Preventing access to extreme sexual and terrorist material on the internet is a no brainer, isn’t it? After all, most of that stuff’s illegal.
Well, yes and no.
Schools and colleges – which have greater duty of care obligations to their under-18 learners than universities – will certainly be making use of web filtering solutions as a means of protecting learners, and to comply with the safeguarding and Prevent agenda.
Mention web filtering to higher education institutions (HEIs), on the other hand, and out comes the academic freedom placard. So, the uptake of web filtering in universities is patchy.
When I’ve talked to HEIs about this issue, at the outset most think web filtering is a bad idea, but that hard line softens when I explain:
- how sensitive research can be conducted unhindered even with web filtering in place
- how it can play a role in the welfare of staff and students. With the current media focus on wellbeing in universities, who’d want to compromise on that?
Sensitive research may include subjects such as terrorist recruitment tactics, or sexual psychology. With the right permissions from the university and the authorities, it’s possible to unblock content that would normally be filtered out. This can be done for one person, a group of people, or for particular machines. For everyone else, web filtering will ensure that no illegal material is accidentally seen, protecting both the curious and the vulnerable.
Without the right controls in place for sensitive research, a slip-up is all too possible. Let’s say a researcher is in their office legitimately looking at some illegal content. She closes the laptop and takes it with her for lunch. In the canteen she decides to check her email account, opens the lid and up pops a graphic image in full view of other diners.
It is an offence to expose other people, accidentally or not, to this kind of stuff, so my advice is to create a safe space for research. People with the right permission could book to work at certain desktop computers (not laptops) in a certain access-controlled room. To get buy-in from researchers, universities can demonstrate the value for wellbeing: it recognises such research is valuable and is putting in a process to allow freedom of study, while also taking care of the campus community.
It’s not healthy for anyone to be viewing illegal material, so building care plans for researchers to make sure they’re not detrimentally affected is sensible (preferably in partnership with the university’s occupational health department). Web filtering solutions have built-in reporting systems that can be set up to help with this. For example, web filtering can monitor and control the time an individual spends looking at illegal content.
As a means of taking care of staff, processes such as these are in place at the two organisations in charge of monitoring illegal content in the UK: the Internet Watch Foundation (IWF) and the Counter Terrorism Internet Referral Unit (CTIRU)*. Universities could easily adopt similar systems.
Watch your back
Web filtering can also protect an organisation’s reputation. Imagine this scenario: a member of staff gets an email that looks genuine but is actually a phishing attempt. One click brings up an illegal image with a message threatening to report the person to the police unless they pay up. Bearing in mind web filtering could have blocked both the dodgy link and the image, the member of staff might argue they weren’t properly protected by their employer. Similarly, anyone who saw that graphic image on the researcher’s laptop in the canteen could also complain.
Moreover, accessing illegal material is an offence likely to be noticed by the authorities, which will spark an investigation. That would make a great story for the media.
Researchers and their employers can be further protected from suspicion by keeping a record of when illegal content is accessed. Earlier in my career, I legitimately used hacking tools because it was part of my job to unlock servers, so I had an unfiltered account. But I would record the tools I was using, when I used them and why, so I could prove I wasn’t up to no good if questioned.
A flexible friend
We’ve touched on using web filtering as a means of controlling access to illegal web content, but the flexibility in most systems will allow organisations to control what is accessed from certain machines – useful in a college where the student cohort is a mixture of under-18s and adults. However, controlling what can be opened on a mobile phone is virtually impossible, since the owners don’t have to connect to the university or college network to use it. On the plus side, mobile phone providers block illegal content at source.
In conclusion, web filtering is not a preventative measure, it’s a protection measure. It can help protect a network through malware detection, protect students and staff from viewing distressing and potentially harmful material, and protect reputation by keeping institutions on the right side of the law. Web filtering solutions can be so flexible and tailored that there’s no reasonable argument against using one.
Nelson Ody is Jisc’s security services manager, and one of the speakers at its cyber security conference in London, 7-8 November.
*The IWF and the CTIRU monitor content that is illegal in this country and each produce a filtering list, which Jisc’s web filtering framework supports. For more information, please email email@example.com, or call 07918 562869.