SCOTTISH Borders Council employees have been found trying to access pornographic, gambling and extremist websites over the past year, with the local authority admitting its monitoring system is powerless to bring about disciplinary action.
A freedom of information request shows that between March 2018 and April 2019, Scottish Borders Council employees tried to access numerous illicit websites and social media platforms while using council computers.
The council’s IT provider, Canadian firm CGI, categorises these websites according to the council’s user policy.
The categories employees have been trying to access include: gambling; adult content; malicious websites; online brokerage and trading; hacking material; weapons; sex; illegal or questionable; games; violence; adult material; and drugs.
Council employees have also tried to access material relating to nudity, extremism, and a category called ‘lingerie and swimsuit’.
One of the most requested categories, however, is social media, with Facebook, Twitter and web chats accounting for a large proportion of blocked attempts.
However, the council has admitted it can only see the number of HTTP requests it has blocked, and does not investigate individual users without first being tipped off by a fellow colleague or a manager.
This has led to no disciplinary action being brought against an employee for their internet usage over the last three years, despite numerous attempts to access adult, gambling, and pornographic websites.
A HTTP request is the protocol that your internet browser, such as Internet Explorer of Google Chrome, uses to transfer data such as text and images between a web server and your computer.
This can happen over a hundred times with every mouse click, and as Scottish Borders Council only monitors HTTP requests it cannot see how many employees have tried to access these blocked websites, or narrow it down to individual users.
When asked for the number of attempts to access these websites by users, rather than HTTP requests, the council refused, saying to access that information would be too costly and time consuming.
Outlining the reason for refusing this request, Brian Frater, Scottish Borders Council’s director for regulatory services, said that the council only check a user’s web traffic if there is tip-off: “The council is unable to identify how many times an individual council employee has been blocked from websites without retrieving all web traffic for that user.
“The process is time consuming as it not only involves retrieving the raw data for the individual, this raw data would have to be reviewed by a trained member of staff.
“The council would only request a review of an individual users’ web traffic if there are reasonable grounds for suspicion.
“The would usually be in the form of a complaint by a colleague or the manager of the individual concerned.”
A Scottish Borders Council spokesperson said: “All staff are blocked from accessing inappropriate content.
“The council uses an industry leading web filtering service which provides content scanning and website classification to protect its network computers and staff from malicious web content.
“The categories and classification of each website are determined by the web filtering service.
“We have this in place to protect our employees, protect against common forms of cyber-attack including email phishing or dummy websites and remain compliant with current national legislation.
“The figures provided in the freedom of information response do not correlate with the number of times an employee has tried to access a blocked website due to a number of factors.
“These include the fact that a single click can trigger the web filtering service to record 100 or more hits.
“In addition, an embedded advert on a website which the employee does not even click can be counted, while the software can sometimes also pick up on other adverts or content which is entirely innocent but may have a tenuous link with inappropriate content.
“Scottish Borders Council has in place robust information security policies and ensure that our staff undergo annual training in the safe use of the internet as well as understanding their responsibilities as employees of the council.
“If an employee is found to be attempting to access an inappropriate site, the case would be reviewed according to its individual circumstances, and appropriate action taken, which may include disciplinary action.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here