Wednesday, May 04, 2005

Political censorship via spam filtering

Ever wondered why you'd never heard of an Israeli Peacenik before?
Here's why.

Political censorship via spam filtering
Letter to friends by Moshé Machover
Published: 04/05/05

Dear Friend,

The issue I am writing to you about is of the utmost importance and seriousness: it involves a grave threat to our freedom of expression and communication. In brief, it concerns a sinister imposition of US-based, but world-wide, political censorship in the guise of “filtering of spam”.

As we all know, the problem of spam (unwanted email, some of it distasteful or noxious) has reached enormous proportions and has become not only a nuisance, but—by clogging the email system—a real danger to free email communications.

Faced with this situation, various remedies are being tried.

One of the simplest and safest is a filter built into certain email software packages that a user has in his/her own computer. For example, Eudora, the email software I use on my computer, has an in-built device for segregating incoming messages suspected as spam. (This software assigns a “spam score” to each incoming message, and you can fix a threshold such that messages assigned score above it are segregated from the rest.) These are filed in a separate in-box, where they can be rapidly inspected; the false positives (ie messages falsely suspected as spam) can be transferred to an ordinary in-box, and the remaining ones (real spam) deleted.

Conversely, the false negatives (spam messages undetected as such by the filter) can be transferred into the spam box. This clever piece of software can “learn” from experience: in future it will reduce the “spam score” of messages similar to those you have detected as false positives, and increase the “spam score” of messages similar to those you have detected as false negatives.

This solves your problem, as email user. But there remains a big problem for internet service providers (ISPs). Your ISP is the service through which you get and send your email. In many cases you can tell a user’s ISP from his/her email address. For example, you can see from my email address that my ISP is KCL: King’s College, London. (To be precise, it is the Information Services and Systems—ISS—unit at KCL.)

All ISPs are nowadays inundated by gigantic quantities of spam addressed to their clients. In order to overcome this overload, ISPs are resorting to filtering spam, so that it is blocked by them before reaching you, the user.

These filters are of two kinds. The more benign kind sends the suspected spam to a “quarantine” (usually managed by a commercial company, not by the ISP itself), where you, the addressee, can still inspect it (via an internet browser, eg Netscape or Explorer) and release the false positives, which are then sent to your in-box as originally intended by the sender. You can also delete the remaining real spam; or, if you don’t, the manager of the quarantine will delete it after a period of a few days. In other words, this kind of filter works much like a filter of the mail software in your own computer, except that you have to go to the internet to sort out the false positives from the real spam. And you still get a few false negatives—real spam that your ISP’s filter fails to detect as such. This kind of filter is used by my ISP at KCL. The commercial firm that manages the filtering is Spam Manager, and is based in the US.

The less benign form of filtering is that whereby the ISP simply blocks the suspected spam message and dumps it into a black hole (cyberspace’s virtual Guantanamo Bay). You, the addressee, cannot get it released by any simple procedure. You don’t even get to know that it has been blocked, unless you are informed by the sender (who may get a “bounce” notice saying that the intended addressee has not received the message). America On Line (AOL), an IT mega-giant, uses this kind of filtering. If AOL is your ISP, this is how some of the email addressed to you gets blocked.

Over the last few weeks, since my ISP has started to use the Spam Manager filter, I began to notice something rather disturbing: quite consistently, the false positives that I found in my quarantine box (at the Spam Manager website) were messages sent to me by human rights and peace groups. These were newsletters sent by these groups to subscribers only, of whom I am one. It appeared that these groups—or some material included in their newsletters—are classified by the filter as “offensive” and quarantined as “spam”.

The most outrageous instance of this was a message sent to me by Amnesty International, to whose newsletter I subscribe. The message, whose subject line was “One year after Abu Ghraib, torture continues” and was dated 29 April 2005, was quarantined by Spam Manager as “suspected spam”!!! Other cases included newsletters sent to me by Israeli peace/human-rights groups, and by a journalists’ club based in London (established in 2003 to support those journalists, cameramen and photographers throughout the world who risk their lives in the course of their work).

I then noticed another strange thing. I often send to my friends material concerning human rights, especially in connection with the Middle East. In particular, I forwarded to these friends some newsletters from the human rights and peace groups mentioned above—messages I released from the Spam Manager quarantine. I soon received a “bounce” notice from AOL, telling me that those of my friends who have AOL as their ISP had not received my messages, as they were classified as “spam”. (These friends were told nothing by AOL; they did not know my messages to them were blocked until I informed them of this.)

It appeared that these human rights and peace groups—or something included in their messages—had been put on a black list used by both Spam Manager and AOL. Moreover, the reason for blacklisting was evidently political.

By careful controlled experiments with sending such material to one of my friends who has an AOL email address, we discovered that—at least in some cases—what was blacklisted was not the email address of the original sender (an Israeli peace/human-rights group) nor the main text of the message, but the URL (internet address) of the original sender’s web-site, which was included as a clickable link in the message. When I tried to forward to him the original message intact, it was blocked by AOL; when I removed the link, the message got through. QED.

After some frustrating email exchanges with the person in charge of my ISP, I had a face-to-face meeting with two of the very senior people in that unit.

They confirmed that not only Spam Manager and AOL, but other ISP spam filters world-wide, use the same black list, which is US-based. It also transpired that the whole drive for this had come from the US administration. (I understand that the US has applied pressure on all concerned to use that US-based black list.) This black list is fed into a program that automatically filters and defines as “spam” message containing blacklisted item.

Apparently, the black list consists of “offensive” email addresses, URLs (addresses of websites), words and phrases. Of course, most of these are really politically neutral and their presence on the black list quite legitimate, or at least acceptable.

But the black list evidently also contains items whose presence there is politically motivated. The two senior people whom I met were unable to tell me what exact criteria are used for blacklisting: apparently this is a Great Commercial Secret, which is a sealed book even to them.

But they confirmed that it would be possible for some malicious person (or, more likely, group of persons), motivated by political hostility, to complain to their ISP that, say, some website contains “offensive” material, thereby causing the URL of this website to be blacklisted.

Or—even more disturbing—Big Bushy Brother Himself can order an item to be blacklisted. Undoubtedly, this is used to stifle and muzzle “inconvenient” political discourse, mainly concerned with the violation of human rights and displaying disrespect to BBB.

Once an item gets blacklisted, it is very hard indeed to get it whitelisted. It is a matter of “guilty until proven innocent”. And you can imagine how hard it is to prove innocence. Apparently, you have to provide impossibly stringent guarantees for the future good behaviour of, say, the owner of the blacklisted URL. Might as well forget it, I was told (not in so many words, of course).

Now, what can you do about this outrage?

First of all, make it widely known. Evil triumphs when decent people stay silent.

If you feel as I do, please forward this message to your friends.

Second, make sure that your ISP does not simply dump “suspected spam” addressed to you. If it does, complain. If this doesn’t help, move to another ISP, one that uses no filtering at all or the relatively more benign kind.

Third, if you get a “bounce” message telling you that a message you sent has been blocked as “spam”, let the addressee know about it.

Finally, be prepared for the next phase in the battle for free speech and communication. My hunch is that BBB will eventually apply enormous pressure on all ISPs to use the less benign form of “spam filtering”.

Best wishes,

M Machover

No comments: