Supplementary Memorandum from Ofcom
How does Ofcom interpret the distinction between
"content services" and "electronic communications
services", where there is a regulatory function under the
Act? What impact is convergence likely to have on such distinctions
The Electronic Communications Service definition
in section 32 of the Communications Act 2003 makes quite clear
that an ECS consists in the conveyance of signals by means of
an Electronic Communications Network but only insofar as it is
not a content service.
Section 32 (7) states that "a content service"
means so much of any service as consists in one or both of the
(a) the provision of material with a
view to its being comprised in signals conveyed by means of an
electronic communications network
(b) the exercise of editorial control over
the contents of signals conveyed by means of such a network.
The distinction therefore is clear; an ECS is
not itself a content service, but can rather be the means by which
a content service is provided.
A converged environment will increase the potential
for delivery of content services via an expanding number and type
of electronic communications services. This will mean more operators
will be able offer both content services and electronic communications
services alongside each other (the most obvious example of this
is in the provision of content services (portal pages, etc) by
ISPs, alongside their provision of Internet access).
However, we do not expect that this will mean
that convergence will make it more difficult to apply the relevant
distinctions set out in the Act which as stated above are quite
Is Ofcom engaging with ISPs on the provision of
security products (anti-virus software, filtering, firewalls etc)
to encourage the development of industry codes of practice?
Regulation of ISP Provision
Although security products are valuable tools
for consumers they are not a part of the regulated Internet access
serviceany more than are the PCs which are typically used
as the access device. Antivirus software, firewalls etc. largely
run on customer equipment and are in practice outside the control
of the Internet service provider (although AOL provides filtering
services on its network as a value-added element of its service
to subscribers, other ISPs do not).
However, Ofcom welcomes the fact that most ISPs
and many PC manufacturers provide security tools to their customers.
In addition, Ofcom is working with Government and industry to
help consumers take advantage of the protections such tools provide.
Aspects of this work are laid out below.
BSI Standard for Content Control Software
In partnership with the Home Office we have
developed a British Standards Institute (BSI) standard for Internet
content control software. The standard was announced by the Home
Secretary, The Rt. Hon Dr John Reid MP, in December 2006 and the
first kite marks based on the standard are due to be awarded later
The Standard, detailing requirements for products,
services, tools and other systems aims to allow UK adult Internet
users easily to control children's access to inappropriate Internet-based
content and services. Products meeting the requirements of the
specification will be entitled to display a kite mark on promotional
materials and packaging to help consumers identify products which
are both effective and easy to use.
Ofcom co-funded this project in support of self-regulation
of the Internet, to help consumers to control the content and
services they access over the Internet. The overall purpose of
the kite mark is to encourage the development of tools that:
help parents to monitor the activities
their children are involved in online;
help parents enforce limits on their
children's computer usage;
help children avoid accidentally
or inadvertently accessing harmful and/or inappropriate content.
By purchasing a kite marked product, parents
will have confidence in their ability to:
install and configure the access
control system without needing to be expert or have any specialist
protect their children online;
allow access to suitable Internet-based
content and services;
allow communication with suitable
access suitable system support should
they encounter problems with installing, configuring, maintaining
or using the access control system.
A sub-group of the Home Office Taskforce has
been convened to encourage services to seek accreditation, encourage
services to improve child protection and to encourage take-up
of the software by parents, through both awareness and other means,
including pre-loading. The role of the subgroup will also include
ensuring there is a process for review and updating the BSI standard
if it proves effective. We expect the Kite marked products will
be fully available in the shops in the summer.
Discussions between Ofcom, Home Office and BSI
have begun to co-ordinate promotional activity surrounding the
award of the first kite mark.
Home Office Task Force
The Home Office Task Force for Child Protection
on the Internet aims to make the UK the best and safest place
in the world for children to use the Internet, and to help protect
children the world over from abuse fuelled by criminal misuse
of new technologies.
