Prevent and Internet filtering policies

The request was partially successful.

Dear Sheffield Hallam University,

Can you please supply:

(1) your policy or policy guidance for duties under the Counter-Terrorism and Security Act 2015 duties for the various local authorities listed in Schedule 6, known as “Prevent”;

(2) your policy relating to Internet filtering, blocking and prevention of access to material deemed inappropriate;

(3) the name of any providers of Internet filtering and blocking services that you use, or else a statement that you do not block or filter content at all;

(4) a list of agreements, arrangements or Memorandums of Understanding between yourselves and bodies such as the Internet Watch Foundation (IWF), the Counter Terrorism Internet Referral Unit (CTIRU) of the Metropolitan Police Service (MPS), or Police Intellectual Property Crime Unit (PIPCU) of the City of London Police, to receive lists of illegal or illicit content, for instance for the purposes of blocking.

Finally, can you:

(5) tell me if any filtering or blocking service that you use incorporates lists from the IWF, CTIRU or PIPCU, and which lists are incorporated; and

(6) provide to me any clauses within any contract or terms and conditions of service agreed with your filtering and blocking providers that relate to their use of information from the IWF, CTIRU or PIPCU.

Yours faithfully,

Jim Killock

! Freedom of Information Mailbox, Sheffield Hallam University

1 Attachment

Reference: FOI/17/115

 

Dear Mr Smith,

 

I am writing to acknowledge receipt of your Freedom of Information request
sent on 14/05/2017. We will respond to your request in due course and
within the 20 working days stipulated by the Freedom of Information Act.

 

Should you need to contact us regarding this request, please use our
reference: FOI/17/115.

 

Kind regards,

 

The Information Governance Team

 

[1]image001

 

Secretary and Registrar's Directorate

Sheffield Hallam University

Howard Street

Sheffield S1 1WB

 

Telephone +44 (0)114 225 5555

Direct line +44 (0)114 225 2785

 

[2]www.shu.ac.uk

 

 

 

show quoted sections

! Freedom of Information Mailbox, Sheffield Hallam University

2 Attachments

Reference: FOI/17/115

Dear Mr Killock,

I am writing in response to your Freedom of Information request regarding
Prevent and filtering policies at Sheffield Hallam University. Please see
the information below in response to your request below.

(1)    your policy or policy guidance for duties under the
Counter-Terrorism and Security Act 2015 duties for the various local
authorities listed in Schedule 6, known as “Prevent”;
- Please see here:
[1]https://students.shu.ac.uk/regulations/i...

 

(2)    your policy relating to Internet filtering, blocking and prevention
of access to material deemed inappropriate;
- We do not have a policy on Internet Filtering or Monitoring, we can
monitor on request but this must be approved by the relevant Staff and the
CIO. We filter against Cyber Attack.

 

(3)    the name of any providers of Internet filtering and blocking
services that you use, or else a statement that you do not block or filter
content at all;
- We do not presently filter and therefore cannot provide the names of our
provider.

 

(4)    a list of agreements, arrangements or Memorandums of Understanding
between yourselves and bodies such as the Internet Watch Foundation (IWF),
the Counter Terrorism Internet Referral Unit (CTIRU) of the Metropolitan
Police Service (MPS), or Police Intellectual Property Crime Unit (PIPCU)
of the City of London Police, to receive lists of illegal or illicit
content, for instance for the purposes of blocking.

Finally, can you:

 

(5)    tell me if any filtering or blocking service that you use
incorporates lists from the IWF, CTIRU or PIPCU, and which lists are
incorporated; and

(6)    provide to me any clauses within any contract or terms and
conditions of service agreed with your filtering and blocking providers
that relate to their use of information from the IWF, CTIRU or PIPCU.

In regards to your request for information relating question (4), (5) and
(6), I am withholding this information as we deem it to be a security
issue. Whilst I am in no way suggesting that there is any malicious intent
on your part, Freedom of Information requests are considered to be
disclosures to the public in general, rather than just to an individual.
Disclosing details of arrangements between the University and other bodies
to prevent illicit use of University internet into the public domain would
be likely to assist individuals interested in prejudicing the University’s
ability to manage the risks around the Prevent duty or launching an attack
on our network, that could in turn harm our students, staff members,
research, administration and other business activities. This could have an
impact on all areas of the University and our partners if an external
attacker would either release our data or use it for criminal purposes.

I am therefore applying Section 31(1)(a) of the Freedom of Information
Act, as it exempts information if its disclosure would be likely to
prejudice the prevention or detection of crime.

When using Section 31(1) to prevent disclosure, the public authority must
perform a public interest test to decide whether it would be in the best
interests of the general public to disclose the requested information. I
have summarised the arguments for and against disclosure below:

Arguments for disclosure:

•                    There is a public interest in understanding how
public money is spent on preventing illicit use of internet at Sheffield
Hallam University.

•                    There is a public interest in understanding how the
University operates its cyber security services in order to protect the
personal data of stakeholders and data relating to its activities.

•                    There is a public interest in understanding how the
University is managing its Prevent duty.

Arguments against disclosure:

•                    It is in the public interest for the University to
effectively manage the risks around the Prevent duty  for the safety and
wellbeing of students, staff, and members of the public.

•                    HEFCE have responsibility for monitoring the
implementation of Prevent  related measures. The independent oversight by
HEFCE is intended to act in the public interest and balances out the
argument in favour of disclosure to members of the public.

