Security-sensitive or extremism-related research

The purpose of this policy is to:

1. ensure consideration of the welfare of University researchers (staff and students) who access, possess, use or disseminate security-sensitive or extremism-related material as part of their research activity, recognising the potentially distressing effects of viewing security-sensitive material
2. protect staff and students against misinterpretation of their research activity by law enforcement authorities, including the possibility of arrest and prosecution under counter-terrorism legislation (noting that the University cannot guarantee protection from investigation by external authorities).

Researchers conducting security-sensitive or extremism-related research should complete the declaration available within the University’s online ethics system, LEON.  Researchers are not restricted in carrying out such research and do not have to seek prior approval before doing so (unless it also falls within the scope of other ethics processes e.g. involves human participants).  The process is not therefore an application for approval, but a declaration that is intended to provide protection against potential misinterpretation of a researcher’s activity by law enforcement authorities.  Details will be retained on the University’s online research ethics system and reported to the Ethics Review Sub-Committee.  Details will only be accessed and provided to a law enforcement authority if a researcher is subject to any such attention from a law enforcement authority.

The guidance in this document is intended to define when a submission is advised, to help researchers understand the risks involved in such research and provide information on the storage of such material. 

The Terrorism Act (2006) outlaws the dissemination of records, statements and other documents that can be interpreted as promoting or endorsing terrorist acts.

• Terrorism is defined as an action that endangers or causes serious violence to a person/people; causes serious damage to property; or seriously interferes with or disrupts an electronic system. The use or threat must be designed to influence the government or to intimidate the public and is made for the purposes of advancing political, religious or ideological cause.
• Radicalisation is the process by which an individual or group comes to adopt increasingly extreme political, social, or religious ideals and aspirations that reject or undermine the status quo and/or reject or undermine contemporary ideas and expressions of freedom of choice.
• The UK Government defines extremism as vocal or active opposition to fundamental British values, including democracy, the rule of law, individual liberty and mutual respect and tolerance of different faiths and beliefs. Extremism also includes calls for death of members of the armed forces.
• Proscribed organisations may be prosecuted under UK law. However, the absence of such a ban does not mean that an organisation is not covered by the legislation.  New organisations not previously identified as promoting terrorist or extremist agendas, or existing organisations which have changed their agendas and now promote such ideas, would be covered.

The Home Office have a list of 'Proscribed terrorist groups or organisations'.

It is impossible to provide an exhaustive list of research activities that may be deemed security sensitive. However, the following is an indicative list of what might be considered security sensitive research:

• Research concerning proscribed terrorist groups or organisations (see above).
• Research concerning extremist religious groups, including where accessing their materials may be interpreted as committing an offence under the provisions of section 58 of the Terrorism Act 2000 and the Terrorism Act 2006 if not confined to use for purely academic research purposes.
• Research concerning organisations that could potentially be involved in acts that could breach counter-terrorism legislation under the Terrorism Act (2006), for instance extremist animal rights or Far Right groups;
• research concerning cyber-terrorism;
• research undertaken for government departments concerning or including sensitive topics, for instance military procurement or weapons technology;
• use of extremist or terrorist social media sites
• researching and accessing terrorist or extremist websites;
• making direct contact with extremist or terrorist groups or individuals;
• Research which has the potential to be used for purposes unintended by the researchers in ways which threaten security despite this not being the intention of the researchers. An example of this type of research may be projects concerning novel IT encryption methods.

Projects that do not involve direct contact or access to materials from extremist or terrorist groups or their members would not usually require submission.  Literature reviews of published academic papers in academic journals; reviewing policy or legislative documents from legitimate governments, looking at news reports or fictional depictions will not normally be considered security sensitive research.

It is important for researchers to use their discretion and judgement before accessing websites.  It is not always possible to know what a website contains until it has been accessed   Identifying whether a website might be associated with extremist or terrorist material will depend to a large extent on the search criteria used.

Many websites may inadvertently host security-sensitive or extremism-related material without being explicitly intended to do so, such as Wikipedia, Twitter, etc.  Such websites do not need to be declared.

Researchers who access websites that might be associated with radicalisation or terrorist/extremist organisations, groups or individuals should be conscious that such sites may be subject to surveillance by the police, and that accessing those sites might lead to police enquiries. 

