Examination of Witnesses (Questions 240-257)
MR NICHOLAS
LANSMAN, MS
CAMILLE DE
STEMPEL AND
MR MIKE
GALVIN
18 MARCH 2008
Q240 Chairman: But would you report
to the police the identity of the person who posted it?
Ms de Stempel: We report all the
information they would need to serve us with a RIPA notice.
Q241 Chairman: Every PC has an identification
number which will allow it to be identified. Would you supply
that?
Ms de Stempel: Any connection
has an IP address which can come back to a subscriber.
Q242 Chairman: You would supply the
information that would allow the police to identify that subscriber?
Ms de Stempel: Yes.
Mr Lansman: On service of the
appropriate legal notice.
Mr Galvin: You will get back to
the Internet connection, so it does not tell you who the person
on the PC is; it will just give the location of the particular
connection.
Q243 Chairman: It would be the account
holder?
Mr Galvin: It depends on the individual
ISP but in most cases, yes.
Q244 Chairman: But it is your policy
which is industry-wide to reveal the identities or account holders
of the IP addresses only when served with a legal order?
Ms de Stempel: Yes. We have a
very good, robust and swift process. We have single points of
contact in all the forces. They have a system of priorities as
to whether something is a risk and we give the information straight
away, or it can wait. The police then decide where they need their
investigation to go.
Mr Galvin: It protects the individual
and is also a system that works very well. We have an agreement
about how long we keep the information post any particular session.
You need to know the date and time as well as the IP address to
be able to identify the individual. IP addresses change as people
connect and disconnect from the network. We have a very robust
agreement with law enforcement authorities. When they want information
quickly we have a process for that and also a process for pulling
out archival information. It is now quite a well run process.
Q245 Chairman: Short of a legal order
from the police, if you saw somebody behaving inappropriately
against such terms and conditions would you terminate that account?
Ms de Stempel: If it is against
our terms of service, yes.
Q246 Chairman: The making of inappropriate
suggestions in a chat room would be against the terms of service?
Ms de Stempel: Absolutely.
Q247 Mr Evans: How many accounts
did you terminate last year?
Ms de Stempel: Offhand, I do not
know.
Mr Lansman: The punishment must
fit the crime. I think it is appropriate that ISPs have a variety
of policies to deal with their own users and customers. I know
that some of them and AOL will give warnings and wait for behaviour
to be modified before taking the ultimate sanction.
Q248 Chairman: The approach would
be two or three strikes and you are out?
Mr Galvin: It depends on what
they have done. For example, if you are hosting a suicide website
that is not two or three strikes and out; that is just out. If
someone was using bad language or perhaps sending difficult emails,
which would be a type of abuse query we would receive, we might
warn them and if they did not stop they might be out.
Q249 Chairman: Both of your two companies
were commended by Mr Gamble as examples of very good practice,
but we are concerned with the ones who are not very good examples.
Therefore, your approach of monitoring and giving notice of inappropriate
behaviour or co-operating with the police does not appear to be
a universal practice. Do you believe that you are being let down
by some of your competitors?
Ms de Stempel: I do not have the
feeling that other people are not co-operating. In the UK there
is a real willingness on the part of the industry to become involved
in all the different initiatives of the Home Office and cyber
bullying task forces and the Internet Crime Forum. I do not think
we see colleagues from other companies not participating in that
and contributing very much to the debate.
Q250 Chairman: Were you surprised
by Mr Gamble's remarks?
Ms de Stempel: Some of the reporting
mechanisms that Mr Gamble advocates are perhaps not the way other
people decide to proceed. However, they have reporting mechanisms
and I know they have been engaged with CEOP and their colleagues
to try to develop a solution that suits both parties.
Mr Lansman: Unless I misheard
Mr Gamble, he was heaping praise on the industry but referred
to one or two organisations with which he was having words. I
trust Mr Gamble to be able himself to have those robust conversations
with the companies to which he refers. He mentioned only one or
two and heaped praise on a large part of the industry which is
not only generous of him but also entirely correct.
Q251 Chairman: I accept that, but
the problem is that it takes only one or two. If people wish to
abuse this industry all they need to do is find the one ISP that
will not insist on appropriate content or go out of its way to
co-operate with the regulatory authorities and then they have
the access they need.
Mr Lansman: Like any other sector,
the Internet can have one or two apples possibly spoiling in the
barrel, but I do not think we should ignore all the good work
by the rest of the industry. It is a long list. For many years
ISPA and its individual members have been involved not just with
the IWF but other organisations and task forces; they have co-operated
with government departments, law enforcement and Parliament on
a long-term basis, and long may it continue.
