TLDR version
Most Internet traffic is not encrypted at the moment. It is trivial in cost and setup to use some form of encryption on all Internet traffic, which means that any Internet filtering solution will be unable to inspect that traffic and block sites.
Aside from that, if people access illegal content using non-encrypted communications, that is a good thing. Why? Because that means your ISP can actually detect them and send the information to law enforcement agencies. That sort of thing is common practice within the ISP industry already.
All that implementing a net filter would do is force people actually doing illegal things to get clever and use encryption technologies like the above, rather than leaving at least some of them out in the open as they are now.
Layer Cake
The Internet works on a layered communication method, where "protocols" are run on top of each other. I'm going to simplify some and leave out some things that aren't necessary to mention, but that's okay.
At the base, there exists "hardware" - wires, radio waves, that kind of thing.
Each type of hardware has a type of hardware specific communication that things use to communicate over it. (DSL, DSL2, 56k modem, wireless 802.11b/g/n, etc).
On top of that hardware specific communication is layered a protocol called "IP" (Internet Protocol), in which every device on the Internet has a numerical IP address.
At each endpoint of those bits of hardware are things called "routers", which essentially take traffic from one part of the network and "route" it to another part.
On top of IP is layered a protocol called "DNS" (Domain Name Resolution), which lets you look up a domain name (like www.google.com) and have it translated to some IP address.
In order to make a connection between one computer (e.g., yours), and another (e.g., a web server), your computer uses DNS to find the IP address, then connects to it on a "port" (another number) which is related to a particular service.
HTTP is a protocol that runs on top of IP. When you put a URL like
http://www.google.com.au/intl/en/options/ into your web browser, your computer asks via the "DNS" protocol for the IP address to contact. It then contacts that IP address on port 80, and makes a "request" for the content that lives at /intl/en/options. The server then sends the content back to your computer, which feeds it to your web browser, which then renders it.
Because all of that traffic is not encrypted, your ISP (which controls the routers between you and the rest of the Internet) can inspect that traffic, and if it sees a request for the "wrong" sort of content, it can block the rest of the traffic. That is what is proposed under the net filtering trials that have been conducted.
Sounds good. The problem is that there already exist technologies in common use today that defeat this approach completely.
There is a protocol called SSL (Secure Sockets Layer), which is another protocol layered on top of IP. It actually provides exactly the same function as IP, in that you make a connection from your computer to the other side, but what it supports (that IP doesn't) is encryption and authentication. When your computer makes an SSL connection to another server, it can tell if the other side has a "certificate" which, when "signed" by the appropriate well known authorities (Thawte and Verisign are the primary providers), proves that the server in question is really the server that is supposed to live at that hostname. In addition to that, all data passing back and forth over an SSL connection is encrypted, so nobody in between can read it.
The analogy is that "IP" traffic is like postcards - they're being passed around readable by anyone. "SSL" traffic is instead like sending a sealed and signed and stamped envelope - tampering is obvious to the other end, and you in fact can't even tamper with the envelope without destroying the contents.
HTTPS is defined as being exactly the same protocol as HTTP, except that instead of making a connection using "IP", it runs over SSL. This is the protocol used by all of your Internet banking services, and indeed by many webservers that require login of some kind, because they don't want your password and details flying around the Internet for anyone to inspect.
If your ISP wants to "filter" HTTPS traffic, it essentially can't do that effectively. It can block access to specific hostnames (e.g., groups.google.com.au), but it can't block say,
https://groups.google.com.au/groups/dir?sel=topic%3D46479.46478%2C without blocking all traffic to everything at groups.google.com.au.
So, anyone wanting to host RC content under the proposed filtering system simply has to provide it over HTTPS, and that will defeat any filtering attempt.
There is another protocol called IPSec (Internet Protocol Security), which is IP tunnelled over IP. Sounds weird, I know. What use is it? It's the same deal as SSL - it's an encryption/authentication protocol. This is what your corporate road warriors use to connect to their corporate network via a VPN (Virtual Private Network). All the traffic leaving your computer is essentially encrypted and sent down the "VPN tunnel", to your VPN server, which then decrypts it and sends the "real" traffic out to the Internet at large. All the ISP sees is a bunch of encrypted IPSec traffic, which it cannot decipher.
Now, there are quite a large number of providers in the US and elsewhere, who are happy to sell you a VPN service. What does that do? It makes your computer appear to, as far as the Internet is concerned, be coming from the US. This is commonly available technology, costs you about USD5 a month at the low end, more than that for better services. Anyone using one of these VPN services is, essentially, totally immune to the filter, because their Internet connection effectively originates in the US (or elsewhere), instead of in Australia.
These are just the two most commonly used encryption and authentication protocols out there, that are in common use by a lot of people. They are both designed to be entirely secure and not breakable in a real-time manner, not even by governments.
No filtering technology can possibly block these protocols, because to do so would cripple Australia as far as the ecommerce world is concerned. Imagine not being able to use
https://paypal.com/ or
https://amazon.com/ or
https://ebay.com/ to do anything. Imagine the CEO of IBM visiting Australia and not being able to access corporate email. We're already considered an Internet backwater due to our slow bandwidth and terrible usage caps. Inability to use basic encryption would just be madness.
Aside from that, if people access illegal content using non-encrypted communications, that is a good thing. Why? Because that means your ISP can actually detect them and send the information to law enforcement agencies. That sort of thing is common practice within the ISP industry already.
All that implementing a net filter would do is force people actually doing illegal things to get clever and use encryption technologies like the above, rather than leaving at least some of them out in the open as they are now.
Relevant links
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
