Schneier on Security

...Another issue here is that the developers of this software obviously didn't do any real testing of the software.

Sad.

This is about politics, and the minister probably isn't that unhappy his filters were broken. Because now it is proven, filters don't work, he can go after the target he might always have intended: the ISPs. Next he will try to force them to filter.

Guess who is watching this Australian case very closely?

Off topic : "that's real money" is the funniest remark I've read all day, given the pounding the US$ has been taking on the market for the past few years.

I'm sure there's a little-known provision of the USA-BLIND PATRIOT Act that covers this.

But seriously, folks, how much testing was done if a kid busted it in 30 minutes? No matter how you spin it, the program wound up being accessible and crackable.

Well, I would think it was not "a kid" that busted it in 30 minutes, but a few hundred thousand kids who tried, of who one succeeded ... kind of massive parallel approach to circumvention.

My favorite part is that the kid is 16 and his last name is Wood.

Hmm. An Australian government agency spent 84 million dollars of Australian citizens' money (taxed) on a piece of cruddy software. Shocking.

Isn't it amazing that when a bureaucrat dispenses millions of dollars of "not-MY-money" funds, he is a bit less worried about whether he's getting his money's worth?

Hence the core problem with government-managed programs: lack of proper incentive.

How difficult would it have been to get volunteers to test this?!?

* Approach male convicts. They can watch porn for an hour after breaking the blockage.

* Approach psychotherapists specializing in sex additions. Ask for volunteers from their patient population.

======================
This all sounds like security by obfuscation to me.

@aikimark

"How difficult would it have been to get volunteers to test this?!?"

Good point. If it had been MY 84 million, I think I would have advertised $1,000 to anyone who could come down to our office and crack the software within 12 hours, using a entry level computer or two, running whatever software they would like to run.

Could have saved $83,999,000.

But hey, it's not MY money. So what do I care? Sign the purchase order! It's almost 5PM!!

Some forms of DRM can work. It doesn't have to be perfectly impenetrable. It just has to be good enough to meet a business need. And there are places where DRM is good enough. (streaming services for example -- think cable TV).

Does this remind anyone else of the Dilbert strip where Dilbert proclaims to have invented a smut filtering device, turns around to brag about his accomplishment while letting a child test it, and by the third panel he says, "I hope that's not the sound of eyes getting really big."

It'd be much appreciated if someone could find a link to that strip, couldn't find one myself.

@Mirko: re targeting ISPs:

Coonan ...[said]: "Each report has found significant problems with content filter products operating at the ISP-level ... The Australian trials have also found the effect on performance of the Internet by ISP filtering to be substantial and a lack of scalability of the filters to larger ISPs."

I hope that means she's already failed with ISPs, and this end-user method was a second line, not a preparation for a different attack.

Thanks Bruce for this one.

Cynical remark:

Maybe Australia's president John Howard should introduce anti-hacking laws like in Germany so he can lock up smart kids like that for two years.

I am really tempted to sell parents an "unbeatable internet porn filter". When they open the box they find a pair of wire cutters with instructions on how to disconnect themself from the net.

But then again, i believe that people who complain about seeing various body parts in the real world should have those parts removed on themselves.

"Neutering prudes -- Its the only way to be sure!"

[T]raditional parenting skills have never been more important," said Coonan.

So where were Wood's parents? :-)

Off topic : "that's real money" is the funniest remark I've read all day, given the pounding the US$ has been taking on the market for the past few years.

I don't think he was implying that the US$ is somehow more "real" than the AU$. I think he was just saying that the amount was "real money" (i.e. a significant amount).

Mirko has it right. The scary bit is that this might be used as proof that the filtering has to happen at the ISP level -- A ludicrously expensive and intrusive solution... and the exact one proposed by the religiously motivated Family First party.

That he did this is scary, and problematic. Not that he shouldn't have, but even so, there is a very scary feeling in this country right now.

I'm hoping that the Labour party win the next election simply to change direction a little bit, but I'm not hopeful.

Filtering on ISP level? Just use proxies. Or tor. Or anything else that gets the traffic via an offshore point.

The whole access restriction business is doomed from the start. Wondering how many more millions it will cost the politicos to realize they are fighting a lost war.

@shad,

"Wondering how many more millions it will cost the politicos to realize they are fighting a lost war"

This, of course, assumes that they are fighting the war they *say* they are fighting.

I (as an Australian) don't doubt at all that the politicians have known for as long as almost everyone else that filtering doesn't work.

However if we assume that they are not actually trying to *stop* the porn, but rather they are trying to appease the religious nutters who can (and do) provide them with election funding then their strategy makes a great deal more sense.

The minister (Coonan) has actually come out since the crack was announced and stated that they expected it to happen all along and are working with the vendors to provide patches.

So, not only do they pay a ridiculous amount of money for software they *expect* to be broken, they go back to the same people again to fix it. Talk about foxes and hen houses.

It's not about filtering or porn, it's about buying votes at the upcoming election from all those who actually believe the government should be doing something to fix the problems stemming from the fact that they haven't provided their kids with a healthy view of sexuality.

Personally, I find it sad. When you consider how much more money is spent on weapons to go and kill innocent folks elsewhere because they happen to live near oil fields, this is a drop in the ocean of government wastage.

