Mandatory ISP Filtering and Security

20Jan10

Let’s hope that Stephen Conroy is paying close attention to the unfolding situation between China and Google.

China is being accused of gaining unauthorised access to Google via portals setup by the company to allow law enforcement access upon previously agreed terms.

There is nothing new about the concept of these portals, and for all I know there are similar portals on Australian communication providers, but I would doubt that any are as ham-fisted as the proposed system for mandatory ISP level filtering.

The point is that the very presence of extra infrastructure between Internet users and the Internet introduces a security risk. This risk is exacerbated as control of this infrastructure (the black list) is maintained by a third party outside of the ISP. From day one the system will inevitably be a prime target for criminal gangs as a platform for launching denial-of-service attacks, monitoring user activity and potentially (and extremely dangerously) redirecting web access.

I’m not suggesting that the Australian Government or law enforcement will hack there way into an ISP’s network via this route. But the investment required from both the Federal Government and the ISPs to attempt to secure this service will be considerable. And, or course, there will be no way to 100% secure the system.