ASIC admits error in request to block 250,000 websites
As the attorney-general looks to block overseas piracy sites, one government agency has admitted staff responsible for making siteblocking requests were not fully aware of how the process worked.
As the Federal Government considers a scheme to block overseas websites found to be facilitating piracy, Australia's government-run finance industry regulator has admitted that its staff were unaware that siteblocking could affect unintended targets.
The Telecommunications Act includes a provision, Section 313, which allows government agencies to require ISPs to block particular domains in order to uphold Australian laws. For example, the Australian Federal Police use Section 313 to block domains listed on Interpol's "Worst of" child abuse list.
A House Standing Committee inquiry into Section 313 has sought submissions on how government agencies currently apply the law to block websites. The inquiry comes as Attorney-General George Brandis proposed a similar measure for blocking overseas websites used by Australians to access pirated content.
In its submission to the inquiry [PDF], the Australian Securities and Investments Commission highlighted that its site-blocking requests resulted in the blocking of legitimate websites. Furthermore, it revealed that the team responsible for seeking injunctions against offending sites -- largely sites involved in cold-calling fraud and investment scams -- was unaware of how the scheme worked.
Once we became aware of the risk that our s313 blocking requests could result in the inadvertent blocking of websites we reviewed our procedures to identify how this was able to occur. Our internal review identified that...the ASIC teams requesting s313 blocks were not aware that a single IP address can host multiple websites.
Our experience using s313 to block websites indicates that it is a useful measure for disrupting investment frauds and warning Australian investors that the investment being offered are not legitimate. However, our use of s313 has also highlighted the risk that other websites may be inadvertently blocked in the process.
ASIC's internal review also highlighted a request to block an IP address that hosted more than 250,000 websites, 99.6 percent of which contained "no substantive content". This siteblocking request was subsequently withdrawn.