Security sensitive websites may only be accessed using equipment supplied by the University. IT Services can provide advice on IT arrangements and provide IT equipment for security sensitive research where appropriate.

It is recommended that investigators conducting security sensitive research should:

• Use the university network, and a device supplied by the University, to access such websites. If off campus, use the University’s VPN, so that the research is conducted through the University’s network. This will ensure these activities are flagged as a legitimate part of the research.
• Researchers who access such sites should be conscious that these sites may monitor traffic, data such as IP address, and that downloaded files may contain malware. This means that researchers may be at greater risk of malicious activity. Researchers should contact IT Services with any queries regarding cyber security arrangements or protocols or if they suspect their University credentials have been compromised.

Where the research involves access to social media sites that carry a risk of contact with terrorist or extremist literature/propaganda or direct contact with members of proscribed organisations or other extremist groups, student investigators should discuss the risks with their supervisor to see what mitigation steps can be taken.  Staff investigators should seek advice from their line manager.

It is the responsibility of the researchers to contact IT Services to discuss appropriate storage and transfer of any material falling within the scope of this guidance.

• Such materials, whether digital or physical, must be stored in a designated and secure file/folder (e.g. on the One Drive, used with University credentials). It is recommended that researchers use encryption, to protect files with a strong password. If loss of access to files is a concern, researchers may wish to ensure that a responsible person in their School (such as a supervisor) also has access. Physical copies of security sensitive research material should be scanned and uploaded to an appropriate secure file store (e.g. One Drive) and the hard copy securely destroyed.  Folders should be clearly labelled.
• Researchers located outside of the UK should be conscious of local laws and restrictions around the handling and storage of such materials, which may not be the same as in the UK.
• Researchers located outside of the EU should be conscious of local laws and restrictions around the handling and storage of personal data, which may not be the same as in the EU (i.e. GDPR)
• Researchers should consider the guidance on electronic transmission to co-investigators/collaborators or third parties and seek advice from IT Services on secure file transfer if transmission is essential.

The Terrorism Act (2006) and the Counter-Terrorism and Security Act (2015) outlaw the dissemination of terrorist publications if the individual concerned has the intention to encourage or induce others to act.  URLs or web addresses are covered by the legislation.  Publications created for the purposes of an approved and clearly defined research project should not amount to an offence because the requisite intention is unlikely to be present.  However, you are advised to exercise caution.

An approved and clearly defined research project is one for which the appropriate declaration has been completed and any other appropriate approvals (e.g. ethical) have been obtained.  However, the legislation focusses on the intention to encourage or induce others to act, rather than the stage that has been reached in the research approval process.

Researchers should also note:

• The importance of taking a common sense approach and setting appropriate boundaries to avoid an activity escalating into a higher risk category (e.g. being cautious of following links on websites into the so-called ‘dark web’ where access to sites may be monitored by the authorities; avoiding unnecessarily downloading everything that can be found on the internet that relates to a particular topic/group, as this may attract attention from the authorities).
• The need to have an awareness of the potential impact of research activities on those around, such as when working on PCs in common study areas or public spaces, where others may see materials being viewed and either be offended or concerned about the person’s intentions.
• The need to have an awareness of the potential impact of research activities on the researcher’s own well-being and mind-set, particularly if viewing very distressing material, and to seek support and advice from an appropriate source (e.g. supervisor, module leader, the University’s Mental Wellbeing resources or Counselling Service). Student investigators should have regular debriefing sessions with their supervisor.
• Extra care should be taken when storing data and materials related to security sensitive research. Hard copies of security sensitive research material should be scanned and uploaded to an appropriate secure file store (e.g. One Drive) and the hard copy securely destroyed.
• Details of any correspondence with IT Services regarding access to security sensitive material should be retained.

Some university research involves the use of security-sensitive material, including material related to terrorism and extremism.

Procedures exist for storing this material and not circulating it if it is being used for legitimate research purposes. If you come across material that seems to fit this description, bring it to the attention of researchpolicy@lboro.ac.uk or DP@lboro.ac.uk.

Universities UK - Oversight of security-sensitive research material in UK universities: guidance