Select Committee on Culture, Media and Sport Minutes of Evidence


Examination of Witnesses (Questions 240-257)

MR NICHOLAS LANSMAN, MS CAMILLE DE STEMPEL AND MR MIKE GALVIN

18 MARCH 2008

  Q240  Chairman: But would you report to the police the identity of the person who posted it?

  Ms de Stempel: We report all the information they would need to serve us with a RIPA notice.

  Q241  Chairman: Every PC has an identification number which will allow it to be identified. Would you supply that?

  Ms de Stempel: Any connection has an IP address which can come back to a subscriber.

  Q242  Chairman: You would supply the information that would allow the police to identify that subscriber?

  Ms de Stempel: Yes.

  Mr Lansman: On service of the appropriate legal notice.

  Mr Galvin: You will get back to the Internet connection, so it does not tell you who the person on the PC is; it will just give the location of the particular connection.

  Q243  Chairman: It would be the account holder?

  Mr Galvin: It depends on the individual ISP but in most cases, yes.

  Q244  Chairman: But it is your policy which is industry-wide to reveal the identities or account holders of the IP addresses only when served with a legal order?

  Ms de Stempel: Yes. We have a very good, robust and swift process. We have single points of contact in all the forces. They have a system of priorities as to whether something is a risk and we give the information straight away, or it can wait. The police then decide where they need their investigation to go.

  Mr Galvin: It protects the individual and is also a system that works very well. We have an agreement about how long we keep the information post any particular session. You need to know the date and time as well as the IP address to be able to identify the individual. IP addresses change as people connect and disconnect from the network. We have a very robust agreement with law enforcement authorities. When they want information quickly we have a process for that and also a process for pulling out archival information. It is now quite a well run process.

  Q245  Chairman: Short of a legal order from the police, if you saw somebody behaving inappropriately against such terms and conditions would you terminate that account?

  Ms de Stempel: If it is against our terms of service, yes.

  Q246  Chairman: The making of inappropriate suggestions in a chat room would be against the terms of service?

  Ms de Stempel: Absolutely.

  Q247  Mr Evans: How many accounts did you terminate last year?

  Ms de Stempel: Offhand, I do not know.

  Mr Lansman: The punishment must fit the crime. I think it is appropriate that ISPs have a variety of policies to deal with their own users and customers. I know that some of them and AOL will give warnings and wait for behaviour to be modified before taking the ultimate sanction.

  Q248  Chairman: The approach would be two or three strikes and you are out?

  Mr Galvin: It depends on what they have done. For example, if you are hosting a suicide website that is not two or three strikes and out; that is just out. If someone was using bad language or perhaps sending difficult emails, which would be a type of abuse query we would receive, we might warn them and if they did not stop they might be out.

  Q249  Chairman: Both of your two companies were commended by Mr Gamble as examples of very good practice, but we are concerned with the ones who are not very good examples. Therefore, your approach of monitoring and giving notice of inappropriate behaviour or co-operating with the police does not appear to be a universal practice. Do you believe that you are being let down by some of your competitors?

  Ms de Stempel: I do not have the feeling that other people are not co-operating. In the UK there is a real willingness on the part of the industry to become involved in all the different initiatives of the Home Office and cyber bullying task forces and the Internet Crime Forum. I do not think we see colleagues from other companies not participating in that and contributing very much to the debate.

  Q250  Chairman: Were you surprised by Mr Gamble's remarks?

  Ms de Stempel: Some of the reporting mechanisms that Mr Gamble advocates are perhaps not the way other people decide to proceed. However, they have reporting mechanisms and I know they have been engaged with CEOP and their colleagues to try to develop a solution that suits both parties.

  Mr Lansman: Unless I misheard Mr Gamble, he was heaping praise on the industry but referred to one or two organisations with which he was having words. I trust Mr Gamble to be able himself to have those robust conversations with the companies to which he refers. He mentioned only one or two and heaped praise on a large part of the industry which is not only generous of him but also entirely correct.

  Q251  Chairman: I accept that, but the problem is that it takes only one or two. If people wish to abuse this industry all they need to do is find the one ISP that will not insist on appropriate content or go out of its way to co-operate with the regulatory authorities and then they have the access they need.

