Brian Pennington

A blog about Cyber Security & Compliance


Internet service provider

UK Government’s update on its activities to protect children on the Internet

Earlier this month the UK Government provided an update to their activities around protecting children on the Internet.

The update paper follows on from the June 2012 announcement of a consultation seeking views on three broad options for protecting children:

  • “Default-on” or “opt-in” – where people’s home Internet Service Provider (or each internet-enabled device) blocks harmful content automatically before any customer buys it. Parents can later choose to adjust or remove the blocks
  • “Active choice” – where customers are always presented with a choice about whether or not they want filters and blocks installed on their home internet service and/or each internet-enabled device they are buying
  • “Active choice plus” – where customers are presented with a list of online content that will be blocked automatically unless they choose to unblock them

A large majority of respondents, including parents, did not like any of the above options. The Government said its policy would therefore develop so that it:

  • actively helps parents to make sure they have appropriate safety features in place when their children access the internet and encourages them to think about issues such as grooming, bullying and sexting as well as potentially harmful or inappropriate content
  • existing ISP customers as well as new ones
  • makes it easier for parents to take charge of setting up the internet access their children will have, and less likely that they will abdicate this responsibility to their children

According to an August 2011 report by the Childhood Wellbeing Research Centre

  • 99% of children aged 12-15 now use the internet
  • 93% of 8-11 year olds
  • 75% of 5-7 year olds

This routine use of the internet by children has led to concern about the potential dangers they face, particularly about access to pornography, online bullying, ‘sexting’, and the use of social networking sites to sexually solicit children.

In her March 2008 report “Safer children in a digital world”, Tanya Byron identified three strategic objectives for child safety on the internet:

  • reducing the availability of harmful and inappropriate material in the most popular part of the internet
  • restricting children’s access to harmful and inappropriate material
  • building children’s resilience to the material to which they may be exposed so that they have the confidence and skills to navigate the online world more safely

Professor Byron highlighted the key role of parents in managing children’s access to harmful material:

There is a range of technical tools that can help parents do this (e.g. safe search), but they only work effectively if users understand them.

So restricting children’s access to harmful and inappropriate material is not just a question of what industry can do to protect children (e.g. by developing better parental control software), but also of what parents can do to protect children (e.g. by setting up parental control software properly) and what children can do to protect themselves (e.g. by not giving out their contact details online)

The report recommended the creation of a UK Council on Child Internet Safety to lead the development of a strategy with two core elements:

  • better regulation, in the form, wherever possible, of voluntary codes of practice that industry can sign up to
  • better information and education, where the role of government, law enforcement, schools and children’s services will be key.

The UK Council on Child Internet Safety (UKCCIS) was launched in September 2008. It is chaired by Ministers from the Department for Education and Home Office and brings together organisations from government, industry, law enforcement, charities and parenting groups.

A March 2010 progress report, also by Professor Byron, “Do we have safer children in a digital world”, reviewed the work of UKCCIS and, amongst other things, said that future work should “promote the availability and use of parental controls”.

An Independent parliamentary inquiry into online child protection (April 2012), chaired by Claire Perry, noted that

while parents should be responsible for monitoring their children’s internet safety, in practice this is not happening”.10 The report went on to recommend that the Government “should launch a formal consultation on the introduction of an Opt-In content filtering system for all internet accounts in the UK” as well as seeking “backstop legal powers to intervene should the ISPs fail to implement an appropriate solution

On 28 June 2012 a Department for Education (DfE) press release announced details of a ten week consultation on whether automatic online blocks should be introduced to protect children from adult and harmful websites:

The discussion paper asks for views on three broad options for the best approach in keeping children safest online, in a rapidly changing digital industry:

  • A system, known as default-on or opt-in, where people’s home Internet Service Provider or each internet-enabled device (laptop and desktop computers; mobile phones; tablets and television) blocks harmful content automatically before any customer purchases it. They can later choose to adjust or remove the blocks if parents want to access the blocked websites.
  • A system where customers are always presented with an unavoidable choice about whether or not they want filters and blocks installed either on their home internet service and/or each internet enabled device they are buying, an approach known as “active choice”. This applies at either the ‘point of purchase’, either online, telephone or over the counter or when a customer first switches on a new device or internet subscription.
  • A system that combines features of both systems, where customers are presented with a list of online content that will be blocked automatically unless they choose to unblock them, or active choice plus.

It follows work over the last year led by Government working with UKCCIS members to strengthen practical steps to improve child internet safety, following last year’s independent Letting Children Be Children report by Reg Bailey, Chief Executive of Mothers’ Union.

The Bailey report argued that parents are best placed to manage what their children’s access online, but while many want to take control, all too often they do not know how.

