“Friendly ” WiFi gets off the ground in the UK

 

I know I have written about this before but last week something that was going to happen, finally did.

On 17th July Britain became the first country in the world to roll out a national scheme which informs members of the public that the wifi being offered in this or that shop, coffee bar or other establishment, or on this or that train or bus, in a  municipal Lesiure Centre, park or whatever, is Friendly because it has got filters installed which block access to porn sites and web addresses known to contain child abuse images.

The UK’s main WiFi providers have signed up to the scheme although some are blocking additional types of adult content, over and above the basic minimum described above.

Thus, if a business wants to offer wifi to their customers and it goes through one of the main providers it will be supplied with  a filtered service by default.

If a business does not want any filtering they can either find another supplier or they can ask for the filtering to be modified. Obviously in either case they will not be able to use the Friendly logo (see below) to advertise their compliance with the scheme.

Obviously no wifi supplier will agree to lift the block on child abuse sites but the porn filter could be made to vanish. It is anticipated  that only businesses  operating in an overwhelmingly adult environment e.g. nightclubs and casinos, are likely to be interested in such a possibility but it is there.

The organization that is administering the scheme – the  Registered Digital Institute –  has developed a neat little logo that will appear in shop windows and the like to indicate that the wifi service being provided conforms to the minimum standard. It is to be hoped that it will quickly become recognized by parents and other discriminating internet users and they will either go into the shop or coffee bar, or not, based on whether or not the logo is visible, and that will act as an incentive for a great many  businesses to sign up. Here is what it looks like

 

friendly wifi

 

Tesco is one of the first big brands to get behind the Friendly WiFi idea. That’s a very good start. Lots of people will be watching how this works out. Stay tuned.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Posted in Child abuse images, Default settings, E-commerce, Internet governance, Pornography, Regulation, Self-regulation, Uncategorized

ICANN and children’s interests

 

According to ICANN’s web site its next public meeting is the 50th in the series and it’s being held in my home town – London. A golden moment of sorts. This set me thinking about ICANN’s record in relation to issues affecting children’s and young people’s safe use of the internet.  It is not impressive. That’s a great pity because there is much that could be done to make things better if ICANN was so minded.

xxx

Many children’s organizations supported the idea of establishing a xxx domain. It had the potential to help shield minors from age inappropriate pornographic content. For different reasons not everyone in the free speech community or in the porn business agreed. Nonetheless steady progress was made through the ICANN machinery.  xxx was moving towards approval. Late in the day President George W Bush heard about it. The US government fired a shot across ICANN’s bows.

Then as now ICANN is meant to be an independent body but they ran scared. There followed roughly seven years of consultation, arbitration, litigation and all manner of exceptionally detailed investigation but in the end, in March 2011, the red light got the green light. The key point to grasp here, however, is that substantial commercial and political interests had become engaged. They captured ICANN’s attention big time.

child oriented domains

The contrast between the story of xxx and what happened with a new raft of child oriented domains could not be sharper.

In 2011 ICANN announced a process to expand the number of generic Top Level Domains (gTLDs). This is now drawing to a close. A great many gTLDs appear to have been approved and others are still wending their way through.

At the commencement ICANN issued general guidelines to all potential applicants informing them of the conditions they would need to fulfill to become a Registry for one of the new domains. ICANN’s starting point was that, fundamentally, all entities applying to become a Registry would have to meet the same criteria.

Major players zeroed in. Lawyers, lobbyists and governments got involved. Bankers and pharmacists, for example, became concerned about who might be given the right to sell domain names ending in .bank or .pharmacy and on what terms.  Without strict controls and strong vetting they worried all kinds of cowboys might end up with a .bank or .pharmacy web site and hold themselves out as being legitimate banks or pharmacies, perhaps with disastrous consequences for millions of people and for legitimate enterprises.

Complex, protracted negotiations took place. At least in respect of .bank and .pharmacy a good outcome was finally achieved.

What happened with the child oriented proposals e.g. .kids, .games, .toys, .juegos, and others of similar stripe? Not a lot. ICANN ignored every communication sent to them by at least one major children’s organization which is full of people with a great deal of expert knowledge in this area. Informal conversations took place with a friendly ICANN insider but that was all. It quickly became clear the procedures had already gone way too far. Even ICANN’s  Government Advisory Committee made some sympatico observations but these seemed to gain no traction or the comments on children were simply lost in a welter of wider and (for them) bigger issues they had raised.

Maybe if some of the children’s organizations had had the time and resources to track ICANN’s Byzantine ways they could have intervened in a timely manner, or if they’d had buckets full of cash they might have hired lawyers and lobbyists to go in to bat on their behalf. Things may have turned out differently. But they didn’t. ICANN itself obviously never thought children’s interests were important enough for them, prompted or unprompted, to act to ensure that the right issues were properly considered. No doubt negligence lawyers will be making careful notes should there ever be a case arising from this lack of appropriate oversight.

Thus, for example, while ICANN made general stipulations about not allowing people with criminal convictions to be involved in owning a Registry it gave no indication as to how it intends to ensure this rule is honoured either in relation to the Registry itself or any entities which might subsequently buy and use a domain issued under its auspices.

