We’ve had lots of questions from customers about our network security technology so we wanted to provide a bit more detail on how the system works.
First of all, it’s worth setting some context.
As a network operator, TalkTalk receives and processes billions of requests daily from its customers to connect to websites across the internet.
We route these requests across our network and beyond but inevitably this exposes our customers to the countless viruses, worms, spyware and other malicious pieces of software out there on the internet.
As I’ve mentioned before, the aim of our new internet security technology, which will be free and opt-in only, is to help make the internet a safer place for our customers by warning them if their computer or device connected to their home broadband is viewing a page that contains viruses or other online threats.
Our new internet security technology will include an anti-malware system which has been tested in the TalkTalk network. (Malware is the name given to any software designed to infiltrate a person’s computer without their consent.)
As requests move through the network, the anti-malware system filters and records the website URLs to which our network has been asked to connect. The system simply records the destination website URLs; it does not record who sends the request or other personal data with the URL.
Being located in the TalkTalk network, the system is subject to the same high level of security applicable to the TalkTalk network and TalkTalk’s customer data. The process is not dissimilar to how we record voice traffic.
The system scans website URLs for malware and other viruses and then places each website URL in a white list (if the scan is clean – this is retained for up to 24 hours and then automatically deleted) or a black list (if the scan shows viruses, malware or other irregularities – this is retained for up to 7 days and then automatically deleted).
Given the volume of website URLs, these lists are recorded in a temporary electronic state and not in conventional accessible storage. When the anti-malware service goes live to customers, these lists will in future be used to alert customers to websites suspected to have malware or viruses.
Importantly, the anti-malware system does not record or scan any secure “https” website URLs.
And TalkTalk’s use of the anti-malware system is compliant with the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Data Protection Act 1998.
I hope this helps allay some of the concerns some people have expressed and answer some of the most common questions we’ve received. While the product is still being developed that’s about as much detail as we can give, but nearer the launch we’ll be able to tell you more.
|
|
 |
|
|
|
|
|
|
 |
Hatari
Will the anti Malware scanning side be opt in. i.e. Can customers opt out of having the URLs they use to visit websites being used by the malware scanner??
Max
What do you mean when you say that talktalk use a similar process to ‘record voice traffic’? Have I misunderstood, or are you saying that Talktalk records my phone calls?! Will your security technology blacklist phone numbers too?
DaveK
The process is not dissimilar to how we record voice traffic.
WHAT? You’re recording everyone’s phone calls?
Clive Dorsman
Thanks for these comments. Just to clarify, we mean that we keep a record of the numbers you call, like every phone company – these are the details that appear on your monthly bill. Obviously we don’t keep a record of the content of the phone conversations, hence the analogy with data traffic in the blog post.
heather
Hey, thank you for confirming you do not use the private content of secure web addresses.
So it is a bit like this, if we say for the moment that we are dealing with old fashioned telephone calls rather than web pages:
TalkTalk monitors snippets of their customers calls. Not all the call, but bits of it. For example you watch to see who all your customers ring. You wait until the call is answered and see whe the caller asks for. When they ask to speak with someone you make a note of that. Later, you call us that number and pretend to be me and say the same things to get to the same person. Then you do your checks. Now, you say all this is ok because if I scrambled the call you would not do it?
Peeved Jeeves
I fully agree with heather’s comment here. TalkTalk is nicely failing to clarify (as requested in the first comment) the fact that the customer does not get to “opt-in” to having these details logged, it just happens. Or rather, TalkTalk just do it, pretty much as heather describes. In fact, where can I “opt-out”?!!! And how long has it taken you to tell me? (And in fact I don’t consider a blog post here even close to constituting a “reasonable attempt” to let me, a TalkTalk customer/crop, know about this!) Call me disappointed dave. Why don’t you spend the time and money you do on this kind of thing on better running your company, particularly as regards levels of customer service?
Clive Dorsman
Thanks for the comment asking about how the technology will work and sorry to hear that you’re disappointed with our explanation. We will provide lots more information about the product and how you opt-in as we prepare for launch.
K9
Does the new anti malaware software create a VPN from your pc direct into the TalkTalk network, if you are an OPT IN customer ??????????
Clive Dorsman
Thanks for your comment; we can confirm that the anti-malware offering doesn’t use VPN technology in any way. We’ll be able to explain more nearer the time of the launch.”
Silver Spy
Mr D – You’ve said nothing of value to the end user, and certainly nothing that will gain trust or credibility about your plans, and nothing that allays the widespread suspicion that TalkTalk are spying on customers. Even if there are, at the moment, no intentions by TalkTalk to use the data you have collected, and will continue to do so, the law of function creep is such that it will be in the future do so for corporate financial gain.