A few days ago, the folks at Global Voices got email from a friend of ours who was working at the National Science Foundation. He was trying to read an article that Jacob Applebaum had posted to Global Voices Advocacy, reacting to a recent report by Freedom House evaluating various tools useful for circumventing internet censorship. When he attempted to follow the link to our site, the web filtering software used by the National Science Foundation blocked the webpage, returning him the message, “Important Notice – National Science Foundation has blocked access to this site. (policy_denied)”. The message went on to offer an email address where a user could report an erroneous blockage and request a review.
So Ivan Sigal, our executive director, wrote a note to the email address asking why our site was blocked to researchers at the National Science Foundation. We got the response back today, six days later. The response tells us that the blockage is not in error. Blue Coat, who manage web filtering for the NSF, explained that while our site is primarily classified as “political/activism”, there’s still a problem: “The website has verbiage indicating how to avoid proxy filtering, which clearly violates our security policy and therefore will remain blocked.”
That’s certainly true – one of the main functions of Global Voices Advocacy is to provide information to people in repressive nations so they can seek and publish information freely online. And it’s certainly possible that you could learn enough from Global Voices Advocacy that you could download circumvention software (not at the NSF, one presumes, but remotely), load it onto a USB key and circumvent Blue Coat’s software. One popular package you might try is Tor, funded in part by the US government, which recognizes its utility in promoting “internet freedom” for political dissidents.
In other words, the National Science Foundation is spending taxpayer money to (ineffectively) prevent scientists from learning about a debate about “internet freedom” tools the US State Department and the Broadcasting Board of Governors are spending taxpayer money to support and promote, again using taxpayer money.
Is there a Federal irony department where I can lodge a complaint?
I see Blue Coat’s logic, I suppose – it’s hard to maintain a filtering system if users are able to obtain tools that can circumvent those filters. (Again, I feel pretty confident that people smart enough to work at the National Science Foundation can find ways to defeat filters using software they downloaded at home.) But blocking sites for discussing filtering systems (we’re not offering downloadable software at Global Voices Advocacy) raises an interesting dilemma – can anyone at the NSF study internet filtering and circumvention if their internal IT systems have a policy on blocking access to such information? (It also raises the question of why Blue Coat doesn’t just block the page they find troubling, rather than blocking all sorts of content on our site about imprisoned activists and censorship in other nations…)
My friend Sami ben Gharbia – coincidently, the director of Global Voices Advocacy – wrote a ferocious (and very compelling) critique of the US government’s Internet Freedom agenda, suggesting that the policy has an inconsistent focus, overfocusing on countries the US sees as a threat and underfocusing on “friendly” dictatorships. He worried that this apparent inconsistency would lead to skepticism that the US really wants a free and open internet everywhere.
That skepticism is evidently warranted. I’m pretty surprised to learn that the scientists at NSF are working in a filtered internet environment, and that the filtering is so aggressive that discussion of internet filtering and circumvention can’t be discussed. One wonders whether the State Department might consider offering some trainings for the National Science Foundation so that employees there can learn side by side with Chinese dissidents how to overcome filtering and learn about State Department sponsored research on internet filtering. Maybe we can sneak into the building with Tor on USB keys and clandestinely smuggle them to oppressed US scientists.
If you work on a US government computer, I’d love to know whether you can reach Global Voices Advocacy. If you can’t, I’d really appreciate it if you’d let me know in the comments, with an error message, if possible. I promise not to publish email or IP addresses, but if you’re really worried about protecting your privacy, I do recommend using Tor. :-)
Thanks so much for getting this up so quickly. If they’d like to send along a screenshot of any block notices they receive (which they should feel free to do anonymously via Tor), even better.
Pingback: US National Science Foundation Blocking GV Advocacy - Global Voices Advocacy
NSA has cleared blockage, all should be working well now.
reports from behind domestic government and corporate firewalls are also very welcome at http://www.herdict.org/web/
No problems here from this NSF-owned but locally-operated network.
We do not use Blue Coat. Have heard of too many problems in the past regarding their shoddy classification and blocking decisions. Will question use of Blue Coat by NSF HQ more directly at the next opportunity.
We do use tor. Call it essential for keeping those whom we’re protecting our network against from figuring out that we’ve noticed their activities and are investigating them.