Could a convicted paedophile end up owning a domain name that directly appealed to children? What about the employees of companies running one of the new child focused domains? Will there be any rules or stipulations about levels of security, supervision or training? In every other area of activity connected with children such provisions are commonplace but ICANN showed no awareness of this dimension and, much worse, no inclination to find out.

Web addresses as illegal advertisements

Some time back in the UK an authoritative legal opinion was obtained by the IWF which made clear that a web site name is, among other things, an advertisement.

At different times it had been suggested to ICANN that they should adopt a policy which, through their contracts with Registries, would prohibit all Registrars from allowing anyone to create a domain name which appeared to advertise, promote or facilitate the distribution of child abuse images. These entreaties were ignored. One ICANN main Board member was adamant such matters could not be made the subject of an ICANN policy because that would involve ICANN in matters of content and content was none of its business.

This argument is baloney. Content is what you find on web sites. Domain names are, as commonsense dictates and the UK lawyer suggests, advertisements for or pointers to that content. Moreover, even if you reject that distinction, since 1999 ICANN has had a disputes resolution procedure to determine apparent conflicts between trademarks and domain names. Clause 3 (b) (ix) (3) asks the complainant to say why the domain name(s) should be considered as having been registered and being used in bad faith. How can anyone make a judgement about bad faith without looking at more than the words themselves? Context is everything and you cannot take a view of that without also having regard to the content itself.

If someone creates a web site called http://www.wildbananas.com  then fills it with child abuse images there is probably little or nothing ICANN, any Registry or Registrar could have done to anticipate such an eventuality. They are entirely free of blame.

But if an entity is permitted to register and maintain a domain name which makes it plain one is likely to find child abuse images at the site then all three links in the chain are culpable. It is not good enough to say that the domain would eventually be deleted when law enforcement or someone else reports it. That might take years or never happen. The system is at fault for allowing it in the first place.

There is no jurisdiction anywhere in the world where it is legal to advertise the availability of child abuse images. ICANN can and should therefore create a mandatory policy for the whole of the internet banning any domain names which on the face of the record appear to advertise or promote child abuse images, and they should make sure it is enforced. Will it be easy? No. But that is not a reason for refusing to make the effort. The .uk Registry (Nominet) operates such a regime and jackboots are not marching down British streets.

Incidentally, the same principle could be applied to other types of sites that are openly promoting other types of illegal behaviour e.g. in relation to copyright theft and drugs. It is difficult to say what sort of impact such a policy would have but symbolically it would be extremely important: ICANN would be saying it was not prepared to stand idly by and let the domain name system be abused by criminals. Speaking of which…..

The never ending saga of WHOIS

From the beginning the WHOIS directory was intended to be a publicly available virtual document which contained accurate information about who owned which domain names and how to contact them.

As recently as 2009, in the important-sounding Affirmation of Commitments, ICANN solemnly undertook to turn WHOIS into the thing it had always been meant to be.

Along with the FBI and the UK’s Serious and Organized Crime Agency in 2010 I appeared before ICANN’s Government Advisory Committee to plead for urgent action on WHOIS. The inaccuracies and failure to undertake any systematic checking of domain name owners’ credentials was giving a variety of criminals – including those who distribute child abuse images, copyright thieves, drug runners and others – a great helping hand.

However, an ICANN official later revealed that if the promise about WHOIS had not been written into the Affirmation paper the US Government would never have agreed to sign off on it. So much for solemnity. ICANN never intended to keep its word and now they are delaying action for as long as they can.

Today when you ask anyone involved in ICANN what is happening on WHOIS you are told we all need to rethink the modern relevance of WHOIS. A convenient rationalization. Meanwhile dodgy characters register crooked domains because they know in many areas no one will bother to determine their real world identity or whereabouts.

Once again it should be noted that .uk does not do things this way but for such an approach to be taken up globally ICANN has to want it to happen. Obviously it doesn’t. And it’s not too hard to work out why. The fear is the extra bureaucracy and cost of having robust identity verification in place would lead to a reduction in registrations or renewals or to an erosion of profit margins, probably both, for ICANN’s paymasters.

Follow the money

Despite all its breezy rhetoric about being a multistakeholder environment the fact is that, at least until recently, almost all of ICANN’s cash came from two sources: the Registrars and the Registries.  The decision to create new gTLDs also helped boost their coffers to a substantial degree. They received 1,920 applications, each of which cost US$185,000, just to submit. That’s over US$350,000,000. Not bad work if you can get it.

Of course ICANN plays an essential role in maintaining the domain name system and the internet’s technical infrastructure but nothing that will materially affect the revenues of its major sources of finance happens, either at all or at any rate quickly. Multistakeholderism plays straight into that space by slowing everything down.

It’s quite likely ICANN will get away with the present arrangements for some time because the politics of unpicking them or finding an alternative are too fraught with difficulty. But I wouldn’t say it is guaranteed to last forever. Hubris will have its way.

The challenges of multistakeholderism

There is no doubt there are many selfless, dedicated people who, often on a volunteer basis, devote a great deal of time and energy to ICANN because they broadly adhere to and support the liberating idea that the internet embodies.

