Should ISP block child pornography?

Hello all, was curious to know the community’s opinion on whether an ISP should block domains hosting CPE (child pornography exploitation) content? Interpol has a ‘worst-of’ list which contains such domains and it wants ISPs to block it.

On one side we want the ISP to not do any kind of censorship or inspection of customer traffic (customers are paying for pipes – not for filtered pipes), on the other side morals/ethics come into play. Keep in mind that if an ISP is blocking it would mean that it is also logging the information (source IP) and law agencies might be wanting access to it.

Wondering if any operator is actively doing it or has ever considered doing it?

Thanks.

With Gratitude,

Pratik Lotia

“Information is not knowledge.”

where is this list of dirty domains?

https://www.interpol.int/Crime-areas/Crimes-against-children/Access-blocking

thanks, suresh. what it seems to say is get in touch with the ncb in your country to sign an nda and get instructions. (but it’s actually quite hard to figure out how to do that, no email address or phone numbers apparent for interpol dc)

In the USA, you need to contact NCMEC - http://www.missingkids.com/home or the FBI.

Some jurisdictions legally must, some legally cannot.

It's very sensitive subject, with some reductio ad absurdum ghost
hiding behind the corner.

My thought is, if we know this data exists, and we know where it
exists, why are we not following the data to find the people? It seems
we're very good at putting leverage in AML/KYC across jurisdictions of
arbitrary length, how come same tools don't seem to work here?
If ISPs do start to block, voluntarily or involuntarily, are we
removing incentives to fix the problem by hiding some of the symptoms?

In my opinion leave the infrastructure alone, where ever the road may
lead, removing the road won't remove the destination.

Does the content create the culprits? Is there research into this? Are
people with evolutionarily normal sexual appetites turned pedophiles
after exposed to the material?

When I receive a report, we follow our procedures with the Cyber Tip Line, and then immediately null route the IP address until the content is removed.

Does the content create the culprits? Is there research into this? Are

> people with evolutionarily normal sexual appetites turned pedophiles
> after exposed to the material?

I've helped the FBI get child pornographers arrested and I would do it
again.

But to answer your question the concern is for the children, they are
being sexually abused.

Consumers of child pornography are creating a market for it thus
encouraging more production which requires more children be sexually
abused.

There's really no way around that.

Splitting the hair of whether the actual perp paid for the material is
irrelevant, they can let their lawyer argue that in court if they like
but it's a weak defense (e.g., ad supported, same as paying,
whatever.)

How is it that Interpol isn’t taking over/shutting down these domains in the DNS at the registry/registrar level?

The GAC pushed hard for the provisions that allow them to do so and there’s a pretty clear (and quick) process for it.

Owen

Agree

I block stuff all the time (like ROKSO’s DROP list). The only issue with blocking domains of CPE is I imagine those domains change all the time as they get shutdown, if you block the IP (from domain lookup) its likely that IP maybe be legitimate in the future.

It should be stopped it at the DNS level, but even that has workarounds. I would think CPE is a violation of terms of “most” registrars.

-John

What is “ROKSO's DROP list” ?

Aaron

https://www.spamhaus.org/drop/

Hi All,

we are fighting with censorship in our country. So I have something to say.

First, censorship is not just "switch off this website and that
webpage". No magic button exist. It is more complex, if you think as for
while system.

Initially, networks was build without systems (hardware and software)
can block something.

Yes, you may nullroute some IP with some site, but as the collateral
damage you will block part of Cloudflare or Amazon, for example. So you
have to buy and install additional equipment and software to do it a bit
less painful. That's not so cheap, that should be planned, brought,
installed, checked and personal should be learned. After that, your
system will be capable to block some website for ~90% of your customers
will not proactively avoid blocking. And for *NONE* who will, as CP
addicts, terrorists, blackmarkets, gambling, porn and others do.

Yep. Now you network is capable to censor something. You just maid the
first step to the hell. What's next? Some people send you some websites
to ban. This list with CP, Spamhaus DROP, some court orders, some
semi-legal copyright protectors orders, some "we just want to block it"
requests... And some list positions from time to time became outdated,
so you need to clean it from time to time. Do not even expect people
sent you the block request will send you unblock request, of course.
Then, we have >6000 ISPs in our country - it is not possible to interact
with all of them directly.

