Australian Victoria Police seeks self-imposed data logging and filter

Australian Victoria Police seeks self-imposed data logging and filter

Summary: Victoria Police wants to implement a logging and web filtering system that will log its employees web use for a minimum of seven years.

SHARE:

Australia's Victoria Police has gone to market to find a service provider that will help it implement a data filter and retention scheme for its employees using the internet.

Described as a "web content filtering solution", Victoria Police's request for tender seeks to retain an audit trail of its employees internet usage for a minimum of seven years.

Victoria Police's specifications require audit reports to include a "complete audit of internet usage by a specific individual", with enough detail that it can use it "for use in criminal prosecution or disciplinary hearings".

The audit reports are expected to include, among other variables, employees' browser information (user agent), session information, and the URL and IP of the service they are accessing.

According to Victoria Police, a filter is expected to reduce the risks of "cyber threats introduced by viruses or other malicious code from affected websites", while also allowing it to control user access to particular websites.

The law enforcement agency wants to be able to specify which websites and services are blocked, with provisions put in place so it can continue to update a blacklist. It also specified that it would like to implement a "time limit for personal use" window, so it can restrict its employees use of certain sites to a particular number of hours per day.

Further restrictions on employee use include whether or not to permit HTTP connections based on the application that is requesting it, allowing it to force or prohibit, for example, the use of certain web browsers.

While not explicitly stated in the specification, a diagram outlining the workflow of how requests, filtering, and logging should be processed indicates that regardless of whether a particular URL is allowed or not, all activity is logged.

Combined with the auditing requirements it has specified, Victoria Police will be able to determine which of its employees request a specific website or category of website, and/or download the most data. It also affords Victoria Police the ability to track how many times an employee attempts to access blacklisted sites.

The implemented system will need to comply with several standards and guidelines, including Defence Signals Directorate's Information Security Manual and the international ISO 27000 family of standards, which covers best practice for information security management.

Tenders close on May 1, and Victoria Police expects to complete its evaluations on May 24. After negotiations with tenderers, it is expected to award the contract on June 5 so that work may commence on June 11.

Topics: Security, Government, Government AU, Privacy

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Keeping a record of all on line activity is draconian.

    What a backward irresponsible view of their employees the Victorian Police have. Someone should tell the management that their employees are not criminals and are deserving of being treated with respect as free citizens of Australia.

    They don't need seven years of records of what sites an individual employee visits. If an employee is visiting "blacklisted" (whatever they are ) sites then they should know this within 7 days.

    Says a lot about Vic Police. I would hate to work for them. You couldn't trust them.
    Bob.H-819a5