The following have been created to help keep
children safe on the Internet:
"Good Practice Guidance for
the Moderation of Interactive Services for Children";
"Good Practice Guidance for
Search Service Providers and Advice to the Public on How to Search
"Guidance for Using Real Life
Examples Involving Children or Young People";
a website for young people full of information about staying safe
"Good Practice Models and Guidance
for the Industry",
guidance on chat rooms, instant messaging and web-based services
that encourages clear safety messages and advice, and user-friendly
ways of reporting abuse.
As well as attending meetings the Task Force,
Ofcom contribute to the work of Sub Groups F (Child Protection
Measures), G (Awareness) and the newly established International
Sub Group FA working group
has been looking at the safety issues for children caused by social
networking sites and is close to finalising a good practice guidance
document for both users and providers of such sites in the UK.
Sub Group GThere was further
activity from the Home Office marketing campaign between September
to November 2006 to support the roll-out of the Centre for Exploitation
and Online Protection's (CEOP) thinkuknow schools programme. The
online adverts have been particularly successful, and have been
seen by over 5.5 million unique visitors. There are 2.9 million
11 to 14 year olds online. CEOP's education programme, entitled
thinkuknow, was rolled out to Police Schools Liaison Officers
and teachers beginning in September 2006. Thinkuknow is primarily
aimed at secondary school children, aged 11 to 14.
A new International Co-operation
Sub Group has been established and Ofcom contribute to its work.
This new group met for the first time on 5 December 2006, and
discussed the group's aims, objectives, work plan and membership.
Under Section 14 of the Act, Ofcom is obliged
to conduct consumer research on a range of issues, including into
the experiences of consumers in the markets for electronic communications
services. What research has Ofcom conducted or commissioned, and
what uses are the results of this research being put to?
Ofcom and Media Literacy
Ofcom's definition of media literacy, developed
after formal consultation with stakeholders, is `the ability to
access, understand and create communications in a variety of contexts'.
It is through its Media Literacy work programme that Ofcom is
addressing the specific question raised by the Committee.
Research: Media Literacy Audit
In order to gain an initial picture of the extent
of media literacy across the UK, Ofcom commissioned an audit of
how UK adults and children gain access to, understand and create
communications, with a particular focus on electronic communications.
In this context, access has a much wider definition than take-up
or accessibility issues: it includes understanding of what each
platform and device is capable of and how to use its functions;
while understanding relates to how content (such as television
and radio programmes, Internet websites, or mobile video and text
services) is created, funded and regulated.
Some of the elements of this auditsuch
as attitudes towards the provision of news, or knowledge of content
regulationapply to traditional analogue television and
radio as well as their newer digital counterparts. But for the
most part, this audit focuses on the four main digital media platformsnot
only digital television and digital radio, but also the Internet
and mobile phonesas these are the ones where there is most
divergence between different groups within the UK in terms of
understanding, take-up and usage.
The key objectives of the audit were:
To provide a rich picture of the
different elements of media literacy across the key platforms
of TV, radio, the Internet and mobile phones (including some comparisons
with other media such as the press and computer games);
To understand the extent to which
there are relationships between the elements of media literacyfor
example, is the level of an individual's competence in using the
features available on a given platform related to how long they
have owned the device and how often they use it? Are levels of
concern about the platform related to ownership or usage levels?
To understand the extent to which
there are relationships between the platformsdoes interest
in, or knowledge and usage of one platform impact upon interest
in, or knowledge and usage of another?
The findings of the Media Literacy Audit were
published as a series of reports. They are:
Report on adult media literacy;
Report on media literacy amongst
Report on media literacy in the nations
Report on media literacy of disabled
Report on media literacy amongst
Report on media literacy amongst
adults from minority ethnic groups.
The media Literacy reports are available on
the Ofcom website.