However, as a close observer of ICANN described it

Most of the ICANN processes are so complex and arcane that only the purebloods, supernerds and those involved in making money out of them are capable or motivated to keep up to speed 

On closer inspection even many of those people involved in ICANN who seem to be volunteers – pitching in for the reason given earlier – when you look more closely you find they are either directly or indirectly in the internet business. For that reason, it must be questionable whether or to what extent the ICANN community is truly representative of any sort of broader public interest.

A UK-based company – InterConnect Communications – looked at this issue, reporting in late 2013. In a uniquely ICANN-esque way, which in part explains a deeper problem, the less than riveting title of the report was

ATRT2 GNSO PDP Evaluation Study

That has to win a prize of some sort. It described its purpose in the following way

This document is an attempt to assist ICANN’s Accountability and Transparency Review Team 2 (ATRT2) in its assessment of the Generic Names Supporting Organization (GNSO) Policy Development Process (PDP). ATRT2 was convened, in part, to review the GNSO PDP with a view toward identifying its strengths and weaknesses, differences between defined process and actual practice, and the extent to which it incorporates the views, advice and needs of all stakeholders, both those active in ICANN and those not typically present for ICANN deliberations.

Here is one of their key findings, to be found on page 51

In the last five years:

  • The vast majority of people who participate in (policy development) Working Groups participate only once. 
  • A small number of participants who have economic and other support for their ongoing engagement have dominated (policy development) Working Group attendance records. 

This has a set of clear implications for policy development. Having such a small pool of regular participants poses accountability, credibility, and resource risks for the policy development process. At the same time, that small pool of regular participants are carrying the load of the PDPs. Of particular concern is the fact that there is a very small pool of potential participants who have the experience to lead, moderate and bring to completion the difficult work of guiding participants and policy through the (policy development process)

If only a way could be found to bring genuine civil society organizations more into the ICANN processes and similar internet governance entities, but it would have to be meaningful not tokenistic. And if this cannot be done maybe we should rethink the whole model or at the very least call it something else.

Remote participation is not a serious way to engage in any sort of complex discussions on a sustainable basis, particularly in multilingual environments. So, first off, at present to be a real part of the ICANN world you need be able to jump on aeroplanes, fly to exotic locations and stay for several days. Flights and hotels cost money, often a lot of money.  You also need time to read the tons of emails and the threads that whizz about. The whole business can rapidly become all-consuming and if it doesn’t the risk is you will serve an ornamental rather than an instrumental purpose because you will be completely surrounded by people whose livelihoods depend on them keeping on top of everything and knowing everybody.

Looked at from the outside it seems pretty much that many of the processes of internet governance have become a justification for their own continuation. As we have seen, the people involved speak their own language largely to themselves. Multistakeholderism as an idea is therefore becoming discredited because it turns out it is anything but. And, to make the point one last time, everything moves at a snail’s pace or not at all which suits many interests down to the ground. Meanwhile, in a parallel universe sometimes known as the real world, companies in Silicon Valley, Seattle and elsewhere, governments and their security services around the world get on with doing their thing, creating, managing and snooping on the internet as it is actually experienced by end users.

The Guardian and Edwards Snowden had more impact on internet governance debates than any number of regional, national or global convocations of the already converted.

Posted in Child abuse images, Consent, Default settings, E-commerce, ICANN, Internet governance, Regulation, Self-regulation, Snowden

Those sensible Germans

 

Recently I attended an extremely interesting meeting at Google’s offices in Brussels. Principally it was a briefing on a range of initiatives the company is taking in the field of online child safety and about their efforts to make the internet a better place for kids. There were several references to how Google co-operates with external agencies.

One of those agencies is a German organization called Jugendschutz.net. Literally translated the main part of their name means child protection. The addition of net makes clear that is the principal focus of their work.

Youth protection and the media in Germany

Germany has a federal system. The key responsibility for media regulation resides not in Berlin but with the the individual states – the Länder. There are sixteen of them. Yet Germany has nationally agreed laws on youth protection in the media. These are reflected in an Interstate Treaty.

The mandate, role and functions of Jugendschutz are defined in the Treaty, the 2003 version of which also created the Commission for the Protection of Minors in the Media (KJM) KJM is constituted as the supervisory authority for the implementation of the Treaty. It can institute enforcement proceedings and issue fines.

Jugendschutz and the KJM

Article 18 (1) of the Treaty makes clear that Jugendschutz and the KJM are organizationally linked.  One of Jugendschutz’s key roles is to remind internet service providers, platform operators and others of their responsibilities to children and young people. As far as I have been able to understand it, in essence where Jugendschutz cannot succeed by persuasion or reminding KJM may choose to step in and use its legal powers. That’s an interesting relationship.

In UK terms Jugendschutz itself is therefore more akin to an Internet watchdog. Research and assessments of cases and new online phenomena are an important part of its brief. However, it also acts as one of Germany’s three hotlines dealing with child abuse images, and gives advice to parents, children and the world at large on how to make the internet a better place for kids.   Quite an agenda.

