How does Ofcom interpret the distinction between "content services" and "electronic communications services", where there is a regulatory function under the Act? What impact is convergence likely to have on such distinctions over time?

  The Electronic Communications Service definition in section 32 of the Communications Act 2003 makes quite clear that an ECS consists in the conveyance of signals by means of an Electronic Communications Network but only insofar as it is not a content service.

  Section 32 (7) states that "a content service" means so much of any service as consists in one or both of the following-

(a)    the provision of material with a view to its being comprised in signals conveyed by means of an electronic communications network

(b)  the exercise of editorial control over the contents of signals conveyed by means of such a network.

  The distinction therefore is clear; an ECS is not itself a content service, but can rather be the means by which a content service is provided.

  A converged environment will increase the potential for delivery of content services via an expanding number and type of electronic communications services. This will mean more operators will be able offer both content services and electronic communications services alongside each other (the most obvious example of this is in the provision of content services (portal pages, etc) by ISPs, alongside their provision of Internet access).

  However, we do not expect that this will mean that convergence will make it more difficult to apply the relevant distinctions set out in the Act which as stated above are quite clearly defined.

Is Ofcom engaging with ISPs on the provision of security products (anti-virus software, filtering, firewalls etc) to encourage the development of industry codes of practice?

Regulation of ISP Provision

  Although security products are valuable tools for consumers they are not a part of the regulated Internet access service—any more than are the PCs which are typically used as the access device. Antivirus software, firewalls etc. largely run on customer equipment and are in practice outside the control of the Internet service provider (although AOL provides filtering services on its network as a value-added element of its service to subscribers, other ISPs do not).

  However, Ofcom welcomes the fact that most ISPs and many PC manufacturers provide security tools to their customers. In addition, Ofcom is working with Government and industry to help consumers take advantage of the protections such tools provide. Aspects of this work are laid out below.

BSI Standard for Content Control Software

  In partnership with the Home Office we have developed a British Standards Institute (BSI) standard for Internet content control software. The standard was announced by the Home Secretary, The Rt. Hon Dr John Reid MP, in December 2006 and the first kite marks based on the standard are due to be awarded later this year.

  The Standard, detailing requirements for products, services, tools and other systems aims to allow UK adult Internet users easily to control children's access to inappropriate Internet-based content and services. Products meeting the requirements of the specification will be entitled to display a kite mark on promotional materials and packaging to help consumers identify products which are both effective and easy to use.

  Ofcom co-funded this project in support of self-regulation of the Internet, to help consumers to control the content and services they access over the Internet. The overall purpose of the kite mark is to encourage the development of tools that:

—  help parents to monitor the activities their children are involved in online;

—  help parents enforce limits on their children's computer usage;

—  help children avoid accidentally or inadvertently accessing harmful and/or inappropriate content.

  By purchasing a kite marked product, parents will have confidence in their ability to:

—  install and configure the access control system without needing to be expert or have any specialist technical knowledge;

—  protect their children online;

—  allow access to suitable Internet-based content and services;

—  allow communication with suitable Internet users;

—  access suitable system support should they encounter problems with installing, configuring, maintaining or using the access control system.

  A sub-group of the Home Office Taskforce has been convened to encourage services to seek accreditation, encourage services to improve child protection and to encourage take-up of the software by parents, through both awareness and other means, including pre-loading. The role of the subgroup will also include ensuring there is a process for review and updating the BSI standard if it proves effective. We expect the Kite marked products will be fully available in the shops in the summer.

  Discussions between Ofcom, Home Office and BSI have begun to co-ordinate promotional activity surrounding the award of the first kite mark.

Home Office Task Force

  The Home Office Task Force for Child Protection on the Internet aims to make the UK the best and safest place in the world for children to use the Internet, and to help protect children the world over from abuse fuelled by criminal misuse of new technologies.

