Governance

Policies and procedures

Policy No.
UP07/54
Function
Technology And Telecommunications
Authoring Organisational Unit
Information Technology - Central Unit
Date Approved
03/12/2003 Revised 10/03/2014
Next Review Date
10/03/2016
Approving Body
Vice-Chancellor

This document has procedures.
Show All | Hide All | Collapse

The University of Western Australia

University Policy on: Exercising Take-down Powers

Purpose of the policy and summary of issues it addresses:

This policy defines procedures to be followed in situations where computers, network content or websites need to be removed from the University's computing and network facilities.

Definitions:

ACMA is the Australian Communications and Media Authority.

IT Support Officer (Local ITSO) means the support officer responsible for providing IT support for the computer in question.

Owner of a computer system is that person normally responsible for it.

Policy statement:

Take-down powers concerning computers, websites or network content may be required in situations where: allegations are made which require some investigation; there is potential danger to the University's computing or networking facilities; the University is instructed to by external, authorised parties.

These situations are not a definitive list but, rather, constitute a guide. All situations, including those not described in this policy, must be dealt with in accordance with the procedures and guiding principles outlined below.

Allegations or demands can be made of any one (or more) individual member of the University including officials, such as:

  • the Vice-Chancellor
  • other senior officials, such as Registrar
  • Legal Services Office
  • University Librarian and Director (Information Management)
  • Associate Director - Client Services
  • Various Deans, IT Managers and others in positions of authority.

In each case, the same procedures are to be followed. Standard procedures for dealing with situations requiring some form of 'take down' are set out below. Where any action is challenged by any individual or unit, then the matter will be referred to the Registrar for resolution.

1 Guiding Principles

These principles inform the procedures that follow:

1.1 The University will comply with properly authorised formal take-down orders (e.g. from the ACMA) without question.

1.2 The matter is to be handled by the relevant Local ITSO, if possible.

1.3 If the Local ITSO is unavailable, or not able to handle the request, IS will handle the matter.

1.4 In most cases actions of the IS or the Local ITSO will be prescribed; only cases 4.1 and 4.2 may require judgement.

1.5 The Owner is to be reached first, if possible (and if not precluded by the nature of the 'incident').

1.6 The 'safety first' principle applies - assess the risk and take down or bar the facility if the Owner can't be reached; seek subsequent advice.

1.7 The procedures set out escalation procedures to be invoked as appropriate.

1.8 The Legal Services Office is to be the arbiter in cases of doubt, with the Registrar responsible for resolving any dispute.

In the prescribed procedures, various communications take place. These may be conducted by email (preferred) or by phone where necessary, the latter being backed up by email where possible. All such correspondence must be preserved for an appropriate period of time.

Procedure

Procedure in all cases:

a. If the Owner or Local ITSO cannot be identified or if the location of the offending computer is not already known, the matter will be referred to the Information Services (IS) Associate Director, Client Services or the Associate Director, Infrastructure and Operations for initial action, as outlined below.

b. If Information Services is not responsible for the computer system in question, then IS will contact the Local ITSO responsible for the sub-net containing that computer system; if no Local ITSO exists (or is known), the head of that section (e.g. School Manager or School Head) will be contacted instead and henceforth treated the same as the Local ITSO for the purposes of the following. If Information Services is responsible for the system in question, or if the Local ITSO and section head cannot be contacted, then IS will follow the steps below acting as the 'Local ITSO', advising the true Local ITSO by email or voicemail immediately following this action.

c. The Local ITSO will identify the sub-net, location and Owner of the computer system or content in question.

2 Unquestioned Action

Unquestioned action must be taken if:

2.1 the Australian Communications and Media Authority (ACMA), the Australian Federal Police or Western Australia Police acting with appropriate authority require content to be removed from a computer system connected to the University Network.

Procedure

Procedure continued if Unquestioned Action is required:

d. The Local ITSO will request that the Owner of the computer system or offending electronic material in question take the necessary corrective action, remove the offending material, and/or disconnect or disable the computer system from the University Network.

e. If the Owner cannot be reached, or if the Owner refuses to take the necessary action, then the Local ITSO will disconnect the computer system from the University Network or remove the offending material in question as appropriate, advising the Owner immediately following the action.

f. The Legal Services Office and relevant head of section will then be advised of the action taken.

3 Allegations Requiring Investigation

Action must be taken if:

3.1 an external agency or individual asserts that a computer system connected to the University Network contains material which is illegal or contravenes their Copyright or that of someone they represent, (Allegations of this type are usually accompanied by a demand that the material be removed or the system disconnected from the network within a stated period of time, e.g. 48 hours, failing which legal proceedings will be initiated)

3.2 a computer system connected to the University Network is found to contain (and make available to other computer systems within and/or outside the University Network) material which is offensive or illegal.

Procedure

Procedure continued if Allegations Require Investigation:

d. The Local ITSO will request the Owner of the computer system or offending electronic material in question to take the necessary corrective action, remove the offending material, and/or disconnect the computer system from the University Network.

e. If the Owner cannot be reached in a reasonable time, then the Local ITSO will disconnect the computer system from the University Network or remove the offending material in question as appropriate, pending further investigation*, advising the Owner or Local ITSO by email or voicemail immediately following this action.

f. If the Owner or the Local ITSO refuses to take the necessary action (e.g. because they claim that their material is non-infringing) in a reasonable time, then the Legal Services Office will be contacted to make a judgement as to whether to force compliance with the demand (at least for the time being) in order to avert the threatened legal action, or to ignore the warning on the basis that the demand is insufficiently validated (note that it is possible for a malicious person to make false assertions/demands for the sake of the disruptive effect they have, and there may actually be a legal obligation in some cases that material not be taken down).

g. * Where unilateral action 'pending further investigation' has been taken above, then the Legal Services Office will take responsibility for pursuing the matter, with the technical assistance (where necessary) of IS or the Local ITSO as appropriate. The Legal Services Office is the designated body that will make any necessary judgements (such as required in 'f') in pursuit of the case, and that will advise IS or the Local ITSO to disconnect or reinstate a computer system if it deems it appropriate.

h. The Legal Services Office and relevant head of section will be advised of the action taken.

4 Potential danger to the University's computing or networking facilities:

Action must be taken if:

4.1 a computer system connected to the University Network has been compromised or hacked and is being used to launch denial-of-service attacks or other malicious activity

4.2 a computer system connected to the University Network is generating or receiving inordinate volumes of traffic which is 'clogging' the network

4.3 a computer system or systems connected to the University Network is being maliciously or illegally accessed.

Procedure

Procedure continued if there are Potential dangers to the University's computing or networking facilities:

d. The Local ITSO will disconnect the offending computer system from the network (or will disable network access by that computer, in cases where that is simpler or more appropriate).

e. In cases where IS deems that urgent action must be taken in view of actual or potential damage to University computer or network systems, then it may circumvent steps (a) and (b) and take unilateral action such as blocking traffic to or from identified hosts or networks, advising the Local ITSO afterwards of the action taken and the reasons for doing so. IS will also inform owners of affected external network address spaces if required.

Related forms: (Link)

Policy No: UP07/54

Approving body or position: Vice-Chancellor

Date original policy approved:

03/12/2003 (revised 01/03/2011)

Date this version of policy approved:

10/03/2014

Date policy to be reviewed:

10/03/2016

Date this version of procedures approved:

TRIM File No: F42503

Contact position: IS Policy Officer

Related Policies or legislation:

[ Show All Procedures | Hide All Procedures | Collapse Procedures ]