Progress to date includes:

  • All four main internet service providers BT, TalkTalk, Virgin Media and Sky signing up to the first ever code of practice last October, to give all new customers an active choice of whether or not to apply controls and filters to block harmful content – with the aim that eventually it would be extended to all existing customers as the norm, as TalkTalk has with its free HomeSafe service.
  • Ongoing work with major laptop and hardware manufacturers to sell new products with active choice prompts at first switch-on. UKCCIS has also been working with mobile phone manufacturers and public wifi providers to block access to adult material in public places – for instance Virgin Media’s forthcoming service on the London Underground network and O2’s wifi links in McDonalds restaurants.
  • Major high street retailers such as Tesco, John Lewis, Dixons and PC World piloting or introducing new schemes so staff ask all customers if they want parental controls activating, when they buy new products.

The Government’s response was published on 17 December 2012 and noted that there were 3,509 responses, 69% of these were from members of the public and 22% from parents.

The key findings were as follows:

  • Respondents very clearly said that children’s online safety is the responsibility of parents or a shared responsibility between parents and businesses. A majority of parents think that it is their responsibility solely, and parents are more likely than other groups (with the exception of VCS organisations) to think it is a shared responsibility with business.
  • A large majority of respondents, including parents, said that they did not like any of the three options for parental controls the consultation invited responses on. There was marginally more support for default filtering at network level (14% of respondents) than for the other options, parents choosing controls (9% of respondents) and a combination of default filtering and parental choice (7% of respondents).
  • Parents also recognise that their children are more likely to be worried by other people’s behaviour on the internet, such as bullying, than by inappropriate content.
  • Pornography is the issue that parents are most likely to say they want help with to protect their children online, with bullying, violent content and grooming other key concerns. However, nearly a quarter of parents say they do not need help with any of the issues the consultation asked them about.
  • Parents say they would like to be made more aware of parental controls and to have more information about how to use them.

The Government’s response to these findings began by noting that, to date, its “approach has been based on expert advice that default filtering can create a false sense of security since:

  • It does not filter all potentially harmful content: given the vast amount of material on the internet, it would not be possible to identify all the possible content to be filtered, and very large numbers of websites are created each day.
  • There is also a risk from “over-blocking”, preventing access to websites which provide helpful information on sexual health or sexual identity, issues which young people may want information on but find difficult to talk to their parents about.
  • It does not deal with harms such as bullying, personal abuse, grooming or sexual exploitation which arise from the behaviour of other internet users.
  • It does not encourage parents to engage with the issues and learn about keeping their children safe online. There is a risk that parents might rely on default filtering to protect their children from all potential online harms and not think about how their children might want to use the internet, the kind of content that is appropriate for each child according to their own circumstances, and the risks and harms their children might face.

The UK Government has therefore been working with all parts of the information and communication industries through UKCCIS to promote the approach recommended by Reg Bailey, “that the internet industry should ensure that customers must make an active choice over what sort of content they want to allow their children to access those providing content which is age restricted, whether by law or company policy, should seek robust means of age verification as well as making it easy for parents to block underage access.”

Although little consensus emerged from the findings, there were “clear messages” suggesting the way in which policy could “evolve”, supporting parents in their desire to be responsible for their children’s safety and making it easier for parents to choose what is right for their own children. The Government’s approach would therefore develop so that it:

  • actively helps parents to make sure they have appropriate safety features in place when their children access the internet and also encourages them to think about issues such as grooming, bullying and sexting as well as potentially harmful or inappropriate content
  • covers existing ISP customers as well as new ones
  • prompts or steers parents towards those safety features
  • makes it easier for parents to take charge of setting up the internet access their children will have, and less likely that they will abdicate this responsibility to their children

The UK Government is now asking all internet service providers to actively encourage people to switch on parental controls if children are in the household and will be using the internet. This approach should help parents make use of the available safety features without affecting internet users aged 18 and over who can choose not to set up controls.

Internet service providers have made great progress to date in implementing “active choice” controls where all new customers are asked if they want to switch on parental controls. The Government is urging providers to go one step further and configure their systems to actively encourage parents, whether they are new or existing customers, to switch on parental controls. The Government believes providers should automatically prompt parents to tailor filters to suit their child’s needs e.g. by preventing access to harmful and inappropriate content. We also expect ISPs to put in place appropriate measures to check that the person setting up the parental controls is over the age of 18.

All of the information and communication industries, including retailers and device manufacturers, should work to develop universally available family friendly internet access which is easy to use. The Government wants to see all internet-enabled devices supplied with the tools to keep children safe as a standard feature.