Seemingly persuasion and reminding often works

Jugendschutz has built up a great reputation within Germany both with German and foreign owned internet businesses that operate there. Companies listen carefully to what it has to say although that may well be against a background of knowing that if they don’t the KJM could get involved. The iron first inside a velvet glove.

In Brussels the Google people acknowledged they had often acted to remove content because of representations made to them by Jugendschutz i.e. without there being a formal requirement for them so to do. Google said they were able to respond in this way because Jugendschutz is an authoritative and legally constituted body. Quite so. Other social media do likewise.

What are the online child protection issues in Germany?

So what kind of things has Jugendschutz drawn to the attention of Google and other online enterprises with a view to getting them taken down? At the Brussels meeting a specific question came up about anorexia web sites. Here are extracts from recent annual reports published by Jugendschutz

2011: Eating disorders: still numerous websites glorifying anorexia

Youngsters suffering from eating disorders can find many opportunities to contact like-minded users on the Internet. They specifically interact in communities and often encourage each other in their high-risk activities.

The number of pro-anorexia websites remains high (616). However, only half of the content could be found on traditional websites (341; 2010: 423), the rest shifted to Web 2.0 services. There, the risk of a negative impact on children and youngsters is greater than on traditional websites mostly only known by insiders.

78% of the content was in breach of youth protection laws and in 83% of the cases the actions taken resulted in removal of the content. 

2012: Pro-Ana sites: increasingly disguised as harmless

On all platforms popular among young persons Jugendschutz.net found content glorifying or promoting eating dis-orders, self-injury or suicide. Platform operators are challenged to take appropriate action, but it is also important to raise users’ awareness of risks.

The number of websites glorifying anorexia has further dropped (2012: 220; 2011: 341; 2010: 423). Here, the efforts of Jugendschutz.net to have endangering content removed and to sensitize communities about the risks have paid off.

However, in 2012, a new movement emerged not openly displaying and glorifying anorexia, but promoting a positive image under the cover of “with Ana”. The website pretends to raise awareness of the problem, but it actually confirms those already suffering from it. Jugendschutz will closely look at this aspect of the problem in 2013.

The number of websites promoting self-injury increased: 36 cases, i.e. three times as many as in 2011. Three out of four websites violated youth protection laws.

Broader provisions of the Interstate Treaty

The scope of the Treaty is impressive. For example Article 19 specifies the conditions under which the KJM may approve self-regulatory codes for organizations wishing to promote or engage with online child protection.

Article 10 provides for the certification of technical measures e.g. age verification, which help protect children from age inappropriate items.

Article 6 addresses the Protection of minors in advertising and teleshopping. Hmm.

Article 5 refers to any content which might impair the development of children and adolescents assuming the content in question has not been cleared for children or adolescents under the German Protection of Young Persons Act. Now there’s a thought. The article also enshrines a broadcasting watershed. Now there’s another thought.

Article 4 contains the following words

Without prejudice to any liability under the German Criminal Code, content is illegal if it…

3. incites..hatred against parts of the population or against a national, racial, religious or ethnic group, encourages violent or arbitrary action against such a group or violates the human dignity of a person or group by insulting, maliciously degrading or defaming parts of the population..

5. presents cruel or otherwise inhuman acts of violence against a person in a manner devised to glorify or trivialise such acts..or..in a manner which violates human dignity..

That is broad language yet there is absolutely no doubt about the intent.

The UK could learn something

Here in the UK whenever questions have been raised about problematic web content lots of people have broken out in a cold sweat. Ugly phrases like politically motivated censorship start getting splashed around. We are told it would be too difficult to define the issues closely enough. We would end up with hopelessly vague terms and so on. All in all we are told to leave well alone and do nothing.

Actually what that means is that internet companies that want to do the right thing are left entirely to their own devices. Things get dealt with informally, on an ad hoc basis. However, by this route a cloak of secrecy envelops what ought to be an openly acknowledged and clear process. Secrecy breeds a suspicion that editorial powers are being exercised in a way that the public would not understand or support or that the law would strike down as an unjustifiable interference with free speech if anyone found out.

Something to think about

I find the German model very attractive.  I can see how in the UK it would help everyone and do so on the basis of declared rules which themselves would be justiciable. Moreover the Jugendshutz-KJM partnership creates a single or at any rate a dual point of reference where a comprehensive body of knowledge and expertise could be developed around children and online media. Without having to define every potential eventuality to the Nth degree we could, as with the German Interstate Treaty, define broad objectives then leave it to such a legally constituted independent body to make determinations about them. Complex issues could be weighed in the balance and judgements reached away from immediate pressures but, obviously, as previously stated subject to judicial review if that was necessary.

At the moment in Britain we have bodies like ATVOD, BBFC, IWF, OFCOM, the Gambling Commission (in respect of age verification solutions), ASA and the Video Standards Council (in respect of online and computer games) all swirling around this space. The Office of the Information Commissioner and even parts of the work of the former Office of Fair Trading (for example on the abuse of free apps) are also in the mix.

I am certainly not suggesting that all of these bodies be divested of their current responsibilities in relation to children and for these to be merged into a single new super regulator (OfKid?) but maybe we could start to think about possible rationalizations and improvements to our present arrangements.

