Feeds

Hard 'core'? Birmingham City Council's net filtering

No sex, drugs or cannibalism, please, we're Brummie

SANS - Survey on application security programs

Back in early July, the Birmingham Post reported on Birmingham City Council's adoption of online filtering software. It will block Council workers from accessing sites on subjects as diverse as smut, porn, cannibalism and witchcraft. But is it a sign of (bad) things to come for net users in public service?

The story took a turn for the better last week, as the National Secular Society (NSS) wrote to Birmingham City inquiring whether the council seriously intended banning access to New Age and Atheist material, whilst leaving open access to religious sites of almost any and every other denomination. On the surface, this would seem to represent a foot-in-mouth result on the part of the Council. It would also be followed with legal action by the NSS if it turned out to be true.

Not so fast. What appears to be happening is that Birmingham City Council is starting to translate some broad existing guidelines on internet use into actionable policy. At the highest level, the guidelines are almost unexceptionable. Employees’ time is divided into "core" (when they are presumed to be hard at work) and "non-core" (eg lunchtime, when they are allowed some access to the internet using Council facilities).

According to the internet Use Policy, at no time should Council workers engage in activity that is illegal, involves hacking, or giving undertakings on behalf of the Council without prior authorisation. So far, so good.

Bullring

In core time, they should stay well away from sites and software that encourage social networking, chatting, RP gaming, etc. Equally good – since it would be difficult to sell to the local ratepayers a policy that allowed employees to sit around socialising all day.

Besides, Birmingham City Council is probably still smarting from an exposé last year, when it was revealed that 75 employees had been disciplined for serious misuse of the internet – and 11 had been sacked for downloading porn.

Where it begins to get murky is in their Internet Code of Practice, which elaborates on the Use Policy. In fact, whilst this does not add a great deal in terms of detail, it does clarify that users should not access sites that might be “sexually-explicit (sic) or offensive in any other way”.

That opens a can of worms. To bolster its position, Birmingham Council has bought Bluecoat's WebFilter software, applying a veneer of objectivity to the process. It performs a range of functions, including monitoring and reporting on individual internet usage. It also allows the Council to block access to specific sites.

Which is where we came in. Under this software, sites are tagged according to a variety of different descriptors. “Adult”, “Alcohol”, “Alternative Sexuality” and so on. A document listing “Site Categories provided by the Bluecoat Software, with definitions and Proposed Actions” appears to have been circulated for comment. Someone leaked this to the Press - the rest is history.

Given the fuss this has caused so far, it seems unlikely that Birmingham City will go ahead and block access to sites featuring alternative spirituality – though bans on “extreme” and “pornographic” sites seem likely to stay.

Questions remain over the use of such a tool. First, why buy American? Public authorities are required to put software purchases out to tender (three suppliers) and buy the cheapest. However, there must be some lingering concern that a solution that has already found favour in Birmingham (Alabama) is unlikely to be finely tuned to the nuances of what a British audience find offensive or pornographic. Or as Terry Sanderson, President of the NSS put it today, “The decision is just bonkers. And if we have to buy this sort of software, there are British Suppliers as well”.

More fundamental, however, is the question of what should be the rule for employers. It may be overkill to remind employees that they should not be using the internet to carry out illegal activities, but it is defensible. What, though, about use of the net at times when individuals are clocked off from work?

Since access to the net remains at all times under the control of Birmingham City, there is no doubt that they have the (legal) right to do this. But having the right to do something and doing it are two quite different things.

If it's not illegal, is it really any business of an employer what an employee gets up to in their spare time? ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.