D2 1545 matt tett

© 2010 Enex Pty Ltd. All rights reserved.This document is confidential and its circulation and use are restricted

© 2012 Enex Pty Ltd. All rights reserved.This document is confidential and itscirculation and use are restricted

Internet RegulationDecade of ICF testingCommsDay MelbourneCongressOct 2012


Know me ?

Matt TettManaging Director Enex TestLabBoard Director Internet Industry Association (IIA)Committee Member Australian Information Security Association (AISA)23 years technical experience in ICT18 years technical experience in SecurityCISSP CISA CISM CSEPS in good standing10+ years technical experience in Filtering Technologies


Internet Filtering

In its basic form Internet Filtering is the act of preventing an internet user from accessinginformation requested on the internet by using technical means to block or divert them toa different location. This can be affected at several points on the network from the local(machine based) to upstream (network/server based).


Internet Filtering

The topic can be cloudy, at best, particularly with so much debate.

The conspiracy theorists love to have their say as well, and we have heard them all.

There are two I personally like the most, firstly “@enextestlab thanks for helping to screwAustralia” and then the more articulate; that Enex TestLab is a one trick pony and wassetup solely for assisting the Government to pass their legislation on mandatory filtering.

Having sat through enough interminable Government meetings on this subject with anumber of Departments and Agencies across two elected Governments in the past 10years, I can assure you that there is no conspiracy.


© 2012 Enex Pty Ltd. All rightsreserved.This document is confidential and itscirculation and use are restricted

Enex TestLab – one trick pony ? - backgroundDispel the myth - not an overnight startup, nor a “one hit wonder” or “one trick pony”Founded 1989 at RMIT University, Melbourne, Australia, commercialised Enex TestLab in 2005Rigorous, independent, scientific testing, compliance and reporting services of all productsPrimary clients are Government Agencies, Departments and Multinational CorporationsAustralian success story, 23 years engaging and servicing over 90 industry sectors globallyInternational laboratories and offices across Asia and EuropeISO 9001 quality certified and ISO 17025 laboratory accredited (both NATA & UKAS)



ACCREDITED TEST FACILITY

Enex TestLab is an Accredited Test Facility (ATF) for;

ASIO - T4 Protective Services - Security Equipment Guide product testing and evaluationStay Smart Online (SSO) Cyber Alert Service (CAS) content management and distributionUK Government CESG CCT Mark security assurance testing and certification programUK Government CHECK program - certified penetration testingGlobal Electronic Gaming Machine testing certification (AUS/NZ, Macau, UK)Internet Industry Association Family Friendly Filter accreditation programDBCDE AS4933 Digital broadcast product testing and certification programAS2201 Alarm Panel Transmission system testingIPv6 testing and certification programHL7/Secure messaging testing programDBCDE – Technical Advisory panelDEECD – Technical Advisory panelDOJ – Fixed Digital Road Safety Camera (FDRSC) testing certification panelEnex TestLab “TESTED” quality assurance certification schemeHealthcare Health Identifier testing programVictorian Government eServices panelNew South Wales Government procurement panelQueensland Government GITCUK Government GCHQ CPA (Certified Product Assurance) security testing program


Enex TestLab ICF Experience

Over 10 years technical experience with filters – across more than one governmentCovering both client based (local), server based (network)Mandatory filtering and voluntary filteringICF initiatives - ABA, DCITA, NetAlert, IIA, ACMA and DBCDEPublic reports – NetAlert, ACMA, DBCDE, MediaPAFO programIIA FFF programEmotionMotivation

IIA Family Friendly Filters and the IIA Family Friendly ISP program


Evaluation and Deployment criteria

Many factors need to be recognised and engineers equipped to understand:

How filtered material is identified/defined by filter producers; How the ACMA PUF list and other existing lists (e.g. IWF, Interpol “worst of” etc) are

incorporated into the process; The mechanics of filter operation including how filters interact with web-browsers

and networking systems; Faults and flaws with filters (e.g. when and how objectionable material passes the

filter); Performance of end user computers that have filters installed; Performance of networks that have filters installed; End user customisation/modification of filters (granular control); and Distribution and updating of filters; Circumventing filtering technologies; How session Id’s or index pages impact on filters’ ability to work; The above considered in the context of both opt-in end-user and ISP/server

voluntary level filters highlighting the differences between them.


Lists – what to filter ?

