call +44 20 7096 1079
November 15, 2013 | Peter Bradwell

Sky's reply to ORG on default internet filters

In July we asked the main ISPs how they planned to implement the default internet filtering being mandated by the Government. Sky have now replied, and here you can read their answers.


Sky are the first Internet Service Provider to send us answers to all of our questions about their default filtering. We are waiting for responses from the others; they all promised us answers. So thanks to Sky for taking the time to go through the questions. High time for the others to finish formatting their replies and send them over!

This week Sky launched this filtering service (called 'Sky Broadband Shield') - one of the first changes since the Government’s summer push to get ISPs to do more to prevent children accessing ‘adult’ material. 

You can read Sky's answers below, which they prefaced with an introduction to their filtering system. Having read through the response, we remain concerned for website operators who may get caught by ISPs filters by mistake. More needs to be done to make sure those running websites can check whether their sites are blocked and can rectify any problem quickly. 

Sky confirm some basics too, for example that one filter setting will apply to all devices in a household, and that the age verification process will only involve using the account holders primary email address (avoiding any more onerous verification checks). Sky also say that they will not log blocking events or monitor or log traffic of users who have not opted in to the filtering.

We are perhaps most concerned about how they will deal with over-blocking, and their process for fixing mistakes. Some comments on what Sky have told us:

URL checks. Of the mobile operators, only O2 give people a URL checker to help people quickly find out if a site is blocked by their filters and what category it falls in to. Sky here imply there will be no such tool available from them. This is a real problem - website operators will want to know how each internet service providers categorise their site and whether they are blocked. They shouldn’t have to rely on reports from customers, and they certainly shouldn’t need to have multiple accounts just to constantly monitor if their sites are blocked. 

In our mobile Internet censorship report we recommended a cross-ISP URL checker tool. That seems like the only way to help website owners stay on top of whether their sites have been incorrectly caught by the filters.

Sky say they will deal with reports of mistakens in a ‘timely manner’. What is timely to a website owner who can’t reach their market or readers will likely differ from what an ISP will consider timely.

Oversight? As Sky say, it doesn’t seem like there is a body who will be monitoring or dealing with disputes or performance. There has been some talk about Ofcom taking on this role but details about how that will work are not clear.

We want more information about how ISPs will make sure website owners can check if their sites are blocked, and how they can quickly and easily get their sites off the block lists.

One of our motivations for asking these questions is that it seems the Government are not doing so. They seem far more interested in easy win headlines than preventing widespread over-blocking by the systems they are mandating.

There needs to be pressure from the government on overblocking, with independent monitoring of performance, to ensure website owners in the UK are not cut off from large sections of their potential market.

Let us know what you think of the Sky's answers, and any questions that come to mind having seen this response. 

 

Sky’s answers to Open Rights Group’s Questions

Sky’s new parental control product will allow customers to filter internet access across all connected devices.  The product is a DNS-based solution which will mean that IP addresses are not returned for hostnames serving content classed as falling within a category or categories that the customer wishes to block access to.  The technology does not rely on inspection of traffic.

To make this solution work, we will of course need to store the level of filtering desired by each customer. We will not keep a record of individual DNS queries during normal operation. The information on the choices customers have made about what content to filter is subject to stringent data protection measures.

In creating this solution, we have undertaken extensive testing and upgrading of our hardware to ensure that traffic is not slowed for both users and non-users of the service.  In fact, as a result of the upgrade, overall speed across the servers has improved.

To ensure that only relevant websites are within these defined categories, we have worked with the technology firm Symantec. They are world-leading experts in online protection and already work with many UK companies, including a number of mobile phone companies.
In the event that a site has been wrongly categorised, we have created processes for easy reporting and speedy resolution.

Twenty questions for ISPs on Internet filtering systems

A. On how the technology works

Under the Internet filtering system set up following discussions with the Government about online safety and child protection:

1. Is any traffic of users who are not opted in to filtering inspected and / or logged?

Answer: No

If so, is it logged in a way that links the traffic to a subscriber?

