ISP Filtering Live Pilot - Questions and answers

The questions on this page relate to the ISP Content Filtering Pilot. These questions were received from ISPs potentially interested in participating in the ISP live Pilot to be completed in the first half of 2009.

Click on the question or scroll down to view the answer to each question.

  1. If this Pilot is run as a voluntary opt in service for the Pilot, how can we guarantee numbers in the timeline you are requesting?
  2. Considering that many vendors are not willing to hold exchange rate or quotes for extended time, is it expected that we provide a set quote?
  3. For capital expenditure, are the funds available prior to commencement of the trial?
  4. Can an ISP participate without the involvement of actual customer accounts? For example, would it be possible to only provide Enex TestLab with filtered and unfiltered test accounts?
  5. We understand that the cornerstone of any live internet filtering trial should be the testing of network degradation and the ability of a solution to scale. While the current framework allows for speed degradation testing for a single user or a small group of filtered users, how is it proposed to measure performance and network degradation over an entire customer base?
  6. Is it the Department's plan to extrapolate performance results from a very small group of users to a base of several million? If so, what sort of methodology is planned to perform such an extrapolation?
  7. We understand Enex Test Lab has conducted tests for DBCDE on the alleged extent of over-blocking using IP addresses rather than URLs. Is the Department prepared to release these findings and the related methodology?
  8. How will complaints from websites claiming they have been inappropriately blocked (i.e. over-blocking) be managed and by whom?
  9. The Pilot includes the assessment of end users' filtering experience. This will involve a survey of a sample of ISP customers following their consent. Please elaborate on the form of this survey and what correspondence/interaction there will be between Enex and ISP customers. Also, will ISPs get the opportunity to approve this correspondence?
  10. Would ACMA be providing the survey/questionnaire, the draft seems to indicate we will draw up a survey?
  11. We can guarantee delivery of the survey to the participating customers, however we cannot guarantee the numbers of completed surveys returned. Therefore, is the funding in anyway tied to numbers of completed customer surveys returned?
  12. Is the Commonwealth prepared to offer a statutory 'safe harbour' protection or contractual indemnity to participant ISPs who might otherwise be exposed to litigation risk (including from any over blocking or wrongful blacklisting)?
  13. What assurance can DBCDE provide as to the confidentiality of commercially sensitive information or customer information ISPs might provide as part of the Pilot?
  14. What are the requirements around security and confidentiality of the ACMA blacklist?
  15. Is the ACMA blacklist in a form that potentially could expose ISP staff to websites containing child abuse or other illegal content? If so, what safeguards will be put in place?
  16. Will we be able to see the blacklist prior to committing to the Pilot?
  17. Does the requirement for prior Departmental approval of marketing/publicity activities of participants related to the Pilot also relate to ad hoc media inquiries? Also what will this requirement involve?
  18. Will DBCDE share trial outcomes with participants and consult on draft conclusions flowing from the Pilot prior to their public release?
  19. At a minimum, a Pilot ISP is to implement the ACMA blacklist, which is a list of approximately 1300 specific URLs?
  20. At a minimum, as part of the Pilot, the only protocol to filter is web traffic that is exclusively HTTP over TCP port 80?
  21. A successful Pilot ISP will receive a copy of the ACMA blacklist, where the means of implementing the filter is entirely up to the ISP? It is understood that receipt of the blacklist will require both successfully joining the Pilot program, and the signing of some form of confidentiality agreement with the ACMA?
  22. At a minimum, is the Department interested in understanding the impact on internet services that are both filtered and not filtered...(see more)
  23. What is the expected behaviour of an internet service that attempts to reach blocked content...(see more)

1. If this Pilot is run as a voluntary opt in service for the Pilot, how can we guarantee numbers in the timeline you are requesting?

The timeline outlined in the Request for Expression of Interest is indicative and is provided to ISPs to assist them in their decision making. The Department will discuss with individual ISPs their requirements, including the timelines needed to participate in the Pilot. The Department is happy to discuss with ISPs how they propose to engage their customers in the Pilot.

