Slashdot Mirror
Pennsylvania Refuses to Disclose Banned Website List
koehn writes "In an interesting turn of events, the Attorney General of Pennsylvania has ordered all PA ISPs to block sites that have child porn. If that's not bad enough, they won't tell you which sites those are because - so the excuse goes - that could be construed as 'disseminating pornography.' So much for public review, huh?" See the previous story.
the Attorney General of Pennsylvania has ordered all PA ISPs to block sites that have child porn. If that's not bad enough...
Waa... Hunh... I had to read this a few times to realize it's not supposed be a joke.
Bad enough for who?
Here
But what about this?
Oh BTW, Pajonet's Hot or Not News Site has been totally redone
You'd think they could just publish the list on the net, so every s. kiddie could try to take it down with their mad skills...
/. - I bet the sites would never be back up.
Alternately, just publish the list on
-Maher-
It seems likely to me that they simply don't have a list, and they want to make it the ISP's problems. The best law enforcement agencies in the country can't stop kiddy-porn rings, so let's see if overworked sysadmins can! If it fails, at least we'll be able to pass the blame...
I think ISPs should simply declare that, to the best of their knowledge, there is no kiddy porn on the web, and only block things if they get complaints (then report the complainant as having viewed kiddy-porn.)
Sig:Why copyright isn't a fundamental human right
If all of these sites actually contain child porn why not focus all efforts on getting them shut down completely .. having a few ISP's block these websites accomplishes nothing ..
Yes, the problem with an open society is having to deal with things you may not like. I can trust them to use this list honestly (I don't think they'd blacklist a site that doesn't qualify as child porn), but if we're pretending to be an open society, we ought to act like it.
Fact is, people who look at child porn already have their hookup, they don't need a list to figure out where to go. (ie, USENET)
Open up the damn list so the paranoid people can judge for themselves, and so we're not hypocritical when we pretend that we're better than police states like China in this regard.
The CDT report - entitled "The Pennsylvania ISP Liability Law: An Unconstitutional Prior Restraint and a Threat to the Stability of the Internet" - analyzes a 2002 Pennsylvania law that forces ISPs to block access to any web site deemed "child pornography" without notice to the site's publisher and without any opportunity to challenge the determination. ISPs are required to block the sites even if they do not host the content and have no relationship whatsoever with the publishers of the content. The Pennsylvania Attorney General has since gone even further, bypassing the law's inadequate court procedures to simply demand by letter that sites be blocked.
CDT.org
More News
Fisher has so far instructed Internet providers with customers in the state to block subscribers from at least 423 Web sites around the world.
First, I find it hard to believe that there are only 423 web sites that offer kiddie porn, based soley on the amount of spam I get advertizing it. And in what way is this list updated? Porn sites move around constantly, and use any number of tricks to fool browsers (fake.site.com@real.site.com tricks, IP addresses instead of host names, etc.) so I think this list must be changing every few minutes. Do they reall y have someone sitting and watching as the porn sites get a new IP address?
I'm not saying anything for or against the block itself, I'm just saying this must be one hell of a headache to manange.
...if you don't get to look at the list, how do you know it's not being abused? How do you know that they are all child porn sites, and not, for example, pro-choice advocate sites, or whatever the reviewer decides is against his personal beliefs?
If I was in charge of the list, and I knew that it would never be seen by anyone but me and my cronies, then I've got a really big stick to wave around the heads of those people I don't agree with. Child porn is bad, but the potential to lose some bit of freedom is worse. Eventually those kids grow up and either adjust or they don't, but lost freedoms are usually gone forever and they affect everybody in the country. There is no bigger superpower than us that can come and bail us out if our govt becomes a totolitarian regime, so we have to defend our liberty at all cost while we have the chance.
Why do laws like this, which are completely impossible to force and redundant (possession of child porn is ALREADY illegal, why force ISPs to filter it?) manage to get passed?
Because who the hell expects to get any votes after voting against a child-porn law?
They only get away with stupid laws like this because most people don't look past the title, so we get things like "The Patriot Act"...
Uhm, they already have...
So how exactly does the state tell the ISPs which sites to block without such 'disseminiation'?
Sounds like he's just passing the buck. Last time I checked it was the legal system's job to enforce laws -- not some private company that provides internet access. Not that this exactly qualifies as law enforcement since the sites are still out there -- they're just kinda-sorta-maybe blocked in PA (motto: "Yet Another Hillbilly State").
Were all the internet child porn cases coming through his court cutting into his golf time? Did someone forget to give him the memo that would have clued him in to the fact that a lot of this shit is hosted by the russian mafia and isn't exactly a stationary target because (suprise!) even people on the internet hate kiddie porn?