It's worth bearing in mind that the software should still be useful for helping keep children from *inadvertently* finding pornography etc. No, it won't stop the dedicated seekers, but it was never going to.

It's a safety railing, not a prison wall.

Shame on all the journalists that have propagated this total beat-up without checking any of the facts.

The so-called $84-m plan is for a combination of two approaches: subsidized provision of any of a list of approved desktop filter products, and a (not-even started yet) program to provide OPT-IN ISP-level filtering services.

This kid has evaded /one/ of the desktop products. I'm sure readers here all understand the futility of securing the desktop against hostile users. This is why the ISP-level option exists (for those households with "smart kids").

Most australian ISPs already forcibly channel customer traffic through caching proxies, (and probably Cc:ASIO) so there is already an infrastructure in place for traffic interception.

Yes, anonymizing proxies, tor etc. are a challenge. ISPs who want to (rightly or wrongly) control or throttle P2P traffic are going to be confronted with these problems regardless of whether a national filter scheme goes ahead.

But in no way has there been "$84M wasted"---this money has not yet been spent, the design and tender process isn't even complete.

This war on naughties may be a false-flag operation.

Forcing service providers to filter out pictures of naked ladies or Cheney's 'gritty language' would enable them develop technology to examine content, which means opening for inspection any internet traffic without restriction.

Paul,Roy: Most likely you are both right. While I do not think that it is a primary intention to deploy a generic surveillance//censorship system, once in place it will be mission-creeped into that role. For our safety. Think of the children. Think of the terrorists. Think of the... whatever.

This part was the funniest "Watts denied he disabled the software so he could look at porn." Smart kid indeed.. Seems to me more and more young people are getting involved in old man's businesses.

Worth noting, I think, that it's not an 89 Million Dollar Filter, it's a filter that was part of an $89,000,000 plan to give free filtering software to all schools and libraries etc.

Also worth noting that he was able to crack it in such a way that, to the casual observer, it appeared to be still working. If mum and dad took a quick look at the computer, they could see some kind of icon that reassured them. That's real cracking.

hmm.. now what's his name? In the first paragraph he's called Tom Wood, later he becomes Tom Watts.. looks like failed anonymization ;)

This filtering activity is beginning to remind me of the decades-long US "war on drugs"... it just seems like throwing money at a problem you can't solve at the government level. Once the program is started, its budget only grows over the decades.

hmmmm...TSA?

@Woo

"hmm.. now what's his name? In the first paragraph he's called Tom Wood, later he becomes Tom Watts.. looks like failed anonymization ;)"

Given that you don't know what his name is now, wouldn't you say the anonymisation worked? ;)

If you'll pardon the pun, this comes up every election time. Labor Leader Kevin Rudd is a fundamental christian who was, oh no, was caught in a strip club and Liberal Leader John Howard oh there is some lovely dirt on this man but the journos in Canberra are keeping it quiet promise to stop the teenage boys from looking at bare breasts on the Internet.

Right wing commentators sing their praises. Two weeks later it falls off the news and everyone forgets about it.

America: If you think your politicians are bad, look at ours: they look up to yours!

It's a simple fact - kids who aren't smart enough or committed enough to disable porn-filters don't deserve to look at porn.

The cynical take on the government's filtering motives is probably correct. Answering "it can't be done and let me explain why" is less politically acceptable than "of course our brilliant technological researchers can protect you and we'll stop at nothing to save your children." Who cares whether it works, just sign the bill and kiss a baby.

As for ISP infeasibility, they're doing content based filtering and traffic shaping already. They argue that people use too much bandwidth and that they have to fudge the actual delivered data service vs. the advertised limits, but when given an opportunity to eliminate a major cause of heavy bandwidth usage (adult content) they balk. Hmm... could it be that this is because they know that adult content is their cash cow in the first place? An ISP wouldn't be able to filter just for underage users, so they'd lose customers.

I'm against ISP based filtering but I don't think it's technically infeasible, just a bad business move from the ISP's point of view.

Perhaps there's a business opportunity for an ISP that differentiates itself through content filtering? Disney.net?

Sounds like the Great Firewall of China is soon to be reimplemented in Australia. What other freedoms have Australian citizens given up recently?

@cdmiller, We have given up many freedoms (though more accurately they were taken). In APEC the police have fenced off the city, been spying on would-be protestors, and to cap it all off there is a fireworks display for the APEC elite that the little people of Sydney have been told not to attend.

http://www.smh.com.au/news/national/...
http://www.smh.com.au/specials/apec/index.html

All so so useless politicians can eat like pigs and feel important, and some cops can crack some skulls.

"Sounds like the Great Firewall of China is soon to be reimplemented in Australia. What other freedoms have Australian citizens given up recently?"
Posted by: cdmiller at August 31, 2007 05:20 PM

What would be the point of telling you ?
Apparently you cannot tell the difference between the type of internet censorship imposed by the Chinese govt and an opt-in optional function for parents who pay for internet connections to filter porn if they choose to.
You know, like opting in to Yahoo's spam filter. Or asking your telephone company to block 1900 numbers.
What are you going to be able to understand if you cannot tell the difference between these.

This company claims to have ISP level pornography filter which works on pattern matching and statistical filtering.
any cracks for this?
http://www.netoptima.in/...