Research: The consumer experience of telecoms, Internet
and broadcasting services
In November 2006, Ofcom published research which
evaluated the experience of UK consumers in telecoms, broadcasting
and Internet markets. The research, entitled "The Consumer
Experience", highlighted many benefits from increased competition
and new technologies, such as falling prices, increased customer
satisfaction and a greater range of services. However, it also
revealed concerns over the growing potential for consumer harm
as communications markets become more complex. The following is
a summary of the research's main findings;
fixed-line, 2G mobile, digital television
and broadband Internet services are available to between 95%-100%
of the UK population;
there has been a 55% growth in Internet
users that have taken up broadband in the last 18 months;
only 25% of low income earners have
Internet access at home, compared with 88% of high earners;
Between 84% and 95% of those who
have switched communications provider said it had been easy to
Only 1 in 5 Internet users have ever
switched provider, though more than half have changed their tariff
More than half of all complaints
received by Ofcom in Q2 2006 were related to "tag on line",
a problem encountered by an increasing amount of broadband subscribers;
61% of Internet users are concerned
about issues such as paedophiles online, Internet security and
What is Ofcom doing to develop public understanding
of safe and secure behaviour online?
Promoting media literacy and enabling consumers
to make informed choices (extract from Ofcom's Annual Plan 2007-08):
"In 2007-08 Ofcom will place a much greater
emphasis on media literacy, and on consumers' ability to make
informed choices and obtain value for money. Taken together, these
two areas will lead to people having improved communication capability.
By communication capability we mean the skills,
knowledge and understanding that citizens and consumers need to
benefit from communications servicesto access and engage
with content, be able to use communications services confidently
and get the best deal in the marketplace.
We recognise that communication capability is
dependent on having access to services that are easy to use. Ofcom
also has a role in promoting access and inclusion.
During 2007-08 our work to promote media literacy
will include raising people's awareness of, for example:
how to use tools, such as web browsers
and electronic programme guides, in order to navigate safely and
how to manage audio and visual content
using information, such as content labelling and trust marks,
and tools, such as parental controls, Internet filtering and firewalls.
We will also seek to improve people's understanding
of: editorial and commercial agendas; the difference between reportage
and advocacy; and the context in which content is supplied."
Detail from this year's annual report of activity
Ofcom's Media Literacy programme is funded in
part by a direct grant from DCMS, as opposed to the industry levies
which provide the majority of its revenue. As part of its relationship
with DCMS, Ofcom provides an annual report of activity, which
is summarised below:
BSI Kite Mark (as above);
Safer Internet Day: Almost 40 countries
took part in the fourth edition of Safer Internet Day (SID) which
this year took place on 6 February. The campaign is organised
by European Schoolnet, coordinator of Insafe, the European safer
Internet network (www.saferInternet.org). Viviane Reding, EU Commissioner
for the Information Society and Media is once again patron of
Safer Internet Day. In the UK the event was organised by Internet
Safety Content Agent (ISCA) Project run by the Cyberspace Research
Unit, and Ofcom supported the event and contributed to a panel
at a half day conference in London. The event focussed on the
theme of `crossing borders' and included speakers from Ofcom,
UCLAN, CEOP, charities, government, education and industry, including
Vodafone and Microsoft;
BECTA: Ofcom is represented on Becta's
Safe Use of the Internet Policy Group. Last year the group published
`Safeguarding children in a digital world: Developing a strategic
approach to e-safety'. This was presented to the Becta Board,
DfES ministers and the Home Office for comment. Ofcom has hosted
meetings of the group this year to ensure a co-ordinated approach
between the major stakeholders;
Silver Surfers' Week 2006: In the
run up to Silver Surfers' Week 2006 Ofcom in partnership with
Digital Unite delivered training to volunteers recruited by event
organisers to assist in the delivery of Silver Surfer sessions.
