Google and Facebook blocked by the Danish child pornography filter
This article is also available in:
Deutsch: Dänischer Kinderpornographiefilter sperrt Google und Facebook
In the morning of 1 March 2012, about 8000 websites, including Google and Facebook, were blocked by the Danish child pornography (CP) filter. When the customers of the affected ISPs, Siminn Denmark and Tele Greenland, made Google searches or accessed their Facebook pages, they were met by the STOP page for the Danish CP filter. The STOP page warns people that they are trying to access websites with CP content, and that even viewing such content is illegal under the Danish law.
The Danish CP filter is implemented using DNS hijacking (DNS redirection). The participating ISPs (which are all mainstream ISPs with private customers in Denmark) receive a list of domains to be blocked from the Danish police, and the ISPs implement this list in their DNS resolvers. This is done in a completely automatic process, and the ISPs believe that the Danish police is responsible for the domains on the blocking list (although the police usually claim that they are merely simply providing a "service" to the ISPs, so the legal ramifications of who is responsible for what remain unclear).
The police made a serious error when they added the 8000 legitimate domains to the blocking list, including google.com and facebook.com. The error only affected two smaller ISPs in Denmark, because they were the first to do the daily CP list update on their DNS resolvers, but this was sheer luck. It could just as well have affected TDC, the largest Danish ISP. The vigilant technical support staff at Siminn Denmark immediately alerted the Danish police about the error, so that the blocking list was not pushed to the rest of the Danish ISPs.
The Danish police have issued a public statement about their error and made some comments to journalists. A police officer was investigating a number of websites, and by accident he copied the list with 8000 legitimate domains to a file directory that was used for updating the CP domain blocking list. The human error combined with sloppy procedures escalated into something that can almost be described as a "kill switch" for the Internet in Denmark. Attempts to censor the Internet always create an artificial single point of failure.
The Danish police in a press statement assured the public that they would implement additional checks in their updating procedures, so that this error cannot happen again. However, it is not the first time that the Danish police have added legitimate domains to the CP block list.
In 2010 AK Zensur thoroughly examined 167 internet domains that were blocked in Denmark and Sweden. Only three domains contained CP pictures, and two of those were found on the Danish CP list leaked to Wikileaks in 2008. This means that the websites had been on-line for more than two years, despite the fact that the Danish police had investigated the sites and put them on the Danish CP block list in 2008 or earlier. AK Zensur was able to take down the three CP websites by sending a few emails to the hosting providers. If the Danish police are just adding domains to the CP block list, without taking any further action, they are providing a "valuable" early-warning system to the organized crime organizations that are behind the distribution of CP content.
The EDRi-member IT-Political Association of Denmark (IT-Pol) has fought the Danish CP filter since its inception in 2006. Officially, it is voluntary for Danish ISPs to participate in the blocking scheme, but it is well know that the Danish government has threatened with legislation if the ISPs did not ("voluntarily") implement a blocking scheme for alleged CP content. In reality, the blocking scheme is mandatory, but unlike blocking of websites with copyright infringing material (another Danish speciality), the CP filter is updated without any oversight from the courts, and even the number of domains on the list is kept as a secret by the Danish police. Participating ISPs have to sign a contract requiring them not to distribute the CP domain list to anyone. On 1 March 2012 the Danish police even refused to confirm that Google and Facebook were affected by the block, but this is known from the complaints received by the customer service department of Siminn Denmark.
Official statement by the Danish police (only in Danish, 1.03.2012)
A human error blacklisted in the morning 8000 innocent websites (only in
Wrong file folder: The police blocked Facebook (only in Danish, 1.03.2012)
Facebook blocked by the child porn filter (only in Danish, 1.03.2012)
Blocked for two years, then taken down in just 30 minutes - a disastrous
result of Internet Blocking policy (30.09.2010)
(Contribution by Jesper Lund - EDRi-member IT-Pol Denmark)