Q252 Chairman: Is it your general
attitude that whilst there are various activities which rightly
give rise to public concern the industry is on top of it, the
self-regulatory structure is working, protections are in place
and not a lot more needs to be done?
Mr Lansman: I think the industry
in the UK is leading the way. It would be complacent to think
that the job is done; it is not. This type of thing will be an
ongoing battle. As new services that we cannot even imagine today
come onto the Internet the industry will be required to co-operate
again with law enforcement, government, children's charities and
other organisations to make sure it stays on top of things. There
are some very good examples of what the industry is doing, but
it is a question of continuing engagement with all parts of society,
realising that the good parts of the Internet are there and are
wonderful in terms of education and entertainment but also recognising
that there are some bad parts. It is incumbent on industry as
a whole and individual members to make sure we address the bad
parts whilst we keep pushing the wonderful rewards offered by
the Internet.
Mr Galvin: Even the best managed
ISPsAOL and BT are good exampleshave not eliminated
all the risks; indeed, by technical means we probably never will
be able to do that. One requires more arrows in one's quiver than
technical means to do this. There remain significantly higher
levels of risk with activity outside the UK. That is a problem
of reach not only for ISPs but also UK law. If you look at the
statistics from the Internet Watch Foundation about child abuse
material hosted in the UK it is almost but not quite down to zero
compared with very significant levels of such content hosted abroad.
Self-regulation has given you a shining example of best practice
in the best ISPs. The challenge for the rest of the industry is
to get everyone up to that level. Industry as well as government
and people like Mr Gamble and CEOP have a role in advocating that.
It must be a concerted effort. The Home Office task force has
proved to be a vital piece of glue to bring together the industry
here as well. We all have a duty to bring the industry up to best
practice. I do not think we would be where we are today without
a few ISPs leading the way and developing best practice techniques
and what we have in the UK. I echo what Mr Lansman said. We cannot
be complacent; the threat is constantly changing and we are getting
new people on the Internet now at a rate of knots. The customer
base continues to grow. As a generalisation, new customers who
arrive are probably less computer and threat-aware of what is
on the Internet than customers who have already accessed it. The
nature of the environment, customers and technical threats changes
constantly.
Q253 Chairman: But you see no need
for statutory regulation?
Mr Galvin: I would not say that.
I go back to my earlier comments. Statutory regulation provides
the minimum standard and it is the role of Parliament and government
to define what is right and the height of the bar. It is difficult.
Imagine a slope at the very top of which is the almost universal
consensus that child abuse material is wrong; the public absolutely
buy into that. Think about the position of BT in 2004 when it
introduced the Clean Feed system. We are a commercial company
with shareholders. We took the decision to censor this material
on the Internet. That is not a role that one normally associates
with a commercial company. It was only because it was universally
abhorrent to our customers who went along with it, with superb
support from Paul Goggins and the Government, that it was successful.
Part of it was the position of child abuse material under the
Protection of Children Act. You then have to decide where Government
and Parliament want to draw the line. There is a descending curve
at the top of which is child abuse material and perhaps ordinary
pornography at the bottom. The suicide websites would be in there
as well. Where do we draw the line between harmful, unpleasant
and illegal content? When do we say that there cannot be access
because it is illegal, that there can be access to the material
but with certain protection or that there can be free access to
the material? Who draws that line? I believe that is a role for
Parliament and government.
Q254 Janet Anderson: This issue spreads
across a number of government departments: the Home Office and
the Departments for Children, Schools and Families, Health and
Culture, Media and Sport. Do you think it would help to get a
clearer message from government if we had a minister with specific
responsibility for child protection?
Mr Galvin: I think it would help
to get a much clearer position on child protection, but potentially
there is more harmful content on the Internet than child abuse.
I am not demoting child protection, but if you look at other content,
for example some of the material that comes out of Iraq, you also
have to decide how you treat that. It would be a useful unifying
link for child protection but perhaps we would miss some of the
other key areas on the Internet.
Q255 Helen Southworth: I want to
ask about two aspects of education. One is the work that you do
in terms of educating people who are your direct customerswe
saw an interesting example earlier of that direct connection with
customersbut also the work that you do on a wider basis
in view of the earlier comments about some children who do not
have anybody there to fight their corner. You have taken considerable
steps in the education of your customers but how will you drive
it forward?