•                    There is a public interest in maintaining appropriate
technical and organisational measures to be taken against unauthorised or
unlawful processing of personal data of staff members, students and
partners, and against accidental loss or destruction of, or damage to,
personal data of students, staff members and partners stipulated by the
Data Protection Act 1998.

•                    There is a public interest in ensuring stability in
the University cyber security for every day procedures to continue as
normal.

•                    There is a public interest in decreasing any form of
crime and by withholding this information, we can prevent any attacks.

•                    There is a public interest in protecting the data of
our partners around the world.

Having considered both the arguments for and against disclosure, the
University has decided to withhold this part of your request under Section
31(1) of the Freedom of Information Act 2000.

This concludes the University’s response to your request. Should you be
dissatisfied with how the University has handled your request, please
consult the attached complaints procedure.

Kind regards,

The Information Governance Team

 

[2]image001

 

Secretary and Registrar's Directorate

Sheffield Hallam University

Howard Street

Sheffield S1 1WB

 

Telephone +44 (0)114 225 5555

Direct line +44 (0)114 225 2785

 

[3]www.shu.ac.uk

 

 

show quoted sections

Dear Sheffield Hallam University,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Sheffield Hallam University's handling of my FOI request 'Prevent and Internet filtering policies'.

In relation to my questions:

(4) a list of agreements, arrangements or Memorandums of Understanding between yourselves and bodies such as the Internet Watch Foundation (IWF), the Counter Terrorism Internet Referral Unit (CTIRU) of the Metropolitan Police Service (MPS), or Police Intellectual Property Crime Unit (PIPCU) of the City of London Police, to receive lists of illegal or illicit content, for instance for the purposes of blocking.

(5) tell me if any filtering or blocking service that you use incorporates lists from the IWF, CTIRU or PIPCU, and which lists are incorporated; and

(6) provide to me any clauses within any contract or terms and conditions of service agreed with your filtering and blocking providers that relate to their use of information from the IWF, CTIRU or PIPCU.

It should not be a problem to be clear about whether law enforcement bodies are supplying content block lists to Universities, directly or through products. Most Universities have told us that they have no direct arrangements, but where they block, certain lists are incorporated, but not through contractual arrangements.

In relation to questions 5 and 6, we have already established that most products state when they incorporate these lists, but do not do so in contract. It would be helpful if you can confirm this in your case.

Blocking websites does not in itself constitute a law enforcement activity designed to have a serious impact on the prevention or detection of crime, nor a national security activity, in our view. This is firstly because it is not illegal to view websites, nor to provide access to them. In the case of IWF lists, where viewing material is illegal, use of their lists has always been framed as a service to customers, to prevent them from accessing this material inadvertently, rather than a law enforcement activity. The Prevent duty, meanwhile, is framed as an attempt to reduce radicalisation, rather than the commissioning of crime as such. Attempts have been made to ensure that it is not perceived as a “law enforcement” or national security issue, but as a safeguarding approach. As such, secrecy and non-disclosure would in our view be counter-productive.

Blocking is a form of censorship, which in order to be legitimate needs to be transparent and accountable. This is very important in an academic context, where access to information should not normally be restricted, and restrictions should have careful management.

This first stage of transparency and accountability is to know who is blocking what and why; with lists compiled by whom. Mistakes may need correction, and people who are subject to restrictions need to know that they are in place. When these restrictions are in partnership with or directed by law enforcement, this is of course even more important.

Commercial interests are subject to a balance of public versus private interests. In this case, commercial confidentiality would not in our view be a sufficient objection, as knowledge of what is blocked and what lists are incorporated would have no real impact on the companies supplying the products.

General blocking agreements that also include the handing over of information to law enforcement agencies may constitute a form of surveillance activity, which may be in some cases justifiable, but in order to be lawful and fully accountable should be introduced through dedicated powers and warrants such as those specified in the Investigatory Powers Act 2016. You would of course not be under an obligation to disclose this through FoI.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/p...

Yours faithfully,

Jim Killock

! Freedom of Information Mailbox, Sheffield Hallam University

1 Attachment

Reference: FOI/17/115

 

Dear Mr Killock,

 

I am writing to acknowledge your request for an internal review. We will
put it through our internal review process and respond within 20 working
days.

 

Please let me know if you have any questions.

 

Kind regards,

 

The Information Governance Team

 

[1]image001

 

Secretary and Registrar's Directorate

Sheffield Hallam University

Howard Street

Sheffield S1 1WB

 

Telephone +44 (0)114 225 5555

Direct line +44 (0)114 225 2785

 

[2]www.shu.ac.uk

 

 

 

 

show quoted sections

! Freedom of Information Mailbox, Sheffield Hallam University

2 Attachments

Reference: FOI/17/115

 

Dear Mr Killock,

 

I am writing in response to your request for an internal review for
FOI/17/115. Please see the response attached.

 

This concludes the University's response to your request. Should you have
any further questions regarding the internal review, feel free to contact
us.

 

Kind regards,

 

The Information Governance Team

 

[1]image001

 

Secretary and Registrar's Directorate

Sheffield Hallam University

Howard Street

Sheffield S1 1WB

 

Telephone +44 (0)114 225 5555

Direct line +44 (0)114 225 2785

 

[2]www.shu.ac.uk

 

 

 

show quoted sections