2004 - NetAlertABA listEvolved to ACMA “black” listNow known as PUF, CAM, CSA“cleaning” the listsIWF blocking initiative - www.iwf.org.ukInterpol “worst of” - www.interpol.int


ACMA

The Australian Communications and Media Authority (ACMA) is a government agencyresponsible for the regulation of broadcasting, the internet, radiocommunications andtelecommunications.

Strategic intent: Making communications and media work in Australia’s public interest.

The ACMA also has responsibility for administering the online content scheme set outunder the Broadcasting Services Act 1992 and Internet Industry Codes of Practice.


Internet Industry Association

IIA - www.iia.net.auAustralia's national Internet industry organisationNon-profitPolicy input to GovtAdvocacy on range of business and regulatory issuesPromote laws and initiatives which enhance access, equity, reliability and growth of themedium within Australia

IIA Family Friendly Program

Over the past eight years the IIA has worked hard to put a scheme in place to assist usersbetter control their Internet access. It is aimed to strike a reasonable balance betweenprotecting end users and nurturing our rapidly developing industry, the IIA are confidentthat the scheme will help make Australian families better off by providing more choice inthe way that content can be accessed. It requires voluntary support by ISPs (FamilyFriendly ISP program) to ensure that the industry can self regulate.


IIA Important points

• The IIA Family Friendly ISP program is available to help the public better identify code-compliant ISPs. In other words, ISPs who have agreed to assist those families withinformation and tools to help make the Internet experience safer for their children.

• IIA Family Friendly filters are not intended to replace adult supervision and should notbe relied upon as an infallible substitute for this. However, they can be a usefulsupport for some families, which is why they form part of the overall scheme.

• The IIA wrote a Codes of Practice to provide guidance for ISPs who want to offer a"family friendly" service; and by complying with the IIA code, ISPs also can beconfident that they also comply with Australian law.

• The ACMA monitors compliance with the IIA Codes. Complaints about non-complianceshould be directed to the ACMA (at www.acma.gov.au). The ACMA also maintains acomplaints process to deal with offensive material on the Internet.


NetAlert Limited

A Study on Server Based Internet Filters: Accuracy, Broadband Performance Degradationand some Effects on the User ExperienceReleased - 26th May 2006 (73 pages)

The primary aim of this project was to measure the performance impact of applyingserver based Internet content filtering applications and appliances to an Internet feed inboth live and controlled environments to determine:• any degradation of speed/performance,• the typical filtering accuracy achieved and finally• the effect of filtering on the user experience when using broadband Internet services.The trial assessed the effect of the filters on the overall performance of the networkincluding the stability of the system, the impact on data rates and latency effects.


ACMA

Closed Environment Testing of ISP-Level Internet Content Filtering – report was deliveredto the Minister for Broadband, Communications and the Digital EconomyReleased - June 2008 (89 pages)

The purpose of the trial was to assess the current maturity of commercial filteringproducts in a lab environment that may be suitable for deployment by Internet ServiceProviders (ISPs).


DBCDE

Internet Service Provider (ISP) Content Filtering Pilot Report “live trial”Released - October 2009 (94 pages)

The ISP filtering pilot was undertaken to determine key information about different ISP-level content filtering technologies when these are applied to:

• Filtering a defined list of URLs, such as the current Australian Communications andMedia Authority (ACMA) blacklist (with around 1000 URLs at the time of testing), and• In addition to the ACMA blacklist, filtering a wider range and volume of material.

Testing was undertaken within an ISP’s “live” network. The different filtering solutionswere assessed against a number of factors including accuracy, effectiveness, impact onnetwork speeds (performance), the relative ease of circumvention and the costs toimplement.

The filtering technologies that were tested included pass-by filtering, deep packetinspection, pass-through filtering and proxy filtering.Poisoned DNS technology was not included as it could not demonstrate acceptablefiltering down to a specific full listed URL.


Summary

No single solution works efficiently.

Responsible ISPs provide value added service by voluntarily regulating delivery of serverlevel filtering of “worst of” list(s).

IIA family friendly ISPs provide link to IIA FFF program page for parents to have access andinformation on approved filtering products. Further demonstrating that the industry canself regulate voluntarily.

Parental responsibility extends to the family computer with both a local computer basedfilter installed and appropriate education, discipline, monitoring and controls.


Conclusion

Thank you very much for attending this presentation

Matt Tett – Managing Director

Enex TestLabRMIT University Bundoora East Campus,Room 21, Building 253, Plenty Road,Bundoora, VIC, 3083, AUSTRALIA.

P +61 3 9436 7454 (ext 101)M +61 417 399 280F +61 3 9436 [email protected]

Documents

D2 1545 matt tett