By receiving training in teaching techniques and in the use of
resources prepared for events these volunteers were equipped with
the necessary skills to deliver on-going training during and beyond
Silver Surfers' Week;
Silver Surfers' Day 2007: Ofcom has
begun work with Digital Unite on the development of Silver Surfers'
Day 2007. Silver Surfers' Day is the only established media literacy
campaign focused entirely on those over 50. Media literacy is
becoming increasingly important as digital exclusion is proven
to be a core indicator of social exclusion. Older people, who
have less opportunity to learn these skills at work or socially,
need extra help to acquire them. SSD works by soliciting and empowering
hundreds of agencies, public and private, to deliver `Silver Surfer
events' through which they are able to engage with tens of thousands
of individuals at a local level and on a national scale.
Website: The media literacy section
includes relevant Ofcom publications, details of forthcoming media
literacy events and reports from past activity as well as links
to a wide range of external media literacy resources including
guides on the safe use of the Internet. It is regularly updated
as and when new resources are available;
eBulletin: Four issues of the Ofcom
media literacy bulletin
were published in June, September, December and February 2006-07.
The bulletin keeps stakeholders informed of developments across
the field of media literacy.
Ofcom's enforcement relationship with the Information
Areas of common enforcement responsibility
Ofcom and the Information Commissioner's Office
(ICO) have discrete and concurrent powers to enforce the Privacy
and Electronic Communications Regulations (PECR). The Regulations
include the use of automated calling systems, the transmission
of recorded messages that contain direct marketing material and
compliance with the Telephone and Fax Preference Services.
The ICO has primary responsibility for enforcing
PECR using its enforcement powers under Part V and Schedules 6
and 9 of the Data Protection Act 1998. Ofcom also has discrete
enforcement powers under the Persistent Misuse provisions (ss
128-130) of the Communications Act 2003.
Additionally, both Ofcom and the ICO share concurrent powers as
Designated Enforcers of PECR under Part 8 of the Enterprise Act
Enforcement principles and how we decide which regulator
Given our concurrent powers, we have agreed
how we will work together in enforcing PECRwe intend to
publish a letter of understanding shortly, which sets out the
basis of our collaboration.
The following non-exhaustive principles inform
our enforcement action in general and which organisation is best
placed to investigate issues of suspected non compliance in particular:
Efficiency: Enforcement needs to
be quick and effective and should send out a signal that we consider
certain behaviour to be unacceptable;
Co-operation: It is important to
work together closely and act in a joined-up way, to ensure that
stakeholders have sufficient clarity about our respective roles;
Proportionality: Enforcement needs
to be proportionate to the risk.
Deciding which regulator takes action
Special interest: There are areas
where Ofcom or the ICO will have specialist experience and might
generally be expected to take the lead. Examples might include
where the issue of privacy is foremost and the ICO would be expected
to take the lead. In contrast, if an investigation would benefit
from technical knowledge of the communications sector, Ofcom might
be best placed to take action;
Clarity: We consider whether the
issue raises a particularly novel question (for example, the meaning
of a definition in the Regulations or the need to clarify whether
a particular practice is permissible or not) which could have
bearing on the legal instrument adopted; and
Resources: We take into account the
resources available to our respective organisations at any particular
We believe that such an understanding supports
appropriate enforcement, providing clarity on the roles of the
two organisations and playing to the expertise of both.
Day to day liaison
Ofcom and the ICO keep each other informed on
a regular basis about suspected non-compliant behaviour that is
causing concern. In addition to informal contact, we also meet
at quarterly intervals to discuss enforcement activity.
Recent enforcement activity
The ICO recently undertook enforcement action
in relation to compliance with the Telephone Preference Service.
Ofcom also recently imposed a financial penalty
of £10,000 on 1RT under section 130 of the Communications
Act 2003 (penalties for the persistent misuse of a communications
network or service) in relation to their sending faxes containing
marketing material to telephone numbers registered with the Fax
Preference Service without consent.
Is Ofcom acting on potential security network
One of the key points about IP technology is
it is increasingly available to the end user to determine what
their own level of security should be because it allows greater
specification at the application rather than transmission layer.
