, state sponsored attacks
and terrorist. He explained some of the threats including phishing, Trojans,
malware and botnets - the nature of the threats and their use, and commented on
the growing amount of criminal activity using the Internet.
One of the biggest problems - users simply don't care and don't take the
precautions available. Some of the actions that can be taken include improved
fraudulent domain name registration, improved procedures for closing bots,
improved quality of security advice and awareness initiatives and the need for
more coordinated activity both nationally and internationally.
PHILIP ARGY, Immediate Past President of the Australian Computer Society
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From the users' perspective, the essential need is for a trustworthy (as
distinct from merely trusted) environment. People need TRUSTWORTHY people,
processes and systems. They need to understand the risks and ways of managing
them - taking up Paul's point that the risks are not just web based. Most
important, there needs to be easily understood information from the service
providers, vendors and equipment manufacturers. Currently, there is a
fragmented approach - no-one is putting all the information users need
together. What users want is to be able to shop, bank, play games, talk to
friends, exchange information confident in the knowledge that no-one is
secretly scamming them, robbing them, spying on them, etc. There isn't a
holistic approach. Part of the problem is a lack of professionalism on the
part of those who provide the services and equipment. There are no mandated
credentials for people working in IT, including IT security, even though you
need a licence and a character check just to be a bouncer! People should
not be enticed to move from dial-up broadband to digital dial tone without
being made aware that the security that needs to be bundled with that requires
additional payment of around $100 p.a.
NAN BOSLER, President, Australian Seniors Computer Clubs Association
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Most of the ASCCA members are parents or grandparents, and are concerned about
using the Internet because they are unsure - about trusting their ISP, about
cost, and how to use computers and the Internet safely. While seniors can
benefit from the use of the Internet, particularly those who are isolated by
distance, disability and/or limited finances, often then lack the confidence
and computer skills, plus access to technical support to enable them to be able
to enjoy safe, effective and quick communications. ASCCA encourages seniors to
be safe online, and to be aware of the risks, and what they can do. ASCCA has
produced a manual on e-security and participates in the e-security awareness
week.
She reported on a survey of ASCCA members, with 441 respondents (almost equally
half male, half female, with 67% from metro areas, 29% from regional areas and
4% from rural areas. What they want is an ISP that is reliable, with good
service backup. They use the Internet for email, then product information,
sending photographs, and other information and research. Their concerns
started with security issues, and then protection from pornographic material on
the Internet that might be accessed by their grandchildren.
DISCUSSION
~~~~~~~~~~
A number of issues were raised, including:
- More information on the risks is needed and what individuals can do to
minimise the risks
- Questions on filtering arose, how it works and whether user based filtering
can be of benefit
- Further discussion on what else might be done for risks, including what
vendors, service providers might do to assist use
- Further information required on what the Government and ACMA are doing -
their programs, consultation, etc about e-security.
Participants were thanked for their attendance and input into the consumer
consultation process.