Transparency Report


TRANSPARENCY REPORT 2016 BIT B.V. - VERSION 2017-06-21

In 2012, BIT issued their first Transparency Report with the aim of providing insight into requests for personal data at BIT and the amount of notice and takedown requests that have been received and processed by BIT in that year. In this report, we publish that information for the year 2016.

We publish this information because we think it’s important, especially given the recent developments in the field of privacy, to provide our clients and other interested parties with openness. To enable trends to be identified, we have included the figures from 2012 to 2015 in this report as well.

Below you will find the numbers per category for the received complaints/requests/notifications and the way these were handled. This document is also available as a PDF file.

Read more


Hand over of personal data

The table below shows the number of requests we have received for the handover of personal data of customers of BIT to law enforcements. The number of cases that were in compliance with this request are indicated as well.

  2012 2013 2014 2015 2016
Received requests 1 1 0 2 2
NAW-requests where information has been disclosed 1 1 0 0 0
Total 1 1 0 2 2


Handover requests
The number of handover requests for personal data of customers are displayed in the graph below. This will give you a clear overview of the developments during the years.


Reports of data protection infringements

BIT is legally required to report any event of infringement of the protection of personal data they have stored. The same as in 2012 until 2015, BIT has found no reason to report any such event in 2016.

  2012 2013 2014 2015 2016
Reports of data protection infringements 0 0 0 0 0


Legal interception orders

It is possible for the national police, FIOD-ECT, Inspectie SZW, IOD, AID, AIVD en MIVD to place a legal interception order at a provider. This can be an email intercept or an IP intercept. The table below shows the number of legal interception orders we have received.

  2012 2013 2014 2015 2016
Amount of tapping orders 0 0 0 0 0


Malware

The table below shows how many complaints BIT received because of the (alleged) hosting of malware and how they were processed.

  2012 2013 2014 2015 2016
Processed Take Down requests 8 29 20 10 66
Rejected Take Down requests 4 0 0 0
Total 12 29 20 10 66


Takedown requests regarding malware
The number of takedown requests regarding malware are displayed in the graph below. This will give you a clear overview of the developments during the years.



Takedown requests for alleged copyright infringement

In the Transparency Report of 2013 BIT has published data about received and processed notice-and-takedownrequests for allegedly infringement of copyright. The numbers for this and prior years can be found below.

  2013 2014 2015 2016
Unprocessed complaints 1135 2339 607 1773
Complaints rejected by BIT 5 6 0
Reported complaints 4 0 0
Total 1144 2345 607 1773




The large number of unprocessed complaints are filed by a small number of parties that automatically file complaints on behalf of the film and music industry. Since they do not comply with our notice and takedown procedure, we have not processed these complaints. It is also possible that there are repetitions amongst the unprocessed complaints for the years 2013, 2014 and 2016. For the year 2015, just for once (because in the current version it is no longer possible to process data in this way) we processed these complaints in AbuseIO. AbuseIO has automatically aggregated these complaints and had the consequence that the amount has been reduced.

The complaints that have been rejected were complaints concerning material that could not be confirmed as undeniably unlawful.


Phishing
The table below contains information about the amount of complaints concerning phishing-sites BIT has received and how they were processed.

  2012 2013 2014 2015 2016
Processed Take Down requests 8 22 50 211 338
Rejected Take Down requests 1 2 3 0
Total 9 24 53 211 338


Takedown requests regarding phishing
The number of takedown requests regarding phishing are displayed in the graph below. This will give you a clear overview of the developments during the years.



Child pornography
The table below contains information about the amount of complaints concerning child pornography BIT has received and how they were processed.

  2012 2013 2014 2015 2016
Number of complaints accepted
0 0 1 0 0
Number of complaints rejected 0 0 0 0 0
Total 0 0 1 0 0


Responsible disclosure
This year the responsible disclosure notifications that have been reported to BIT are included for the second time. The notifications that have been reported to BIT regarding not yet known vulnerabilities, BIT has rewarded the reporters for these notifications. Notifications about already known vulnerabilities, vulnerabilities outside the responsibility of BIT and vulnerabilities that were not a real thread according to BIT were not rewarded.

  2015 2016
Not yet known vulnerabilities 2 0
Already known vulnerabilities 5 0
Rejected notifications 14 7
Total 21 7



Conclusions and comments
The number of handover request for personal data and legal interception orders remains low. The explanation we gave previous years is that BIT is a corporate ISP and does not (directly) do business with consumers remains applicable here.

The number of malware  hosting complaints have increased, this can be attributed to the fact that there were multiple leaks in WordPress and those leaks were relatively easy to abuse. Next to that a server from one of our customers was compromised, which resulted in abuse from multiple IP’s and multiple domains.

In 2016 AbuseIO was upgraded from version 2.1 to 3.0 which has more possibilities for processing and improved classifications. This version also has the possibility to split abuse based on domain. In prior versions this was limited to just 1 IP and just 1 case.

The number of claims of copyright infringements have increased, because unlike in 2015 the claims have not been aggregated. These claims are automatically emailed and all those claims do not comply with our notice and takedown policy.

Phishing complaints have increased again. This can be attributed mainly to the fact that BIT has been using extra sources for information about phishing.

Responsible disclosure notifications are included in our Transparency Report since 2015. We received less notifications for not yet known vulnerabilities, already known vulnerabilities and rejected notifications than in 2015.


Share this page on
Announcements
Maintenance

Ongoing incidents
None

 "All parties I spoke with, were hesitant to help with what I wanted. BIT also needed a little time to think about it, but I soon got the response that they had come up with a solution.
Things are not quickly dismissed as impossible at BIT."

Read here the case we made with Meteo Consult.


   Rob Epping - Meteo Consult