It would be particularly expensive to expect Communications Providers
(CPs) to provide a very high level of network security which in
all but a very few instances would not be called upon. In these
instances as they would most probably be criminal in intent, they
would properly be dealt with under existing criminal law. From
Ofcom's point of view the General Authorisation Regime, introduced
in July 2003 to replace the system of telecommunications licences,
regulates how Communications Providers (CPs) should provide Electronic
Communications Services (ECS) and/or Electronic Communications
Under this regime there are a number of General
Conditions (GC) which providers of ECS/ECN must abide by. The
majority of these GCs cover consumer protection in terms of their
contractual relationship with the CP and their access to certain
services, however two GCs in particular also deal with technical
aspects. GC2 requires a CP to conform with appropriate standards
for the purpose of ensuring the viability of interconnection and
end-to-end interoperability. GC3 requires a CP who provides a
Public Telephone Network (PTN) or Publicly Available Telephone
Services (PATS) to ensure the proper and effective functioning
of the network. However, neither of these GCs specifically require
a CP to protect the confidentiality of the information it carries
across its ECS or ECN, nor to secure the network against external
interference. Nevertheless, it is clearly commercial good practice
to do so as the risk to any CP's business of not doing so is obviously
very high through a loss of confidence in it as a responsible
Ofcom would be concerned if any CP, particularly
a provider of a PTN or PATS, took an irresponsible approach to
maintaining the integrity of its customers' data and the network
but ultimately the choice of the level of security to apply to
one's data is a choice for the end user which is why some consumers
choose to apply their own security at the application layer rather
than relying on the network to maintain security and integrity.
Some CPs may also offer products which provide contractual security
and/or integrity guarantees.
Most CPs, for the reasons stated above, will
take significant steps to protect their network against intrusion
but there is clearly a risk of interference which with such a
widely distributed asset as an ECN is very difficult to completely
mitigate. It is not possible to detect all attempts to interfere
with the network and there is always a risk that an intruder could
go undetected and gain access to user data, eg by tapping the
line between the end user and the exchange, and it would be unreasonable
for a CP to regularly check the entirety of all of its physical
and software assets for unauthorised access. Indeed such monitoring
would be extremely costly, the cost of which would need to be
recovered from consumers. It is therefore sensible for consumers
never to assume that the network is entirely secure and to implement
their own security measures.
Regulation of Voice over IP services (VoIP)
In March 2007, Ofcom published a new regulatory
code for Voice over Internet Protocol (VoIP) service providers
to ensure that consumers have access to important information
about the capabilities of their service.
Following public consultation in 2006, Ofcom
has decided to put in place measures to ensure that consumers
have access to information which helps them make informed purchasing
decisions. The new code of practice requires VoIP providers to
whether or not the service includes
access to emergency services;
the extent to which the service depends
on the user's home power supply;
whether directory assistance, directory
listings, access to the operator or the itemisation of calls are
whether consumers will be able to
keep their telephone number if they choose to switch providers
at a later date.
If consumers choose to take up a service that
does not offer access to emergency services or which depends on
an external power supply, the code also requires VoIP providers
secure the customer's positive acknowledgement
of this at point of sale (by ticking a box, for example);
label the capability of the service,
either in the form of a physical label for equipment or via information
on the computer screen; and
play an announcement each time a
call to emergency services is attempted, reminding the caller
that access is unavailable.
As usage in the UK continues to grow, and the
market develops further, Ofcom will continue to review and develop
its approach to regulation to ensure that consumers gain the full
benefits of VoIP services.
A number of respondents to Ofcom's consultation
expressed concern that a lack of access to emergency services
via VoIP services might result in consumer detriment. For that
reason, Ofcom intends to consult later this year on whether, and
if so how, certain VoIP services might be required to offer access
to emergency services.
11 April 2007
Ofcom can take action under the Persistent Misuse provisions
where it has reasonable grounds for believing that a person has
persistently misused an electronic communications network or service
in any way that causes-or is likely to cause-unnecessary annoyance,
inconvenience or anxiety. Back