  Mr Lansman: Like any other sector, the Internet can have one or two apples possibly spoiling in the barrel, but I do not think we should ignore all the good work by the rest of the industry. It is a long list. For many years ISPA and its individual members have been involved not just with the IWF but other organisations and task forces; they have co-operated with government departments, law enforcement and Parliament on a long-term basis, and long may it continue.

  Q252  Chairman: Is it your general attitude that whilst there are various activities which rightly give rise to public concern the industry is on top of it, the self-regulatory structure is working, protections are in place and not a lot more needs to be done?

  Mr Lansman: I think the industry in the UK is leading the way. It would be complacent to think that the job is done; it is not. This type of thing will be an ongoing battle. As new services that we cannot even imagine today come onto the Internet the industry will be required to co-operate again with law enforcement, government, children's charities and other organisations to make sure it stays on top of things. There are some very good examples of what the industry is doing, but it is a question of continuing engagement with all parts of society, realising that the good parts of the Internet are there and are wonderful in terms of education and entertainment but also recognising that there are some bad parts. It is incumbent on industry as a whole and individual members to make sure we address the bad parts whilst we keep pushing the wonderful rewards offered by the Internet.

  Mr Galvin: Even the best managed ISPs—AOL and BT are good examples—have not eliminated all the risks; indeed, by technical means we probably never will be able to do that. One requires more arrows in one's quiver than technical means to do this. There remain significantly higher levels of risk with activity outside the UK. That is a problem of reach not only for ISPs but also UK law. If you look at the statistics from the Internet Watch Foundation about child abuse material hosted in the UK it is almost but not quite down to zero compared with very significant levels of such content hosted abroad. Self-regulation has given you a shining example of best practice in the best ISPs. The challenge for the rest of the industry is to get everyone up to that level. Industry as well as government and people like Mr Gamble and CEOP have a role in advocating that. It must be a concerted effort. The Home Office task force has proved to be a vital piece of glue to bring together the industry here as well. We all have a duty to bring the industry up to best practice. I do not think we would be where we are today without a few ISPs leading the way and developing best practice techniques and what we have in the UK. I echo what Mr Lansman said. We cannot be complacent; the threat is constantly changing and we are getting new people on the Internet now at a rate of knots. The customer base continues to grow. As a generalisation, new customers who arrive are probably less computer and threat-aware of what is on the Internet than customers who have already accessed it. The nature of the environment, customers and technical threats changes constantly.

  Q253  Chairman: But you see no need for statutory regulation?

  Mr Galvin: I would not say that. I go back to my earlier comments. Statutory regulation provides the minimum standard and it is the role of Parliament and government to define what is right and the height of the bar. It is difficult. Imagine a slope at the very top of which is the almost universal consensus that child abuse material is wrong; the public absolutely buy into that. Think about the position of BT in 2004 when it introduced the Clean Feed system. We are a commercial company with shareholders. We took the decision to censor this material on the Internet. That is not a role that one normally associates with a commercial company. It was only because it was universally abhorrent to our customers who went along with it, with superb support from Paul Goggins and the Government, that it was successful. Part of it was the position of child abuse material under the Protection of Children Act. You then have to decide where Government and Parliament want to draw the line. There is a descending curve at the top of which is child abuse material and perhaps ordinary pornography at the bottom. The suicide websites would be in there as well. Where do we draw the line between harmful, unpleasant and illegal content? When do we say that there cannot be access because it is illegal, that there can be access to the material but with certain protection or that there can be free access to the material? Who draws that line? I believe that is a role for Parliament and government.

  Q254  Janet Anderson: This issue spreads across a number of government departments: the Home Office and the Departments for Children, Schools and Families, Health and Culture, Media and Sport. Do you think it would help to get a clearer message from government if we had a minister with specific responsibility for child protection?

  Mr Galvin: I think it would help to get a much clearer position on child protection, but potentially there is more harmful content on the Internet than child abuse. I am not demoting child protection, but if you look at other content, for example some of the material that comes out of Iraq, you also have to decide how you treat that. It would be a useful unifying link for child protection but perhaps we would miss some of the other key areas on the Internet.

  Q255  Helen Southworth: I want to ask about two aspects of education. One is the work that you do in terms of educating people who are your direct customers—we saw an interesting example earlier of that direct connection with customers—but also the work that you do on a wider basis in view of the earlier comments about some children who do not have anybody there to fight their corner. You have taken considerable steps in the education of your customers but how will you drive it forward?

