Are you an ISP and have you received a censorship request? Did you get an email from the Postal Police with the subject line “DNS blocking on the request of the Judiciary”? Or again, have you received a PEC from the Judicial Authority containing an order requesting thatcertain websites be blacked out?
When such communications are received, concerns and doubts are immediately triggered as to what obligations an Internet Service Provider has under current regulations and whether or not in Italy the internet censorship. In this post we have tried to give a definitive answer as well as try to reassure you.
Vayu provides its customers with the support needed to implement the filtering tools required by current regulations. Simple and reliable tools through which to have a management and overview of the restrictions applied.
Everything you need to know in these cases
Untangling laws, decrees and resolutions
Contrary to what one might be led to believe, censorship exists in our country and is implemented through a varied list of regulations and decrees that we try to summarize for you below:
-
Law 38 of February 6, 2006: National Center for Countering Online Child Pornography (CNCPO)
-
Directorial Decree January 2, 2007: Customs and Monopolies Agency (ADM)
-
Resolution 680/13/CONS of December 12, 2013 and ss.mm.ii: Communications Guarantee Authority (AGCOM)
-
Directive 2 of May 26, 2009: Ministry of Public Administration, Civil Service Department
-
Judicial Authority Measures.
As is often the case, therefore, we are not faced with a clear and unambiguous law but must learn to untangle the jungle of regulations whose information is not always easy to find.
What are the penalties and violations?
Internet censorship regulations and decrees also provide specific penalties for violations against network service providers. Let’s look at them together:
-
CNCPO: Violation of this obligation carries an administrative penalty ranging from 50 thousand to 250 thousand euros. The Ministry of Communications shall be responsible for imposing the penalty.
-
ADM: Violations of the inhibition requirement are punishable by an administrative penalty of 30 thousand to 180 thousand euros for each violation found.
-
AGCOM: Individuals who fail to comply with the Authority’s orders and warnings are punished with administrative fines.
Having focused on the fact that there are obligations and, more importantly, penalties, let us see the means by which we can respond to and fulfill these blockages. The regulations provide only a general indication by specifying that: “
providers of connectivity to the INTERNET must equip themselves with filtering tools
“.
The filtering tools available to an ISP.
There are essentially two filtering tools available to Internet Service Providers:
-
Domain forgery
-
Blackhole traffic to the IP
In the first case, the ISP configures the DNS given in use to its customers so that they respond that the domain does not exist, or direct the request to specific web servers containing notice with the reason for the block applied. In the second, the ISP acts on its network so that traffic directed to the IP of the server hosting the censored site is not forwarded to its destination.
But an operator, in order to comply with censorship regulations, is required to implement both of these filtering tools. Specifically, ADM provides for censoring only domains; the CNCPO list and seizure orders issued by judicial authorities can contain both domains and IP addresses.
To configure DNS blocks, one must first have DNS recursors: ISPs do not have a generic obligation to provide name resolution service to customers, BUT they must inhibit access to certain resources through a DNS resolver. In conclusion, it is in fact mandatory for an ISP to have a DNS recursor properly configured with blocked domain lists and provide it for use by its customers.
We take the opportunity to say that providing its customers with a high-performance dns service also brings with it benefits related to performance and direct control of service quality and continuity: for an ISP to equip itself with DNS servers should not only be an obligation but also, and more importantly, an opportunity to increase the value of the services provided to its customers. To configure IP blocks instead, simply apply firewall or blackholing rules on border routers. The most difficult part is to make the list of ip involved in the block lists manageable and updatable automatically or semi-automatically.
List of domains and IPs to be blocked
The complexity comes primarily from the multiple sources to draw from to compose the list of all domains and IP addresses being blocked:
-
CNCPO: non-public secret lists, accreditation procedure with client certificate issuance required.
-
ADM: https://www.adm.gov.it/files_siti_inibiti/elenco_siti_inibiti.txt
-
ADM: https://www.adm.gov.it/files_siti_inibiti_tabacchi/elenco_siti_inibiti.txt
-
AGCOM: file with txt published as “Attachment B” in the last blocking decree issued, e.g.: https://www.agcom.it/documents/10179/24865962/Allegato+18-11-2021+1637251399554/cafe760d-33ac-420e-8e33-f2086046b408?version=1.0
-
Measures of the Judicial Authority: sent via PEC
And then the difficulty of translating this into concrete actions for which Vayu has developed its system of solutions.
Building the Future of Telecommunications Together