Prevent and Internet filtering policies

Response to this request is long overdue. By law, under all circumstances, University of Northampton should have responded by now (details). You can complain by requesting an internal review.

Dear University of Northampton,

Can you please supply:

(1) your policy or policy guidance for duties under the Counter-Terrorism and Security Act 2015 duties for the various local authorities listed in Schedule 6, known as “Prevent”;

(2) your policy relating to Internet filtering, blocking and prevention of access to material deemed inappropriate;

(3) the name of any providers of Internet filtering and blocking services that you use, or else a statement that you do not block or filter content at all;

(4) a list of agreements, arrangements or Memorandums of Understanding between yourselves and bodies such as the Internet Watch Foundation (IWF), the Counter Terrorism Internet Referral Unit (CTIRU) of the Metropolitan Police Service (MPS), or Police Intellectual Property Crime Unit (PIPCU) of the City of London Police, to receive lists of illegal or illicit content, for instance for the purposes of blocking.

Finally, can you:

(5) tell me if any filtering or blocking service that you use incorporates lists from the IWF, CTIRU or PIPCU, and which lists are incorporated; and

(6) provide to me any clauses within any contract or terms and conditions of service agreed with your filtering and blocking providers that relate to their use of information from the IWF, CTIRU or PIPCU.

Yours faithfully,

Jim Killock

Annette Reeves, University of Northampton

Ref: RMU/FoI(E20.06)/01151/FoIreply16May17

 

16^th May 2017

 

Dear Mr Killock

 

I am writing in acknowledgement of your request for information dated
14^th May 2017 which has been received by the University and passed to me
as the University’s Freedom of Information Officer for action.

 

Your request for information has been assigned the number referenced above
and will be treated in accordance with the provisions of the Freedom of
Information Act. Under the provisions of the Act the University has until
13^th June 2017 to respond to your request. We will, however, try our best
to provide you with an answer before this deadline.

 

Yours Sincerely

 

Annette Reeves

 

ppPhil Oakman

Records Manager

 

 

 

Annette Reeves

Records and Archive Assistant

Student and Academic Services

University of Northampton

Email : [1][email address]

Tel. (01604) 892963

 

University of Northampton: Transforming Lives and Inspiring Change.
[2]www.northampton.ac.uk

This e-mail is private and may be confidential and is for the intended
recipient only. If you are not the intended recipient you are strictly
prohibited from using, printing, copying, distributing or disseminating
this e-mail or any information contained in it.
We virus scan all E-mails leaving The University of Northampton but no
warranty is given that this E-mail and any attachments are virus free. You
should undertake your own virus checking.The right to monitor E-mail
communications through our networks is reserved by us.

References

Visible links
1. mailto:[email address]
2. http://www.northampton.ac.uk/

Maggie Peach, University of Northampton

Ref: RMU/FoI(E20.06)/1151/FoIreply13Jun2017

 

13^th June 2017

 

Dear Mr. Killock

 

I write in response to your request for information dated 14^th May, 2017,
received by the University and passed to me as the University’s Freedom of
Information Officer for action.

 

In response to your question one:

(1) your policy or policy guidance for duties under the Counter-Terrorism
and Security Act 2015 duties for the various local authorities listed in
Schedule 6, known as “Prevent”;

All University policies and guidance for duties under the
Counter-Terrorism and Security Act 2015 (Prevent) are available on our web
pages at:

[1]https://www.northampton.ac.uk/about-us/g...

and

[2]https://www.northampton.ac.uk/about-us/g...

 

This information is, therefore, exempt under section 21 (information
reasonably accessible to the applicant by other means) of the Freedom of
Information Act 2000.

 

In response to your question two:

(2) your policy relating to Internet filtering, blocking and prevention of
access to material deemed inappropriate;

The University does not have a policy that specifically relates to
internet filtering, blocking and prevention of access to material deemed
inappropriate. We do, however, have an ‘Acceptable Use Policy’ and ‘Codes
of Conduct’  for both staff and students of the University. These are
available from our web pages at:

[3]https://www.northampton.ac.uk/about-us/g...

