Proposal To Establish HTTP Status Code 451 For Websites Blocked By Censorship

By Darren Smith, Weekend Contributor

With the increasing frequency of government censorship and take-down orders blocking content hosted on web servers, a consortium of internet stakeholders has proposed to the IETF an RFC Draft (recently published) proposing a standard error response given to clients that the web page or resource sought has been blocked for legal reasons.

The proposal uses the status code 451, a reference to Ray Bradbury’s book “Fahrenheit 451”.

 

Most users have seen the familiar “404 Not Found” or “403 Forbidden” error messages when accessing a page that does not exist or one that has restricted access. Under the surface these HTTP (HyperText Transfer Protocol) tags regulate client and server transactions, such as page request, authentication required, OK statuses and numerous others handled by the web browser and the website it is connecting to.

A pertinent excerpt from the draft before the IETF reads as follows:

Introduction

This document specifies a Hypertext Transfer Protocol (HTTP) status
code for use when a server operator has received a legal demand to
deny access to a resource or to a set of resources which includes the
requested resource.

This status code can be used to provide transparency in circumstances
where issues of law or public policy affect server operations. This
transparency may be beneficial both to these operators and to end
users.

[RFC4924] discusses the forces working against transparent operation
of the Internet; these clearly include legal interventions to
restrict access to content. As that document notes, and as Section 4
of [RFC4084] states, such restrictions should be made explicit.

451 Unavailable For Legal Reasons

This status code indicates that the server is denying access to the
resource as a consequence of a legal demand.

The server in question might not be an origin server. This type of
legal demand typically most directly affects the operations of ISPs
and search engines.

Responses using this status code SHOULD include an explanation, in
the response body, of the details of the legal demand: the party
making it, the applicable legislation or regulation, and what classes
of person and resource it applies to. For example:

HTTP/1.1 451 Unavailable For Legal Reasons
Link: ; rel=”blocked-by”
Content-Type: text/html

Unavailable For Legal Reasons

<h1>Unavailable For Legal Reasons </h1>
<p>This request may not be serviced in the Roman Province
of Judea due to the Lex Julia Majestatis, which disallows
access to resources hosted on servers deemed to be
operated by the People’s Front of Judea.</p>

The use of the 451 status code implies neither the existence nor non-
existence of the resource named in the request. That is to say, it
is possible that if the legal demands were removed, a request for the
resource still might not succeed.

Note that in many cases clients can still access the denied resource
by using technical countermeasures such as a VPN or the Tor network.

A 451 response is cacheable by default; i.e., unless otherwise
indicated by the method definition or explicit cache controls; see
[RFC7234].

The 451 Error Code is an improvement from the present use of 403 Forbidden or in many cases 404 Not Found because among other things it informs the user that a particular resource has been blocked for legal reasons, and gives the opportunity to explain why. Typically the information “just disappears” and returns as a 404 when requested.

Discussion was made as to why 403 Forbidden would not suffice. There are reasons for which a server will return such a request due to technical reasons, such as Directly Listing Prohibited which often displays itself when directory read permissions are not granted to unauthenticated users and an index.html or default.asp file is not provided to service the request. So in a sense 403 errors are not really suitable for human abstracts such as censorship.

It is apparent, unfortunately, that unscrupulous governments in the world will demand content be removed without notice and will view the 451 response as a latency of the original censored resource, and consequently disallowing the use of 451 error codes.  It can be used in other contexts where a resource was taken down due to the author being served a take-down notice for copyright violations, etc.

Intermediaries such as content hosting sites like social media providers can easily use this. If the content is prohibited by law, such as access to Nazi paraphernalia sold on eBay which is blocked in Germany (Which of course is another matter in of itself) the 451 can be returned to users geolocated within that country but for everyone else the page will pass through.  This at least will inform the user what happened.

Another feature would be to allow the automated spidering and indexing of the web to identify the scope of censorship and track trends and growth of the practice.

It is however disappointing that such a measure needing to be addressed with regard to content censorship becoming such a norm that an RFC needs to be made to address the problem.  Twenty years ago I never would have expected this to become the new reality.

By Darren Smith

Source:

The Internet Engineering Task Force

The views expressed in this posting are the author’s alone and not those of the blog, the host, or other weekend bloggers. As an open forum, weekend bloggers post independently without pre-approval or review. Content and any displays or art are solely their decision and responsibility.