Building Trust Improving Technical Security Open Internet Standards

Error code 451: Using Internet protocols to enable transparency

What if there were a standard machine-readable way to notify Internet users that the webpages they are trying to visit have been blocked for legal reasons? What might this enable?

First, greater transparency on the Internet regarding blocking requirements around the world.

Second, the potential to estimate the extent of “the blocked Web”.

The Internet Engineering Task Force (IETF) recently approved a proposed Internet standard – An HTTP Status Code to Report Legal Obstacles, which will be published as an RFC in the coming weeks.

This new standard will specify a status code for webpages that are blocked for legal reasons. The Hypertext Transfer Protocol (HTTP) status code is designed to enable content servers and intermediaries (including ISPs and search engines) to notify users that their access to specific web-resources has been blocked for legal reasons. The standard also recommends that the notification include an explanation. This is important because this is the detail the user needs to be able to understand why access has been blocked, and if desired, to take action to challenge the blocked access. It also helps content servers and intermediaries who have been required to block access to notify users who directed that access by blocked.

Also, since the status code is machine-readable, researchers and others could use web crawlers to identity which blocked URLs use error code 451. And, maybe someone will produce a searchable open repository of all known error code 451 instances. This information could then be used to map the blocked Web and to analyze the explanations, looking for trends and anomalies. For example, one day there might be an answer to the question – “how much content is blocked for IPR reasons?

The 451 error code can also be used for encrypted webpages, which is significant as encryption on the Web becomes more and more prevalent. A user should be able to see the error code irrespective of whether they try to access the content via HTTP or HTTPS.

This standard is a prime example of an Internet protocol enabling common policy objectives (in this case, transparency) to be implemented across the globe.

But, there are some considerations to keep in mind:

As with all Internet standards, the implementation of the 451 error code is voluntary.

So, how widely will it be used? While that will largely depend on those that want to block access to Web content (i.e. how willing are they to be transparent about their reasons and their actions?), Internet users also have a responsibility to insist on the proper use of error code 451 and to be watchful that the standard is not misused (e.g. to mislead users as to reason for the content being blocked), especially as “legal reasons” is not defined.

Further, there is an additional role for content servers and intermediaries who are required to block content for legal reasons and to use another status error code such as 404 (error), to include information in their transparency reports to indicate whether this is occurring. For example, stating “We have/have not been required to replace 451 by other error codes.”

Image credit: Dennis Skley on Flickr – CC BY-ND 2.0