Up to now I had always thought OFCOM would be the obvious lead agency for matters of the kind discussed here but they keep sending out messages that they are not interested. If that remains the case maybe the world should be rearranged around them. Manifesto writers please note.

 

PS Apologies for the prolonged absence of my blog and thanks for the many enquiries I received about it. A family bereavement, moving house and an unusual amount of overseas travel were to blame. Normal service is now being resumed.

Posted in Age verification, Child abuse images, Default settings, E-commerce, Google, Internet governance, Pornography, Privacy, Regulation, Self-regulation

6 year olds, hard core pornography and credit card companies

 

The word “pornography” has become an obstacle to understanding. To many people, perhaps particularly slightly older individuals who are not regular internet users, it conjures up memories of Playboy centrefolds and Health & Efficiency magazine.

A bit of fun. Never did me any harm. Don’t be such a prude. Might actually be helpful.

People who say things like that just have no idea what is being peddled in cyberspace today. And it’s all free, available 24/7. The publishers make their money by persuading only a tiny minority of visitors to buy extra services. The rest is marketing.

What the law says

Under English case law any site which publishes hard core pornography is meant to have an age verification system in place to keep out sub-18 year olds.

Anybody who thinks the law is foolish and that the material on display, in a giggly, slightly naughty but essentially innocent way, might be useful to youngsters, perhaps deprived of alternative sources of information about sex, is hugely wide of the mark. On the contrary these sites are contributing to an increasingly coarse, brutalised, sexualised culture which puts pressure, particularly on girls but also on young men, to behave like porn stars.

ATVOD steps up

Last week the Association for TV On Demand (ATVOD) published the results of a pioneering study which examined whether or to what extent children and young people between the ages of six and 17 were nonetheless able to access such sites.

The research methodology employed was similar to that used to measure TV viewing figures. The work was carried out by Nielsens. They looked only at access via PCs and laptops, in other words they excluded smartphones and handheld devices. Had these been included there seems little doubt the results would have been different and worse.

In a single month

The period examined was a single month, December, 2013. ATVOD identified 1,266 porn websites which were being visited by UK users. Only one of these was a service regulated in the UK.

Here is ATVOD’s shocking summary:

(This survey) provides the most authoritative picture yet established of the exposure of children and young people to “R18” material. “R18” is the classification of the strongest legal video pornography permitted in Britain and covers content which, on a DVD, can be found only in a licensed sex shop or cinema and is restricted to buyers 18 or over. It portrays a range of real, rather than simulated, sex acts.

At least 44,000 primary school children accessed an adult website… that is one in 35 of six to 11 year-olds in the UK going online.

200,000 under-16’s accessed an adult website from a computer. This is one in 16 children in that age group who went online in the same month…..

One in five teenage boys under 18  going online were clicking on porn websites from a PC, and one adult site – which offers free, unrestricted access to thousands of hardcore porn videos – attracted 112,000 of these teenagers.

…..at least 473,000 children between the ages of six and 17 accessed an adult internet service, mostly offshore – one in ten of young people that age who went online.

Pusillanimous banks and credit card companies

ATVOD’s suggestion was that the credit card companies, and the banks that own them, should stop processing payments to the identified sites. The financial institutions expressed sympathy but they said they wanted fresh legislation to hold them harmless of any claims. In other words they refused to act.

Such pusillanimity is disappointing. I seriously doubt the banks and credit card companies need any legislation to pull the plug on payments to sites which are demonstrably breaking the law. Quite the opposite. Could it not be argued the banks and credit card companies are themselves committing an offence? By allowing these sites to use their payments systems   are they not aiding and abetting the commission of a crime? Are they not helping to sustain sites that are harming our children?

Government’s weak response

When ATVOD’s numbers came out there was a suggestion from the government that the recently announced policy on  internet filters would deal with the problem of keeping under-18s away. The filters definitely will help but the implication was nothing else needed to be done. Wrong. The filters should act as a backstop not as the first line of defence.

I have no problem with Parliament stepping in to put the matter beyond peradventure, but really? As far as the banks and credit card companies are concerned if it were a site selling drugs or guns what would happen? They act against sites using their logo in connection with child abuse images and WikiLeaks showed they could be galvanised if they thought the issue was sufficiently important or were put under enough pressure.

What should the new law say?

The Crown Prosecution Service has been reluctant to authorise actions against hard core porn web sites under the Obscene Publication Act. They say juries do not want to convict. That being so, the answer is obvious. Remove the need to bring obscenity charges. Create a new regulatory offence. Web site owners would be required to show they had a robust age verification mechanism in place. Not having one would be a crime. This is not so very different from what we already do with online gambling web sites.

Because most of the owners of the porn sites in question reside overseas the penalties for the proposed new offence would have to be sufficiently severe to allow extradition treaties to be invoked to bring people to the UK to face trial in our courts.

Such a new law could also make clear that companies providing any sort of service in connection with the provision of an online hard core pornography web site e.g. a bank or credit card company, an advertising agency, a web hosting company or domain name supplier for that matter, would need to satisfy itself that the site was complying with the age verification law otherwise they too would be committing an offence.

