Mapping of technology

Blocking Technology at
the ISP Level

Blocking technologies are built to pick up and block domains and URLs that are known to contain online child sexual abuse material. It can take place on the Internet Service Provider (ISP) level of the internet, where content travels through providers’ networks. In business’ networks, blocking normally takes place through different filter solutions. Even though blocking on an ISP level does not fit in with standard business precautions when protecting IT environments, it is an important practice in the fight against online child sexual abuse material.

The technology

There are five main different blocking technologies for provider networks. The majority operate using lists of sites known to contain child sexual abuse material. These are compiled by different stakeholders, among others INTERPOL and the Internet Watch Foundation. If the blocking solution matches a search for a web address against the information it has on its list, the request will be blocked.

Domain Name Server (DNS) blocking:

A DNS filtering solution is a specific type of web filter that operates as a middleman between a client computer and the web server that it is trying to access. DNS technology is cost effective, but comes with the drawback that it is easy to circumvent. Further, most businesses use their own DNS and not the ISPs, with the consequence that most traffic from businesses is not picked up by DNS Blocking. As it blocks on domain level, there is also a risk of overblocking.

Deep Package Inspection (DPI):

This technology has the capability of looking at the actual content rather than URLs, and at all the traffic that flows through the ISPs networks. It is also very difficult to get around. The drawback, and the reason why it is not used much, is that it is expensive and can slow down traffic through the networks significantly. The technology also raises questions about the users’ integrity and how the internet should or shouldn’t be policed.

URL blocking solutions:

This is a hybrid of the technologies mentioned above. Instead of analysing all data, this technology looks at specific pages that have been put on a blocking list. The technology is scalable, more difficult (although not impossible) than DNS to get around and blocks URLs rather than whole domains, allowing for a less heavy-handed approach.

Proxys and firewalls:

Blocking lists can also be held in proxy servers or firewalls. This is a technology that is frequently used by businesses. The disadvantage to this technology on ISP level, is that the quality of traffic will be heavily reduced, and it is expensive as it is difficult to scale down the volume of data that is being looked at.

Blocking technologies in the operators’ router:

A cheap and simple solution is the possibility of operators blocking IP- addresses directly in their own routers. This is a heavy-handed solution, as it will block all pages on the IP-addresses, leading to heavy over-blocking. As a result it is hardly ever used.

Its use

Blocking technologies are built to pick up and block domains and URLs that are known to contain online child sexual abuse material. DNS is the most commonly used technology, used by many ISPs around the world to protect their networks from being used for criminal purposes. Although this is a start, there is much more work to be done in this area to make sure that all ISPs block child sexual abuse in their networks, and do it using the most effective technology.

Strengths and limitations

Blocking on a general level is a somewhat blunt tool as it does not detect new material or bring new intelligence to law enforcement.

However, blocking is needed because large amounts of child sexual abuse material is still stored, shared and distributed through the open internet and on unencrypted websites.

Blocking covers a large part of the internet, and is very important to stop spread of online child sexual abuse images, and the revictimisation that happens every time an image or film is shared.

Mapping of technologies