So, you end up under a lot of papers, random interactions with random
people and outdated and desyncronized blocking list. It will not work.

Next, government realizes there should be one centralized blocking list
and introduces it.

Ok. Now we have censored Internet. THE SWITCH IS ON.

In a very short time the number of organizations have permission to
insert something in the list dramatically increases. Corruption rises,
it becomes possible, and then becomes cheap to put your competitor's
website into the list for some time. And of course, primary target of
any censorship is the elections...

What about CP and porn addicts, gamblers, killers, terrorists? Surprise,
they are even more fine than at the beginning! Why? Because they learned
VPN, TOR and have to use it! Investigators end up with TOR and VPN exit
IP addresses from another countries instead of their home IPs.

Hey. It is a very very bad and very very danger game. Avoid it.
Goal of that game is to SWITCH ON that system BY ANY REASON. CP, war,
gambling - any reason that will work. After the system will be switched
on - in several months you will forget the initial reason. And will
awake in another world.

07.12.18 08:06, Lotia, Pratik M пише:

Well said

The only issue with blocking domains of CPE is I imagine those domains change all the time as they get shutdown, if you block the IP

(from domain lookup) its likely that IP maybe be legitimate in the future.

The list would be updated daily/weekly. The ACLs would have to be updated accordingly – this can be automated. This way no stale entries are present.

What is “ROKSO's DROP list” ?

ROKSO:
The Register of Known Spam Operations database is a depository of information and evidence on known persistent spam operations, assembled to assist service providers with customer vetting and the Infosec industry with Actor Attribution.

Spamhaus (https://www.spamhaus.org) provides a 'DROP' list which is a list of domains which are hijacked or leased by professional spam operations. As per them this is Not a list of just 'suspicious' domains - they are 100% sure that these are bad domains and one should not peer with them or have a route to them.

With Gratitude,

Pratik Lotia

“Information is not knowledge.”

    What is “ROKSO's DROP list” ?
    
    Aaron

Very well explained, Max!

With Gratitude,
Pratik Lotia

“Information is not knowledge.”

    Well said

I’ve done a bit of work in this space, wont elaborate … but here are some thoughts :

• many less-engaged or new pedophiles may indeed search such content in the clear, however …
• the persistent abusers tend to form communities within TOR hidden services, making them difficult to find. Most are likely just consumers of the material, but many are producers (inc kidnappers)
• some underground communities require that prospective members contribute new abuse imagery/videos in order to prove they are not law enforcement. Tragically this encourages abusers to abuse a family member
• other communities have plenty of essays espousing the viewpoint that such behavior is quite natural, which does convince some to excuse their behavior. This content itself does have the ability to convert non-offenders to offenders, IMHO.

• The following article discuss these communities and their underlying agendas. I’ll warn you that you may need therapy after reading it …

• http://www.cracked.com/personal-experiences-1760-5-things-i-learned-infiltrating-deep-web-child-molesters.html

• Some of the content is indeed quite traumatic - it’s as bad as they say it is, and many people working in this space have long-term psychological problems

• While many of these communities hide in TOR, making it difficult to find the perpetrators, many of the images there actually link to images hosted in public-facing image-hosting servers. This means that the abusers access it through 3 hops through the proxy network instead of 6, for hidden servers.

This means that indeed, the majority of people accessing that content on your network may be doing so from hotlinks posted to a hidden server somewhere. You may see them primarily being accessed via known TOR exit nodes.

My recommendations :

• First, reach out to NCMEC for guidance on filtering/logging
• Second, Ive done a teensy bit of work for these guys at Thorn (Ashton Kutchers nonprofit). They have an interesting program that attempts to recognize people searching for abuse imagery, and redirects them to material urging them to seek psychological help for their problem. : https://www.wearethorn.org/deterrence-prevent-child-sexual-abuse-imagery/

Makes we want to cry, so sad

Aaron