That should do the trick.

 

Posted in Age verification, Pornography, Regulation, Self-regulation | 1 Comment

Piracy web sites – threats to kids in Singapore

 

In a previous blog I referred to research carried out in Australia looking at the sort of items and services that were provided, advertised or associated with piracy web sites. I have just come across another report on the same issue. This time Singapore is the focus.

My interest in this subject stems principally from my involvement with online child protection. Too many parents – and policy makers for that matter – think that piracy web sites are simply places where kids go to have a bit of fun by ripping off big companies that can probably afford it anyway. So what’s the worry? They don’t take the problem seriously because they don’t think it’s a serious problem. They are completely wrong.

In the Singapore study the researcher went to Pirate Bay and typed in the word Brave, being a reference to the animated Disney cartoon about a heroic young Scottish girl. Sure enough Brave was there but surrounding it were ads for stem cells that apparently would provide you with a larger penis, an ad for a dating agency featuring a scantily clad young lady in a shower and an invitation from local “sluts” who want to….well, actually, I think I can leave that bit to your imagination. The Singapore study was therefore not so very different from what had been found in Australia.

Fully 90% of all the ads on the Singapore-facing site were linked in one way or another to what the author calls “high risk” areas e.g. for gambling scams, malware or sex, meaning prostitution. 13% of the ads fell into this latter category. The largest proportion – 40% – were devoted to malware, typically “free” software that really just allows bad guys to take over your computer so they can rip you off or enables them to use your machine to rip off others, probably both.

None of this is a surprise I suppose. No respectable or responsible business would ever knowingly advertise on a site that was so completely wedded to the promotion of unlawful activity in the way pirate pages are.

The site was offshore so it seems the Singapore authorities thought there was little they could do to prevent it from continuing to operate. I’m not so sure.

Despite their early pretensions to be somehow part of a progressive anti-monopoly current, the truth is these piracy sites exist to make money for the owners and the cash comes from advertising. That means someone somewhere is processing payments. Thus if international law enforcement activity isn’t going to deliver a result perhaps the banks and the credit card companies could step up?

This isn’t just about protecting the interests of rights-holders it is also very much about helping to create a better internet for all of us, but above all for our kids.

Posted in Uncategorized

Taking age verification seriously – not

 

Outside of the family, with few exceptions, children tend to mix with other children of roughly the same age. They do so within environments which, similarly, are likely to consist principally of their peers.  The adult world is not so very different although, obviously, there is more scope for mixing. Where we find adults drawn to children’s spaces, or children gravitating towards adult ones, we rightly see this as a potential marker for problematic behaviour and risk.

In the real world societies across the globe have constructed well defined lines of demarcation between adults’ and children’s places. Certain types of retail establishments will not allow under 18s on the premises. Many pubs and clubs are the same. Where children gather, for example for sports activities, unaccompanied grown ups are often barred. Then there is a whole raft of items which sub-18s may not buy. Alcohol, tobacco, pornographic movies and violent video games are perhaps the most salient in this context.

Age related rules are meant to be taken seriously

We have attached legal sanctions to many of these age-related rules. A breach can land the offender in prison.  These regulations were relatively easy to enforce when the item or service was secured by walking up to a counter and asking for it. Proprietors had a legal obligation to satisfy themselves as to the person’s age. If there was any doubt and proof could not be provided there and then they had to halt the transaction.

But not on the internet

By contrast the internet has created spaces which are open to everyone with equal facility. With a single, important exception in the UK (online gambling), content and services which are very obviously intended for adults in practice are just as easily available to kids. Few people try to justify or celebrate such a state of affairs by referencing a mission to improve inter-generational understanding. Instead the message sent out to some is that the real world rules are not meant to be taken that seriously after all.

Why is age verification only working with gambling?

The answer to that question I’m afraid is very simple. Despite many of the online gambling companies repeatedly saying they took the issue very seriously the fact is the problem of under age betting online wasn’t solved until the law changed and everyone was compelled to introduce age verification as a condition of getting a licence to run a site. Up until that moment, with a small number of honourable exceptions, none of the major companies had wanted to make a move because they were worried they would lose business to less fastidious rivals. They changed when everyone else did, and everyone else did because they had no choice.

If 18 is the benchmark 

Thus, as with gambling, where the sale or provision of any product or service is legally limited to persons aged 18 or above there is simply no excuse for companies getting it wrong. However, because they do not need to obtain a licence far too many companies knowingly continue to break the law every day in the belief that the possibility of being prosecuted is small and, if found guilty, the consequences are negligible.

But what about other online spaces, where the law is silent but companies themselves designate their services for persons aged 18 or more? Recommendation 5 of the Bailey Review reads as follows

…..those providing content which is age-restricted, whether by law or company policy, should seek robust means of age verification…..

I do not know of a single online business that has followed Bailey’s recommendation.

So why isn’t it happening?

I have already given one reason: no one feels under any pressure. Other or additional explanations are also occasionally aired by various voices e.g. the enforcement of age related rules on the internet would require online businesses to be even more intrusive, to collect even more information about us than they already do.

