On Thursday, the OpenNet Initiative released their report, to which I contributed, studying Internet Censorship in Belarus during the 2006 Presidential Election there. It even has managed a brief mention in the New York Times.
In summary, we did find suspicious behaviour, particularly in the domain name system (DNS), the area I mainly explored, but no proof of outright filtering. It is rarely advisable to attribute to malice what can just as easily be explained by incompetence, so it is difficult to draw conclusions about what actually happened solely from the technical evidence. However, regardless of whether this was the first instance the ONI has seen of a concerted effort to hide state censorship, or simply an unfortunate coincidence of network problems, it is clear that existing tools for Internet monitoring are not adequate for distinguishing between these cases.
Simply observing that a site is inaccessible from within the country being studied is not enough evidence to demonstrate censorship, because it is also possible that the server or its network connection is down. For this reason, the ONI simultaneously checks from an unrestricted Internet connection. If the site is inaccessible from both connections, it is treated as being down. Censorship is only attributed if the site can be reliably accessed from the unrestricted connection, but not by the in-country testers. This approach has been very successful at analysing previously studied censorship regimes but could not positively identify censorship in Belarus. Here sites were inaccessible (often intermittently) from all Internet connections tried.
Ordinarily this result would be assumed to simply be from network or configuration errors; however the operators of these sites claimed the faults were caused by denial of service (DoS) attacks, hacking attempts or other government orchestrated efforts. Because many of the sites or their domain names were hosted in Belarus, and given the state strangle-hold on communication infrastructure, these claims were plausible, but generating evidence is difficult. On the client side, the coarse results available from the current ONI testing software are insufficient to combat the subtlety of the alleged attacks.
What is needed is more intelligent software, which tries to establish, at the packet level, exactly why a particular connection fails. Network debugging tools exist, but are typically designed for experts, whereas in the anti-censorship scenario the volunteers in the country being studied should not need to care about these details. Instead the software should perform basic analysis before securely sending the low-level diagnostic information back to a central location for further study.
There is also a place for improved software at the server side. In response to reports of DoS and hacking attacks we requested logs from the administrators of the sites in question to substantiate the allegations, but none were forthcoming. A likely and understandable reason is that the operators did not want to risk the privacy of their visitors by releasing such sensitive information. Network diagnostic applications on the server could be adapted to generate evidence of attacks, while protecting the identity of users. Ideally the software would also resist fabrication of evidence, but this might be infeasible to do robustly.
As the relevance of the Internet to politics grows, election monitoring will need to adapt accordingly. This brings new challenges so both the procedures and tools used must change. Whether Belarus was the first example of indirect state censorship seen by the ONI is unclear, but in either case I suspect it will not be the last.