In recent years, Internet blocking technologies for different categories of contents (i.e. intellectual property rights enforcement, child sexual abuse material, online gambling, etc.) have been discussed at national, European and international.
September 2012. However, many questions have been raised on both the effectiveness and proportionality, and its suitability in relation to unintended consequences on the protection of fundamental freedoms and cultural expression online. These Frequently Asked Questions (FAQ) aim at providing a non-exhaustive overview of what Internet blocking is.
They primarily focus on the most widely promoted blocking techniques available to Internet Access Providers to restrict access to a webpage or content: Domain Name Server (DNS) blocking, IP blocking and hybrid blocking.
Q: What is Internet blocking?
A: The Internet was designed to ensure that a communication goes from one point to another without being stopped, offering multiple routes to access the same content. As a result, it is only possible to restrict access to content on the Internet rather than “blocking” it completely. Internet blocking is a technical measure intended to restrict access to information or resources typically hosted in another jurisdiction. Its primary objective is to prevent specific content from reaching customers’ device connected to the blocking ISP. This is possible by means of hardware or software products that block specific targeted content from being received or displayed.
Q: How efficient are blocking mechanisms?
A: Blocking, depending on the mechanism used, can be more or less easily circumvented from a technical perspective. Since the Internet was designed to provide an open flow of communication, a user can access content blocked by an access provider in its country via other means such as using foreign proxy-servers to bypass the local block; using tunneling software that encrypts online searches and prevents blocking software from seeing the web request; or by simply switching to another name server. IP blocking and hybrid blocking can also be circumvented by changing the website configuration to a different address. In addition to be easily circumvented, blocking technologies always bring about risks of over-blocking (unintentionally preventing legal material from being distributed) or under-blocking (not preventing illegal material from being distributed) and have varying associated costs.
Q: What is DNS blocking?
A: Domain names are used to identify resources in the Internet, such as websites or services. When a user is looking for a specific website and types the name in a browser it is resolved by the domain name system (DNS) to the numerical IP address used by computers to communicate. To block access to a specific website, an Internet Access Provider, responsible for carrying out users’ requests, needs to interfere with the DNS tables under their control to prevent the user’s request from reaching the requested website. DNS blocking is a very blunt instrument that should be used cautiously as it will affect all information and services provided from the affected domain. All web pages in the domain – both legitimate and non-legitimate – will become invisible, it may be impossible to send or receive e-mails, and any subdomains are also likely to be affected.
Q: What is IP address blocking?
A: IP address blocking prevents connections being established between a server/website and the targeted IP addresses. IP blocking targets either IP addresses of the relevant content to hinder user access (typically carried out by an access provider), or IP address(es) of a set of users to hinder their access to a given piece of content - which remains directly accessible to all users outside the targeted group (typically carried out by a web site or content provider or government censorship agency). For the purposes of this document, the term “IP blocking” refers to the first category targeting the IP address of the relevant content with the intention of preventing the access provider’s customers from reaching content.
Q: What is Hybrid Blocking?
A: Hybrid blocking is a combination of IP and a form of DNS blocking which was designed to overcome some of the over-blocking issues of each. However, it is much more complex and requires additional equipment and routes to be added into the blocking provider’s network (though sometimes this is sub-contracted to specialized blocking providers). It also requires a very detailed and specific URL list to be maintained. Hybrid blocking can be circumvented in the same way as IP blocking. It is less scalable as more IP addresses are flagged that have to be routed to the blocking equipment which checks the request against specific URLs and can result in considerable response time impact in serving the legal content that resides at these locations.
Q: What is the difference between DNS and IP blocking?
A: DNS and IP blocking are two different ways to try to prevent access to Internet content. As previously pointed out, DNS blocking is easy to circumvent including through encryption. The circumvention of IP blocking, on the other hand, is somewhat more burdensome. This can be done mainly through ‘tunneling’ and ‘virtual private network (VPN)’ tunneling techniques. Tunneling allows users to create an encrypted “tunnel” to a different machine on the Internet which is not subject to the authority requiring the ISP to block, so preventing the blocking software from seeing web requests. VPN tunnels are invariably encrypted and thus not susceptible to interception. Therefore, both techniques risk promoting the encryption of networks and thus pushing illegal activities into even more clandestine modes of operation.
Both DNS and IP blocking carry the risk of over-blocking. Over-blocking harms innocent websites, harms users attempting to access innocent websites, generates costs to ISPs in addressing complaints about over-blocking, and harms the reputation of ISPs in the market place. On the one hand, IP blocking unavoidably leads to a large amount of legal content being blocked, because multiple, different websites often share the same IP addresses. Therefore, the blocking of an IP address would almost automatically block large numbers of other (legal) websites and not only the illegal one. DNS blocking, on the other hand, implies blocking an entire domain name (i.e. website) at the level of a DNS server. This means that if illegal content is hosted on a subdomain of a domain name, all other (legal) subdomains that have the same parent domain will be blocked as well. This is particularly problematic when user generated content (UGC) is involved in large social networking or media sharing services. For example, if content which an authority wishes to block is placed on one profile of a social networking service, DNS blocking will result in the entire social networking site being blocked to all customers of the access ISP.