2. Considering that many vendors are not willing to hold exchange rate or quotes for extended time, is it expected that we provide a set quote?

To assist the Department in managing the costs associated with this Pilot, it is preferable that applicants note in their Application Form the period for which quotes are valid. Details of any financial assistance provided will be discussed with ISPs. As noted in the Request for Expression of Interest, funding is limited.

3. For capital expenditure, are the funds available prior to commencement of the trial?

The Expression of Interest document outlines the acquittal and payment process for grants funding. The Department will issue grants payments no later than 30 days from receipt of a correctly rendered invoice.

4. Can an ISP participate without the involvement of actual customer accounts? For example, would it be possible to only provide Enex TestLab with filtered and unfiltered test accounts?

It is intended that every participant in the Pilot will involve actual customer accounts. However, if—in addition to a live customer component—an ISP proposes other approaches for testing particular aspects of filtering or network performance, the Department will consider these where they could provide useful information to supplement that gained from the live customer component.

5. We understand that the cornerstone of any live internet filtering trial should be the testing of network degradation and the ability of a solution to scale. While the current framework allows for speed degradation testing for a single user or a small group of filtered users, how is it proposed to measure performance and network degradation over an entire customer base?

Scalability is one of a number of variables that the Pilot will seek to address. Consideration will be given to connection types, connection speeds, numbers of participating users and the size of participants' entire customer bases along with future network expectations.

Depending on the nature of ISP participation, measurements can occur at a number of points in the network and with the filter enabled, disabled and removed.

Some closed on-network or lab testing in conjunction with the ISP is also possible to validate the performance impact of the filter solution. Where available, the Department will collect information on historical network performance as well as that gathered over the course of the Pilot.

6. Is it the Department's plan to extrapolate performance results from a very small group of users to a base of several million? If so, what sort of methodology is planned to perform such an extrapolation?

Enex TestLab will engage with each individual ISP in planning and preparation sessions to detail and agree on the level of participation and involvement between the parties in the Pilot and address issues resulting from the different technical platforms and filtering methods used.

7. We understand Enex TestLab has conducted tests for DBCDE on the alleged extent of over-blocking using IP addresses rather than URLs. Is the Department prepared to release these findings and the related methodology?

Preliminary laboratory testing was conducted to assess the potential level of over-blocking using IP addresses.

The Department and Enex TestLab will discuss the methodology and findings of the study with ISPs that actually participate in the Pilot and are considering using this technology platform.

8. How will complaints from websites claiming they have been inappropriately blocked (i.e. over-blocking) be managed and by whom?

Dependent on the filtering method chosen by the ISP, mechanisms to report over-blocking may be built into the solution. Enex TestLab will perform accuracy and effectiveness testing early in the Pilot for each solution. If over-blocking is detected Enex TestLab will notify the ISP and re-test until the matter is satisfactorily resolved before proceeding.

For participating ISPs that do not have an over-blocking reporting mechanism, Enex TestLab will engage one-on-one with each respondent organisation in planning and preparation sessions to discuss and address such issues.

9. The Pilot includes the assessment of end users' filtering experience. This will involve a survey of a sample of ISP customers following their consent. Please elaborate on the form of this survey and what correspondence/interaction there will be between Enex and ISP customers. Also, will ISPs get the opportunity to approve this correspondence?

The ISP filtering Pilot will ideally involve surveying a sample of an ISP's participating customer base to seek information on the customer's filtering experience.

The Department is conscious of the need to minimise any impact on both customers and the ISP. Therefore, the survey will be kept to a minimum and undertaken electronically where possible. It is proposed that Enex TestLab will undertake the surveys with the end user.

The Department and Enex TestLab will discuss the survey process and associated correspondence with participating ISPs, prior to issuing the survey.

10. Would ACMA be providing the survey/questionnaire, the draft seems to indicate we will draw up a survey?

Enex TestLab will draft the customer survey in consultation with the ISP and the Department.

