Categories
Business internet Regs security

report your terrorist website

The Home Office and the Association of Chief Police Officers (ACPO) has launched a public reporting webpage (on the Directgov website) for terrorist-related material found on the internet.

The public can report URLs of suspected terrorist material direct to a police unit who will investigate. If the website is found to be in breach of the Terrorism Act 2006 the police will issue a Section 3 Notice to have the content modified or removed presuming it is hosted in the UK.

The type of content users may report can be found here on the Home Office website and the reporting page itself here.

As part of the fight against terrorism this must be good though I imagine it will be difficult to maintain an adequate level of publicity for the scheme so that people know where to look to report a website.

Also the savvy terrorist will use hosting provider in a country that doesn’t care or doesn’t have the same laws so unless this initiative was conducted on a global scale it will probably only have a small effect.

Categories
Engineer internet security

Woke up this mornin and nearly got the IMP blues

I woke up this morning (there’s a song there…) to the news from the Daily Telegraph that ” Government announced yesterday it was pressing ahead with privately-held “Big Brother” databases”.  This is the Interception Modernisation Programme that has periodically been in the news this year with general opposition and a subject I have posted on in the past.  It would indeed have given the ISP industry a headache.

I now hear a contrary position from the Guardian which tells me “Legislation to access public’s texts and emails put on hold. Widespread concern about the safety and security of communications data prompts Home Office rethink.”

My understanding is that it is the Guardian that is right on this occasion and that the Telegraph has tapped into the wrong wires. I imagine that the Labour party has enough on its plate in the run up to an election without further alienating the voters.

When they woke up this morning someone got their wires crossed and my head it felt confused, oh yeah. ”  I think that’s what I was trying to say 🙂

Categories
Business internet security

Government confirms it won’t mandate IWF list

Further to my post of a couple of weeks ago it has been confirmed that legislation is unlikely to be introduced to mandate support for the IWF blocking list.

Alan Campbell, Parliamentary Under-Secretary at the Home Office, said that it remains the hope of Government that the target of 100 per cent of consumer-facing ISPs operating a blocking list will be achieved on a voluntary basis in answer to a Parliamentary question by James Brokenshire MP this week.

Mr Campbell said that the Government recognised the work of the internet industry in reaching the figure of 98.6 per cent of consumer broadband lines being covered by blocking of sites identified by the IWF. It remains the Government’s hope, he added, that the target of 100 per cent of consumer-facing ISPs operating a blocking list will be achieved on a voluntary basis.

The ISPA met with Alun Michael MP on Monday to discuss this issue and it was agreed that ISPA was commited to the eradication of child abuse images in the UK and that it will continue to work with the IWF and Government to achieve this target.

The Parliamentary question can be found here.  Again thanks to Nick Lansman and his ISPA team for both this input and the excellent work they have been doing in the background on this issue.

Categories
Business internet security

Government confirms it won't mandate IWF list

Further to my post of a couple of weeks ago it has been confirmed that legislation is unlikely to be introduced to mandate support for the IWF blocking list.

Alan Campbell, Parliamentary Under-Secretary at the Home Office, said that it remains the hope of Government that the target of 100 per cent of consumer-facing ISPs operating a blocking list will be achieved on a voluntary basis in answer to a Parliamentary question by James Brokenshire MP this week.

Mr Campbell said that the Government recognised the work of the internet industry in reaching the figure of 98.6 per cent of consumer broadband lines being covered by blocking of sites identified by the IWF. It remains the Government’s hope, he added, that the target of 100 per cent of consumer-facing ISPs operating a blocking list will be achieved on a voluntary basis.

The ISPA met with Alun Michael MP on Monday to discuss this issue and it was agreed that ISPA was commited to the eradication of child abuse images in the UK and that it will continue to work with the IWF and Government to achieve this target.

The Parliamentary question can be found here.  Again thanks to Nick Lansman and his ISPA team for both this input and the excellent work they have been doing in the background on this issue.

Categories
Business internet Regs

Data Protection

The European Court of Human Rights today ruled that South Yorkshire Police should not have retained the DNA of two men who had been convicted of no offence. Check the BBC report here.

This is an interesting one because in March 09 the Data Retention Act comes into play whereby ISPs will be required to store email habits of their customers. For “DNA” in this respect read “Data”… Is the European Court of Human rights going to rule on the Data Retention Act downstream?

I have a meeting with the Home Office at Timico in January so it will be interesting to report back on this issue.

Categories
Business internet security

Transposition of Directive 2006/24/EC

We do live in a marvellous world don’t we? If anyone was to ask you what the title of this post was all about you’d almost certainly give them a blank stare.

This is all about what is better known as “The Data Retention Act” which was stipulated by the EC some time ago. This Act has been implemented to assist in the fight against terrorism. Every Communications Provider has to keep logs of phone calls made and received.

I don’t mind this. We do it anyway otherwise we wouldn’t be able to bill our customers and I certainly will help fight the good fight if I can do so (safely).

The first phase was rolled out in 2007 for fixed and mobile telephony. The Internet community was given a further 18 months to implement the same measures for VoIP and emails. The VoIP service provider community is also OK with this for the same reasons given above.

When it comes to emails it is a slightly different story. ISPs have had no reason to keep records of emails sent and received. The service is flat rate (or free) and does not therefore require the information for billing purposes. So implementing the directive is likely to cost money for an ISP.

This Act is now in its consultation phase which is causing some consternation and confusion in the ISP industry. The Regulations state that costs associated with this ‘may’ be recoverable. No guarantees. A recent briefing by the Home Office also stated that because of these costs they were currently looking at a scenario whereby only the ‘big 6’ ISPs would have to keep the data and that smaller ISPs would only be asked to do so based on “intelligence led approach”. Ie you have to keep the information if they suspect one of your customers of being a terrorist.

The suggestion here is that if you are a small ISP you are more likely to have a terrorist as a customer than a big ISP. The baddies will know that they are less likely to be monitored.

This approach also presents other problems. The ISP having to do the monitoring is at a competitive disadvantage to the one not having to do so because of the additional overhead involved.

What’s more the technical logic is somewhat flawed in respect of email data retention and a savvy terrorist is  easily going to bypass the system. Web based email networks normally allow you to save a draft of an email for sending later. It just takes two terrorists to know the log on details of a google mail account. One writes the email and saves it as  draft. The second then logs in to the gmail account and reads the draft.

The Act is scheduled to become law on 15th March 2009 and it seems that there is a lot of work to be done before it can be sensibly implemented. Timico is playing a leading role here with its involvement in the ISP Association and you can be sure that readersof this blog will be updated on progress.