The response said that the Government would work with industry, charities and relevant experts, through UKCCIS, to develop the approach set out above. UKCCIS would also look at what more can be done to:

  • define which children are most likely to be vulnerable online.
  • improve online protections for the more vulnerable children, including making it
  • easier for parents and carers to find out what kinds of controls can allow these children to use the internet safely and how children in families where their safety is a low priority can be helped to have positive experiences of the internet;
  • define inappropriate content and improve the means for identifying it online, starting with an exploration of “community regulation”
  • establish clear, simple benchmarks and classifications for parental control solutions, so that parents can more easily understand what those tools will help them with and how various products compare; and encourage a deeper understanding of the reasons why parental controls are not taken up by more parents.

Claire Perry, who chaired the independent parliamentary inquiry into online child protection, expressed disappointment that an ‘opt-in’ option had been ruled out but said that:

this was not the preferred choice of those responding to the Consultation and it is right that government policy is based on the responses that are received to Consultations”

However, the all-important issue of getting Internet Service Providers to do more to verify the age of the person setting up any form of filter or control has clearly been highlighted and I am really pleased that UKCCIS has been tasked with sorting out age verification procedures, working with the ISPs we will end up with age verification and active filters that will mean Britain will lead the world in keeping young people safe online

The Internet Service Providers’ Association (ISPA) welcomed the Government’s position:

Online safety is a shared responsibility between parents and the wider industry, including ISPs, manufacturers and retailers, via providing easy to use tools, advice and information

In a written parliamentary response of 25 April 2013, Edward Timpson, Minister for Children and Families in the Department for Education, said that the Government was “challenging the internet industries” to meet the requests set out in the Government’s response and through a series of separate project groups, ISPs, public Wi-Fi providers and device manufacturers are regularly reporting to the UKCCIS Executive Board on their commitments to put in place systems to reduce children’s access to harmful internet content.

On 23 April 2013, the Telegraph reported that the Prime Minister is to announce a Government backed code of conduct which will mean that access to pornography is blocked on Wi-Fi in public spaces:

Mr Cameron said that he wanted

good, clean Wi-Fi in public spaces which would give parents confidence that their children cannot access illicit websites on smart phones or mobile computers.

We are promoting good, clean, Wi-Fi in local cafes and elsewhere to make sure that people have confidence in public Wi-Fi systems so that they are not going to see things they shouldn’t

His intervention comes after a long-running campaign from children’s charities to ensure a blanket ban on unacceptable sites on public Wi-Fi networks.

The Children’s Charities Coalition on Internet Safety wrote to BT, the country’s biggest internet provider, last month demanding urgent action.

Talks have been taking place for months between internet service providers and government officials over the new deal. It is not clear whether the internet firms will automatically impose the restrictions on access or whether it will be the duty of shops and other public areas used by children to bar adult content.


Mobile phone users are not concerned with security until there is a breach and then they blame their provider

Crossbeam Systems have released research into Mobile Phone user’s opinions on security. 

The most revealing finding was that compromised security, rather than high monthly fees, would be the biggest reason for UK smartphone users to change mobile network providers. 

The independent blind survey of 1,076 UK adult smartphone users and bill payers examined: –

  • usage habits
  • the importance of mobile security and data services
  • purchasing considerations
  • what would motivate them to switch providers

A summary of the survey results are below:-

  • 75.6% of those surveyed would change mobile providers if their current, operator-supplied smartphone was compromised by hackers, malware or other security failure
  • 79% of 648 women surveyed stating they would change networks if their smartphone fell victim to a security issue.
  • 70% of 428 men surveyed would also change networks following a security incident
  • 56% of global respondents don’t know if their mobile network provider has measures in place to secure their smartphone
  • 35.7% of respondents were aware that their smartphone contained applications that stored or had access to financial information such as PayPal, retail apps with saved card payment information and mobile banking apps, and that third parties accessing these would be a concern
  • 52.9% would be scare of other people having “Access to my personal information, such as passwords and credit card details”
  • 5.8% said a lack of security would drive them away from their current network provider

If your smartphone was hacked by a criminal whose fault would it be?

  • 37.5% My mobile network provider (Vodafone, O2 etc.)
  • 31.6% Mine
  • 17.9% My smartphone manufacturer (Apple, Samsung, HTC, etc.)
  • 12.9% Other please specify

Smartphone users, like most people, don’t think about the security of their devices until they’ve been hacked. This may be misleading mobile network operators to focus less of their attention on customer security and underestimate the risk it creates said Peter Doggart of Crossbeam

The good news is 53 percent of global respondents expressed a willingness to pay their network provider additional fees to help improve security.

Create a free website or blog at

Up ↑

%d bloggers like this: