A “human error” carried out by the police resulted in thousands of websites being completely blocked at the DNS level yesterday. Danish visitors to around 8,000 sites including Google and Facebook were informed that the sites were being blocked by the country’s High Tech Crime Unit due to them offering child pornography, a situation which persisted for several hours.
Censorship online is an emotive issue.
Some people believe that all information should be free and as adults it should be our right to be able to make our own choices in deciding what to view. In other countries that is not an option since oppressive regimes take control in order to maintain their power base.
In the West, online censorship takes different forms. In addition to censorship aimed at tackling serious criminality, increasingly entertainment companies are pushing to have sites blocked to protect their corporate interests. Opponents argue that a free and open Internet overrides the need to protect a rightsholder every time, and that mechanisms such as DNS blockades could break the Internet.
In Denmark yesterday the Internet didn’t exactly collapse, but for thousands of businesses it was hardly service as usual.
For several hours, customers of ISP Siminn (although it could have easily been the whole country) were denied access to thousands of websites including Google and Facebook. When attempting to view any of the blocked pages visitors were given a worrying message relating to the most emotive blocking reason of all – the protection of children.
“The National High Tech Crime Center of the Danish National Police [NITEC], who assist in investigations into crime on the internet, has informed Siminn Denmark A/S, that the internet page which your browser has tried to get in contact with may contain material which could be regarded as child pornography,” the message began.
“Upon the request of The National High Tech Crime Center of the Danish National Police, Siminn Denmark A/S has blocked the access to the internet page.”
NITEC is responsible for maintaining a list of sites which they want to be made unavailable to Danish citizens. Each day the country’s Internet service providers retrieve the list and then apply DNS blockades across their infrastructure. Yesterday, however, someone made a huge mistake.
According to NITEC chief Johnny Lundberg, it began when an employee at the police center decided to move from his own computer to that of a colleague.
“He sat down and was about to make an investigation, and in doing so he placed a list of legitimate sites in the wrong folder,” Lundberg explained. “Before becoming aware of the error, two ISPs retrieved the list of sites.”
That list contained 8,000 sites.
After becoming aware of the problem NITEC corrected the error but it took at least 3 hours for customers of the ISPs to regain access to the sites in question. Fortunately no more ISPs adopted the erroneous lists in the meantime, but that was by sheer luck.
Lundberg said that his organization was sorry for the mistake and has now adopted a new system whereby blocked sites have to now be approved by two employees instead of one, although why that was not the case already for such a serious process is up for debate.
The other question is how at the flick of a switch do 8,000 sites suddenly get added to a blacklist – for whatever reason – without any kind of oversight. Denmark’s IT-Political Association is critical and has called for ISPs to cease cooperation with the voluntary scheme which operates without any kind of judicial review.
“Today’s story shows that the police are not able to secure against manual errors that could escalate into something that actually works as a ‘kill switch’ for the Internet,” the group said in a statement.