Australian Porn Filter Cracked

The headline is all you need to know:

Teen cracks AU$84 million porn filter in 30 minutes

(AU$84 million is $69.5 million U.S.; that's real money.)

Remember that the issue isn't that one smart kid can circumvent the censorship software, it's that one smart kid -- maybe this one, maybe another one -- can write a piece of shareware that allows everyone to circumvent the censorship software.

It's the same with DRM; technical measures just aren't going to work.

Posted on August 30, 2007 at 12:50 PM • 38 Comments

Comments

bzelbobAugust 30, 2007 1:30 PM

...Another issue here is that the developers of this software obviously didn't do any real testing of the software.

Sad.

MirkoAugust 30, 2007 1:39 PM

This is about politics, and the minister probably isn't that unhappy his filters were broken. Because now it is proven, filters don't work, he can go after the target he might always have intended: the ISPs. Next he will try to force them to filter.

Guess who is watching this Australian case very closely?

Anonymous CowardAugust 30, 2007 1:45 PM

Off topic : "that's real money" is the funniest remark I've read all day, given the pounding the US$ has been taking on the market for the past few years.

Nick LancasterAugust 30, 2007 1:56 PM

I'm sure there's a little-known provision of the USA-BLIND PATRIOT Act that covers this.

But seriously, folks, how much testing was done if a kid busted it in 30 minutes? No matter how you spin it, the program wound up being accessible and crackable.

Anderer GregorAugust 30, 2007 2:05 PM

Well, I would think it was not "a kid" that busted it in 30 minutes, but a few hundred thousand kids who tried, of who one succeeded ... kind of massive parallel approach to circumvention.

Not My MoneyAugust 30, 2007 2:24 PM

Hmm. An Australian government agency spent 84 million dollars of Australian citizens' money (taxed) on a piece of cruddy software. Shocking.

Isn't it amazing that when a bureaucrat dispenses millions of dollars of "not-MY-money" funds, he is a bit less worried about whether he's getting his money's worth?

Hence the core problem with government-managed programs: lack of proper incentive.

aikimarkAugust 30, 2007 2:51 PM

How difficult would it have been to get volunteers to test this?!?

* Approach male convicts. They can watch porn for an hour after breaking the blockage.

* Approach psychotherapists specializing in sex additions. Ask for volunteers from their patient population.

======================
This all sounds like security by obfuscation to me.

Not My MoneyAugust 30, 2007 3:05 PM

@aikimark

"How difficult would it have been to get volunteers to test this?!?"

Good point. If it had been MY 84 million, I think I would have advertised $1,000 to anyone who could come down to our office and crack the software within 12 hours, using a entry level computer or two, running whatever software they would like to run.

Could have saved $83,999,000.

But hey, it's not MY money. So what do I care? Sign the purchase order! It's almost 5PM!!

JoeAugust 30, 2007 3:36 PM

Some forms of DRM can work. It doesn't have to be perfectly impenetrable. It just has to be good enough to meet a business need. And there are places where DRM is good enough. (streaming services for example -- think cable TV).

B-ConAugust 30, 2007 3:40 PM

Does this remind anyone else of the Dilbert strip where Dilbert proclaims to have invented a smut filtering device, turns around to brag about his accomplishment while letting a child test it, and by the third panel he says, "I hope that's not the sound of eyes getting really big."

It'd be much appreciated if someone could find a link to that strip, couldn't find one myself.

Terry ClothAugust 30, 2007 5:04 PM

@Mirko: re targeting ISPs:

Coonan ...[said]: "Each report has found significant problems with content filter products operating at the ISP-level ... The Australian trials have also found the effect on performance of the Internet by ISP filtering to be substantial and a lack of scalability of the filters to larger ISPs."

I hope that means she's already failed with ISPs, and this end-user method was a second line, not a preparation for a different attack.

AntonAugust 30, 2007 5:05 PM

Thanks Bruce for this one.

Cynical remark:

Maybe Australia's president John Howard should introduce anti-hacking laws like in Germany so he can lock up smart kids like that for two years.

