Access to restricted materials
Access to restricted materials
Some individuals may require access to information which could be construed as illegal, raise suspicion of criminality or potentially be in breach of the Regulations Relating to the Use of Information Technology Facilities. The University recognises the importance of research into these areas but also acknowledges the risks involved in accessing such material. To facilitate access to the required resources without exposing individuals to unnecessary risk the University has implemented a Code of Conduct for access to restricted materials. This process is designed to aid and protect researchers accessing such material by adhering to this code and notifying us of the intention to access such materials relevant so that support can be provided, and access can be logged.
Code of Conduct for access to restricted materials
This Code of Conduct applies to access to materials that could be construed as illegal or raise suspicion of criminality by the police or security forces. the University has developed Guidance on accessing restricted materials providing more detail on the types of material that fall under this code. The guidance also sets out the level of authorisation that is required to access such materials for academic purposes.
This is a difficult area because any guidance is an attempt to anticipate the methods of police / MI5 and other enforcement authorities. The law is quite strict, and the very fact of possessing or disseminating restricted material may be enough to warrant an investigation by the police, and a member of staff or student would be put in the position of having to advance a credible defence. If there is a clear link between learning outcomes and any information downloaded / disseminated, then the police may be reluctant to pursue the matter, though this cannot be guaranteed. Following this code and completing an Access to Restricted Materials Request Form will evidence that appropriate review and approval for such access has been sought.
A short summary of the potential offences that apply in this context is given, along with the steps that staff and students may take to minimise the potential for incurring criminal liability.
Offences relating to collecting and disseminating terrorist-related information are drafted quite widely. Gaining access to sites is not usually an offence but storing / possessing and transmitting / distributing the information may amount to an offence, as is using the information to encourage acts of terrorism. Some of the offences require a particular mental state (e.g. an intention to encourage terrorism, or recklessness as to the effects of one’s conduct in distributing terrorist material) or provide a defence of reasonable excuse. The following examples of specific offences may serve as a useful guide to the steps that University staff and students might take.
It is an offence to:
collect or make a record of information of a kind likely to be useful to a person committing or preparing an act of terrorism; or
to possess a document or record (including a photographic or electronic record) containing information of that kind (i.e. any document that would provide practical assistance to a person committing or preparing for an act of terrorism e.g. an Al Qaeda training manual).
It is a defence for the person charged to prove that he / she had a reasonable excuse. Consequently, a member of staff or a student will have a defence if they can show that keeping the record was required for the purpose of pursuing the particular academic course or research and for no other more ambiguous purposes. The ease with which this can be proved will depend on the clarity with which the research or the course and its training objectives have been drafted. It is important therefore to identify the sites that provide a useful learning tool and ensure that the research is limited to these sites. Clear guidelines should also be given on retaining the record, specificallywhether it is necessary to keep a record for the purposes of achieving the research or learning outcomes (e.g. is it necessary for completing coursework?). Clear guidelines should also be provided on destroying the record once it is no longer required.
A person commits an offence of disseminating terrorist publications if he / she distributes, circulates, transmits electronically, sells / loans / gives a terrorist publication, provides a service to enable others to obtain a terrorist publication or has in his / her possession a terrorist publication with the intention of transmitting, etc, it.
However, for the offence to be committed, the individual must have the intention to encourage or induce others, directly or indirectly, or to help others to commit or to prepare for acts of terrorism.
A terrorist publication includes electronic publications and is any matter that may be understood by the recipients as providing encouragement or inducement to commit or prepare for terrorist acts and which is understood by the recipients to be made available to them wholly or mainly for the purposes of being so useful to them.
Such publications disseminated for the purposes of a clearly defined research project or academic programme should not amount to an offence because the requisite intention is unlikely to be present. However, it is worth exercising caution by making the purposes of the research or course clear and prohibiting further dissemination of these publications by staff or students.
Through its Information Security team, the University should contact the JANET security team (JANET CSIRT) to inform them that the relevant research / course is being run and that staff and / or students will gain access to terrorist and other controversial websites during this work. Since courses such as this are provided in other universities, and to some extent analysing terrorist materials is also a genuine academic pursuit, this will not be uncharted territory for JANET. However, unless the notification is provided, the activities may be construed as a breach of the JANET Acceptable Use Policy (www.ja.net/company/policies/aup.html), though specific provision is not made for terrorist sites.
Clearly GCHQ will not disclose its procedures for monitoring use of websites and it is therefore difficult to advise specifically on how to avoid any scrutiny they may undertake.
Before undertaking teaching or research that may involve accessing terrorist materials, staff and students must agree to comply with the following requirements:
- Have a defined process for immediate termination of the work if requested by the relevant authorities
- Follow recommendations of the relevant police and investigative authorities on how to proceed
- Clearly define the research / course content and outcomes, and ensure the websites visited are those necessary to fulfil these purposes
- Ensure the minimum amount of terrorist information is downloaded, printed, copied, disseminated and retained
- Follow the University guidance on retaining a record of the content of terrorist websites, given the potential offence relating to simply possessing such material
- Ensure that no record is kept if it is not necessary to achieve the research or learning outcomes, and ensure that the record is securely destroyed (by staff and students) once no longer necessary for the purposes of achieving the legitimate learning outcomes
- Treat all potentially sensitive information with the same level of security as defined for confidential information in the current version of the University’s Policy.
- Designate a senior member of academic staff to oversee this element of the relevant research or course
- Strictly limit the staff or students who download the relevant material to those who have permission from the Designated Authority
- Where possible, limit the staff or students who download the relevant material to those who have a recognised expertise in the area
- Tutors / supervisors should advise and support students or those without expertise in the area
- Liaise with other universities that offer similar courses or are engaged in similar research
- Provide the University’s Information Security team with the following, at least one calendar month in advance of work commencing:
- Information about the nature and content of the relevant research or courses and any proposed use of controversial or potentially illegal websites; this may be covered by an electronic copy of the research proposal or course prospectus, and any other relevant information that would illustrate the need to download and (if absolutely necessary) to retain the material in question.
- A completed Access to Restricted Materials Request Form along with a copy of the relevant Ethics Certificate; the form will be counter-signed and returned to indicate that notification has been received.