A practical guide Ensuring the safety of

children in cyberspace
Logica is a leading IT and business services company, employing 39,000 people across 36
countries. It provides business consulting, systems integration, and IT and business process
outsourcing services. Logica works closely with its customers to release their potential -
enabling change that increases their efficiency, accelerates growth and manages risk. It applies
its deep industry knowledge, technical excellence and global delivery expertise to help its
customers build leadership positions in their markets. Logica is listed on both the London Stock
Exchange and Euronext (Amsterdam) (LSE: LOG; Euronext: LOG). More information is available
at www.logica.com.

This document is for general information purposes only and is subject to change without notice.
 Ensuring the safety of children in cyberspace 01
Contents
02 Introduction

03 Where is information held?

03 How do children use the internet?

05 What are the risks?

06 What can be done to protect children?

Introduction For many children, the Internet is part of their everyday lives. They access it at home
and at school via computers, through their smart mobile phones and in the uncontrolled
environments of cybercafes and friends’ houses.

In addition to the information that children freely give about themselves to the online
world without our knowledge, as parents we are often required to divulge sensitive
information about our children to governmental departments and commercial
organisations.

The purpose of this guide is to discuss these issues and to make suggestions as to how
our children can be better protected when spending time online. We’ll discuss the types
of information held; the threats and risks associated with the information; and how the
State, commercial organisations and parents should work together to provide the
protection our children need.

Recently, the largest growth area for children’s information to be divulged, and made
available to the general public, is through social networking web sites. These include
such well known sites as myspace.com, youtube.com and facebook.com. There are
many, many others. In the context of these web sites, members are invited to upload
information about themselves and make this available, either to anyone who chooses to
access the information, or to a limited group of ‘friends’ that your child may have never
met. Although the initial set of friends allowed to see the information would normally
include those people that they know In Real Life (IRL), they are also allowed to add in
others from friends they already trust. This is fine, providing everyone only adds in
people that they really do know. A recent survey, undertaken for the BBC, showed that
15% of children hadn’t met all of the friends that they had allowed to access their private
information.

This is exactly what predators rely upon; the innocence of children to the fact that
people may actually lie to them when online, coupled with the kudos of having so many
online friends.

The other concern, highlighted by the loss of child benefit information in 2007, is that
those responsible for keeping information secure, do not always do what they are
supposed to do. No matter how secure and strict a system might appear to be, the
moment humans are allowed to make decisions, the risks of unauthorised disclosure

“
increase.

A recent survey, undertaken for the BBC, showed that 15% of

”
children hadn’t met all of the friends that they had allowed to
access their private information
 Ensuring the safety of children in cyberspace 03
Where is information held? Information is held in three main places:

1. Governmental and commercial organisations that parents are aware of (holding data
such as child benefit details and pre-school nursery records)
2. Other online information that parents are aware of
3. Online information that parents are unaware of. This, you would think, is the area for
most concern.

From the moment you are born, the government starts to keep records about you. Your
birth will be recorded at the hospital where you are born and your lifetime of medical
records will also be started. Soon afterwards, your parents will register the birth. When
mother and baby go home, health records will first become available outside of the
hospital environment as community nurses and midwives provide their services. You
register the birth to allow the payment of child benefit and, depending on your
circumstances; you may also inform the local council to allow for further progressing up
the list for publicly provided housing.

Already a wealth of information about your child is now out of your hands, and entrusted
to the various departments within the government. Likewise, you start to divulge
information about the birth to commercial organisations. Many companies will see you
as a future buyer of their products. To entice you in, they will ask you to provide details
of your new baby to allow ‘welcome gifts’ to be provided. These are often in the form of
gift vouchers which are sent to your home address. As can be seen, the amount of
information that you have already provided about yourself and your children to a wide
range of organisations, can be massive.

How do children use the Once your children start accessing the Internet themselves, then more happens. One of
internet? the first things that they will want, will be an e-mail address so that they can
communicate with their friends. This is not unreasonable. However, it might be sensible
to allow them only a single account where the e-mail address does not give away too
much about the child and then to allow them only one e-mail address on a reputable
supplier. This, typically, means that the e-mail address will be through your ISP rather
than a free service paid for by adverts where your information may be further passed on.

At this point, information about your children can then start to be made available far and
wide. Even if they haven’t sent an e-mail to a third party, it can be forwarded on without
your child’s knowledge, in particular many of the ‘round-robin’ e-mails will contain the
email addresses of many, many children in the chain. It is worth discouraging the
forwarding of such messages as they may be disseminated to a vast audience.

Also, they are likely to want access to the web to play games and access information
relating to things that are relevant to their age. They may need to register on web sites
to allow this to happen and, almost certainly, cookies about their online behaviour will be
used to track their interests and, potentially, their movements.
As your children get older, then they will (almost certainly) start to access the Internet at
school and at the homes of their friends. The school should, already, have a set of
protective measures in place including filters to prevent accidental access to
unacceptable web sites. The friend’s parents might not be so well informed about the
risks as you are. The problem now comes that your children provide information via chat
web sites or through instant messaging. There is little, if no, control about the content
that they can provide nor, once the information has been made public, of recalling it
since it may be republished on may sites without permission.