>
Which ones are left on your list?
Sheesh, evil *and* a jerk. -- Jade
Child porn is illegal everywhere I am aware of. Why block the websites when they can be taken down like they should be? That's like when your mother told you to clean your room and so you just shoved it all under the bed, didn't make your room clean and this wont make the internet better. A band-aid won't stop the bleeding.
If they fail to make the list open then some cracker will crack one of the covered ISP's and make the list public. Information wants to be free, and any information this widely distributed is bound to make it into the wild. Now I personally believe that hidden government is bad in general, but I put up with the CIA and NSA because they provide a service that is necessary and requires secrecy. Whether blocking sites alleged to contain kiddie porn is a compelling enough argument to put up with hidden government is debatable, but for me it is not.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Wanna make a /. convoy, eh?
Understanding is a three-edged sword. -- Kosh Naranek
The thing someone has to learn is that when government does anything that is a bit unusual or secretive, no matter how small, it's usually a test. Parents with kids understand it. Kids test you to see how much shit you're willing to take. Similarly, government likes to see how much shit you're willing to take. Once they see most people are cool with keeping something secret as long as they attach child porn to it, they'll start doing other things.
Yeah, sure, you'll say again, no slippery slope. And of course, to make that position, you'll ignore all of U.S. History from the late 1700's to today.
Only in slashdot are posts of solidarity modded at -1 Redundant, while posts of antagonism are modded as -1 Flamebait.
The public seems to have something of a love-hate relationship with child porn. On one hand, child porn in the classical sense is bad. On the other hand, child porn in the form of Britney and Christina is just fine? I remember reading an article on Britney before the music industry pimped her out. Cute kid. I just say LeAnn Rimes the other day on a Blender cover, topless. Even country music has gotten into it. Sigh... Maybe just another reason to hate the RIAA?
A deep unwavering belief is a sure sign you're missing something...
Even if the program were honest and verifiable, it would still be a bad idea. This essentially closes off sites that alow user posts, such as Slashdot. All you have to do to kill Slashdot in Pensylvania now is persistenlty place kiddie porn links into your posts. But it is not honest and it is not verifiable so the state could just block Slashdot as it pleases. If people noticed and complained that they can't find Slashdot anymore, the State can claim it was an honest mistake. The damage would have been done as the people would have been kept from knowledge in a timely manner. Other sites that few no about can be blocked with impunity.
Friends don't help friends install M$ junk.
It seems like this law tries to regulate interstate commerce. If the child porn site is in Nevada (nothing against Nevada, mind you) and Pennsylvania wants to block its citizens from accessing it, the transaction has to occur across state lines. Interstate commerce is the domain of Congress, not Pennsylvania. It would seem to me the only Constitutionally valid law Pennsylvania could pass would bar Pennsylvania citizens from accessing Pennsylvania child porn.
-jag
http://starboard.flowtheory.net/
The problem with this law is that an ISP cannot search web content for a given filename or even URL and block it based on that. ISPs don't look at anything beyond IP Layer 3. All they care about is routing IP packets. What happens if a large over-seas company hosts thousands of customers with a single IP address (or pool of addresses in the case of a webserver farm)? All it would take is one bad apple at that hosting ISP and Penn. would force Penn. ISP's to block all other content from that hosting ISP's webserver.
Should that ISP be hosting child porn? Of course not. Should all the other sites hosted at that ISP be blacklisted? No.
These lawmakers are either uneducated about how the internet works, or simply do not care and feel that blocking child porn is more important than the free speech of the other legit websites that may be hosted on an ISP's shared webserver farm.
Penn should enforce the law where they can: If the webservers are outside the arm of the US law, go after what isn't: those who download and view this content. They can start with their own state employees at work, which would violate no privacy laws. Folks seriously addicted to kiddie porn known no bounds. I've know of a case where a local county employee spent 2-3 hours a day at work surfing this stuff.
All this law is going to do is drive kiddie porn sites futher underground and make those in Penn be more sneaky. As someone else posted, Penn. law enforcement won't even be able to access these sites to verify if it has kiddie porn (say if they had a download history on a PC but no actual photos.)
It's going to be interesting when they try to prosecute somebody.
Prosecutor: This guy looked at child porn.
Defendant: It isn't child porn!
Judge: OK, let's show the jury this alleged porn.
Prosecutor: No, we can't do that! It's illegal for the jurors to look at child porn!
Judge: Well, then let me look at it.
Prosecutor: But, Your Honor, it's illegal for you to look at child porn, too!
Judge: Well, dammit, what if it's not porn?