Pingback: Το Εθνικό ΊδÏυμα ΕÏευνών των ΗΠΑ μπλοκάÏει το Global Voices Advocacy · Global Voices στα Ελληνικά
Good news. My computer at the US Centers for Disease Control & Prevention (CDC, Atlanta) allowed me to enter your website:
http://ethanz.wpengine.com/2011/04/20/us-national-science-foundation-blocks-global-voices-advocacy-website/
It’s easy enough to circumvent filtering at the NSF or any place with Blue Coat filtering.
Email gettor@torproject.org – get a copy of the Tor Browser Bundle (no admin needed)
Email bridges@torproject.org – get a bridge or three
Start the Tor Browser Bundle, add the bridges, circumvent away.
Blue Coat filters the Tor website but they rarely filter *all* email. Blue Coat is generally unable to easily intercept gmail with HTTPS and so you can use our email robots to circumvention their hilariously bad attempts at filtering the Internet.
There’s another half dozen other more technical ways to circumvent Blue Coat filters – this is just the easiest and most productive.
The U.S. Naval Academy filter allows it – by the way Ethan, thanks for attending our conference!
Pingback: Sivanin’ny US National Science Foundation ny GV Advocacy · Global Voices teny Malagasy
This is an instance of unintended consequences rather than malevolent intent. The fact is, a few senior NSF employees got dinged a couple of years ago for viewing porn on their work computers. A Republican Senator took this up as an excuse to argue for budget cuts at NSF, the NSF got spooked, and NSF IT got the word that they should lock down the entire agency’s network. Obviously, there’s no point in trying to lock down a network unless you also try to lock down any access to sites that can tell you how to circumvent the lockdown. So, this is less about Internet or academic freedom than it is about simple inside-the-Beltway politics.
See http://www.politico.com/news/stories/0109/18070.html
I am in a public university in wisconsin, and it works ok.
Greeetings!
Thanks for the explanation, JeffAlex. And yet, what a silly solution — if employees are watching porn at work, putting a bandaid on it isn’t going to help; firing, and probably blacklisting those employees seems like a far better solution, since they’re clearly not mature enough to hold a job.
How absurd – punish the entire building for the childish actions of a few poorly behaved men.
What a silly answer from the NSF guys, but on the other hand I believe they are more lazy to add while list in their blucoat than being adherent to a strict policy.
As for me, I think the one who’s more responsible for all this is Blucoat categorizations, as apparently they are categorizing GV Advox under “Proxy Avoidance” category or something, whereas it should have been under “Political/Activist Groups” for example. Have you tried contacting Bluecoat to see if they can fix this mis-categorization issue?
I don’t find this either alarming or surprising, and certainly not malevolent. When I was developing social media outreach strategies for health at NIH, I routinely had to request filtration exceptions for my workstation so I could access quotidian sites like Facebook. It was very inefficient. But so was everything else about government IT! The situation was simply a side effect of an overly inclusive blanket policy implemented through a bluntly calibrated system. And if there is anything ubiquitous in government, it is overly inclusive blanket policies implemented through bluntly calibrated systems.
A number of us at various agencies complained about not being able to get to social media sites, and eventually I think they amended the filters in at least some agencies. Hopefully the complaints about this situation will elicit similar responses.
Anyway, JeffAlex is correct about the likely motivation. Before we go labeling the NSF personnel responsible for the overinclusive filter “lazy”, it would be nice to keep in mind that exceptions to security policies, whether or not they pose any actual danger, potentially provide leverage for political attacks on NSF as a whole (which really wouldn’t require that an NSF employee do anything very bad at all, given the current political climate). Maybe NSF’s policy is dumb, but punitively cutting science funding because of one or two bad employees is even dumber – and exactly the sort of thing Congress does, given the opportunity.
Pingback: Joho the Blog » Berkman Buzz
Pingback: Security Circus
Pingback: Last Week’s Links (w-15) » the engine room
Pingback: (Western) Internet Censorship Providers :: The Future of the Internet — And How to Stop It
Pingback: US National Science Foundation blocks Global Voices Advocacy … | Latest Search
Pingback: Links | the engine room
Comments are closed.