Web Filtering

College has various responsibilities ranging from legal and regulatory compliance to reputational damage. Web filtering is intended to prevent College facilities (software, computers, networks and offices) from being used to access illegal material.

Web sites that publish illegal content.

Material that would contravene the protection of children, counter terrorism and security legislation. Other statutes could be used.

The College has a statutory obligation under the Prevent responsibilities of the Counter-Terrorism and Security Act 2015 to have “due regard to the need to prevent people from being drawn into terrorism”.

Such obligations are not confined to electronic access and web filtering can be used as advised by the Office for Students.

Under Prevent we have a responsibility to review our use of filters as a means of restricting access to material promoting terrorism.  

If you attempt to access a site that is in the ‘block’ category of the web filter a message will appear on your web browser. It will inform you that the site you are attempting to access has been blocked by College policy. If you need access to the site, please contact the ICT Service Desk, and the request will be reviewed and if appropriate the block will be removed.

Any blocks to academic research encountered will be looked at as a priority, and where required the College will work with the government to obtain the appropriate permissions.

The College is not making judgements about “acceptable content”, but only aiming to protect its staff from accessing illegal content. The College also has a responsibility to protect its infrastructure from harm, including cyber security threats.

No. This policy protects academic freedom, which is also protected under law and under the College’s constitution. Academic freedom does not extend to breaking the law.

In line with our treatment of other web traffic, records created by the web blocking service will not be routinely monitored, although they will be kept. ICT will monitor the general performance of the service for operational reasons. However, again in line with policy for our other services, no investigation into, or dissemination of specific events will take place without the appropriate sign off from the relevant authority (eg: HR, Secretariat). The logs will be kept for a period of one year, at which point they will be deleted and considered non recoverable.

There is no plan to include other web sites, although the policy will be under continuous review if new regulations are made, and staff would be told in advance if new categories of filtering were going to be introduced.

The parameters of the filtering were considered carefully, and approved by the Provost’s Board. The filtering is limited only to sites delivering illegal content, such as child abusive images, or material promoting terrorism – in line with our statutory duties.

Yes, there are already several layers of cyber security.

• JISC protects the JANET infrastructure by monitoring and filtering and that includes blocks on some malware sites.
• The College already has filters in place to block malware sites and certain network protocols.
• Anti-virus software on user’s machines may block material.
• Email is filtered by ICT security software to detect messages that contain malware or links to malware sites. College also checks for phishing attacks and routinely blocks and removes such email. During the June 2017 ransomware attacks on the NHS, College blocked 150,000 emails over 2 days.
• Email is filtered by Data Leakage Protection facilities that look for information that may require special protection such as credit card numbers, NI and NHS numbers. Such filtering is a requirement for staff and students to access College email from the Imperial College Healthcare Trust networks.

Agencies such as the Child Exploitation & Online Protection (CEOP) Centre (part of the National Crime Agency), Internet Watch Foundation and other police and intelligence agencies contribute to the maintenance of the filters.

Revealing what is filtered would only provide the site publishers a mechanism to avoid the filters. Unless operationally essential College will not divulge security details.

The Provost Board was consulted on three occasions and agreed to proceed after considering the results of two trials.

The Information Governance Groups (IGSG and ISSG) considered the proposal and agreed an approach that was put to the Provost Board who approved the new service.  All members of College will be notified of this new web filtering service via Staff Briefing.

Unsurprisingly staff are law abiding and the number of filter activations are very low. During the trials, some of the activations were false positives and that has allowed the filter settings to be refined.