AlanAugust 30, 2007 5:07 PM

I am really tempted to sell parents an "unbeatable internet porn filter". When they open the box they find a pair of wire cutters with instructions on how to disconnect themself from the net.

But then again, i believe that people who complain about seeing various body parts in the real world should have those parts removed on themselves.

"Neutering prudes -- Its the only way to be sure!"

Terry ClothAugust 30, 2007 5:16 PM

[T]raditional parenting skills have never been more important," said Coonan.

So where were Wood's parents? :-)

Clark CoxAugust 30, 2007 5:22 PM

Off topic : "that's real money" is the funniest remark I've read all day, given the pounding the US$ has been taking on the market for the past few years.

I don't think he was implying that the US$ is somehow more "real" than the AU$. I think he was just saying that the amount was "real money" (i.e. a significant amount).

Sean RileyAugust 30, 2007 5:57 PM

Mirko has it right. The scary bit is that this might be used as proof that the filtering has to happen at the ISP level -- A ludicrously expensive and intrusive solution... and the exact one proposed by the religiously motivated Family First party.

That he did this is scary, and problematic. Not that he shouldn't have, but even so, there is a very scary feeling in this country right now.

I'm hoping that the Labour party win the next election simply to change direction a little bit, but I'm not hopeful.

ShadAugust 30, 2007 7:07 PM

Filtering on ISP level? Just use proxies. Or tor. Or anything else that gets the traffic via an offshore point.

The whole access restriction business is doomed from the start. Wondering how many more millions it will cost the politicos to realize they are fighting a lost war.

PaulAugust 30, 2007 7:30 PM

@shad,

"Wondering how many more millions it will cost the politicos to realize they are fighting a lost war"

This, of course, assumes that they are fighting the war they *say* they are fighting.

I (as an Australian) don't doubt at all that the politicians have known for as long as almost everyone else that filtering doesn't work.

However if we assume that they are not actually trying to *stop* the porn, but rather they are trying to appease the religious nutters who can (and do) provide them with election funding then their strategy makes a great deal more sense.

The minister (Coonan) has actually come out since the crack was announced and stated that they expected it to happen all along and are working with the vendors to provide patches.

So, not only do they pay a ridiculous amount of money for software they *expect* to be broken, they go back to the same people again to fix it. Talk about foxes and hen houses.

It's not about filtering or porn, it's about buying votes at the upcoming election from all those who actually believe the government should be doing something to fix the problems stemming from the fact that they haven't provided their kids with a healthy view of sexuality.

Personally, I find it sad. When you consider how much more money is spent on weapons to go and kill innocent folks elsewhere because they happen to live near oil fields, this is a drop in the ocean of government wastage.

randomAugust 30, 2007 7:41 PM

It's worth bearing in mind that the software should still be useful for helping keep children from *inadvertently* finding pornography etc. No, it won't stop the dedicated seekers, but it was never going to.

It's a safety railing, not a prison wall.

ChrisAugust 30, 2007 7:46 PM

Shame on all the journalists that have propagated this total beat-up without checking any of the facts.

The so-called $84-m plan is for a combination of two approaches: subsidized provision of any of a list of approved desktop filter products, and a (not-even started yet) program to provide OPT-IN ISP-level filtering services.

This kid has evaded /one/ of the desktop products. I'm sure readers here all understand the futility of securing the desktop against hostile users. This is why the ISP-level option exists (for those households with "smart kids").

Most australian ISPs already forcibly channel customer traffic through caching proxies, (and probably Cc:ASIO) so there is already an infrastructure in place for traffic interception.

Yes, anonymizing proxies, tor etc. are a challenge. ISPs who want to (rightly or wrongly) control or throttle P2P traffic are going to be confronted with these problems regardless of whether a national filter scheme goes ahead.

But in no way has there been "$84M wasted"---this money has not yet been spent, the design and tender process isn't even complete.

RoyAugust 30, 2007 8:03 PM

This war on naughties may be a false-flag operation.