  The following have been created to help keep children safe on the Internet:

—  "Good Practice Guidance for the Moderation of Interactive Services for Children"[17];

—  "Good Practice Guidance for Search Service Providers and Advice to the Public on How to Search Safely"[18];

—  "Guidance for Using Real Life Examples Involving Children or Young People"[19];

—  "thinkuknow.co.uk"[20] a website for young people full of information about staying safe online;

—  "Good Practice Models and Guidance for the Industry"[21], guidance on chat rooms, instant messaging and web-based services that encourages clear safety messages and advice, and user-friendly ways of reporting abuse.

  As well as attending meetings the Task Force, Ofcom contribute to the work of Sub Groups F (Child Protection Measures), G (Awareness) and the newly established International Co-operation subgroup.

—  Sub Group F—A working group has been looking at the safety issues for children caused by social networking sites and is close to finalising a good practice guidance document for both users and providers of such sites in the UK.

—  Sub Group G—There was further activity from the Home Office marketing campaign between September to November 2006 to support the roll-out of the Centre for Exploitation and Online Protection's (CEOP) thinkuknow schools programme. The online adverts have been particularly successful, and have been seen by over 5.5 million unique visitors. There are 2.9 million 11 to 14 year olds online. CEOP's education programme, entitled thinkuknow, was rolled out to Police Schools Liaison Officers and teachers beginning in September 2006. Thinkuknow is primarily aimed at secondary school children, aged 11 to 14.

—  A new International Co-operation Sub Group has been established and Ofcom contribute to its work. This new group met for the first time on 5 December 2006, and discussed the group's aims, objectives, work plan and membership.

Under Section 14 of the Act, Ofcom is obliged to conduct consumer research on a range of issues, including into the experiences of consumers in the markets for electronic communications services. What research has Ofcom conducted or commissioned, and what uses are the results of this research being put to?

Ofcom and Media Literacy

  Ofcom's definition of media literacy, developed after formal consultation with stakeholders, is `the ability to access, understand and create communications in a variety of contexts'. It is through its Media Literacy work programme that Ofcom is addressing the specific question raised by the Committee.

Research: Media Literacy Audit

  In order to gain an initial picture of the extent of media literacy across the UK, Ofcom commissioned an audit of how UK adults and children gain access to, understand and create communications, with a particular focus on electronic communications. In this context, access has a much wider definition than take-up or accessibility issues: it includes understanding of what each platform and device is capable of and how to use its functions; while understanding relates to how content (such as television and radio programmes, Internet websites, or mobile video and text services) is created, funded and regulated.

  Some of the elements of this audit—such as attitudes towards the provision of news, or knowledge of content regulation—apply to traditional analogue television and radio as well as their newer digital counterparts. But for the most part, this audit focuses on the four main digital media platforms—not only digital television and digital radio, but also the Internet and mobile phones—as these are the ones where there is most divergence between different groups within the UK in terms of understanding, take-up and usage.

  The key objectives of the audit were:

—  To provide a rich picture of the different elements of media literacy across the key platforms of TV, radio, the Internet and mobile phones (including some comparisons with other media such as the press and computer games);

—  To understand the extent to which there are relationships between the elements of media literacy—for example, is the level of an individual's competence in using the features available on a given platform related to how long they have owned the device and how often they use it? Are levels of concern about the platform related to ownership or usage levels?

—  To understand the extent to which there are relationships between the platforms—does interest in, or knowledge and usage of one platform impact upon interest in, or knowledge and usage of another?

  The findings of the Media Literacy Audit were published as a series of reports. They are:

—  Report on adult media literacy;

—  Report on media literacy amongst children;

—  Report on media literacy in the nations and regions;

—  Report on media literacy of disabled people;

—  Report on media literacy amongst older people;

—  Report on media literacy amongst adults from minority ethnic groups.

