We’ve had lots of questions from customers about our network security technology so we wanted to provide a bit more detail on how the system works.
First of all, it’s worth setting some context.
As a network operator, TalkTalk receives and processes billions of requests daily from its customers to connect to websites across the internet.
We route these requests across our network and beyond but inevitably this exposes our customers to the countless viruses, worms, spyware and other malicious pieces of software out there on the internet.
As I’ve mentioned before, the aim of our new internet security technology, which will be free and opt-in only, is to help make the internet a safer place for our customers by warning them if their computer or device connected to their home broadband is viewing a page that contains viruses or other online threats.
Our new internet security technology will include an anti-malware system which has been tested in the TalkTalk network. (Malware is the name given to any software designed to infiltrate a person’s computer without their consent.)
As requests move through the network, the anti-malware system filters and records the website URLs to which our network has been asked to connect. The system simply records the destination website URLs; it does not record who sends the request or other personal data with the URL.
Being located in the TalkTalk network, the system is subject to the same high level of security applicable to the TalkTalk network and TalkTalk’s customer data. The process is not dissimilar to how we record voice traffic.
The system scans website URLs for malware and other viruses and then places each website URL in a white list (if the scan is clean – this is retained for up to 24 hours and then automatically deleted) or a black list (if the scan shows viruses, malware or other irregularities – this is retained for up to 7 days and then automatically deleted).
Given the volume of website URLs, these lists are recorded in a temporary electronic state and not in conventional accessible storage. When the anti-malware service goes live to customers, these lists will in future be used to alert customers to websites suspected to have malware or viruses.
Importantly, the anti-malware system does not record or scan any secure “https” website URLs.
And TalkTalk’s use of the anti-malware system is compliant with the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Data Protection Act 1998.
I hope this helps allay some of the concerns some people have expressed and answer some of the most common questions we’ve received. While the product is still being developed that’s about as much detail as we can give, but nearer the launch we’ll be able to tell you more.