Answer: n/a

What logging will there be of blocking events? How does this work?

Answer: There will be no logging of blocking events for individual customers.

2. Is filtering applied to all forms of connection offered by the ISP (dialup, ADSL, cable, fast fibre connections etc)?

Answer: Yes, access filtering is applied at the network level regardless of connection.

3. Have you estimated the impact of the through-put of filtering technology on the speed of users' internet access (both for those who are opted in and opted out)?

Answer: Yes, there will be no negative impact to customers' throughput speed.

4. We are concerned about the impact on Internet applications in general as well as web traffic.

Does filtering take place only of HTTP traffic on port 80, or will other traffic be affected?

Answer: Filtering is applied for customers who take the product based on the hostname regardless of the application that is requesting it. There will not be any undesired impact.

What steps will be taken to avoid interfering with non-HTTP traffic on port 80, for example non-HTTP applications that use this port in order to bypass firewall restrictions?

Answer: n/a see above

5. What impact does the filtering have on end-to-end security measures such as SSL or DNSSEC?

Answer: Our product does not disrupt any end to end traffic security measures currently available such as DNSSEC and SSL in such a way as to introduce a security vulnerability.

6. Can you guarantee that your networks will not be susceptible to mistaken blocking as a result of using specific IP addresses for forwarding filtered traffic, for example as seemed to happen in a case involving Wikipedia?

Answer: Yes, because we are using hostname filtering.

7. Have you made any estimates on the impact of filtering systems on infrastructure upgrades?

Answer: Yes, this was a key consideration when choosing the platform for the product.

B. On setting up the filtering

8. Are users faced with pre-ticked boxes when choosing to activate filtering?

Answer: Yes

What is the impact on customers who do not have access to or who do not use a web browsers on a network such as a home broadband connection that is only used for Smart TV video on demand applications? (ie who will not be presented with a web-based set up screen?)

Answer: New customers would only be presented with an Active Choice if they connect via a web browser.

9. How granular are the available choices? Will a household be able to cater for:

a. Multiple ages or a variety of beliefs?

Answer: This is a network level filter which means that all devices in the household connected to Sky Broadband will have the same level of protection applied, as selected by the Sky account holder.

b. Can specific sites be unblocked by a user?

Answer: Yes

10. Have you done user-testing for your opt-in systems?

Answer: Yes, the experience and levels of protection available meet customers' expectations of simplicity and ease of use.

11. What information about the filtering is available at the point of sign up? Does it include:

a. Detailed information about what types of content are blocked, with examples?

Answer: Detailed information about the type of websites within each category is available during the sign up process and on sky.com.

b. The providers of their filtering tools, if a third party is involved?

Answer: We will publish details of our 3rd party providers when our product is launched later this year (Update: Symantec was named as a provider of site classifications at launch.)

c. Information about the possible problems with and limitations of blocking, with information about how to report problems?

Answer: We will publish a list of FAQs which will include the extent to which web filtering allows users to control the type of content that is available in their property as part of an overall strategy of education and monitoring. We will also publish information about how to report problems with the product.

12. What age-verification processes will be in place? How will this work?

Answer: Sky Broadband is only available to customers aged 18 or over who will provide a primary email address at point of sale. Any changes to filters will be emailed to the primary email address.

13. Is a customer's decision not to activate filtering a one-off decision, or will it have to be periodically repeated?

Answer: Customers will be asked to make an active choice at the point they activate their Sky Broadband service and will not need to repeat this decision, however the customer can later choose to opt in.

C. On managing problems and mistakes

14. When a site is blocked, what information is supplied to the end-user about why and how it has been blocked?

Answer: The customer will see a "Page Blocked" screen which will tell them that the site has been blocked and the category that the website falls under.

15. Are there easy ways to report mistaken blocks, either over-blocking or under-blocking? Are these clear when users encounter a block?

