This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Previous message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Next message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Matthias Merkel
matthias.merkel at staclar.com
Tue Sep 28 21:17:40 CEST 2021
RIPE does not handle abuse matters like this, that would be up to the connectivity and hosting providers involved. RIPE only enforces that each IP allocation and assignment has a valid abuse contact email. Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> on behalf of Jeremy Malcolm <jeremy at prostasia.org> Sent: Tuesday, September 28, 2021 8:56:44 PM To: anti-abuse-wg at ripe.net <anti-abuse-wg at ripe.net> Subject: [anti-abuse-wg] False positive CSAM blocking attributed to RIPE Dear all, I am new to this list, although I am not completely new to the Internet technical community, as I am a long-time IGF (and occasionally ICANN) participant. I am writing about a case that has been referred to my organization involving global blocking (packet dropping, apparently) of IP addresses that have been reported as hosting CSAM by the Canadian Center for Child Protection (C3P). According to public information, the C3P runs a web crawler called Project Arachnid which searches for instances of CSAM on the clearweb, and sends automated takedown notices to providers. However, in the case that was reported to me, rather than allowing the hosting provider to take down the offending image, the takedown notice was followed by global packet dropping of the hosting IP address, which took down the entire server and other websites along with it: the hosting provider has attributed this censorship to RIPE, although I cannot verify whether or not this is true. If I am able to obtain more details from RIPE staff, I will follow up with them. Moreover the website in question was not a CSAM website, and neither was the image reported by the C3P a CSAM image. It was a scan of a 1960s postcard of an indigenous family, sent through the mail, which was included in a detailed ethnographic blog article about indigenous women and girls. In other words, this is an obvious false positive, and it should never have been reported as CSAM at all. I'm writing to find out if anyone has more information that they can share about how this might have happened, and how it can be prevented from happening in the future. Many thanks in advance for any help that you can offer. Not sure if I should include the RIPE Cooperation ML on this, given that it relates to the actions of the C3P? -- Jeremy Malcolm PhD LLB (Hons) B Com Executive Director, Prostasia Foundation https://prostasia.org - +1 415 650 2557 [https://mailfoogae.appspot.com/t?sender=aamVyZW15QHByb3N0YXNpYS5vcmc%3D&type=zerocontent&guid=6da5a3c0-b605-489c-a914-49bb037aca56]ᐧ -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20210928/ee1bd217/attachment.html>
- Previous message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Next message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]