  The media Literacy reports are available on the Ofcom website.[22]

Research: The consumer experience of telecoms, Internet and broadcasting services

  In November 2006, Ofcom published research which evaluated the experience of UK consumers in telecoms, broadcasting and Internet markets. The research, entitled "The Consumer Experience", highlighted many benefits from increased competition and new technologies, such as falling prices, increased customer satisfaction and a greater range of services. However, it also revealed concerns over the growing potential for consumer harm as communications markets become more complex. The following is a summary of the research's main findings;

  Access:

—  fixed-line, 2G mobile, digital television and broadband Internet services are available to between 95%-100% of the UK population;

—  there has been a 55% growth in Internet users that have taken up broadband in the last 18 months;

—  only 25% of low income earners have Internet access at home, compared with 88% of high earners;

  Consumer empowerment:

—  Between 84% and 95% of those who have switched communications provider said it had been easy to switch;

—  Only 1 in 5 Internet users have ever switched provider, though more than half have changed their tariff or package;

  Consumer protection:

—  More than half of all complaints received by Ofcom in Q2 2006 were related to "tag on line", a problem encountered by an increasing amount of broadband subscribers;

—  61% of Internet users are concerned about issues such as paedophiles online, Internet security and offensive content.

What is Ofcom doing to develop public understanding of safe and secure behaviour online?

  Promoting media literacy and enabling consumers to make informed choices (extract from Ofcom's Annual Plan 2007-08):

"In 2007-08 Ofcom will place a much greater emphasis on media literacy, and on consumers' ability to make informed choices and obtain value for money. Taken together, these two areas will lead to people having improved communication capability.

By communication capability we mean the skills, knowledge and understanding that citizens and consumers need to benefit from communications services—to access and engage with content, be able to use communications services confidently and get the best deal in the marketplace.

We recognise that communication capability is dependent on having access to services that are easy to use. Ofcom also has a role in promoting access and inclusion.

During 2007-08 our work to promote media literacy will include raising people's awareness of, for example:

—  how to use tools, such as web browsers and electronic programme guides, in order to navigate safely and effectively; and

—  how to manage audio and visual content using information, such as content labelling and trust marks, and tools, such as parental controls, Internet filtering and firewalls.

We will also seek to improve people's understanding of: editorial and commercial agendas; the difference between reportage and advocacy; and the context in which content is supplied."

  Detail from this year's annual report of activity to DCMS:

Ofcom's Media Literacy programme is funded in part by a direct grant from DCMS, as opposed to the industry levies which provide the majority of its revenue. As part of its relationship with DCMS, Ofcom provides an annual report of activity, which is summarised below:

—  BSI Kite Mark (as above);

—  Safer Internet Day: Almost 40 countries took part in the fourth edition of Safer Internet Day (SID) which this year took place on 6 February. The campaign is organised by European Schoolnet, coordinator of Insafe, the European safer Internet network (www.saferInternet.org). Viviane Reding, EU Commissioner for the Information Society and Media is once again patron of Safer Internet Day. In the UK the event was organised by Internet Safety Content Agent (ISCA) Project run by the Cyberspace Research Unit, and Ofcom supported the event and contributed to a panel at a half day conference in London. The event focussed on the theme of `crossing borders' and included speakers from Ofcom, UCLAN, CEOP, charities, government, education and industry, including Vodafone and Microsoft;

—  BECTA: Ofcom is represented on Becta's Safe Use of the Internet Policy Group. Last year the group published `Safeguarding children in a digital world: Developing a strategic approach to e-safety'. This was presented to the Becta Board, DfES ministers and the Home Office for comment. Ofcom has hosted meetings of the group this year to ensure a co-ordinated approach between the major stakeholders;

—  Silver Surfers' Week 2006: In the run up to Silver Surfers' Week 2006 Ofcom in partnership with Digital Unite delivered training to volunteers recruited by event organisers to assist in the delivery of Silver Surfer sessions. By receiving training in teaching techniques and in the use of resources prepared for events these volunteers were equipped with the necessary skills to deliver on-going training during and beyond Silver Surfers' Week;

—  Silver Surfers' Day 2007: Ofcom has begun work with Digital Unite on the development of Silver Surfers' Day 2007. Silver Surfers' Day is the only established media literacy campaign focused entirely on those over 50. Media literacy is becoming increasingly important as digital exclusion is proven to be a core indicator of social exclusion. Older people, who have less opportunity to learn these skills at work or socially, need extra help to acquire them. SSD works by soliciting and empowering hundreds of agencies, public and private, to deliver `Silver Surfer events' through which they are able to engage with tens of thousands of individuals at a local level and on a national scale.