(Please see the links to Student Obligations and Human Resources Policies
and Procedures)

 

In response to your question three:

(3) the name of any providers of Internet filtering and blocking services
that you use, or else a statement that you do not block or filter content
at all;

If the University were to place detailed detailed information concerning
our cyber security arrangements into the public domain it has the
potential to severely compromise the University’s internet security. This
may lead to a significant attack on the effective operation of the
University. By releasing such information, key details about the
University’s tools, solutions and management of threats would be made
available to those who may wish to use our systems in an inappropriate or
criminal manner. Judgements may then be made on how to compromise any
solutions the University has put in place.

 

This information is, therefore, exempt under section 43 (commercial
interests) of the Freedom of Information Act 2000.

 

In response to your question four:

(4) a list of agreements, arrangements or Memorandums of Understanding
between yourselves and bodies such as the Internet Watch Foundation (IWF),
the Counter Terrorism Internet Referral Unit (CTIRU) of the Metropolitan
Police Service (MPS), or Police Intellectual Property Crime Unit (PIPCU)
of the City of London Police, to receive lists of illegal or illicit
content, for instance for the purposes of blocking.

The University will neither confirm nor deny the use of such agreements,
arrangements or memorandums of understanding with the bodies you have
listed. To confirm the use of such agreements may jeopardise the wider
national security and to deny the use of such arrangements may provide
those individuals with criminal intent the details of our security
measures.

 

This information is therefore exempt under section 24(2) (national
security) of the Freedom of Information Act 2000.

 

In response to your question five:

(5) tell me if any filtering or blocking service that you use incorporates
lists from the IWF, CTIRU or PIPCU, and which lists are incorporated;

N/A

 

In response to your question six:

(6) provide to me any clauses within any contract or terms and conditions
of service agreed with your filtering and blocking providers that relate
to their use of information from the IWF, CTIRU or PIPCU.

N/A

 

Please accept this response, for those questions where we have not
supplied the information requested, as our refusal notice as required by
section 17 of the Freedom of Information Act 2000.

 

I hope the University has made its response in a clear and constructive
manner; however, if you consider the University has handled your request
unfairly you are entitled to follow the process set out in our standard
advice on the University's Freedom of Information Complaints Procedure
which is available online at:

[4]University FoI complaints procedure

 

 

Yours sincerely

 

Maggie Peach

 

ppPhil Oakman

Records Manager

 

 

Maggie Peach

Records Management Officer

 

Holdenby 12

University of Northampton

Boughton Green Road

Northampton

NN2 6AL

 

Tel: 01604 893503

Email: [email address]

 

 

Copyright

All information the University sends in response to Freedom of Information
requests will, where appropriate, be the sole property of The University
of Northampton and is protected by copyright.

The University of Northampton asserts its moral rights in respect of its
information. Information is made available to you strictly on the
conditions that:-

o it is for personal research;
o the information may not be copied, manipulated, republished,
redistributed or otherwise   made available to any other person or
placed on a website or online service.

Any infringements of The University of Northampton’s intellectual property
rights may result in legal action

 

 

show quoted sections

Dear University of Northampton,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of University of Northampton's handling of my FOI request 'Prevent and Internet filtering policies'.

(3) the name of any providers of Internet filtering and blocking services that you use, or else a statement that you do not block or filter content at all;

In this question, we are only interested in content filtering. We are not interested in filtering or blocking for security purposes.

If you are not engaging in content filtering or blocking, a statement to say so would be more than adequate for our purposes.

Most Universities have been able to supply their acceptable use policies, and to tell us whether they block or filter content, and what content categories are blocked. A similar survey of libraries has also helped place this information in the public domain for that sector. In this case, 92% of libraries disclosed this information:

See: https://www.slideshare.net/infolit_group...

