Filter

Author: Vittorio Bertola

This entry (i) introduces the concept and classification of Internet filters, (ii) provides a more detailed (but very general) analysis of network filters, and (iii) provides a similar analysis of endpoint filters.

(i) An introduction to Internet filters

An Internet (content) filter is a piece of software (and, sometimes, of specialized hardware) that selectively blocks content being transmitted in Internet communication. Multiple classifications of Internet filters are possible, depending on different factors. Endpoint filters operate at the endpoints of a connection, i.e., on the server or on the user’s device; network filters operate in the middle, somewhere on the connection path between the user and the server. Upload filters operate when the content is first posted onto the Internet, while access filters operate when a user tries to access existing content.

Independently from where and when the content is filtered, the filtering may happen on behalf of different parties. Filters can be voluntarily activated on request of the end-user, to provide services such as parental control for families or productivity control for companies. Network administrators and Internet access providers can deploy filters to prevent connection to harmful services, such as botnet command and control centers or phishing websites. Service and content providers can deploy filters to reject unacceptable content or to prevent access from specific jurisdictions. Governments and courts can mandate the deployment of filters according to applicable regulation, to enforce licensing requirements (e.g., gambling, pharmacies), to prevent access to illegal content (e.g., copyright infringements, child sexual abuse material, hate speech) or to censor their political opponents.

Internet filters are widely used as an alternative to content takedown for cases in which the content cannot or should not be taken down, as they allow to make content inaccessible even without any cooperation by the entity hosting it or by the country where it is located. These cases include:

• Content that is legal, but objectionable to the end-user or the network administrator;
  • Content that is illegal in the country from which the Internet is being accessed, but legal in the country where it is hosted;
  • Content that is illegal in the country where it is hosted but cannot be taken down easily and promptly enough for technical, practical or legal reasons.

There is ample debate in legal, moral, policy, and technical terms on whether Internet filters are desirable and under which conditions.

(ii) Network filters

Network filters are usually applied by telecommunications providers, and specifically Internet access providers since the most effective point where to apply them is on the local loop connection between the home network and the ISP’s backbone. They are very common for implementing filters on behalf of any of the three stakeholders (the user, the State, and the ISP).

Firewalls block connections according to the destination IP address and service. They are effective but suffer both from overblocking – as often a single IP address hosts hundreds of independent websites and services – and from easy circumvention – as the service operator can simply move the service to a different IP address.

Thus, content-level filtering methods have been developed. Transparent proxies silently intermediate connections at the application protocol level (HTTP, for example) and examine the actual content to decide whether to allow access to it. Deep packet inspection (DPI) appliances look at the content within network packets, to the same effect. Both methods access the actual content, including any personal information included in it, and thus infringe the user’s privacy. They have become increasingly ineffective due to the widespread adoption of encrypted protocols (e.g., HTTPS); they would then require breaking the encryption or having a backdoor into it.

As an alternative, rendezvous filters do not examine content but only act on service connections necessary to obtain metadata for the actual retrieval of content. The most common type is DNS filters, which are applied at the endpoint of the connection with the ISP’s DNS resolver, where the IP address for the desired hostname is retrieved. These filters do not look at the content and do not require breaking the encryption but require that the user adopts the filtering resolver.

In policy terms, network filters can break network neutrality and so their use is often restricted by regulation. In the European Union, the Open Internet Regulation (Art. 3, EU Regulation, 2015)¹ only allows network filters if mandated by law or if necessary for network security and management. At the same time, many European countries have laws or court rulings that mandate the filtering of certain types of content or of specific websites, requiring ISPs to implement such blocks.

The Internet’s technical and business community is divided over network filters. Internet platforms, application developers, and the IETF prefer the use of endpoint filters whenever possible (Barnes et al., 2016)², and have embraced a policy of encrypting connections as much as possible also to circumvent network filters. On the other hand, network operators and Internet service providers, often backed by their governments, find network filters desirable and useful for a variety of purposes.

This disagreement also has implications for competition, as the disruption of network filters by application makers can have the effect of drawing users away from services provided by ISPs and into services provided over-the-top by the platforms (Borgolte et al., 2019)³, where the filtered content (even if ruled illegal in the user’s country) is immediately available.

(iii) Endpoint filters

Endpoint filters are applied at either edge of a network connection. When applied to the user’s device, they generally are voluntary filters to prevent some users (for example, children) from accessing some content. In this regard, endpoint filter providers directly compete with network filter providers supplying similar services with different technologies.

On the other hand, endpoint filters on the server side are often used to prevent access or distribution of harmful or illegal content, similar to network filters.

Upload filters are applied by platforms that distribute user-generated content to verify whether such content may be objectionable or illegal. In the European Union, Article 17 of the recent Copyright Directive (EU Regulation, 2019)⁴ de facto mandates the deployment of such filters to prevent the upload of copyright-infringing content.

Search filters are customarily deployed by search engines and other indexing services to hide pointers to content that is deemed illegal or inappropriate. Search engines, mostly based in the United States, customarily remove pointers to some results in response to complaints filed under the Digital Millennium Copyright Act (Google, 2020)⁵.

Geoblocking is a type of server-side endpoint filtering in which content is made available or not depending on the estimated country of origin of the connection. In the European Union, geoblocking is seen as a potential distortion of the single market and thus has been regulated with the Geo-Blocking Regulation (EU Regulation, 2018)⁶.

As endpoint filters are generally implemented by entities other than telecommunication providers, they are usually not regulated. They do not raise network neutrality concerns, yet platforms could also use them in non-neutral ways to influence which content and services users can access.

References

1. European Parliament (EC) Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union.
2. Barnes, R. Cooper, A. Thaler, D. Nordmark, E. (2016) Technical Considerations for Internet Service Blocking and Filtering. IETF. Available at: https://tools.ietf.org/html/rfc7754.
3. Borgolte, Kevin. Chattopadhyay, Tithi. Feamster, Nick. Kshirsagar, Mihir. Holland, Jordan. Hounsel, Austin. Schmitt, Paul. (2019). How DNS over HTTPS is Reshaping Privacy, Performance, and Policy in the Internet Ecosystem. Available at: https://ssrn.com/abstract=3427563.
4. European Parliament (EC) Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC, OJ L Document 32019L0790.
5. Google. (2020). Google Transparency Report. Content delistings due to copyright. Available at: https://transparencyreport.google.com/copyright/overview?hl=en.
6. European Parliament and Council (EC) Regulation (EU) 2018/302 of 28 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers nationality, place of residence or place of establishment within the internal market and amending Regulations (EC) No 2006/2004 and (EU) 2017/2394 and Directive 2009/22/EC, OJ L Document 32018R0302.