Forcing service providers to filter out pictures of naked ladies or Cheney's 'gritty language' would enable them develop technology to examine content, which means opening for inspection any internet traffic without restriction.

ShadAugust 30, 2007 8:36 PM

Paul,Roy: Most likely you are both right. While I do not think that it is a primary intention to deploy a generic surveillance//censorship system, once in place it will be mission-creeped into that role. For our safety. Think of the children. Think of the terrorists. Think of the... whatever.

jayAugust 30, 2007 9:33 PM

This part was the funniest "Watts denied he disabled the software so he could look at porn." Smart kid indeed.. Seems to me more and more young people are getting involved in old man's businesses.

AmbroseAugust 30, 2007 11:28 PM

Worth noting, I think, that it's not an 89 Million Dollar Filter, it's a filter that was part of an $89,000,000 plan to give free filtering software to all schools and libraries etc.

Also worth noting that he was able to crack it in such a way that, to the casual observer, it appeared to be still working. If mum and dad took a quick look at the computer, they could see some kind of icon that reassured them. That's real cracking.

WooAugust 31, 2007 1:22 AM

hmm.. now what's his name? In the first paragraph he's called Tom Wood, later he becomes Tom Watts.. looks like failed anonymization ;)

aikimarkAugust 31, 2007 4:20 AM

This filtering activity is beginning to remind me of the decades-long US "war on drugs"... it just seems like throwing money at a problem you can't solve at the government level. Once the program is started, its budget only grows over the decades.

hmmmm...TSA?

AnonymousAugust 31, 2007 4:22 AM

@Woo

"hmm.. now what's his name? In the first paragraph he's called Tom Wood, later he becomes Tom Watts.. looks like failed anonymization ;)"

Given that you don't know what his name is now, wouldn't you say the anonymisation worked? ;)

graemeAugust 31, 2007 5:10 AM

If you'll pardon the pun, this comes up every election time. Labor Leader Kevin Rudd is a fundamental christian who was, oh no, was caught in a strip club and Liberal Leader John Howard oh there is some lovely dirt on this man but the journos in Canberra are keeping it quiet promise to stop the teenage boys from looking at bare breasts on the Internet.

Right wing commentators sing their praises. Two weeks later it falls off the news and everyone forgets about it.

America: If you think your politicians are bad, look at ours: they look up to yours!

UNTERAugust 31, 2007 2:39 PM

It's a simple fact - kids who aren't smart enough or committed enough to disable porn-filters don't deserve to look at porn.

Jamie FlournoyAugust 31, 2007 4:59 PM

The cynical take on the government's filtering motives is probably correct. Answering "it can't be done and let me explain why" is less politically acceptable than "of course our brilliant technological researchers can protect you and we'll stop at nothing to save your children." Who cares whether it works, just sign the bill and kiss a baby.

As for ISP infeasibility, they're doing content based filtering and traffic shaping already. They argue that people use too much bandwidth and that they have to fudge the actual delivered data service vs. the advertised limits, but when given an opportunity to eliminate a major cause of heavy bandwidth usage (adult content) they balk. Hmm... could it be that this is because they know that adult content is their cash cow in the first place? An ISP wouldn't be able to filter just for underage users, so they'd lose customers.

I'm against ISP based filtering but I don't think it's technically infeasible, just a bad business move from the ISP's point of view.

Perhaps there's a business opportunity for an ISP that differentiates itself through content filtering? Disney.net?

cdmillerAugust 31, 2007 5:20 PM

Sounds like the Great Firewall of China is soon to be reimplemented in Australia. What other freedoms have Australian citizens given up recently?

KanlyAugust 31, 2007 11:28 PM

@cdmiller, We have given up many freedoms (though more accurately they were taken). In APEC the police have fenced off the city, been spying on would-be protestors, and to cap it all off there is a fireworks display for the APEC elite that the little people of Sydney have been told not to attend.

http://www.smh.com.au/news/national/the-wall-goes-up/2007/09/01/1188067410527.html
http://www.smh.com.au/specials/apec/index.html

All so so useless politicians can eat like pigs and feel important, and some cops can crack some skulls.