Some Universities have said they are worried about their own security in some cases. Where they rely on multiple sources of blocking malware, for instance, we do not believe that knowing the source of content and category blocking lists poses a security list. Normally, this should not be a problem.

We are not interested in how malware etc is blocked, so as long as the firewall product is not the only security measure you use, you may be able to judge that your own security is not at risk. Alternatively, you may be able to investigate your firewall product to find the source of the categorisation, which is likely to be separate from the security features.

Furthermore, there is a strong public interest in know what filtering products are being used where, as it is the only way for a website owner to know where their site may be being blocked, and therefore to resolve a problem if the website is being blocked incorrectly.

It should also be information that is in the public domain as to whether you block and filter content, and usually this is disclosed to students and staff, along with information about what is filtered. If this is the case, we doubt that disclosure to us also would pose a further security issue.

In relation to:

(4) a list of agreements, arrangements or Memorandums of Understanding between yourselves and bodies such as the Internet Watch Foundation (IWF), the Counter Terrorism Internet Referral Unit (CTIRU) of the Metropolitan Police Service (MPS), or Police Intellectual Property Crime Unit (PIPCU) of the City of London Police, to receive lists of illegal or illicit content, for instance for the purposes of blocking.

It should not be a problem to be clear about whether law enforcement bodies are supplying content block lists to Universities, directly or through products. Most Universities have told us that they have no direct arrangements, but where they block, certain lists are incorporated, but not through contractual arrangements.

In relation to questions 5 and 6, we have already established that most products state when they incorporate these lists, but do not do so in contract. It would be helpful if you can confirm this in your case.

Blocking websites does not in itself constitute a law enforcement activity designed to have a serious impact on the prevention or detection of crime, nor a national security activity, in our view. This is firstly because it is not illegal to view websites, nor to provide access to them. In the case of IWF lists, where viewing material is illegal, use of their lists has always been framed as a service to customers, to prevent them from accessing this material inadvertently, rather than a law enforcement activity. The Prevent duty, meanwhile, is framed as an attempt to reduce radicalisation, rather than the commissioning of crime as such. Attempts have been made to ensure that it is not perceived as a “law enforcement” or national security issue, but as a safeguarding approach. As such, secrecy and non-disclosure would in our view be counter-productive.

Blocking is a form of censorship, which in order to be legitimate needs to be transparent and accountable. This is very important in an academic context, where access to information should not normally be restricted, and restrictions should have careful management.

This first stage of transparency and accountability is to know who is blocking what and why; with lists compiled by whom. Mistakes may need correction, and people who are subject to restrictions need to know that they are in place. When these restrictions are in partnership with or directed by law enforcement, this is of course even more important.

Commercial interests are subject to a balance of public versus private interests. In this case, commercial confidentiality would not in our view be a sufficient objection, as knowledge of what is blocked and what lists are incorporated would have no real impact on the companies supplying the products.

General blocking agreements that also include the handing over of information to law enforcement agencies may constitute a form of surveillance activity, which may be in some cases justifiable, but in order to be lawful and fully accountable should be introduced through dedicated powers and warrants such as those specified in the Investigatory Powers Act 2016. You would of course not be under an obligation to disclose this through FoI.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/p...

Yours faithfully,

Jim Killock

Records Manager, University of Northampton

Dear Mr Killock

 

I write in response to your request for an internal review of the
University’s response to your request for information.

 

Please be advised that this office, in order to ensure that the review is
carried out independently, can have nothing further to do with the request
once our response has been sent. We provide a link to our Freedom of
Information Complaints Procedure in all of our responses and would ask
that you follow that process.

 

Yours sincerely

 

Maggie Peach

 

Maggie Peach

Records Management Officer

 

Holdenby 12

University of Northampton

Boughton Green Road

Northampton

NN2 7AL

 

Tel: 01604 893503

Email: [email address]

 

 

 

 

show quoted sections