Since the Korean government started censoring illegal Hypertext Transfer Protocol Secure (HTTPS) websites recently, public opinion has received a considerable stir. The number of petitioners on the Blue House website skyrocketed; within a short amount of time, more than 260,000 people petitioned against the government’s website censorship policy. Some opine that national-level intervention is inevitable due to the difficulty of blocking harmful websites, while others fear that HTTPS blocking can be the beginning of personal censorship, which sends a reminder of the “Big Brother” in George Orwell’s 1984. As these two opposite voices coexist, the question of the validity and the effectiveness of website policy continues to rise. Therefore, the Sungkyun Times (SKT) will look at the definition of HTTPS blocking, the problems of the policy and the possible solutions.
The Explanation of Website Blocking
-What Is HTTPS?
A website consists of a numeric Inter Protocol (IP) address like 155.145.75.1 (the Sungkyun Times IP), but it is replaced with the alphabetized address (skt.skku.edu) because a numeric IP is difficult to remember. HyperText Transfer Protocol (HTTP) is an international communication protocol used to receive information between computers. A protocol is a set of computer rules that govern internet document transmissions. HTTP is a stateless and cleartext protocol, which makes it vulnerable to man-in the-middle type attacks. Since HTTP does not encrypt the IP and server website address, a man-in-the-middle can easily analyze the interaction between the client and the server. HTTPS is an advanced version of HTTP with the encryption. The letter ‘S’ in HTTPS stands for secure. Data encryption in HTTPS makes man-in-the-middle attacks much more difficult to occur.
-What Is Server Name Indication (SNI) Field Filtering?
SNI field filtering blocks an unencrypted part of SNI during HTTPS communication. SNI, written in cleartext, shows where a client is trying to go on the internet. The job of SNI is to indicate which hostname is being contacted during the “handshake” process. The handshake process refers to the exchange of secret key information for encryption between server and client. Transport Layer Security (TLS) protocol is necessary when using HTTPS, and about 98% of clients support it. A client is a desktop computer that obtains information and applications from a server. TLS protocol is an electronic document that guarantees communication between the client and the server. SNI eavesdropping which is carried out by the Korean government identifies the hostname (skt. skku.edu) on an unencrypted SNI field of the target server and blocks the communication process. Therefore, the publics’ concern regarding the possibility of “packet sniffing” by the government might be dispensable. Packet sniffing refers to the action of secretly intercepting information going back and forth during Internet connections. A packet is a formatted unit of data divided into small parts to make it easy to transmit through a network. Since HTTPS automatically encrypts packets, it is technically impossible to intercept them.
The Grounds and Doubts About HTTPS Blocking Policy
-The Background for HTTPS Blocking
The Korea Communications Commission (KCC) is now blocking 895 foreign websites that are determined to be illegal through its review results. According to the KCC, due to changes in the internet environment, the introduction of SNI eavesdropping was inevitable in order to prevent cybercrime. The government used to request Internet Service Providers (ISP) such as KT, SK, and LG to block the illegal websites. The government, however, could not request the ISP to block foreign websites. As a result, illegal pornography and gambling have moved to the borderless foreign websites abusing the inapplicability of domestic laws. Before one knows, the online illegal gambling market has reached over 47 trillion won in 2015 and can be easily accessed by teenagers without adult certification. Illegal sexual footage or spy camera porn has a detrimental impact on the victims as well. The number of victims of cyber-sex crime who contacted the Digital Sexual Victim Support Center in 2018 exceeded 2,300. Illegal sexual content spread all over the internet and has been sold by Webhard companies, and when regulations on Webhard started, they were spread to foreign websites, making it even more difficult to get rid of them.
