Blog stopped at customs in bizarre case of mistaken identity

In a bizarre case of mistaken identity the department of Customs and Border Protection appear to think that OpenAustralia.org‘s republishing of Federal parliamentary discussions constitutes a blog.

Last week we were told by a person who works for the Australian Customs and Border Protection Service that OpenAustralia.org was blocked by their IT department’s security policy. It happened that they wanted to use email alerts to stay informed on issues relating to customs policy discussed in the Federal parliament. So, clearly, they were wanting to use the site for a very sensible, work related activity.

A few minutes later, after prompting on Twitter, I fired off an email to the Australian Customs

From:”Matthew Landauer” <matthew@openaustralia.org>
Sent:Wednesday, 20 October 2010 12:08:31 PM
To: information@customs.gov.au
Cc: contact@openaustralia.org
Subject: Query about Customs access to openaustralia.org

Dear Sir / Madam,

We just were told by a person who works for Customs that one of our websites http://www.openaustralia.org, which republishes the Federal proceedings of Parliament, which is run by a charity, the OpenAustralia Foundation, has been blocked from internal use inside the department.

Firstly, is this true?

Secondly, if this is true, what is your reason for blocking access given that there are many legitimate work uses for openaustralia.org within your department?

Thank for your time.

All the best,
Matthew Landauer

This morning I received this reply

Hello Matthew

We have received the following response from our IT Security Section:

The website http://www.openaustralia.org and it’s charity foundation http://blog.openaustralia.org/foundation/ are classified by the filtering software in use by the Australian Customs and Border protection service as ‘blogs’.

The Australian Customs and Border Protection does not allow general access to websites classified as ‘blogs’ at the present time to due to the threat websites within this category can pose to the security of the Australian Customs and Border Protection network. It is important to note that the filter list is provided by a third party and the Australian Custom and Border Protection service simply consumes this list. We do not make decisions on what category a website should be placed in.

If a business requirement exists for a user or groups of users to access content that is unavailable, they can request an exemption which will be granted after the appropriate approvals have been sought.

The classification of ‘blog’ is defined as below

Sites which contain ‘blogs’ (an abridgment of the term ‘web logs’). Blogs are usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Entries are commonly displayed in reverse chronological order. Examples include:
Commentary on particular subjects such as news or politics
Online diaries
Photo blogs
Audio and video blogs
Regards

[name redacted] | Senior Customs and Border Protection Officer |Customs Information and Support Centre | CE&CS
Australian Customs and Border Protection Service
Customs House, 10 Cooks River Ave, Mascot NSW 2020
Phone I 1300 363 263
Fax I (02) 8339 6714
Email: information@customs.gov.au
Website: www.customs.gov.au

This information is provided as a guide only and should be clarified either by lodging a formal advice request with the appropriate section of Customs or employing the services of a customs broker if appropriate.

Irrespective of whether you think government departments should be blocking blogs as a matter of “security” policy, anyone who has spent more than a passing minute looking at OpenAustralia.org will know that it is most definitely not a blog, but rather republishes the Federal Hansard, the official proceedings of the Australian parliament.

This website blog.openaustralia.org is a blog. So, block this if you must (not that anyone inside Customs can read this, of course) but don’t block www.openaustralia.org. That’s just silly.

This entry was posted in OpenAustralia.org. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

13 Comments

  1. Mike
    Posted October 28, 2010 at 12:32 pm | Permalink

    If the official proceedings of the Australian parliament can be blocked by filtering software because of government policy, what confidence cab we have in the decisions to block sites with Conroy’s mandatory internet filter?

  2. Posted October 28, 2010 at 1:33 pm | Permalink

    “due to the threat websites within this category can pose to the security of the Australian Customs and Border Protection network.”
    This is a transparent knee jerk reaction, a blog site CANNOT be any more or less threatening than any other site and is likely to be less so due to hosting arrangements.
    Customs needs to read the whole of government social media engagement policy, except there isn’t one.
    When will Govt learn to set internal policy and trust?