Tom KSeptember 6, 2007 12:26 AM

"Sounds like the Great Firewall of China is soon to be reimplemented in Australia. What other freedoms have Australian citizens given up recently?"
Posted by: cdmiller at August 31, 2007 05:20 PM

What would be the point of telling you ?
Apparently you cannot tell the difference between the type of internet censorship imposed by the Chinese govt and an opt-in optional function for parents who pay for internet connections to filter porn if they choose to.
You know, like opting in to Yahoo's spam filter. Or asking your telephone company to block 1900 numbers.
What are you going to be able to understand if you cannot tell the difference between these.

bobMarch 8, 2013 9:45 PM

Well, in fairness, if it's meant to keep children out, it's probably still doing a pretty good job.

Although... tens of millions of dollars went into this?
Jesus.

On the one hand, it means even idiots have job security in software (so, job security, yay). On the other hand, even idiots have job security in software (so, I'll have to work with idiots on occasion. Aww...).

TechyMarch 14, 2013 12:03 PM

A web content filter will keep really young children that don't understand sex, from accessing that material. But if you think that you can prevent teenagers from accessing porn, give up. Teenagers will seek nudity and sex, that's what they are biologically designed to do. They may hide this idea from you or be shy about it, but that is just reality.

Wake up, you cannot anymore prevent your teenage sons and daughters from looking at porn. You just can't do this anymore. Stop spending money and JUST ACCEPT IT! Besides that, I'm not sure that there is anything on a website that your 13-15 year old high school student hasn't thought of already. Get real, what are you trying to prevent, anyway?

You can prevent young children from being exposed to things on the internet like porn that they might be afraid of or may cause them to become scared or confused. But just beware, when they start getting into the double digits, especially the more mature ones, they will seek nudity. You cannot prevent this, and doing so is a pointless task. Make sure they focus on their school work and that they are not destracted from it. Keep it out of learning environments, like schools and libraries, though this is the least likely of a place for this to happen.

A 16 year old? There are much younger people that can hack that even quicker. You are trying to prevent a 16 year old..... It is my personal belief, if you are smart enough to hack a web filter, you are probably smart enough that you understand porn. Maybe we need to rethink these laws, this is starting to become stupid.

84 million dollars for web filtering software. I'd say a big waste of money. I'm from the US, and our country is going broke, I'm sure we have tried stupid stuff like this.

Basic web filtering software can prevent your average CHILD from being exposed to porn. So, maybe the software works! Kids that age are not going to take the time to seek pornographic materials.

They might try to crack DRM, though!

TechyMarch 14, 2013 12:33 PM

It is my suggestion that the people of your country vote out those who think that spending 84 million dollars on internet filtering software is a good use of taxpayer money. Recall, remove, whatever you do there.

We have the same type of people in the US. It is like our country is being run by a religious extremist group or social-terrorist organization like the Nazis. They want to revert the world back to the 1600's, or even the 1950's. Please be aware that your grandparents cannot make decisions about the future of the world that they will never live in. You need to remind them that there are lots of ideas and concepts that may offend them, but it is 2013. You can get their support for the constitution and the basic freedoms which all are entitled to.

Everybody needs to stand up and SUPPORT and PROTECT your country's constitution. Censorship is never a good path to take. In this day and age we need to be critical of political figures, and NOT distracted by stupid scandals that arise during elections. I personally suspect that 90 Percent of the elections in the USA are "Rigged" either by television, or by private corporations attempting to manipulate the government for their benefit. I question the accuracy of the voting process in the USA, and equate it to gambling or a ouigi board.

We are at the point of "pick the better of two evils".
To Australia, shut down censorship and the regimes associated with it before it starts. In the USA, our government is beginning to LIE to us, making things up to manipulate elections, etc. We are also seeing an increasing amount of government agencies NOT responding to individual complaints.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..