Prosecutor: Well, then you could look at it. But you realize that if you deem it porn, we can charge you with having viewed it.
Judge: Well, then, I don't want to risk it. Ladies and gentlemen of the jury, you're just going to have to take his word for it.
[Jury deliberates.]
Jury: Not guilty due to lack of evidence.
Sunlit World Scheme. Weird and different.
Electronic Frontiers Australia have been trying to get a list of sites from the authorities over here. While there isn't an all-encompassing list of sites that ISPs must block, there is a list of sites that have been reported to the authorities. If these sites are deemed sufficiently offensive by the same governmental body that issues classifications for movies, and the site falls under Australian jurisdiction, it will be issued a takedown notice.
So far the government has managed to weasel it's way out of complying with EFA's Freedom of Information requests, due to exemptions in the law. Whether the exemptions should protect the government in this case isn't an open and shut case though - in fact, the government is worried enough that they're currently pushing legislation that would explicitly put such information outside of the scope of the FOI Act.
The problem with keeping this information from the public is that there is no ability to properly review the process. Many in Australia are of the opinion that our content regulation regime is a farce.
More information at EFA
How the hell are ISPs supposed to be able to implement and deploy this blocking according to the official list if they are not given a copy of the list? And doesn't that law at least claim it applies to any ISP, even out of state, as long as it serves customers in Pennsylvania ... at least for the Pennsylvania customers? I'd like to know if the list consists of IP addresses, domain names, or complete URLs (or some mix of these).
If the list has IP addresses only, then it would be theoretically possible to deploy this in a router access list. But many routers don't scale well with large lists because of sequential implementation. And what if the web site in question changes IP address periodically? Does the IP address list get updated equally as often?
If the list has domain names, perhaps those can be remapped to IP addresses regularly, and put in the access list.
In either case, using IP addresses has "collateral damage" effects on other web sites sharing the same server, and maybe even other services if not deployed to specific ports (e.g. other connections like SMTP won't work). I'm sure that Mike Fisher, who is so full of himself that he tries to make people think he is the only attorney general around by registering attorneygeneral.com and attorneygeneral.gov, won't care (using the same theory spam fighters use that if the ISP hosts bad customers, then everyone should suffer until the ISP stops hosting them or goes out of business).
Or perhaps the list consists of URLs, including path names to specific site areas or user pages. The problem is most routers can't deal with that at all. You need a web proxy. That means ISPs now have to pay out more money to run web proxies, with all their associated problems, such as DNS lookup failures for users accessing web sites in different DNS realms (e.g. DNS name spaces NOT rooted at the normal ICANN root servers) or with add-on TLDs (e.g. pseudo-realms that take normal TLDs and combine with special TLDs like ... uh ... the ".xxx" and ".sex" TLDs). And what about accessing HTTPS sites via the proxy? The certificates won't match up unless the browser is configured to "trust" the proxy (e.g. accept the proxy's certificate for that half the end-to-end path, or just connect to the proxy unencrypted and ask for an HTTPS URL). If the ISPs don't filter on HTTPS, then the porn sites that are intended to be blocked can just make HTTPS work. OTOH, if the ISPs force proxying HTTPS, that becomes a major privacy violation.
So one way or the other, porn sites can evade the blocking. If blocked by IP address, they just move around ... maybe as often as every 5 minutes with very dynamic DNS or other very highly distributed methods. And if blocked by URL, they can use HTTPS to bypass proxies or force the ISPs to invade secure web privacy. And if blocked by domain name in the DNS server (using local authoritative zones) users can get around that by not using the ISP DNS servers, running their own DNS servers, or the porn site can register more domain names (they're cheap for porn operators).
And with tens of thousands of open proxies around the world (check today's load of spam for more addresses), there's going to be plenty of ways for perverts to get their fix once they learn these methods. Is the PA AG going to track all the open proxies out there, too?
But in either of these cases, there isn't much the ISP can do without the list. And I didn't see anything in the text of the law that says the list has to be held in strict confidence by the ISP (as if that would apply to an out of state ISP anyway).
now we need to go OSS in diesel cars
Does this law affect only those ISPs which are based in Pennsylvania, or ISPs that operate in Pennsylvania, or that have a Point Of Presence in Pennsylvania?
What about a national DSL ISP that doesn't have a POP in Pennsylvania, but instead backhauls all their Pennsylvania customers over the phone company's ATM cloud to a POP in a neighboring state? It could be argued that the customer is not technically connected to the Internet in Pennsylvania.
