Was An ACMA Blacklist Leaked?
Today saw news that the Australian Communications and Media Authority (ACMA) had its blacklist URLs leaked on Wikileaks, a website often known for leaking secret documents.
The Sydney Morning Herald reported it exclusively at 11:44am this morning, stating that:
“The Australian communications regulator’s top-secret blacklist of banned websites has been leaked on to the web and paints a harrowing picture of Australia’s forthcoming internet censorship regime.”
In less than an hour after publication, Wikileaks published some 2,000+ URLs to its website stating they were blacklisted URLs in Australia for the month of August 2008. Wikileaks is currently offline, suggesting it fell on its back after being linked to from various sources.
Late this afternoon Senator Stephen Conroy and the ACMA issued 2 separate statements regarding the matter.
Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy condemned the reported leak and publication of the list, stating:
“The leak and publication of prohibited URLs is grossly irresponsible. It undermines efforts to improve cyber–safety and create a safe online environment for children,”
He denied that the list of leaked URLs was that of the ACMA Blacklist, stating:
“I am aware of reports that a list of URLs has been placed on a web site. This is not the ACMA blacklist.”
ACMA said in a statement:
“ACMA has previously investigated and taken action on material—including child pornography and child sexual abuse images—at some of the sites on this list of 2300 URLs. However, the list provided to ACMA differs markedly in length and format to the ACMA blacklist. The ACMA blacklist has at no stage been 2300 URLs in length and at August 2008 consisted of 1061 URLs. It is therefore completely inaccurate to say that the list of 2300 URLs constitutes an ACMA blacklist”
What remains to be seen is if the regulator’s official blacklist was in fact leaked. What is known though is that a blacklist of some sort relating to URLs that do exist on the ACMA blacklist list was leaked. One has to ask how such a leak occurred.
Mark Newton, a Network Engineer for Adelaide based ISP Internode told Tech Wired:
“It’s interesting that I’ve been warning about security of the blacklist for close to a year, and it’s only today that the Minister has shown the slightest bit of interest in it. The fact that the blacklist appears to have come from an ACMA-approved filtering software package comes as no great shock, and I guess that means the Internet Industry Association can expect an apology for Minister Conroy’s slur this afternoon suggesting that the list could be made more secure by beefing up the IIA Family Friendly ISP scheme”
A user on Australian Broadband forum Whirlpool did an analysis on one of the governments defunct Net Alert funded filtering products, Integard. The user found a file using reverse engineering techniques to obtain a file named “Websites_ACMA.txt” within the programs architecture.
He found that there were similar URLs on the blacklist when comparing it to the Wikileaks list:
“It’s not the wikileaks list (it’s a month earlier I think) but it sure is similar…and that’s as far as I’m willing to look.”
The user’s post has since been deleted by moderators of Whirlpool as being inappropriate.
ABC did a story on Lateline about the leak, you can watch below:
Hey it’s Stil without his glasses.
It is an interesting situation though. It is a list with Australian content. It has sites listed on it that should not be there ie dentists and website design company. Do these lists get revised? Is there a system in place a method/process of requesting acma to review a list if you suspect your site might be on it?
Now as for blocking stuff that we don’t yet know about …positively Orwellian
I’m without my glasses because the afternoon sidelight streaming in through the windows was causing reflections and the cameraman couldn’t find an angle where they weren’t distracting.
I should mention that you can’t tell by looking at a URL whether it should or shouldn’t be on the list, only by looking at the content it references. A URL can be anything.
ACMA pushes out a blacklist update to the filter-makers (almost) every week. When asked in Senate Estimates about clearing out old entries they were a bit vague, but I was left with the distinct impression that it happens only infrequently.
I wonder if there is a list compiled by USA government… are we being kept in the dark? Because that would be quite funny since people are complaining about China censoring their internet.
even now there’s still alot of smoke being blown. that ABC QnA episode last week was largely a waste of time, of the few sensible well-expressed questions asked, few answers really addressed key issues.
& if this topic attracted so much interested, why was only half the show dedicated to it, unlike so many other QnA episodes?!?
btw Ben, i’ve been listening to TechWired for several months now, and am amazed at the quality of ‘output’ from your good 18yo self. well done mate, definitely one to keep reading/listning!