11. We can guarantee delivery of the survey to the participating customers, however we cannot guarantee the numbers of completed surveys returned. Therefore, is the funding in anyway tied to numbers of completed customer surveys returned?

Funding is not contingent on numbers of completed customer surveys.

Funding assistance is related to participation in the Pilot, and therefore involves reimbursement of some costs associated with:

  • procurement of a filtering solution
  • installation and configuration of the filtering solution
  • costs associated with any required modifications to network infrastructure.

12. Is the Commonwealth prepared to offer a statutory 'safe harbour' protection or contractual indemnity to participant ISPs who might otherwise be exposed to litigation risk (including from any over blocking or wrongful blacklisting)?

The nature and extent of this issue will depend on the circumstances of individual ISPs, including the nature of their contracts with their customers and the approach to filtering proposed. The Department will discuss this issue with each ISP proposing to participate. The Department considers that the need for an indemnity from the Commonwealth has not been established.

13. What assurance can DBCDE provide as to the confidentiality of commercially sensitive information or customer information ISPs might provide as part of the Pilot?

The draft Deed of Agreement contains terms regarding the treatment of confidential information (see clause 7 of the Deed, and item 5 to Schedule 1).

The Request for Expressions of Interest asks applicants to make submissions to the Commonwealth about information that they want the Commonwealth to treat as confidential. The Commonwealth will consider each submission, and may agree to treat particular information as confidential.

If the Commonwealth accepts an applicant's claim for confidentiality, Australian Government officials are subject to a rigorous regime of statutory obligations restricting their ability to disclose such information. These statutory obligations include, but are not limited to, section 13 of the Public Service Act 1999 (which establishes the APS Code of Conduct), Public Service Regulation 2.1 (which prohibits unauthorised disclosure by an APS employee of information gained in the course of APS employment) and section 70 of the Crimes Act 1914 (which makes it an offence for Commonwealth officers to disclose information in certain circumstances).

The Privacy Act 1988 would also apply to the extent that confidential information might include personal information.

14. What are the requirements around security and confidentiality of the ACMA blacklist?

ISPs participating in the Pilot must enter into a non-disclosure undertaking with ACMA to obtain the blacklist.

The undertaking will acknowledge that the URLs contained on the blacklist relate to prohibited content under the Broadcasting Services Act 1992 and that the blacklist is provided in confidence, for the sole purpose of allowing the participating ISP to prevent access to the material contained in the blacklist for users of the ISP's service.

Participating ISPs must not disclose the blacklist to anyone, or for any purpose, not directly related to the ISP taking the necessary steps to prevent the users of its services from accessing such material by way of its participation in the ISP Internet Level Content Filtering Pilot.

15. Is the ACMA blacklist in a form that potentially could expose ISP staff to websites containing child abuse or other illegal content? If so, what safeguards will be put in place?

Participating ISPs are not required to access the material on the blacklist. Rather, they are required to block access to the URLs on the blacklist. The blacklist will be provided to participating ISPs in a password protected file.

16. Will we be able to see the blacklist prior to committing to the Pilot?

The blacklist contains approximately 1300 URLs. The blacklist will not be provided to ISPs not participating in the Pilot.

17. Does the requirement for prior Departmental approval of marketing/publicity activities of participants related to the Pilot also relate to ad hoc media inquiries? Also what will this requirement involve?

Participants in the ISP Content Filtering Live Pilot will not need to gain the Department's approval to respond to ad hoc media queries concerning their participation. However, participants must ensure that confidential information is not disclosed when answering any media queries.

Participants must obtain Departmental approval for marketing and publicity activities relating to the Pilot, including ensuring that any associated publicity and marketing material acknowledges the support of the Australian Government.

18. Will DBCDE share trial outcomes with participants and consult on draft conclusions flowing from the Pilot prior to their public release?

