Feeds

Hard 'core'? Birmingham City Council's net filtering

No sex, drugs or cannibalism, please, we're Brummie

Beginner's guide to SSL certificates

Back in early July, the Birmingham Post reported on Birmingham City Council's adoption of online filtering software. It will block Council workers from accessing sites on subjects as diverse as smut, porn, cannibalism and witchcraft. But is it a sign of (bad) things to come for net users in public service?

The story took a turn for the better last week, as the National Secular Society (NSS) wrote to Birmingham City inquiring whether the council seriously intended banning access to New Age and Atheist material, whilst leaving open access to religious sites of almost any and every other denomination. On the surface, this would seem to represent a foot-in-mouth result on the part of the Council. It would also be followed with legal action by the NSS if it turned out to be true.

Not so fast. What appears to be happening is that Birmingham City Council is starting to translate some broad existing guidelines on internet use into actionable policy. At the highest level, the guidelines are almost unexceptionable. Employees’ time is divided into "core" (when they are presumed to be hard at work) and "non-core" (eg lunchtime, when they are allowed some access to the internet using Council facilities).

According to the internet Use Policy, at no time should Council workers engage in activity that is illegal, involves hacking, or giving undertakings on behalf of the Council without prior authorisation. So far, so good.

Bullring

In core time, they should stay well away from sites and software that encourage social networking, chatting, RP gaming, etc. Equally good – since it would be difficult to sell to the local ratepayers a policy that allowed employees to sit around socialising all day.

Besides, Birmingham City Council is probably still smarting from an exposé last year, when it was revealed that 75 employees had been disciplined for serious misuse of the internet – and 11 had been sacked for downloading porn.

Where it begins to get murky is in their Internet Code of Practice, which elaborates on the Use Policy. In fact, whilst this does not add a great deal in terms of detail, it does clarify that users should not access sites that might be “sexually-explicit (sic) or offensive in any other way”.

That opens a can of worms. To bolster its position, Birmingham Council has bought Bluecoat's WebFilter software, applying a veneer of objectivity to the process. It performs a range of functions, including monitoring and reporting on individual internet usage. It also allows the Council to block access to specific sites.

Which is where we came in. Under this software, sites are tagged according to a variety of different descriptors. “Adult”, “Alcohol”, “Alternative Sexuality” and so on. A document listing “Site Categories provided by the Bluecoat Software, with definitions and Proposed Actions” appears to have been circulated for comment. Someone leaked this to the Press - the rest is history.

Given the fuss this has caused so far, it seems unlikely that Birmingham City will go ahead and block access to sites featuring alternative spirituality – though bans on “extreme” and “pornographic” sites seem likely to stay.

Questions remain over the use of such a tool. First, why buy American? Public authorities are required to put software purchases out to tender (three suppliers) and buy the cheapest. However, there must be some lingering concern that a solution that has already found favour in Birmingham (Alabama) is unlikely to be finely tuned to the nuances of what a British audience find offensive or pornographic. Or as Terry Sanderson, President of the NSS put it today, “The decision is just bonkers. And if we have to buy this sort of software, there are British Suppliers as well”.

More fundamental, however, is the question of what should be the rule for employers. It may be overkill to remind employees that they should not be using the internet to carry out illegal activities, but it is defensible. What, though, about use of the net at times when individuals are clocked off from work?

Since access to the net remains at all times under the control of Birmingham City, there is no doubt that they have the (legal) right to do this. But having the right to do something and doing it are two quite different things.

If it's not illegal, is it really any business of an employer what an employee gets up to in their spare time? ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
CloudPassage points to 'pervasive' threat of Bash bug
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.