In order to block specific URLs (rather than IP addresses), PA ISPs would be required to redirect port 80 through a transparent proxy server. This can potentially cause problems (although it's not a problem for most people). If the law does not apply to ISPs that are not based in Pennsylvania, could non-local ISPs to advertise that they don't redirect, block or monitor traffic, possibly giving them a competitive advantage over local PA ISPs?
Of course I'm all for getting rid of child porn, but this doesn't sound like the way to do it.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
The problem is, this viewpoint is flawed for two reasons.
1. Making something illegal, making it tough to get, making it risky to get, doesn't stop it. As long as there's demand, someone will be supplying, someone will be producing. Worse, because the supplying is done on the black market and thus prices can get steep, there isn't just 1 guy in his basement trying to be the supplier. The more money there is to be made, the more people you'll have trying to be the suppliers. Want an example? Try prohibition. Try the "war on drugs." Both failed miserably and one of them is still costing us billions of dollars a year. I'm not saying we should legalize child porn, I'm just saying that the continual "cracking down" is a futile effort because there will always be demand and thus there will always be supply.
2. From what I understand, child porn is not a purely profit driven enterprise. Not everyone who makes child porn does it to sell it. Some of them do it because, surprise surprise, they like diddling kids. These people are going to keep diddling kids whether they can profit off the pictures or not. In other words, even if by some blessing all child porn was eliminated from the world tomorrow, along with all cameras, camcorders, and any other device capable of making porn, the abuse would still be going on.
But your average law maker fails to think all of this through, instead opting for the lazy way out, "let's make more laws making it even more illegal than it already is!! That'll fix it!"
Or maybe the music industry is selling what people want but are ashamed to admit they want. Heck, it wouldn't be the first time.
I think people over-react to child porn. Just look at the replies in this topic. Everybody seems to have to put "I don't like kiddie-porn but..." in every message. It's almost like "I'm not a communist but..." Does anybody really think that someone who doesn't include that disclaimer goes out and rapes kids?
Exploitation of anybody, including children is bad. No question. I fully support going after anybody who makes, sells or buys child porn, but I'm not 100% sold on going after people who possess it. If it is simply found "in their possession", which could possibly even mean that it showed up in their browser cache. Should you be in trouble because you mistype a URL and get one of the many porn typo sites?
Maybe intentionally seeking out child porn online should be illegal, but the penalty should reflect the crime. Someone who doesn't buy, sell, or make kiddie porn hasn't hurt any kids. Now the the argument is of course that viewing child porn leads to other crimes against kids. But isn't that the kind of thing that Slashdotters hate when it comes to other things? Just because someone loves playing violent video games and perhaps even makes a level that reflects their school or office doesn't necessarily mean they're going to go shooting up their school or office. Perhaps the punishment for seeking out child porn should be giving up all their privacy in case they can't control their urges.
This isn't intended to be flamebait. I'm sure there's many a libertarian who would agree with me that any action that doesn't actually hurt somebody else shouldn't be illegal. If you're going to moderate it down because you don't like what I'm saying, consider posting a reply instead. And it's not offtopic, the topic is child-porn and law, isn't it?
This is an argument for no laws whatsoever. Making murder illegal does absolutely nothing to stop murderers as well. Unless you are arguing that there is no point in making anything illegal, you are implictly accepting the fact that certain acts deserve sanction, despite the fact that those sanctions will not end all such acts. From then on, it's an argument about where to draw that line, and this reasoning is not applicable.
You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
-- Colonel Adolphus Busch
This is far from an original idea. The Pope and Roman Inquisition did the same thing back in the 1700's and 1800's. The Church published the "Index librorum prohibitorum" or "List of Prohibited Books".
Once the list got out, nearly every book on it became a best seller and eventually the list itself was put on the "Index librorum prohibitorum". So the Catholics arrived at the same point. The Catholics maintained a secret list of prohibited books but wouldn't disclose what was on the list for fear of promoting that which was prohibited.
Either this guy knows his history or it's a clear case of "There is nothing new under the Sun." I wonder if he also knows that in 1966 the Index was abolished. I suspect the list was abolished because the Catholics could no longer keep up with the volume of books being released and they had probably had their fill of p0rn too. So, if history does repeat itself, this list will fade away too. I just hope he doesn't start making claims that "heavy bodies fall faster than lighter bodies."
No one expects the Spanish Inquisition!
It's not quite enforcing the law. Enforcing the law would be putting down those sites rather than blocking the access to the sites.
The problem with this situation is that no one but the isp and the attorney general knows which sites are being blocked. There was a story in theregister.com a few weeks ago about a site that the city of Chesterfield wanted blocked by google. Seems that Chester the Molester was supposedly a child porn site. Google blocked them. The site had no idea they were being blocked.