The natural curiosity of children will also become a factor in the types of web sites that
they start to explore. It is only a small step from exploring a favourite television
programme, such as ‘Buffy the Vampire Slayer’ to starting to investigate unacceptable
occult sites.

Also, although this is rarer, some very technically aware teenagers may try their hand at
hacking into web sites. They probably don’t know that this is illegal in most countries
and, for example in the UK, hacking a website anywhere in the world is a criminal
offence in their home country.

The Internet is used by children in several basic forms. These include:

a) Browsing content, including the highly addictive use of multi-user role playing
environments (such as Second Life)
b) Sending and receiving e-mail
c) Adding content to a web site, often a social networking site
d) Instant messaging (chat)
e) Ordering goods online using a parent’s credit card, usually with the parent’s
knowledge and permission – this tends to be older children who don’t yet have their
own credit cards.
 Ensuring the safety of children in cyberspace 05
What are the risks? Each of these activities has its own risks associated with it.

When browsing content it is very easy to accidentally, or sometimes deliberately, end up

accessing an unsuitable site. More often than not this happens where there is a link from
an acceptable site to a related site. As many web sites will state: ‘we are not responsible
for the content of third party web sites’. The other way that unsuitable content is
stumbled upon is where a website address is typed into a browser. Often a slight typing
mistake will take the user to an unsuitable site.

The types of information that can easily be stumbled upon includes pornography,

“
depictions of violence, extreme political/religious views, and malicious code (often in the
form of a game or a goodie such as a ringtone). When receiving e-mails, there is very
little in the way of content that won’t, at some time, manage to get past all the filters
that either you or your e-mail provider has put in place. The attachments to e-mail can
include any of the unsuitable material that could also be downloaded from web sites.
The big problem is that children are often too trusting and, as a result, they may accept
When anyone content of which a reasonable adult would be highly suspicious.

adds personal When anyone adds personal information to a social networking web site, you must
information to a expect that almost anyone in the whole world will have access it, no matter what
‘security settings’ are enabled. Even if these settings are working correctly, there is little
social networking that can be done to prevent an authorised user from cutting and pasting the information
into an e-mail or onto another web site. Teenage drunken antics can re-appear many
web site, you years later when applying for a job where such behaviour might not be considered to be
acceptable. Likewise, personal information can be made available to unsavoury
must expect that characters. For example, once a photograph has been placed on a web site, it must be
almost anyone in assumed that it will, almost immediately, be copied elsewhere and that there is no
possibility of removing it from Cyberspace, ever!
the whole world
With instant messaging and postings on sites, there is the opportunity for online bullying
will have access and harassment. The problem being that the insult will often remain available for all time
for everyone to see, and this can be very distressing. If this was not bad enough, with
it, no matter instant messaging there is the opportunity for predators to build up an on-line
what security relationship with a child, sometimes claiming to have an identity other than their true

”
identity. It is not true to say that a predator will always lie about their true identity. Often
settings are they will openly state that they are an adult and pretend to be understanding and ‘a
shoulder to cry on’. This can be particularly attractive to children who feel
enabled. misunderstood.

Finally, children, in particular teenagers may be trusted by their parents with their credit
card details to allow them to order goods online. The risks at this point will probably be
apparent to most parents.
What can be done to The multi-partite approach
protect children? No one person or single group of people can provide all the protection needed online for
children. It also is important to state that a balance needs to be maintained between
complete safety of a child (which is probably impossible to achieve) and allowing the
necessary freedom to enable them to make best use of the technology that is available to
them.

Responsibilities of the State

The state has several obligations to its citizens in this area. These include:

a) Providing a legislative framework that truly maps onto the international and borderless
environment that is Cyberspace. It is recognised that, with the international nature of
the Internet, that tracking predators across national boundaries can be very
problematic, although there have been some very good examples of international co-
ordination recently in this area. Likewise, the UK has enacted laws to address the
problem of UK citizens who travel abroad to prey on children.

b) Providing mass education to enable parents to understand the risks involved in

Cyberspace and making educational material available for parents and children, both
online and through other media. This education campaign needs to address the real
issue that many parents are far less knowledgeable about the online world than their
offspring and, in many cases, just don’t understand the sub-culture that exists.

c) Providing the necessary law enforcement function so that those who prey on children
are identified and suitably dealt with. Although there some specialist police officers in
this area, they do admit that the problem is much bigger than they have the resources
to address.

In addition to the above, the State is also an information holder. In this context, the various
government agencies need to also be responsible.

Within the school environment there are two discrete activities that should be considered.

a) There is a need to engender children with the knowledge and ethics to know what is
right and what is wrong in Cyberspace. This can help prevent them straying into areas
that might be unsuitable (even when they are away from the school environment) and to
dissuade them from poor behaviour (not posting photographs; cyber-bullying; or
making unsuitable contacts).

b) The responsibility of the educational environment is also to ensure that access to the
Internet, from the school, is suitably protected. In practice, this means that barriers (in
the form of content blockers) should be deployed as well as firewalls and traps for
malicious code. Students must also be informed of the guidelines for acceptable
behaviour in school. Finally, there is nothing like a teacher looking over the shoulder
every so often to ensure that the rules are being followed.
Ensuring the safety of children in cyberspace 07
Responsibilities of information holders

Information holders have a duty to ensure that only suitably authorised people have
access to the information.