  3. Posted October 28, 2010 at 11:55 pm | Permalink

    Paul – see http://www.apsc.gov.au/circulars/circular096.htm

    It doesn’t talk about IT security decisions however, these are led out of the Defense Signals Directorate (whose interest is in risk minimisation).

    Balancing the perceived and actual risk of viruses from ‘blogs’ or any websites versus the information access needs of knowledge workers is always tough.

    Perhaps Customs needs to review case studies from Departments that do not block access to legitimate online material – evidence that there is no increase in risk or that there are security approaches which mitigate the risk to core systems (after all perimeter defense is slowly being discredited as an effective security approach – once an intruder breaches your perimeter you are defenseless, and there’s always a way in).

    Perhaps the real issue is silo-isation. The people setting Internet security policies may not be sharing knowledge with their peers across government – possibly because they distrust social networks and blogs….

  4. Jim Croft
    Posted October 29, 2010 at 5:42 am | Permalink

    Moreover, why would an organization outsource and hand over control of it’s internal security?

  5. Chris
    Posted October 29, 2010 at 6:42 am | Permalink

    practically every organisation outsources filtering, at least in terms of a central category blacklist (products like N2H2, WebMarshal, etc).

    The bigger course of action would be to get the site reclassified

  6. Posted October 29, 2010 at 10:57 am | Permalink

    You won’t get any sensible response from the departmental IT people. Best course of action would be to find out what filtering software they’re using and try to make contact with the vendor.

    Only other option would be if a sympathetic government IT bod reads this (either because they can bypass the filter or they’re doing it outside work) who can raise this with the vendor for you.

  7. Brendan
    Posted October 29, 2010 at 12:11 pm | Permalink

    This has me gobsmacked – though I’m frequently gobsmacked by security / net filtering policies (folicies?) of government departments in Australia. In an age where information gathering is of utmost importance, it is amazing to hear of the struggle (and huge cost) it takes to garmer information within these departments from external sources, especially when compared to the ease (and cheapness) of getting the same information within other large companies. Sure, security is important, but I fear that the balance has been placed so far out of wack that there is no easy road back. Just ask someone working for the ABS – or DOCS even, how hard it is to gather outside opinions / sources from the net. They’re almost better off leaving their desks, and taking a lunch break in an internet cafe. (Its happened more than once…)

  8. D Milne
    Posted October 29, 2010 at 8:31 pm | Permalink

    I think they think they,that is,the ones that have reached the highest, the highest they can go in their job,have to prove to their political bosses,ie,the public servants or as they would like to be called,mandarins,we have control over the little people. Well i and many others read this and i for one wonder,who are these people,AND,i want to find out more how they want to try and control my life without my consent.

  9. Alex
    Posted October 31, 2010 at 12:19 pm | Permalink

    “…The website http://www.openaustralia.org and it’s charity foundation http://blog.openaustralia.org/foundation/ are classified”

    “It’s”?

  10. Joel
    Posted October 31, 2010 at 3:07 pm | Permalink

    Welcome to the public service + enterprise world.

    Many websites are blocked from access (video, image, news and other content distribution/redistribution sites are amongst them). Not really that unusual.

    I don’t always agree with it, but where a business requirement exists whitelisting over the top of subscribed blacklist services has always been available.

    Most companies operate in this fashion too.

  11. JP
    Posted November 1, 2010 at 6:42 am | Permalink

    Oh, grow up.

    It’s not bizarre, it’s routine. So is the solution: short-term, request that Customs whitelist the site; long-term, request that their filtering provider reclassify it.

    I suspect the reason for kicking up this sort of fuss over nothing is to get some free publicity from idiots like the Sydney Morning Herald, who are too thick to realise that it’s not news.

  12. Joel
    Posted November 1, 2010 at 12:00 pm | Permalink

    @JP: agreed.

  13. Posted December 2, 2010 at 10:22 am | Permalink

    @JP an @Joel are on the money. This smells more like your average enterprise IT security policy (which is a collection of random rules with little justification) than a malicious attempt to censor information. Never assume malicious intent where plain old incompetence is more likely.

    As @JP said, get someone senior enough to sign the form you need to have the site added to the whitelist.

2 Trackbacks

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*
*

Subscribe without commenting