The idea that the key online businesses would, as a matter of principle, be against collecting more information about their customers is implausible in the extreme. They know practically everything else about us as it is. Their businesses depend upon it.

It’s all about the ads

At one level, of course, companies have no interest in knowing who you actually are, much less your real age. You are a data point. You generate behavioural information that is utilised to present you with targeted advertising.  Everything else is superfluous or a cost which also adds to the complexity of the operation.

Security concerns

It has been suggested that collecting information about children would necessitate building large databases which could become magnets for paedophile hack attacks or create similar security threats. Hmmm. That too stretches one’s credulity. Either companies are confident they can keep their data secure or they aren’t, and if they aren’t they shouldn’t be in business anyway. I’m sure such concerns are genuine but if I was a customer of a company that said something like that I’m sure I’d want to know they were taking just as much care of my data as they were any child’s or group of children.

Jurisdictions

Not every country has the available online databases which would allow the policy to work as smoothly as it does in the UK with online gambling.  Or so I’m told. Maybe there are even legal obstacles in some jurisdictions. But even if either or both these things are true, and they could be, that’s no reason to refuse to do it where it could work.

For sub-18 groups it’s different 

18 is an important cut off point in every country. It generally marks the arrival of adulthood and with it full legal competence. But in many countries, including the UK, there can be other age levels below 18 which also have legal significance. The problem here is the online databases to allow these to be verified just aren’t there. So that does present a challenge but it is one which is well within the collective and probably also the individual reach of a number of large internet companies. And once more the fact that you cannot do it for everyone right now is not a reason to refuse to act where it could be done.

Other alibis for inaction

Companies might be concerned that if proof of age is required people will be afraid this means they may also have to offer up other details of their true identity. They might be too embarrassed to do that for certain types of goods or service or on certain types of site. It could cost the business some customers. 

Alternatively,  businesses might think age verification systems are expensive, clunky and time consuming. They would put people off and again cause them to lose customers.

Wrong on all counts: at scale age verification for persons aged 18 or above can be very inexpensive, the processes can be completed in sub-two seconds without the client ever leaving the web site. Systems are also available which allow accredited third parties to vouch for a person’s status as an over 18 without them having to surrender any other personally identifiable information. A digital token or something similar  could be attached to a log in to flag that this person has been confirmed to be over 18. In fact you could view a policy of this kind as being consistent with broader principles of data minimization.

However, if big internet players don’t like the available methods of age verification they have it within their means and power to develop their own. 

Current framework of engineered uncertainty cannot last

Unless and until the dust has settled over the Edward Snowden revelations I doubt this question will get much of an airing in public policy circles but it is only a question of time and timing. Everybody in the business privately acknowledges the current arrangements are unsatisfactory and are not sustainable in the long run.

All we are waiting for is the spark which will bring about the necessary and inevitable change. In the meantime a disproportionate burden is placed on the shoulders of parents. Keeping kids safe on the internet is a shared responsibility but that implies all the partners in the joint venture pull their full weight. At the moment they do not.

This blog is based on one that appeared in the Winter 14 edition of Outlook magazine

Posted in Age verification, Consent, Default settings, E-commerce, Internet governance, Privacy, Regulation, Self-regulation, Snowden

Sexual offences against children on the internet

 

In my last but one blog I discussed some research published by Pew. It showed that a surprisingly high proportion of internet users in the USA thought the internet had been a bad thing for society as a whole. Pew didn’t say why people thought this but I am pretty sure one of the factors was the way cyberspace has repeatedly been associated with or linked to alleged or apparent increases in sexual crimes against children.

But has there in fact been such an increase and, if there has, can any of it be attributed to the emergence of the internet as a mass consumer product?

Enter the Prof

The doyen of research in the field of online sex offending against children, Professor David Finklehor of the University of New Hampshire, discussed the issue in a paper he published in 2011 entitled

The Internet, Youth Safety and the Problem of “Juvenoia”

Finklehor looks at whether or to what extent the existence of the internet can be said to have made things worse for kids in the sense that it is exposing them to a higher incidence of sex crimes. This is what he says (pp 5, 6).

…..the concern has been that the Internet was making children more vulnerable to sexual victimization. But sex crimes overall and against children in particular have dropped dramatically in the US…..According to FBI data, forcible rape is down 33% from 1992 to 2009 (about half of forcible rape reports involve juveniles). The child welfare data show sexual abuse of children down 61% from 1992 2009. Those statistics reflect reported cases, but self-report data from the National Crime Victimization Survey and other sources also show big declines in sex offenses against juveniles. So both sex crimes reported to police and child welfare authorities and sex crimes self-reported by victims in various victim surveys are down.

In a similar vein Finklehor also refers to several other aspects of youth health and welfare where, again, the macro trends all appear to be positive in recent years, years that coincide with the growth of the internet.

Does this mean we can say the internet deserves any (or all) credit for the apparent fall not only in recorded incidents of sexual crimes involving children but also in terms of the wider improvements in their health and welfare? No. Moreover, at least in respect of sexual crimes involving children, it is entirely possible there may not have been a fall. Indeed there could have been an increase.

