Google and Facebook blocked by Danish child porn filter on 1 March 2012

In the morning of Thursday 1 March 2012 about 8000 websites, including high-traffic sites such as Google and Facebook, were blocked by the Danish child pornography (CP) filter. When the customers of the affected ISPs, Siminn and Tele Greenland, made Google searches or accessed their Facebook pages, they were met by the STOP page for the Danish CP filter. The STOP page warns people that they are trying to access websites with CP content, and that even viewing such content is illegal under Danish law.

The Danish CP filter is implemented using DNS hijacking (DNS redirection). The participating ISPs receive a list of domains to be blocked from the Danish police, and the ISPs implement this list in their DNS resolvers. This is done in a completely automatic process, and the ISPs believe that the Danish police is responsible for the domains on the blocking list (although the police sometimes claim that they are merely simply providing a "service" to the ISPs, so the legal ramifications of who is responsible for what remain unclear).

On Thursday 1 March, the police made a serious error when they added about 8000 legitimate domains to the blocking list, including google.com and facebook.com, as mentioned above. The error only affected two smaller ISPs in Denmark, because they were the first to do the daily CP list update on their DNS resolvers, but this was sheer luck. It could just as well have affected TDC, the largest Danish ISP. But the vigilant technical support staff at Siminn alerted the Danish police about the error, so that the new list with 8000 legitimate domains was not pushed to the other Danish ISPs.

The Danish police have issued a public statement about their error and made some comments to journalists. It appears that a police officer was investigating a number of websites, and by accident he copied the list with 8000 legitimate domains to a file directory that was used for updating the CP domain blocking list. Apparently, the CP list can be updated by a simple file copying error, and this certainly casts the internal IT security of the Danish police into serious doubt. What happened on 1 March seems to be a fairly simple human error, which because of extremely bad systems design escalated into something that can almost be described as a "kill switch" for the internet. Attempts to censor the internet always create an artificial single point of failure, and we saw one really bad example of this on 1 March.

Needless to say, the Danish police have assured the public (in their press statement) that they would now implement additional checks in their updating procedures, so that this error cannot happen again. However, it is not the first time that the Danish police have added legitimate domains to the CP block list. In 2006 a Danish website with a .dk domain name was added to the list, and this error was only corrected because the website owner made a complaint to the police. In 2008, a portion of the Danish CP list was leaked on Wikileaks, and many domains on the list did not contain any CP pictures at all. Two years later, in 2010, the German organization AK Zensur thoroughly examined 167 internet domains that were blocked in Denmark and Sweden. Only three domains contained CP pictures, and two of those three domains were found on the Danish CP list leaked to Wikileaks in 2008. This means that the websites had been online for more than two years, despite the fact that the Danish police had investigated the sites and put them on the Danish CP block list in 2008 or earlier
http://ak-zensur.de/2010/09/looking-away.html

The Danish police is claiming that they contact the authorities in the countries where the web servers are actually located, but the investigation by AK Zensur seems to contradict that claim. AK Zensur was able to take down the three CP websites by sending a few emails to the hosting providers. If the Danish police are just adding domains to the CP block list, without taking any further action, they are in fact providing a "valuable" early-warning system to the organized crime organizations that are behind the distribution of CP content. They simply need to perform regular DNS lookups with a Danish ISP, and if the IP address is spoofed, the criminals will know that the Danish police have found their site. This gives them more than enough time to move the servers and cover their tracks.

The IT-Political Association of Denmark has fought against the Danish CP filter since its inception in 2006. Officially, it is voluntary for Danish ISPs to participate in the blocking scheme, but it is well know that the Danish government has threatened with legislation if the ISPs did not ("voluntarily") implement a blocking scheme for alleged CP content. In reality, the blocking scheme is mandatory, but unlike blocking of websites with copyright infringing material (another Danish specialty!), the CP filter is updated without any oversight from the courts, and even the number of domains on the list is kept as a secret by the Danish police. Participating ISPs have to sign a contract where they promise never to distribute the CP domain list to anyone. On 1 March, the Danish police even refused to confirm that Google and Facebook were affected by the block, but this is known from the complaints received by the customer service department of Siminn, one of the affected ISPs.

Official statement by the Danish police (in Danish)
http://www.politi.dk/da/aktuelt/nyheder/Fejl+blokerer+internetsider+kortvarigt.htm

News coverage in Danish about the event
http://www.comon.dk/art/214435/politiet-stemplede-facebook-som-boerneporno-spaerrede-8-000-lovlige-hjemmesider
http://www.version2.dk/artikel/tog-fejl-af-filmapper-politiet-kom-til-spaerre-facebook-44026
http://www.bt.dk/krimi/facebook-blokeret-af-boerneporno-filter

So far the event has mainly been covered in IT-related news media.

Emner: