Web Filtering FAQ
Why has the University implemented web filtering?
The University has various responsibilities ranging from legal and regulatory compliance to reputational damage. Web filtering is intended to prevent university facilities (software, computers, networks and offices) from being used to access
illegal material.
What material is to be affected?
Web sites that publish illegal content.
Why is material illegal?
Material that would contravene the protection of children, counter terrorism and security legislation. Other statutes could be used.
Is this about preventing radicalisation?
The University does have a statutory obligation under the Prevent responsibilities of the Counter-Terrorism and Security Act 2015 to have "due regard to the need to prevent people from being drawn into terrorism".
Under Prevent we have a responsibility to review our use of filters as a means of restricting access to material promoting terrorism.
Will I be able to bypass a block?
If you attempt to access a site that is in any of the 'blocked' categories of the web filter, a message will appear on your web browser. It will inform you that the site you are attempting to access has been blocked by the University policy. If you need access to the site, please contact the IT Service Desk, and
the request will be reviewed and if appropriate an exception to the rule will be made, or the block will be removed entirely.
I believe my research work needs access to this material, what can I do?
Any blocks to academic research encountered will be looked at as a priority, and where required the University will work with all concerned to obtain the appropriate permissions.
Surely the University has no mandate to decide what is acceptable content?
The University is not making judgements about "acceptable content", but only aiming to protect its staff from accessing illegal content. The University also has a responsibility to protect its infrastructure from harm, including cyber security threats.
Doesn't this policy attempt to impose restriction on academic freedom and freedom of information?
No. This policy protects academic freedom, which is also protected under law. Academic freedom, however, does not extend to breaking the law.
Will attempts to access blocked sites be logged?
In line with our treatment of other web traffic, records created by the web blocking service will not be routinely monitored, although they will be kept. ILS will monitor the general performance of the service for operational reasons. However, again in line with policy for our other services,
no investigation into, or dissemination of specific events will take place without the appropriate sign off from the relevant authority (eg: HR, VCO). The logs will be kept for a period of one year, at which point they will be deleted and considered non recoverable.
Will other web sites be affected?
There is no plan to include other web sites, although the policy will be under continuous review if new regulations are made, and staff would be told in advance if new categories of filtering were going to be introduced.
Couldn't this filtering be extended to other content deemed inconvenient?
The parameters of the filtering were considered and approved by the Information Assurance
and Security Committee . The filtering is limited only to sites delivering illegal content, such as child abusive images, or material promoting terrorism – in line with our statutory duties.
Do we already filter Internet content?
Yes, there are already several layers of cyber security.
JISC protects the JANET infrastructure by monitoring and filtering and that includes blocks on some malware sites.
The University already has filters in place to block malware sites and certain network protocols.
Anti-virus software on user's machines may block material.
Email is filtered by Mimecast, the security software to detect messages that contain malware or links to malware sites. Mimecast also checks
for phishing attacks and routinely blocks and removes such email.
Why are the filters secret?
Revealing what is filtered would only provide the site publishers a mechanism to avoid the filters. Unless operationally essential the university will not divulge security details.
Are the filters effective?
Unsurprisingly staff are law abiding and the number of filter activations are very low. During the trials, some of the activations were false positives and that has allowed the filter settings to be refined.