199606: The Limits of Control

John Gilmore has observed that the Internet sees censorship as a technical problem and routes around it. Assorted governments, ignoring this counsel, are currently trying to impose limits on what their citizens can see and/or publish on the Internet.

As individual governments realize the futility of this effort, we may see efforts to set and enforce international standards for acceptable information. This will be much harder to fight, but the Internet still has a good chance of winning.

In any event, the stakes are very high. Could the content of the Internet be limited to materials found acceptable by all participating countries? Or, more probably, could we be prevented from seeing materials found objectionable by a consensus of the developed countries? Let's examine the technical and political realities...

Address-based Filtering

It is quite simple for Internet gateways to filter out packets whose source or destination IP addresses fall within a specified range. Germany recently used this technique in an effort to deny its citizens access to some neo-Nazi materials found in a site in Santa Cruz, California.

In response, Web sites around the world mirrored the materials. (They may not have liked the neo-Nazi ideas, but they found political censorship even less palatable.) This put the German government in the impossible position of trying to detect and blockade each mirroring machine.

Although this was a useful "proof of concept", it is somewhat awkward as a long-term solution. File mirroring requires either manual or automated intervention, replicates storage, and is likely to get out of date.

A more general solution would let users route around censorship. Rover is a CGI script designed for this purpose. The user runs a copy of Rover on a server machine whose access to the desired item(s) is unrestricted. Rover then retrieves and forwards the desired material.

In operation, Rover presents a form-based HTML page, allowing the user to specify a desired URL. Rover then retrieves the desired item, performs a few small edits, and forwards it to the client. (The edits ensure that images have the right headers and that any selected URLs will be handled by Rover.)

Annotated source code is available for a Rover prototype (in Perl); retrieve http://www.cfcl.com/tin/P/199606.nph-rover. http://www.cfcl.com/tin/P/199606.rovers.shtml lists sites that are thought to provide Rover access. The Rover script was written with the gracious and invaluable help of James Marshall (jsm@crl.com).

Enhancements, etc.

Rover is only a prototype, and its deficiencies are substantial. In particular, Rover's HTTP requests contain the requested URL, with no attempt at encryption or even obfuscation. Consequently, interested parties are free to monitor and/or circumvent its activities. On the other hand, there is nothing to prevent Rover from being enhanced.

For instance, Rover could piece together the initial URL from information entered in different parts of the form. The edited URLs could also be obfuscated or encrypted, making it difficult for any intervening party to detect (and possibly prevent) Rover's activities.

If need be, Rover could be rewritten to use client-side languages such as Java or JavaScript. I haven't seen any PGP-based applets yet, but we could well see some shortly! I pity the programmer who has to detect Rover-style operation in that environment!

In short, filtering Web requests on the basis of requested URLs and/or IP addresses is a non-starter. If any significant fraction of the Web installs Rover or equivalent page-forwarding facilities, address-based packet filtering will become totally useless as a means of censoring Web pages. Similar techniques are applicable to email, FTP, etc.

Content-based Filtering

Nor is it likely that governments will be able to censor retrieved data on the basis of its content. It is quite possible to encrypt returned information, decoding the results by means of Java or even JavaScript.

It is also possible to hide the encrypted information in image files, compressed tar archives, and other large binary files. Gigabytes of information go over the Internet on a daily basis, and the possibilities for obfuscation are endless.

Governmental Options

This is not to say that governments, corporations, and even religions are without alternatives. Persecution, imprisonment, and murder are used on a daily basis by governments around the world. Lawsuits are currently being employed by both companies and religions.

The threat of public reaction holds some promise for keeping the forces of censorship in check, but it is not a panacea. Some organizations are quite willing to be unpopular; others simply cloak their activities in secrecy.

Fortunately, the Internet is a very powerful tool for information exchange. If citizens around the world employ its power properly, we may be allowed to keep it!

This material was originally published in Rich Morin's column "The Internet Notebook" in UNIX
Review magazine (now known as Performance Computing magazine).

Send comments, inquiries, or trouble reports to webmaster@cfcl.com.

Copyright © 1993-1999 Rich Morin. All Rights Reserved.