—  Website: The media literacy section includes relevant Ofcom publications, details of forthcoming media literacy events and reports from past activity as well as links to a wide range of external media literacy resources including guides on the safe use of the Internet. It is regularly updated as and when new resources are available;

—  eBulletin: Four issues of the Ofcom media literacy bulletin[23] were published in June, September, December and February 2006-07. The bulletin keeps stakeholders informed of developments across the field of media literacy.

Ofcom's enforcement relationship with the Information Commissioner's Office

Areas of common enforcement responsibility

  Ofcom and the Information Commissioner's Office (ICO) have discrete and concurrent powers to enforce the Privacy and Electronic Communications Regulations (PECR). The Regulations include the use of automated calling systems, the transmission of recorded messages that contain direct marketing material and compliance with the Telephone and Fax Preference Services.

Enforcement powers

  The ICO has primary responsibility for enforcing PECR using its enforcement powers under Part V and Schedules 6 and 9 of the Data Protection Act 1998. Ofcom also has discrete enforcement powers under the Persistent Misuse provisions (ss 128-130) of the Communications Act 2003.[24] Additionally, both Ofcom and the ICO share concurrent powers as Designated Enforcers of PECR under Part 8 of the Enterprise Act 2002.

Enforcement principles and how we decide which regulator takes action

  Given our concurrent powers, we have agreed how we will work together in enforcing PECR—we intend to publish a letter of understanding shortly, which sets out the basis of our collaboration.

  The following non-exhaustive principles inform our enforcement action in general and which organisation is best placed to investigate issues of suspected non compliance in particular:

  General principles:

—  Efficiency: Enforcement needs to be quick and effective and should send out a signal that we consider certain behaviour to be unacceptable;

—  Co-operation: It is important to work together closely and act in a joined-up way, to ensure that stakeholders have sufficient clarity about our respective roles; and

—  Proportionality: Enforcement needs to be proportionate to the risk.

  Deciding which regulator takes action

—  Special interest: There are areas where Ofcom or the ICO will have specialist experience and might generally be expected to take the lead. Examples might include where the issue of privacy is foremost and the ICO would be expected to take the lead. In contrast, if an investigation would benefit from technical knowledge of the communications sector, Ofcom might be best placed to take action;

—  Clarity: We consider whether the issue raises a particularly novel question (for example, the meaning of a definition in the Regulations or the need to clarify whether a particular practice is permissible or not) which could have bearing on the legal instrument adopted; and

—  Resources: We take into account the resources available to our respective organisations at any particular time.

  We believe that such an understanding supports appropriate enforcement, providing clarity on the roles of the two organisations and playing to the expertise of both.

Day to day liaison

  Ofcom and the ICO keep each other informed on a regular basis about suspected non-compliant behaviour that is causing concern. In addition to informal contact, we also meet at quarterly intervals to discuss enforcement activity.

Recent enforcement activity

  The ICO recently undertook enforcement action in relation to compliance with the Telephone Preference Service.[25]

  Ofcom also recently imposed a financial penalty of £10,000 on 1RT under section 130 of the Communications Act 2003 (penalties for the persistent misuse of a communications network or service) in relation to their sending faxes containing marketing material to telephone numbers registered with the Fax Preference Service without consent.[26]

Is Ofcom acting on potential security network breaches?

  One of the key points about IP technology is it is increasingly available to the end user to determine what their own level of security should be because it allows greater specification at the application rather than transmission layer. It would be particularly expensive to expect Communications Providers (CPs) to provide a very high level of network security which in all but a very few instances would not be called upon. In these instances as they would most probably be criminal in intent, they would properly be dealt with under existing criminal law. From Ofcom's point of view the General Authorisation Regime, introduced in July 2003 to replace the system of telecommunications licences, regulates how Communications Providers (CPs) should provide Electronic Communications Services (ECS) and/or Electronic Communications Networks (ECN).

