Child abuse image content list

The child abuse image content list (CAIC List) is a list of URLs and image hashes provided by the Internet Watch Foundation to its partners to enable the blocking of child pornography & criminally obscene adult content in the UK and by major international technology companies.

Launched by BT as Cleanfeed in July 2004, as of 2009 the list covers 98.6% of UK internet connections. Cleanfeed was temporarily extended to block Newzbin until this process was moved to ISP-specific programmes. In October 2013, the UK government announced that as part of anti-terrorist measures it is considering a similar technology to block "extremist" material

History
Cleanfeed is a content blocking system technology implemented in the UK by BT, Britain's largest Internet provider. It was created in 2003 and went live in June 2004. BT spokesman Jon Carter described Cleanfeed's function as "to block access to illegal Web sites that are listed by the Internet Watch Foundation", and described it as essentially a server hosting a filter that checked requested URLs for Web sites on the IWF list, and returning an error message of "Web site not found" for positive matches. Cleanfeed is a silent content filtering system, which means that Internet users cannot ascertain whether they are being regulated by Cleanfeed, facing connection failures, or the page really does not exist.

By the beginning of 2006, Cleanfeed was used by 80% of Internet service providers. By the middle of 2006, the government reported that 90% of domestic broadband connections were either currently blocking or had plans to by the end of the year. Home Office minister Alan Campbell pledged that all ISPs would block access to child abuse websites by the end of 2007 and UK Home Office Minister Vernon Coaker instructed all UK ISPs to implement a version of Cleanfeed by the end of 2007 on a voluntary basis, or face legal compulsion. However, no legislation was ever introduced and ISPs are still free to join on a voluntary basis. Despite the target for 100% coverage being set for the end of 2007, by the middle of 2008 the proportion of consumer broadband connections that were covered was only 95%. In February 2009, the Government said that it is looking at ways to cover the final 5%. A report in March 2014 by the Culture, Media and Sport Committee reported 98.6% of domestic broadband lines are subject to blocking arrangements.

The Internet Watch Foundation used to also take reports about racial hatred from the public and IT professionals until 2011. This content is not included in the IWF URL list supplied to the online industry for blocking purposes.

CAIC targets only alleged child sexual abuse content identified by the Internet Watch Foundation. In June 2011 the Motion Picture Association began court proceedings in an attempt to force BT to use Cleanfeed to block access to NewzBin2, a site indexing downloads of copyrighted content. BT was ordered to block access to the site in late July and in a later clarification, BT was given two weeks to implement the block starting at the end of October. The case ( Twentieth Century Fox Film Corp & Ors v British Telecommunications Plc [2011]) only compels BT's ISP division to implement the block on NewzBin, it remains outside of remit of the IWF URL list which is strictly limited to blocking sites which host child sexual abuse content.

In August 2015 the IWF announced it was to begin sharing the list with tech giants Facebook, Google, Twitter and Yahoo to block contents being distributed through their networks.

Technical implementation
The confidential url hash blacklist contains URLs of pages (not whole sites) to be blocked. A less confidential list of sites potentially containing blocked pages is available to ISPs. Routers on the edge redirect traffic to these sites to special HTTP proxy servers which perform the actual filtering by matching HTTP requests to URLs on the blacklist. Traffic that does not match the specific URL is forwarded through the proxy filter.

Chapter 7 of a research paper by Richard Clayton provides an overview of the Cleanfeed technology.

The routers at an ISP that has implemented Cleanfeed technology check traffic destination against a list of IP addresses of sites that are suspected of hosting filtered traffic. If there is no match, the traffic is directed to the content host:



If the site IP address is found in the list of suspected sources of unwanted material, the traffic is routed to proxies (highlighted as IWF proxies) that check the specific page against a confidential blacklist of pages.



This two-pass implementation reduces the load on the proxy servers by not requiring that all traffic pass through them.

Technical detection
Due to the filtering mechanism, to detect whether a site is being filtered via an individual ISP's connection, one must first capture the filtering servers IPs by running traceroute for the first few hops to some websites known to be blocked

In the example below, the IP addresses in bold are the ISP filtering servers.

Filtered Site $ tracert imgur.com Tracing route to imgur.com [103.31.7.33] over a maximum of 30 hops: 1   <1 ms     1 ms     1 ms  BTHUB3 [192.168.1.254] 2   35 ms    39 ms    54 ms  217.32.146.175 3   57 ms    63 ms    58 ms  217.32.146.222 4   47 ms   102 ms    73 ms  217.32.147.226 5   60 ms    55 ms    51 ms  217.41.168.245 6   62 ms    35 ms    40 ms  217.41.168.109 ...