Mr Galvin: This is a never-ending
task with many facets where you can never do enough. It is a matter
of educating customers about how to get the most out of the Internet
which is a tremendously powerful tool, how to find their way about
and find the material they want, where they can participate in
things and how to give them basic control of the navigation of
it. We have in our minds the model that most parents do not know
how to use the Internet and their children have to set it up for
them. As a generalisation that is not particularly true of the
customers with whom I deal. You cannot predict who in a household
will run the computer system, the level of computer education
in that household and what access to training facilities a person
will have in any particular household. You have to cater for all
possibilities. It is about providing basic information about navigation
and threats. At one end of the scale it may be child protection
and at the other end it may be dealing with spam mail and fraud,
and phishing would be somewhere in the middle. It is also a matter
of providing online information which is proactive and regularly
updated which customers can use as a reference tool, and also
at the point where you set up the service you provide information
which introduces customers to the facility so they can use it
themselves. You then have to back it up with a comprehensive help
arrangement. We provide telephone and online help and both are
extensively used. If you look at our help desk operation much
of it deals with faults but it also helps customers to configure
their own systems and deal with queries. For more serious cases
we back it up with an abuse desk which deals with customers who
are concerned about their experience of the Internet. We provide
buttons that allow customers to report to CEOP, for example, but
remember that child protection is only one aspect that might worry
a customer online. In some cases a customer might have a significant
problem for which he cannot use the child protection reporting
mechanism. Let us say the customer is receiving anonymous emails
or something like that. We provide an abuse desk to deal with
cases like that.
Ms de Stempel: I believe that
all ISPs regularly promote those education initiatives, but also
help to promote some of the government initiatives on which we
have worked. For example, a lot of ISPs have supported the anti-bullying
guidance that emerged from the DCSF campaign. It was instructive
and very well done. Therefore, we can give that information which
also comes from a source that is not commercially involved. Sometimes
we believe that if we say it it may not have the same weight as
the DCSF talking about certain behaviour. It is also about catching
some of the behaviour of kids in a chat room. They may send their
mobile number. We immediately send them a mail about security.
The moderator will send an email saying it is inappropriate or
dangerous to do this. It is not a warning; it is about safety.
For example, Bebo has a fantastic thing about putting on a profile
the IP address. It says, "This is your IP address. Learn
more." It says that you are not anonymous on the Internet,
so it gives information and education about safety and behaviour.
Mr Lansman: You asked about existing
customers. I believe my colleagues have given information about
how all of them, from Tiscali to Sky to Orange, give information
to customers online and it is updated. You have to have in mind
two things. First, access to the Internet is now not just traditionally
through a PC; it is also through mobiles. I know you have heard
from colleagues in the mobile industry. Many of those members
are also members of ISPA because they realise that access to the
Internet is through mobile devices; indeed, many children get
their Internet connection only through mobile devices. Second,
you mentioned existing and new customers. It is important for
the Internet industry to realise that in some contexts information
must be in hard copy that parents can read because they do not
get onto the Internet to get the downloaded information. Many
ISPs send information in booklets and hard copy that can be read
by parents and children. Equally, ISPs go into schools and provide
presentations to children, many of whom are not yet online. They
are probably online in school but not necessarily at home. All
of these are extremely important issues and I am confident that
the industry is looking at them. The end point for the ISP industry
as a commercial imperative is to have more and more people on
the Internet, so it is in its interest to make sure that the Internet
is understandable, safe and provides a rewarding experience for
new customers as well.
Q256 Helen Southworth: Has the industry
looked at making a specific budget allocation for educational
initiatives to roll out some of those things?
Mr Lansman: My colleagues can
give more information on this, but I suspect that in general terms
it is just part of the good practice of marketing. You could argue
that information and education are part of quite a large marketing
budget to get people onto the Internet in the first place.
Q257 Helen Southworth: I was looking
at it specifically in terms of protection from harm.
Ms de Stempel: It depends. For
example, if there was a lot of concern about bullying on mobile
phones, which was something we did not expect, we would find some
budget to support that campaign by advertising on our service
which is costly. We would allocate part of the budget to promote
that campaign, or if our safety and security area needed to be
redesigned we would allocate a new line of budget to redo some
pages including safety and security. It is a rolling exercise
and part of what the ISP industry is trying to do especially in
the UK to be seen as the best in helping to protect children online.
Chairman: I think that is all we have
for you. Thank you very much.
|