-Concerns About HTTPS Blocking
There is a concern that excessive internet control may be legalized under the name of blocking illegal foreign websites. In other words, there is a risk that the government can arbitrarily designate illegal websites exists. Some people claim that the HTTPS blocking violates Article 17, 18 of the Constitution. According to the Constitution of the Republic of Korea, Article 17 stipulates that the privacy of no citizen shall be infringed upon and article 18 stipulates that the privacy of correspondence of no citizen shall be infringed upon. More importantly, HTTPS blocking has already lost its ability to block illegal websites. After the introduction of HTTPS blocking, applications that bypass blocked websites, such as Chrome Data Saver, Virtual Private Network (VPN), Opera Browser, and Moonbreaker have been frequently used. In particular, Firefox encrypts the cleartext SNI information on the device itself, so that the government can not track and block the data. In short, the detour method is easy-to-find on the internet, and it is almost impossible to prevent sharing the information about detouring to others. To make matters even worse, a more complicated, Encrypted SNI (ESNI) which can avoid SNI eavesdropping is already being developed. When ESNI is widely introduced, the government will need to find a new way to block illegal websites. So, a simple website blocking alone cannot be a fundamental solution.
Problems of Current Policy and Fundamental Solutions to Cyber Crime
-Needs for Establishment of Clear Standards and Regulations
The authority to judge and block harmful websites resides only in the KCC. For now, people cannot know the standards of illegalness used by the KCC. This has led to ambiguous standards of illegal websites. Illegal pornography websites, where people trade porn through virtual currency and have their own membership system avoided the regulation. The KCC should try to derive the standards for illegal websites after listening to the voices of the public. The ambiguous concept of illegal pornography itself is a problem as well. Some definitions of pornography can be found in Article 8 of the Regulations on Information and Communications and the judicial precedent of the Supreme Court, but there is no specific definition of illegal pornography. To properly regulate illegal pornographies, a clear and new definition of pornography must be enacted. As mentioned in the recent announcement of the 2019 work plan of the KCC, establishing a public consultation group to discuss the desirable direction of internet regulation, including technical changes, in the future is necessary. To prevent structural control of media by the government, revising the media related regulations is needed. Enacting a regulation that public opinion gets compulsorily reflected in the election of the president of the KCC could be a good solution. This way, the opinions of the public can be shown well in the KCC. Also, complete internet freedom should be ensured by enacting a special law related to HTTPS blocking. The special law needs to clarify that the government’s role is restricted to monitoring the hostname of the SNI field. The countermeasures and punishments should be established for the case that the government violates the special law.
-Solutions for Illegal Pornographies and Online Gambling
Above all, it is crucial to punish creators and distributors of illegal pornographies harshly. First of all, if someone has distributed sexual photographs or videos for commercial purposes, he or she must be punished regardless of the consent of the person in the footage. To prevent further harm from the victims, simple possession of sexual footage must be punished. For now, if the victims are only threatened with distribution without actually distributing, the person threatening can only be punished by Article 283 of the Criminal Code. They are not subject to accusation under the Act on the Punishment of Sexual Crimes. Strengthening the level of punishment regarding gambling is vital to solve the problem of illegal online gambling. Needless to say, those who have been punished for gambling should be monitored during the grace period to make sure that there is no further gambling involved in any form. In addition, blocking the revenue made from illegal gambling could work if cybercriminal extradition and stronger surveillance become actualized through national-level cybercrime negotiation. We have to know that even if the illegal websites are blocked in Korea, duplicated works of digital sexual crimes and newly opened gambling websites are still rampant on the internet. Therefore, international judicial cooperation on the operation of the server and collaborating with foreign civil groups is required by establishing a network in the relevant countries.
The packet sniffing controversy arose from concerns that the government may start interfering in individual privacy on the internet. Of course, it is unlikely that the current SNI field filtering will result in packet sniffing. According to experts, however, if ESNI technology is fully developed and gets widely introduced, the government will have to start intercepting packets to block illegal websites. The government’s efforts to solve problems regarding illegal websites, rather than merely just blocking websites, is becoming increasingly more important.