All outcomes arising from a particular ISP's participation in the Pilot will be shared with that ISP. All conclusions drawn from the outcomes of a particular ISP's participation will be shared with that ISP. The Department has no authority to share outcomes in relation to one ISP with another ISP.

The final report of the Pilot will not attribute particular outcomes to a specific ISP.

19. At a minimum, a Pilot ISP is to implement the ACMA blacklist, which is a list of approximately 1300 specific URLs?

At a minimum, an ISP participating in the Pilot must implement ISP filtering mechanisms that will filter access to the ACMA blacklist, which currently contains approximately 1300 URLs.

URLs consist of any single page or image of web content that is classified as prohibited. Where a particular page(s) or image(s) must be blocked, other pages or images on that site should not be blocked where they have not been classified as prohibited.

20. At a minimum, as part of the Pilot, the only protocol to filter is web traffic that is exclusively HTTP over TCP port 80?

At a minimum, participating ISPs will implement ISP filtering to block access to URLs that are classified as prohibited and are on the ACMA blacklist. This consists of page(s) and image(s) of HTTP content. This requirement does not specify any port for filtering, although it is acknowledged that TCP port 80 is the normal port for HTTP traffic.

21. A successful Pilot ISP will receive a copy of the ACMA blacklist, where the means of implementing the filter is entirely up to the ISP? It is understood that receipt of the blacklist will require both successfully joining the Pilot program, and the signing of some form of confidentiality agreement with the ACMA?

Yes.

Upon entering into a Deed of Agreement with the Department to participate in the Pilot, the ISP will also enter into a Non-Disclosure Agreement with ACMA to obtain the blacklist. The undertaking will acknowledge that the URLs contained on the blacklist relate to prohibited and potentially prohibited content and that the blacklist is provided in confidence, for the sole purpose of blocking access to the material contained in the blacklist by the ISP's customers.

Participating ISPs must not disclose the blacklist to anyone, or for any purpose, not directly related to the measures taken by the ISP by way of its participation in the ISP Internet Level Content Filtering Pilot to ensure that its customers have no access to such material.

22. At a minimum, is the Department interested in understanding the impact on internet services that are both filtered and not filtered. This is to include:

  1. 'Speed' of services between dial-up (56 Kbps) and 12 Mbps (broadband), in terms of throughput and latency (delay / lag)?
  2. Filtering infrastructure scalability in terms of traffic volumes, number of customers, and size of the blacklist (entries on a logarithmic scale: 10^3, 10^4, 10^5, 10^6, etc)?
  3. False positive and false negative, expressed as a ratio or specific hit count?
  4. Perceived effort required to bypass or otherwise circumvent the filter?

Ideally, a participating ISP will apply a filtering solution to a sample of their customer base. Enex will then obtain a sample filtered service and, simultaneously, a sample unfiltered service from the same ISP. If this is not feasible, an ISP could provide a 'before filtering' and 'after filtering' approach using a single connection.

As outlined in the Technical Testing Framework, ISP filtering solutions will be assessed against a comprehensive range of criteria including network performance, accuracy, circumvention, user experience of filtering (including privacy/security issues), costs associated with introducing ISP filtering, scalability and, where relevant, effectiveness of additional filter functionalities.

The range of 56 Kbps to 12 Mbps is an indicative range. ISPs can propose alternative ranges, noting the intention of the Pilot is to test a range of typical customer access speeds.

23. What is the expected behaviour of an internet service that attempts to reach blocked content, should:

  1. A page showing 'content blocked by filter' or equivalent be displayed, which would leak the contents of the ACMA list to users?
  2. The page to not load, which would probably prompt the end user to call the ISP's technical support?
  3. The attempt to reach blocked content be logged?
  4. Something else or a combination of the above happens?

Enex TestLab intends to engage one-on-one with each participating ISP to agree on the appropriate response. Item c) is not required within the scope of the trial.

 
 
 
 
Document ID: 87738 | Last modified: 11 October 2011, 12:16pm