Online business Toolkit

Wind up the Internet Watch Foundation

Tags:
Foundation,
Block,
Responsibility,
Removed

Leader ZDNet.co.uk

Published: 08 Dec 2008 16:42 GMT

Over the weekend, thousands of UK web users found their access to Wikipedia curtailed or removed altogether, without warning or explanation. Over time, the facts leaked out: the UK's Internet Watch Foundation, a quasi-governmental entity, had received a complaint about an album cover pictured on Wikipedia, had decided it was illegal, and had instructed all UK ISPs to block it.

Whether that decision was correct or effective is a good and important question: our opinion is that it was farcical at best. But the immediate consequences of that decision require close scrutiny. Because of the way the block was implemented — a proxy that collapsed all outgoing IP addresses into one — Wikipedia's normal operations were hugely disrupted. There is also some evidence that at least one UK ISP mishandled the request, causing misroutes that removed Wikipedia altogether from parts of the UK internet.

That's bad enough. Once the problem had been identified, however, it was compounded by the lack of co-ordination behind the initial action. There was no one person to talk to — the Internet Watch Foundation itself is remote and reluctant to discuss details. The ISPs were ill-informed and ill-prepared to cope with floods of angry users.

If this had been a case of pure censorship, then we would have the luxury of discussion over time. It wasn't. It was a direct denial-of-service attack on a third-party web service, sponsored by the state. That it happened through incompetence rather than maliciousness is an extenuating circumstance: it does not negate the crime.

The same image IWF deemed illegal remains available on countless e-commerce sites, including Amazon. Amazon is one of the big cloud service providers. It is therefore demonstrably vulnerable to such state-sponsored denial-of-service attacks, as is any other cloud provider. How that will affect decision-making over whether to move enterprise-critical services onto the cloud is unclear, but it raises a whole new set of concerns that must be addressed.

It is essential that if the state is determined to censor the UK's internet feed, it must take responsibility for the effects — intended and unintended — of doing so. That means clear lines of command, clear and effective channels of communication to cope swiftly with problems, and a service-level agreement between the state and its citizens — corporate and individual — that guarantees no disruption to services.

Much easier, of course, to say the responsibility for illegal content lies with those who would break the law with it, and leave that decision up to them. To bring down one of the internet's most-used resources because of one example of 1970s bad taste may be ridiculous, counter-productive and indefensible, but it has served one useful purpose. It has illustrated the futility of censorship in an open society, and the damage done by forcing it closed.