Internet Watch Foundation

Author: Tony Fagelman                                                       Date: 20^th July 2004

 

Following feedback from the fund list and discussion at Funding Council it may be helpful to clarify what we mean by the term ‘list’ and the security measures taken to preserve the integrity of the ‘list’

 

Although reference is made to a ‘list’, it is in fact the potentially illegal child abuse URLs stored in the IWF database. It is not a hard copy list of potentially illegal URLs to pass around. Information from the database is exchanged electronically, in a secure and encrypted form.

 

To gain access to the ‘database of child abuse URLs’ any current recipient must be a member of the IWF. The service is free of charge to members and subject to a legally binding contract on its use.

 

Once a request to access the database is received the IWF sets up a secure unique access point through our web-site. Each client is allocated their own specific URL login page with unique password. The system authenticates the client then opens a secure link to generate a request to the CAI database. This in turn passes the data to the web-site and then to the client. At no time does a client have direct access to the database.

 

Data can be transferred to the client either manually, i.e. the client requests a full six month dump, or an up-date, since their last request. The system acts like an anti-virus service, the client can request regular updates or they can refresh their entire list. If the client has an automatic update arrangement the system knows what to deliver when a request is made.

 

The data is downloaded using industry standard 128bit encryption using SSL and HTPPS, similar to the method personal online banking services are managed.

 

The download is made up of six months of current data. Data is removed automatically when it is more than six months old. The IWF adds approximately eighty new URL’s to the list weekly. The system also has a built in reminder system, so that random URL’s are tested after three months inclusion to consider their status.

 

The IWF also maintains an area of “removed” URL’s. These are URL’s that would be considered as containing potentially illegal data, but might have become “legal”. It should be noted, that there are no URL’s on this list and there never have been

 

Finally, the IWF have a strict complaints and appeals procedure. Any organisation that feels that they have been included on the list incorrectly, can appeal. If an appeal is dismissed by the IWF then there is one further avenue of appeal i.e. to a POLIT police officer.