  Under this regime there are a number of General Conditions (GC) which providers of ECS/ECN must abide by. The majority of these GCs cover consumer protection in terms of their contractual relationship with the CP and their access to certain services, however two GCs in particular also deal with technical aspects. GC2 requires a CP to conform with appropriate standards for the purpose of ensuring the viability of interconnection and end-to-end interoperability. GC3 requires a CP who provides a Public Telephone Network (PTN) or Publicly Available Telephone Services (PATS) to ensure the proper and effective functioning of the network. However, neither of these GCs specifically require a CP to protect the confidentiality of the information it carries across its ECS or ECN, nor to secure the network against external interference. Nevertheless, it is clearly commercial good practice to do so as the risk to any CP's business of not doing so is obviously very high through a loss of confidence in it as a responsible CP.

  Ofcom would be concerned if any CP, particularly a provider of a PTN or PATS, took an irresponsible approach to maintaining the integrity of its customers' data and the network but ultimately the choice of the level of security to apply to one's data is a choice for the end user which is why some consumers choose to apply their own security at the application layer rather than relying on the network to maintain security and integrity. Some CPs may also offer products which provide contractual security and/or integrity guarantees.

  Most CPs, for the reasons stated above, will take significant steps to protect their network against intrusion but there is clearly a risk of interference which with such a widely distributed asset as an ECN is very difficult to completely mitigate. It is not possible to detect all attempts to interfere with the network and there is always a risk that an intruder could go undetected and gain access to user data, eg by tapping the line between the end user and the exchange, and it would be unreasonable for a CP to regularly check the entirety of all of its physical and software assets for unauthorised access. Indeed such monitoring would be extremely costly, the cost of which would need to be recovered from consumers. It is therefore sensible for consumers never to assume that the network is entirely secure and to implement their own security measures.

Regulation of Voice over IP services (VoIP)

  In March 2007, Ofcom published a new regulatory code for Voice over Internet Protocol (VoIP) service providers to ensure that consumers have access to important information about the capabilities of their service.

  Following public consultation in 2006, Ofcom has decided to put in place measures to ensure that consumers have access to information which helps them make informed purchasing decisions. The new code of practice requires VoIP providers to make clear:

—  whether or not the service includes access to emergency services;

—  the extent to which the service depends on the user's home power supply;

—  whether directory assistance, directory listings, access to the operator or the itemisation of calls are available; and

—  whether consumers will be able to keep their telephone number if they choose to switch providers at a later date.

  If consumers choose to take up a service that does not offer access to emergency services or which depends on an external power supply, the code also requires VoIP providers to:

—  secure the customer's positive acknowledgement of this at point of sale (by ticking a box, for example);

—  label the capability of the service, either in the form of a physical label for equipment or via information on the computer screen; and

—  play an announcement each time a call to emergency services is attempted, reminding the caller that access is unavailable.

  As usage in the UK continues to grow, and the market develops further, Ofcom will continue to review and develop its approach to regulation to ensure that consumers gain the full benefits of VoIP services.

  A number of respondents to Ofcom's consultation expressed concern that a lack of access to emergency services via VoIP services might result in consumer detriment. For that reason, Ofcom intends to consult later this year on whether, and if so how, certain VoIP services might be required to offer access to emergency services.

11 April 2007

18   http://police.homeoffice.gov.uk/news-and-publications/publication/operational-policing/search-and-advice- public.pdf Back

19   http://police.homeoffice.gov.uk/news-and-publications/publication/operational-policing/RealLifeExamples.pdf Back

20   http://www.thinkuknow.co.uk/ Back

21   http://police.homeoffice.gov.uk/news-and-publications/publication/operational-policing/ho-model.pdf Back

22   http://www.ofcom.org.uk/advice/media-literacy/medlitpub/medlitpubrss/ Back

23   http://www.ofcom.org.uk/advice/media-literacy/medlitpub/bulletins/ Back

24   Ofcom can take action under the Persistent Misuse provisions where it has reasonable grounds for believing that a person has persistently misused an electronic communications network or service in any way that causes-or is likely to cause-unnecessary annoyance, inconvenience or anxiety. Back

25   http://www.ico.gov.uk/upload/documents/pressreleases/2006/en-6-dec-06.pdf Back

26   www.ofcom.org.uk/bulletins/comp-bull-index/comp-bull-ccases/closed-all/cw-891 Back