Answer: Yes, the customer can access a form to submit a report which can be found by clicking a button on the "Page Blocked" page or in the "Contact Us" section of sky.com

16. Are there easy ways for people to check if URLs are blocked, and will this include a reporting tool for requesting corrections and reclassifications?

Answer: Customers will be able to report to Sky if they believe that a website has been incorrectly categorised and therefore filtered incorrectly. These requests will be reviewed by Sky and by our 3rd party providers before a decision is made on the categorisation.

17. How will complaints, from both your subscribers and from owners of sites that are blocked, be dealt with?

Answer: We will have processes to review reports of incorrect blocking. Those confirmed as being in the incorrect category will be re-categorised.

a. Are there plans in place to train customer service staff for dealing with these reports? 

Answer: Yes

b. Are there targets for dealing with mistakes in a timely manner, or estimates of how long responding to and correcting mistakes will take? 

Answer: Our processes will ensure that we deal with reports in a timely manner.

c. Will you share error reports and corrections with other ISPs?

Answer: We will share best practice with other ISPs.

18. Have you specified acceptable error rates to suppliers of filtering services? If so, what are they?

Answer: Our decision on the supplier of our filtering service included an assessment of categorisation accuracy.

19. Have you sought legal opinions relating to liability for incorrect blocks, including both false positives and false negatives?

Answer: Yes

Do you have plans to offer compensation for businesses harmed by blocking errors, for example when potential customers are unable to access the site?

Answer: Our processes will ensure that blocking errors will be resolved within a timely basis.

20. Are there or will there be systematic reviews of the effectiveness and quality of filtering, including reporting on problems and complaints? Is there a process for review and improvement? 

Answer: In line with all products we will monitor its effectiveness and review complaints.

Is there or will there be an ombudsman or other oversight body to handle disputes and review performance?  

Answer: No
 

google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail


Comments (5)

  1. Jack:
    Nov 15, 2013 at 07:01 PM

    The 'during normal operation' part worries me a little.

    Question 8 wasn't answered very well. If customers aren't shown the 'Active Choice' screen, will their connections be filtered?

    They totally avoided answering the second part of question 19.

  2. Don:
    Nov 15, 2013 at 09:11 PM

    @Jack I agree good points
    I find question 1 hard to swallow, so no logs or records are made, how can you run or check a system for faults without logs?
    If there is a claim of copyright infringement, or illegal activity are company's not required by law to turn that evidence over to the police? would they be committing an offence by not recording this information? or does metadata being kept not count?
    Unless 1 of their 3rd party providers does all of this for them allowing them to say no.
    BTW it is symantic that is carrying out the blocking of websites for sky and sky's blocklist is here:
    http://help.sky.com/security/privacy/our-approach-to-protecting-copyright/

  3. Phil Main:
    Nov 15, 2013 at 09:12 PM

    What legal standing does this blocking have ?
    What law is being applied to authorise this blocking?
    Who says a site should be blocked?
    What redress is available?

  4. Nathan:
    Nov 17, 2013 at 05:28 PM

    I've had a look through the Sky website. They say they provide a detailed explanation of what categories will be blocked but so far I haven't been able to find anything other than a screenshot showing a partial amount (which seem quite broad to be honest). Has anyone else been able to find a full list?

  5. Pete:
    Nov 17, 2013 at 11:30 PM

    Can barely believe this is actually happening; involuntary censorship of private lawful communications in the UK.

    What next? Your private post, opened, inspected, and approved by the Post Office?

    Your private phone calls, monitored, and censored by your phone company?

    The ECHR, PECR, and RIPA were meant to prevent this. Article 8 ECHR gives you the right to private communications. PECR requires consent for 'value added services' to be explicitly obtained. RIPA prohibits the interception of lawful communications without the explicit consent from sender & recipient.

    If you value the privacy/security/integrity of your communications... don't use Sky (or BT, or Virgin, or TalkTalk).

    This is obscene. It is naked fascism.



This thread has been closed from taking new comments.