This is much more difficult than the popular press would have us believe. Keeping
information secure is not difficult if you only need to make it available in a tightly
controlled environment to a very small number of people. However, for example with the
concept of ‘joined-up Government’, there are real benefits to sharing of information
between numerous agencies. This sharing can be used to provide a better service for
the citizen, and it can be used to help reduce the level of fraud that does occur.

Providing a good quality of service means that almost anyone within an organisation
who you telephone for help, should be able to sort out your problems for you. What this
means is that they will need to have access to the information about you and,
depending on the nature of the call, about your children. Since this is normally handled
in a call centre, it means that there are many individuals who will have legitimate access
to the information.

Likewise, information is often shared between organisations, particularly, between

government departments. The concept of a single database with multiple views,
depending on need would be the ‘Holy Grail’ of an ideal solution, but even this has its
limitations; the biggest one being the ‘all the eggs in one basket’ syndrome. If the single
database is compromised then, potentially, all information is compromised, whereas
there is implicit protection in multiple databases that are individually protected.

There is also a responsibility on information holders to make sure that their systems,
both electronic and paper, are appropriately protected. This means that they should
ensure that their security is based on an up-to-date risk analysis which considers the
current and future threats to the information and how such threats can be countered.
Even if all the above is properly addressed, the communication of information between
government agencies, or between commercial organisations, can be fraught with
problems.
As a matter of course, encryption is required for both electronic (e.g. network, web, or
e-mail) and physical (e.g. CDs and other media) communications. However, it should be
remembered that not all encryption affords the same level of protection, and hence
expert advice should normally be sought before making a final decision.

Responsibilities of ISPs
Since it is not possible to regulate the Internet; particularly since no one jurisdiction
covers it, users need to be provided with tools to help ensure the safety of their children.
Some ISPs already provide parental blocks as part of the service that they offer. To
make these truly effective, they also need to advertise to their user base that such
controls exist, the benefits that they provide, and the method of switching them on.

Responsibilities of parents and carers

This is where responsibility for children ultimately lies. Parents need to understand that
their responsibilities extend into cyberspace.

A few simple guidelines should be followed:

a) Any home PC should be in a family room (such as lounge or dining room) – this
simple precaution means that activity on the Internet will be subject to random
checking just by the parent walking past and seeing the screen. PCs in bedrooms
are, until children really are mature enough and can be completely trusted, a bad
idea.

b) Unless the computer is in a family room, then a webcam should not be connected. If
the computer is in a family room, a predator seeing adults in the background is likely
to be deterred.

c) Understand what your children do on the Internet. There are three main ages of
children in cyberspace. When they are very young, sit with them and help them use
the Internet effectively and safely. Tell them what to do if they stumble across
something they don’t like or receive messages that upset them. When they are
older, say eight or nine years old, let them use the Internet by themselves, but make
sure that you have some form of filtering switched on to protect them. On a regular
basis, have a chat with them about what they are doing and with whom they are
communicating.

When older still, and probably in secondary school, they will almost certainly have
uncontrolled access to the Internet outside of the home and school environment. By
this stage you will need to have instilled the right ethics about use of the Internet and
they need to be aware that they can always come to you about any problems that
they may encounter.
 Ensuring the safety of children in cyberspace 09
d) For a predator to succeed, he will need to identify your child. Make sure that your
children know that they should not give out personal details such as home or school
addresses, telephone numbers, or similar, unless you say that it is OK to do so.

e) Ensure that your anti-virus software is automatically kept up to date (since they may
not be as aware as you are of the risks of letting controls run and programs
download). Likewise ensure that your firewall is switched on and that the rule set is
reasonable since this can prevent much of the Trojan activity that could take place.

f) Encourage your children to tell you about anything that concerns them and discuss
the issues in a non-judgemental way. It often isn’t your child’s fault that they have
made a mistake and ended up on a wrong website or that they have received a
nasty e-mail.

“
The Internet is a very powerful resource; team up with your children to harness its very
real benefits and keep talking about their online experiences.

Make sure that your

children know that
they should not give
out personal details

”
unless you say that
it is OK to do so
 Australia Morocco
Belgium Netherlands
Brazil Norway
Canada Philippines
Czech Republic Poland
Denmark Portugal
Egypt Russia
Estonia Saudi Arabia
Finland Singapore
France Slovakia
Germany Spain
Hong Kong Sweden
Hungary Switzerland
India Taiwan
Indonesia Ukraine
Kuwait United Arab Emirates
Luxembourg United Kingdom
Malaysia USA

Logica
Stephenson House
75 Hampstead Road
London NW1 2PL
Telephone: +44 (0)20 7446 3641
enquiries.uk@logica.com
www.logica.com