Prevent - University registers of research and 'firewalls' (corrects omission of full name in previous request)

Roedd y cais yn rhannol lwyddiannus.

(NOTE: This request is being made to correct the omission of my full name in a request which was made on October 15. The request is exactly the same. Please find my full name at the end of this message)

Under the Freedom of Information Act, please provide the following:

1. Your Prevent action plan or any document that outlines your institution’s Prevent policy in line with your obligations under the Counter Terrorism and Security Act 2015

2. Confirm if students, researchers and members of staff are obliged to register research which is deemed to be security sensitive

3. If such a register exists, the number of entries for each of the years 2018 (up to the date of this request), 2017, 2016 and 2015. By entries, I mean occasions on which individuals have registered research which falls into the category set out in bullet point 2. If possible, please identify the nature of the research (eg PhD, internally funded, externally funded) and topic

4. If such a register exists, confirm whether or not it is stored onsite or on an external server.

5. If such a register exists, confirm whether the register is subject to any information sharing agreements with external partners or agencies including local and regional Prevent coordinators, the Home Office, the local Counter Terrorism Intelligence Unit, the local police or any other law enforcement agencies

6. A list of any agreements, arrangements or Memorandums of Understanding between your institution and bodies such as the Internet Watch Foundation (IWF), the Counter Terrorism Internet Referral Unit (CTIRU) of the Metropolitan Police Service (MPS), or Police Intellectual Property Crime Unit (PIPCU) of the City of London Police, to receive lists of illegal or illicit content, for instance for the purposes of blocking.

7. Confirm if any filtering or blocking service that your institution uses incorporate lists from the IWF, CTIRU or PIPCU, and which lists are incorporated.

Yours faithfully,
Ben Quinn

Br-Freedom-Of-Information, University of Nottingham

2 Atodiad

Dear Ben

I am writing further to your request for information regarding Prevent documents and filtering/blocking services. A search of our electronic and paper records has been completed.

In answer to your request for:

1.Your Prevent action plan or any document that outlines your institution's Prevent policy in line with your obligations under the Counter Terrorism and Security Act 2015

We consider that this information is exempt under section 21(1) as it is publically available on our website:
https://www.nottingham.ac.uk/governance/...

2. Confirm if students, researchers and members of staff are obliged to register research which is deemed to be security sensitive

The University's 'Code of Research Conduct and Research Ethics' (attached) contains the following guidelines in relation to security sensitive research data:

4.7 The Prevent Duty and Security Sensitive Research Data Section 26 of the Counter-Terrorism and Security UK Act 2015 (the Act) places a duty on certain bodies (specified authorities) in the exercise of their functions, to have "due regard to the need to prevent people from being drawn into terrorism". Higher Education organisations are a specified authority and therefore have an obligation under the Prevent Duty. In particular, the Prevent Duty Guidance states that "To enable the university to identify and address issues where online materials are accessed for non-research purposes, we would expect to see clear policies and procedures for students and staff working on sensitive or extremism-related research". The University's existing ethical review procedures and checklists are designed to identify and effectively review this type of research. Further guidance can be found in the Policy for Ethical Review and Frequently Asked Questions.

3. If such a register exists, the number of entries for each of the years 2018 (up to the date of this request), 2017, 2016 and 2015. By entries, I mean occasions on which individuals have registered research which falls into the category set out in bullet point 2. If possible, please identify the nature of the research (eg PhD, internally funded, externally funded) and topic

4. If such a register exists, confirm whether or not it is stored onsite or on an external server.

5. If such a register exists, confirm whether the register is subject to any information sharing agreements with external partners or agencies including local and regional Prevent coordinators, the Home Office, the local Counter Terrorism Intelligence Unit, the local police or any other law enforcement agencies

We estimate that the cost of complying with questions 3, 4 and 5 would exceed the appropriate limit as defined by the Freedom of Information Act 2000. The reason for this is that any information held is not recorded centrally and we would need to approach all of our Schools/Departments individually in order to search for and collate the information. We estimate this would exceed the appropriate limit due to the number, see our website: https://www.nottingham.ac.uk/departments...
https://www.nottingham.ac.uk/departments...
https://www.nottingham.ac.uk/departments...

The Act sets a maximum cost of £450 for public authorities responding to requests for information. This represents the estimated cost of one person working for 3.5 days in determining whether the information is held, locating it, and retrieving it. Under Section 12 of the Act the University is not obliged to comply with a request that would exceed the appropriate limit and we will not be processing this part of your request further.

6. A list of any agreements, arrangements or Memorandums of Understanding between your institution and bodies such as the Internet Watch Foundation (IWF), the Counter Terrorism Internet Referral Unit (CTIRU) of the Metropolitan Police Service (MPS), or Police Intellectual Property Crime Unit (PIPCU) of the City of London Police, to receive lists of illegal or illicit content, for instance for the purposes of blocking.

This information is not held.

7. Confirm if any filtering or blocking service that your institution uses incorporate lists from the IWF, CTIRU or PIPCU, and which lists are incorporated;

We utilise a commercial service to block internet access to sensitive locations; however, we consider that further information is exempt under section 31 (1)(a), the prevention or detection of crime. Disclosure of information in relation to internet filtering and blocking could prejudice the prevention or detection of crime and, if this information were to become available to individuals involved in cyber-attacks on the University's systems, it could be informative to them and could help them formulate more successful cyber-attacks in the future.

In applying this exemption we have considered the public interest test and consider there to be a very strong public interest in minimising the risk to University systems to ensure their integrity is maintained and service provision by the University remains high. We consider there to be little public interest in knowing this information and therefore we consider the test to favour application of the exemption.

If you are unhappy with the way in which your request has been handled and wish to request a review of our response or to make a complaint, please see the attached information sheet and form.

Please do not hesitate to contact me if you have any enquiries regarding this email.

Yours sincerely,
Karen Page

Information Compliance Officer - Freedom of Information
Registrar's Department

Web: www.nottingham.ac.uk/freedom-of-informat...
Email: [University of Nottingham request email]

dangos adrannau a ddyfynnir