The East Midlands Broadband Consortium (embc) is one of the 10 Regional Broadband Consortia (RBC) formed as a result of the DfES Regional Broadband initiative. Embc is a collaboration between the nine East Midlands Local Authorities, and currently provides connectivity to over 2,100 schools in the East Mildands. This response is given from an education point of view, particularly in the context of child safety.

DEFINING THE PROBLEM

What is the nature of the security threat to private individuals? What new threats and trends are emerging and how are they identified?

  1.  Online technologies such social networking sites, email, chatrooms etc are increasingly popular and extremely widely used by children and young people.

  2.  Such technologies allow individuals to hide or disguise their identities. Paedophiles and other predators are able to access children under false pretences, for the purpose of grooming or other illegal activity. Such individuals are able to find or elicit personal information that helps them in their illegal activities. This provides a means of access to children and young people that has not previously existed and is therefore a new threat in terms of child safety.

  3.  CEOP, police forces and other organisations concerned with child safety have noted increasingly sophisticated use by paedophiles of online environments to access children and young people, with little or nothing in the way of vetting to ensure they are who they say they are.

  4.  Another increasing trend is that of cyberbullying, where children and young people are subjected to extremely disturbing forms of bullying and public humiliation, not just within their circle of acquaintances but also online for viewing by anyone with a connection to the internet.

  5.  Parents do not generally understand the nature or extent of potential threats, and therefore are not in a position to teach their children how to keep safe.

  6.  Parents also tend not to understand enough about how the technology works to be able to implement suitable monitoring and control measures.

What is the scale of the problem? How are security breaches affecting the individual user detected and recorded?

  7.    In education terms, the expectation is increasingly that children and young people will have ready access to the internet in and out of school to support and extend their learning and self development. The expectation detailed in the DfES e-strategy is that children will have a safe and secure online learning space accessible in school and out of school. In school, it is possible to offer safe and secure access to the Internet where the connection is provided by an RBC such as embc. However, in the home the level of safety and security is determined by the child's own level of understanding and that of his or her parents, which may be very limited.

  8.  Children and young people expect to be able to use a range of online technologies, in particular various forms of social networking, in order to keep in touch with both real and "virtual" friends. Use of such technologies is increasingly the norm, and hence the potential threat affects the vast majority of children.

  9.  Detection and recording can take place using monitoring software and by managing access to specific sites. However, this is extremely difficult to do in the home if the users are not aware of the technology available to do this, or how to implement it, in order to keep themselves safe. Such safeguards would generally fall to the parents, who on the whole are less well informed in these matters than their children.

  10.  In terms of personal safety however, it is currently impossible for an individual to know whether the person they are "talking" to online is who they say they are.

  11.  CEOP is assisting with increased emphasis on e-safety, has launched a campaign for young people to help them better understand the dangers and be in a better position to avoid them. Organisations such as Childnet International are also attempting to help with information for parents. However, reaching the intended audiences is difficult.

How well do users understand the nature of the threat?

  12.  General understanding is currently poor. Both adults and children are not well enough aware of the strategies used by pedophiles or other individuals with intent to harm. There is a lack of understanding of the how the various pieces of information available online through personal profiles, blogs, podcasts etc can be used by criminals to support their activities. Young people are generally confident they can look after themselves, but do not always understand the consequences (both short term and long term) of their social networking, eg the publishing blogs or images which give out personal information and which may impact on their personal safety in the short term, or simply be embarrassing to them in a personal or professional context in later years.

  13.  In addition, parents may be unaware of the activities their children are taking part in (eg inappropriate use of web cams in bedrooms) or may not understand the implications and possible consequences of such activities.

TACKLING THE PROBLEM

What can and should be done to provide greater computer security to private individuals? What, if any, are the potential concerns and trade-offs?

  14.  All schools should offer access to the internet through accredited education ISPs. Filtering levels in school need to be appropriate for the age and maturation of the children.

  15.  A greater emphasis needs to be placed on training and raising awareness of the dangers and how to avoid them—for children, parents and school staff. This is particularly crucial for children and young people as very often they will have access in the home to sites and facilities that will be blocked within school. They need to understand the reasons why these are blocked and how to keep themselves safe when they do have access to them.

What is the level of public awareness of the threat to computer security and how effective are current initiatives in changing attitudes and raising that awareness?

  16.  Public awareness is generally not good. A few headlines grab the attention eg paedophiles, pornography in social web sites, cyber bullying, but little true understanding of how the sites may pose dangers, or what can be done to prevent problems occurring.

  17.  CEOP and Childnet have recently launched safety initiatives, but it is too early to comment on their effectiveness.

What factors may prevent private individuals from following appropriate security practices?

  18.  Lack of understanding of the nature of the potential dangers and of the controls that can be applied to risks. This applies both the technological and the cultural aspects. In many cases individuals do not understand what is available to ensure filtering and other safeguards, or how to implement it. There is also a lack of understanding, particularly amongst children and young people about how the information they disclose to the world online might be used by others and the consequences this may have.

What role do software and hardware design play in reducing the risk posed by security breaches? How much attention is paid to security in the design of new computer-based products?

  19.  Easy-to-use and install software is a key aspect of enabling personal safety online. In many cases individuals will not even be aware that software is available to help with the security or safety issues they may be concerned about.

  20.  Out of school and in the home the situation is more problematic, especially for family computers used by adults and children.

Who should be responsible for ensuring effective protection from current and emerging threats?

  21.  National agencies and key vendors have a role in intelligence and keeping users aware of the changing nature of threats and prevention steps.

  22.  Providers of online facilities such as social networking that provide access to individual and personal information also bear a responsibility for ensuring that the content they host is appropriate and for educating their users in the potential dangers.

  23.  Children's services should be providing a unified approach to the advice it gives to children and young people.

What is the standing of UK research in this area?

  24.  The emergence of national education systems using the internet has led to setting of standards—we are not aware of research in this area.

GOVERNANCE AND REGULATION

How effective are initiatives on IT governance in reducing security threats?

  25.  The role of Becta in defining standards has assisted in schools although majority of schools still do not have an accredited Becta supplier and even when they do they can override the accredited standards.

  26.  Standards outside of schools are subject to the vagaries of the marketplace and the selected ISP accessed in the home and at other sites.

How far do improvements in governance and regulation depend on international co-operation?

  27.  This is essential, particularly with regards to child safety, but also needs to be sensitive to local contexts.

Is the regulatory framework for Internet services adequate?

  28.  No.

What, if any, are the barriers to developing information security systems and standards and how can they be overcome?

  29.  The expectation that all ISPs are the same and that the user should determine what is appropriate in terms of access and use.

CRIME PREVENTION

How effective is Government crime prevention policy in this area? Are enforcement agencies adequately equipped to tackle these threats?

  30.  CEOP is in early days but is already making a significant difference in raising the profile of e-safety and ensuring training becomes more effective.

Is the legislative framework in UK criminal law adequate to meet the challenge of cyber-crime?

  31.  Not known.

How effectively does the UK participate in international actions on cyber-crime?

  32.  Not known.