  Mr Galvin: This is a never-ending task with many facets where you can never do enough. It is a matter of educating customers about how to get the most out of the Internet which is a tremendously powerful tool, how to find their way about and find the material they want, where they can participate in things and how to give them basic control of the navigation of it. We have in our minds the model that most parents do not know how to use the Internet and their children have to set it up for them. As a generalisation that is not particularly true of the customers with whom I deal. You cannot predict who in a household will run the computer system, the level of computer education in that household and what access to training facilities a person will have in any particular household. You have to cater for all possibilities. It is about providing basic information about navigation and threats. At one end of the scale it may be child protection and at the other end it may be dealing with spam mail and fraud, and phishing would be somewhere in the middle. It is also a matter of providing online information which is proactive and regularly updated which customers can use as a reference tool, and also at the point where you set up the service you provide information which introduces customers to the facility so they can use it themselves. You then have to back it up with a comprehensive help arrangement. We provide telephone and online help and both are extensively used. If you look at our help desk operation much of it deals with faults but it also helps customers to configure their own systems and deal with queries. For more serious cases we back it up with an abuse desk which deals with customers who are concerned about their experience of the Internet. We provide buttons that allow customers to report to CEOP, for example, but remember that child protection is only one aspect that might worry a customer online. In some cases a customer might have a significant problem for which he cannot use the child protection reporting mechanism. Let us say the customer is receiving anonymous emails or something like that. We provide an abuse desk to deal with cases like that.

  Ms de Stempel: I believe that all ISPs regularly promote those education initiatives, but also help to promote some of the government initiatives on which we have worked. For example, a lot of ISPs have supported the anti-bullying guidance that emerged from the DCSF campaign. It was instructive and very well done. Therefore, we can give that information which also comes from a source that is not commercially involved. Sometimes we believe that if we say it it may not have the same weight as the DCSF talking about certain behaviour. It is also about catching some of the behaviour of kids in a chat room. They may send their mobile number. We immediately send them a mail about security. The moderator will send an email saying it is inappropriate or dangerous to do this. It is not a warning; it is about safety. For example, Bebo has a fantastic thing about putting on a profile the IP address. It says, "This is your IP address. Learn more." It says that you are not anonymous on the Internet, so it gives information and education about safety and behaviour.

  Mr Lansman: You asked about existing customers. I believe my colleagues have given information about how all of them, from Tiscali to Sky to Orange, give information to customers online and it is updated. You have to have in mind two things. First, access to the Internet is now not just traditionally through a PC; it is also through mobiles. I know you have heard from colleagues in the mobile industry. Many of those members are also members of ISPA because they realise that access to the Internet is through mobile devices; indeed, many children get their Internet connection only through mobile devices. Second, you mentioned existing and new customers. It is important for the Internet industry to realise that in some contexts information must be in hard copy that parents can read because they do not get onto the Internet to get the downloaded information. Many ISPs send information in booklets and hard copy that can be read by parents and children. Equally, ISPs go into schools and provide presentations to children, many of whom are not yet online. They are probably online in school but not necessarily at home. All of these are extremely important issues and I am confident that the industry is looking at them. The end point for the ISP industry as a commercial imperative is to have more and more people on the Internet, so it is in its interest to make sure that the Internet is understandable, safe and provides a rewarding experience for new customers as well.

  Q256  Helen Southworth: Has the industry looked at making a specific budget allocation for educational initiatives to roll out some of those things?

  Mr Lansman: My colleagues can give more information on this, but I suspect that in general terms it is just part of the good practice of marketing. You could argue that information and education are part of quite a large marketing budget to get people onto the Internet in the first place.

  Q257  Helen Southworth: I was looking at it specifically in terms of protection from harm.

  Ms de Stempel: It depends. For example, if there was a lot of concern about bullying on mobile phones, which was something we did not expect, we would find some budget to support that campaign by advertising on our service which is costly. We would allocate part of the budget to promote that campaign, or if our safety and security area needed to be redesigned we would allocate a new line of budget to redo some pages including safety and security. It is a rolling exercise and part of what the ISP industry is trying to do especially in the UK to be seen as the best in helping to protect children online.

  Chairman: I think that is all we have for you. Thank you very much.





 
previous page contents

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2008
Prepared 31 July 2008