This has a direct impact on the freedom of communications because the existence of additional subdomains may not readily be apparent and raises concerns as to the proportionality of the measure compared to less restrictive alternatives. Indeed, there is the added risk of over-blocking both from a domain name perspective (blocking sub-domains legal sites) and geographic perspective for operators whose networks have a pan-European coverage (depending on the location of servers an ISP may end up over-blocking sites in another jurisdiction).
Q: Can measures that are used to block child sexual abuse material also be used to block other kinds of content?
A: Child pornography is universally condemned and recognised as a criminal act. Despite investments in the EU to block such illegal content coming from third countries, these initiatives have never proved to have any measurable impact. On the other hand, there is anecdotal evidence which suggests that blocking removes political pressure to engage in effective international cooperation to have the content removed at its source (be it within the EU or outside) and to find, and prosecute, the criminals behind the sites. Instead of blocking, removal of content at source, fostering international cooperation in the deletion of illegal content and strengthening cooperation between police forces would contribute considerably to address this phenomenon within the EU and abroad – creating a deterrent effect that is currently missing.
Q: Why is blocking of hate speech, xenophobia or terrorism so difficult?
A: There are numerous examples of individuals and even countries categorised by authoritative sources as being terrorist  and racist . Attempts to block hate speech, xenophobia or terrorism, therefore, proves to be difficult, because such content is not obviously illegal. Disparities already exist between Member States in this regard. Without a judicial order determining the illegality of such specific content, the risk exists that blocking would amount to censorship of perfectly legal opinions, thus harming the online right to freedom of expression and lessening legal certainty for the Internet industry.
 Mandela’s African National Congress was seen as a typical terrorist organisation by Margaret Thatcher.
 UN Resolution 3379 referred to Israel as a “racist” State.
Q: Is action to block spam the same as that of blocking other kinds of content?
A: The term “spam” describes the circulation of unsolicited messages (i.e. email spam). As many as 85 to 90% of all emails sent are spam. Spam is not only an obstacle to the smooth functioning of online communications, to the freedom of correspondence of users of the service but also a security threat because it is often used to disseminate malicious software.
In itself spam is not necessarily illegal content but can lead to illegal actions, such as installing a Trojan programme in the user’s computer to hack it. Other differences lie on the fact that spam e-mails are stored on the servers of the ISP until it is downloaded by the consumer while other kinds of allegedly illegal content could be directly exchanged between users. Secondly, by filing complaints on spam material, consumers’ help create filters based on the origin of the spam, which does not always occur with other kinds of allegedly illegal content. Thirdly, e-mail coming from an IP address that is not the IP address of a known e-mail server can be suspected of being spam. Finally, “spam” blocking is a security measure that ensures customers’ safe and efficient use of the Internet infrastructure. On the other hand, “content” blocking relates to a phenomenon which has less impact on ISP networks.
Q: Can self-regulation be a valuable mechanism to tackle the problem of illegal content online?
A: Self-regulation is a flexible tool used by industry to address security issues on their networks (eg. spam). When dealing with security issues, the ISP has full technical control over harmful content allowing the ISP to set internal processes on a self-regulatory basis. However, when it comes to other, non-security related allegedly illegal content, the ISP has no control on the content or processes because it is not supposed to know about the nature of the communications carried on its network. For some specific content (i.e. child sexual abuse material), self-regulation is a good tool to address the problem in cooperation with entities, such as hotlines and law enforcement, who have the relevant training and expertise to assess the content and, when necessary, advise the ISP to take action to remove the illegal material. However, with regard to other categories of alleged infringing content (i.e. unauthorised circulation of copyrighted material, online gambling, defamation, terrorism, etc.), self-regulation may not be the most effective solution. The ISP is not in a position of making a value judgment on the legality/illegality of such content. In this case self-regulation could set procedures to report such content to competent public authorities for them to assess, but not to force ISPs into a position to evaluate the legal validity of an alleged infringement. Finally, self-regulatory measures need to avoid restricting a variety of fundamental rights defended by the Charter of Fundamental Rights (i.e., freedom of expression and information). As also stated in the 2003 Inter-institutional Agreement between the European Commission, European Parliament and Council, “Self-regulation is always consistent with Community law” and “These mechanisms will not be applicable where fundamental rights are at stake”. Again, when an ISP is asked to block access to a website, to cut access to an Internet connection and, as a consequence, deliver personal data of an alleged infringer, a judicial order is always necessary.