UK academic security-folk are all of a flutter because the Home Office have published a Code of Practice for “takedown notices”.

If like me you’ve only been paying scant attention: the Terrorism Act of 2006 enables a police constable to notify an organisation – viz: a University, a Company, or failing that the company’s ISP or hosting provider – that their webserves are being used to publish “terrorist material”, specifically stuff that is “unlawfully terrorism-related”, a term which I find a worryingly vague:

1. This guidance sets out the procedures to be followed for the giving of notices under section 3 of the Terrorism Act 2006 requiring the relevant person (as defined) to takedown material on the internet and other electronic services that is unlawfully terrorism-related. The procedure in section 3 is linked to the offences in sections 1 and 2 of the Terrorism Act 2006 because a person can lose the benefit of the defences in those sections if he does not comply with a section 3 notice.

2. Sections 1 and 2 of the Terrorism Act 2006 create the offences of encouragement of terrorism (s.1) and the dissemination of terrorist publications (s.2). Section 3 provides that those served with notices who fail to remove, without reasonable excuse, the material that is unlawfully terrorism-related within the specified period are treated as endorsing it and this means that they cannot benefit from the defences set out in sections 1 and 2.

Would “terrorist publications” include Bruce Schneier’s recent Movie-Plot Threat Contest which actively thumbs its nose at the “hush hush you’ll give them ideas” brigade? After all:

A statement, article or record is unlawfully terrorism-related if it either likely to be understood by any one or more of the persons to whom it is or may become available as a direct or indirect encouragement to acts of terrorism or Convention offences; or it is likely to be useful to any one or more of those persons in the commission or preparation of acts of terrorism and it is likely to be understood by those persons as being wholly or mainly for that purpose.

(page 2 section 8)

Anyway: if said information is not removed from the website within two working days, then the organisation will be considered to “approve” of the content – and presumably bring down the wrath of Plod upon ones’ self, albeit non-terminally:

Failure to comply with a notice may lead to the consideration of whether to bring a prosecution and where there is an expectation that the notice will not be complied with and where there is sufficient time, the CPS should be consulted in the drawing up of the notice. Early consultation will ensure the notice is drafted as effectively as possible and that any charging and prosecution can follow soon after the 2 working day notice. However it should be noted that non-compliance is not in itself an offence.

(page 7 section 37, their emphasis)

What this means for the process of security forensics and/or evidentiary handling, I have no idea – but I suppose you can say goodbye to leaving the data undisturbed whilst you watch who tries to access it.