Turns out that the site was actually a site with tasteless jokes. No child porn involved. But the city of Chesterfield didn't care or couldn't tell.
So what happens when PA decides that slashdot should be blocked? Or sites that critisize the PA attorney general? No one will know it because PA won't allow the list of sites be be known.
What happens when one of the sites being blocked goes out of business or gets a new IP? Some innocent site gets that IP, and no one in PA will know. Is the attorney general going to keep that list up to date? Is he going to let the ISP's know when to stop blocking address blocks? How can he? If the isp is blocked the address, he can never check that address again either, so he won't know it's clean.
The whole thing is just a mess.
I live in Pennsylvania and I've been using an international proxy server for a while because I don't trust either my state or my federal government.
Often, but not always, I use proxy servers to mask my location and avoid the possible censorship; especially while looking for information regarding the Iraq invasion. Aljezerra for one has blocked the USA at times from fully accessing their site. I would not doubt if my ISP or government has been censoring or monitoring the activities of their customers/citizens.
Don't trust anyone.
This is a moronic law, because it hides rather than addressing an issue. And the AG needs a beating with the dumbass stick for refusing to release the list, for which there is NO valid argument.
This has not one thing in common with immigration, so I'm not sure where you got that from.
This law, and support of it, belies a fundamental misunderstanding of what law is for. It's not the job of the state to protect you. If the state wants to stop kiddy porn, it has to seek out purveyors of it and arrest them. Blocking it at the ISP level won't do a damn thing.
Some other problems, which I'm sure the AG is aware of but doesn't care about:
a) No oversight. Since there's no way to confirm that a site is actually listed, there's no way to tell whether or not a site is listed incorrectly.
b) Related to a). No evaluation. If a site is listed incorrectly, or if the domain is bought by someone else (for example) and is no longer a porn site, there's no way to unlist it. There's not even any way to evaluate if it should be unlisted, since access to it from within PA is supposedly impossible and illegal.
c) Prevents law enforcement from prosecuting kiddy porn, for the same reason. Law enforcement officers can't access kiddy porn sites from within PA, and therefore can't investigate them.
This is exactly the sort of law that should be under immediate suspicion of abuse, because it fails to addess the problem it purpots to solve, it's overly broad and allows broad leway on behalf of legislature and law enforcement, and because there's no oversight. If it's not being abused right now, it certainly will be in the future.
This statement borders on incoherent, but seems to be asserting that prohibtions on child porn are themselves illegal because enforcing the law entails viewing the illegal material. The absurdity of this notion is readily apparent.
Re-read it carefully! I'm saying that having a secret list of illegal sites that must be blocked, and at the same time claiming that turning that list over to the press (or other members of the press) is contrary to our system of checks and balances.
It's fine that the material is illegal. It's fine to have a list of URLs with illegal content.
What is not fine is requiring ISPs to install expensive hardware to make implementing the blacklist feasible. The other thing that is not fine is refusing to allow the press to look at the list in order to confirm or deny for themselves the allegations that at least some of the URLs on the list do NOT contain childporn or any other illegal material.
Consider this: Nobody can see the list but the ISP. The ISP can not legally share the list with others. The ISP cannot check the sites for itself. SO, The state AG sees a site that is politically embarrasing but perfectly legal. He illegally censors political discourse by putting it on the child porn list. Nobody can legally find out about his misdeed. The act of alleging his crime becomes an admission of breaking the law.
Keep in mind that this came up because Worldcom alleges that there ARE sites on the child pron list that have nothing to do with child porn. The AP requested a copy of the list so that they could check their facts. They were denied access. The AG claimed that he may not legally provide them with the list. Meanwhile another Pennsylvania law REQUIRES that he provide the list.
The logic IS contorted and barely comprehensible. The source of the contortion is the Pennsylvania Attourney General.
On another note, you've never delt with a large network before, have you? While I'm certain that any decent ISP would be happy to not carrry any child porn through it's net, that's harder than it sounds. To do it properly, they will have to use a layer 4 firewall in order to distinguish between virtual hosts. On a big pipe, that's astronomically expensive. Worse, they could be charged for a simple error in entering the list. Actively seeking to stop crime is the job of paid officers of the law.
The magazine analogy is weak. In order to make it fit, imagine a 'news stand' that sells over 1 million distinct magazines a day, each custom ordered by their customers. They come in by the semi truckload in a continuous stream. Now, try to avoid selling a list of 400.
If the objective is to eliminate child porn (a fine objective I might add), I would think the proper method would be to enforce the law against the site owners and producers. Be very public about it.