Filtered Site $ tracert wordpress.com Tracing route to wordpress.com [66.155.11.243] over a maximum of 30 hops: 1    1 ms     1 ms     1 ms  BTHUB3 [192.168.1.254] 2   52 ms    67 ms    51 ms  217.32.146.175 3   33 ms    40 ms    39 ms  217.32.146.222 4   63 ms    53 ms    52 ms  217.32.147.226 5   67 ms    61 ms    57 ms  217.41.168.245 6   62 ms    79 ms    55 ms  217.41.168.109 ...

Normal Site $ tracert www.google.com Tracing route to www.google.com [173.194.41.83] over a maximum of 30 hops: 1    1 ms     1 ms     1 ms  BTHUB3 [192.168.1.254] 2   52 ms    39 ms    58 ms  217.32.146.175 3   59 ms    53 ms    63 ms  217.32.146.238 4   54 ms    66 ms    67 ms  217.32.147.218 5  126 ms    53 ms   169 ms  217.41.168.245 6   57 ms    62 ms    52 ms  217.41.168.109

Demon Internet were the only ISP to notify users routinely when content is blocked and offer the option to intercept and serve filtered content over https connections.

Filtering comparison
The other popular way of blocking content is DNS manipulation. Compared to this, Cleanfeed has the following properties:


 * Slightly harder to circumvent, although users can use open proxies, or the Tor network, and servers can use another port than 80, or HTTPS.
 * Less collateral damage. DNS-based blocking is criticized for blocking all content on a site with the same domain name. Cleanfeed only blocks what is explicitly blacklisted. For example, it would be possible to block only one image in an article. DNS-based schemes also break the whole concept of DNS security.

Related surveys of opinion
The first UK survey of Internet regulation was carried out in 2007 and 2008. 90.21% of the participants in the limited scale survey were unaware of the existence of CleanFeed; of those who had heard about it, only 14.81% percent understood it completely. 11.1% learned about CleanFeed from UK government statements, and 22.2 percent from BT's statements. 60.87% did not trust BT, and 65.22% did not trust IWF to be responsible for a silent content blocking system in the UK.

A majority of the participants preferred an open content blocking system targeting child abuse content, rather than no Internet regulation. More specifically, 65.2% would prefer to see a message stating that a given site was blocked, 57.3% would like to have access to a form for unblocking a given site, and 68.5% would prefer more frequent briefing by BT, IWF and the UK.

Criticism
One of the criticisms of Cleanfeed is its lack of transparency. This is a consequence of the list of blocked sites being secret. There are no safeguards to stop sites unrelated to child pornography being added to the list as a result of policy changes. It thus has a potential for the censorship of materials outside of its original remit. Indeed, the Home Office in the UK has previously indicated that it has considered requiring ISPs to block access to articles on the web deemed to be "glorifying terrorism", within the meaning of the new Terrorism Act 2006, saying: "our legislation as drafted provides the flexibility to accommodate a change in Government policy should the need ever arise." This has led some to describe Cleanfeed as the most perfectly invisible censorship mechanism ever invented and to liken its powers of censorship to those employed currently by China. However, at present no legislation is in place, and the implementation of the IWF URL list is still a voluntary agreement between ISPs and the IWF.

The measures have also been criticised for being inadequate as they only block accidental viewing and does not prevent content delivered through encrypted systems, file sharing, email and other systems.

Another criticism is that Newzbin claims to have successfully circumvented Cleanfeed following a court order forcing BT to censor the website over copyright infringement claims. This poses the question as to whether websites hosting child pornography could adopt similar measures to allow their users access to blocked content.

Due to the proxy server implementation of the Cleanfeed system, websites that filter users by IP address such as wikis and file lockers will be significantly broken through the system, even if only a tiny proportion of its content is blocked.

Finally, information has surfaced that suggests that Cleanfeed could potentially be manipulated to provide a blacklist of blocked websites. This is problematic as it could allow the dissemination of child pornography, rather than the prevention of access to it. Again this has led some to question Cleanfeed as a successful system for blocking illegal internet content.

Wikipedia internal

 * Administrators' noticeboard/2008 IWF action
 * Category:Wikipedia blocking