On page 8 of his report Finklehor says

To be clear, none of (the) indicators can individually or collectively dispute the idea that the Internet could have been amplifying deviance and increasing risk. They do NOT provide a rigorous test of the hypothesis about risk amplification. The increased risks from the Internet may still be new enough that they have not started to influence these macro trends or influence them very much. These venerable social problem indicators may also not be good at picking up the specific Internet component of the danger. So for example the sex crime measures may assess violent sex crime but not statutory sex crime, which could be what the Internet is fostering.

Sceptical

Finklehor goes on to say he is sceptical about the latter proposition but acknowledges its existence as potentially valid. He might also have added that the trends he refers to tell us nothing about what might have been happening with or within particular sub groups of children and young people. Macro trends can mask perhaps important shifts at micro level. These will only become apparent if we have better and more granular data.

In summing up (page 23) Finklehor says the following

There may be people who conclude from this essay that all the talk about Internet danger is an exaggeration. But this is also wrong. There are dangers on the Internet. We need to understand them, prevent them and eliminate them. We need active police presence online, hotlines, prevention programs, and pressure on ISPs and social networking sites to minimize risks. We only need to know that there are dangers in order to warrant this. We do not have to argue that the Internet is especially dangerous, any more than we have to argue that our local town is especially dangerous in order to justify law enforcement and crime prevention activities there. We justify airline security not because flying is particularly dangerous, it is not, but because there are some dangers. Even in a comparatively safe city or environment, there are crime and social problems there that warrant serious attention. We are comfortable with this kind of logic elsewhere, we should be comfortable about it in regard to the Internet neighborhood as well.

I could not have put it better myself. But I’ll try. Knowing whether there has been an absolute or relative decline or increase in the volumes of sexual offending against children, or whether this or that proportion of sexual offending is taking place online or offline, is interesting and may also be valuable in helping to form priorities for action, but it is not necessarily the most important thing to know. There shouldn’t be any offending at all and for as long as there is everybody has a duty to mitigate it wherever it is happening.

Data from one country but…..

To make an obvious point, Finklehor is only looking at US data, but this raises the possibility, some might say probability, that the position is similar in other developed nations. However, as the internet begins its march into countries or territories in parts of the world where there is limited availability of social and educational resources, insufficient machinery within the law enforcement community for dealing with online crime, low levels of awareness of the new technologies among parents and teachers, and perhaps high levels of poverty, the hypothesis sketched out for the USA is likely to be of little relevance.

Law enforcement see things differently

It should be noted police all over the world strongly dispute the point Finklehor is so careful not to make but which others wrongly attribute to him.

If Finklehor is saying the jury is still out, by contrast the police have most definitely brought in a verdict at least for that larger portion of the planet which is not the USA.

The police say they are being deluged by entirely unprecedented numbers of cases of online sexual offences involving children. Their evidence is normally not published but the message is consistent from police forces across the world. A lot of it turns on the growth in the number of child abuse images being reported to them, videos and stills.

So how might we explain this?

As Finklehor acknowledges, the downward trends he was commenting on, derived from the “venerable” indicators, may not be connecting with those currents that are now producing the growing number of reports the cops are speaking about.

As a result of being groomed or coerced, if a child knowingly created or appeared in an image or video of themselves engaged in a sexual act, would they be more or less likely to disclose this as a form of sex abuse than would have been the case in earlier times when the abuse might have been more direct or hands on without any image or video being created, much less one that went out on to the internet? It could well be they wouldn’t. That would explain more images ending up with law enforcement but a steady or falling level of reports of abuse showing up in the venerable indicators.

Otherwise we are being asked to believe that more people are looking at and collecting images than ever before, more are in circulation, but this does not necessarily betoken a rise in actual cases of sexual abuse. I guess that’s possible but it seems unlikely.

Could it be the police are finally getting a truer perspective on sex offending against children, an insight into levels which previously had been hidden or didn’t surface to the fullest extent they could, for example because they were subsumed within other types of offending and law enforcement did not manage to obtain or record full disclosure? Previous levels of disclosure were therefore always understating the real levels of abuse and the internet is only now exposing that.

If we look at what happened in the UK in the aftermath of the Jimmy Saville case there was a huge increase (77%) in persons stepping forward with previously unreported cases of sexual abuse, mostly dating from long ago when they were children. Maybe that latency has been around for years. Link that to the comparatively low rate of convictions for sexual crimes and it is not hard to imagine that venerable may also be inadequate.

An intriguing suggestion was put to me by a colleague. She pointed out that the peaks of sexual offending were during adolescence and middle age and we do not know how long the pathway to contact offending might be. As the internet has just celebrated its 25th birthday we might be moving towards a new high point that has been gathering momentum over recent years. Furthermore with the continued growth of the internet in other parts of the world a new and higher plateau of offending may still be ahead of us. The police are simply seeing it ahead of the social scientists.

The fourth possible explanation is much simpler: cops have little to gain from minimizing the scale of the problem. On the contrary some say they are likely to exaggerate it either to excuse poor performance or as part of a (never ending) claim for more resources.

I very much doubt this is in any way a significant part of the answer. Every police force I know in every part of the globe is saying more or less exactly the same thing. I just do not believe they would be motivated or able to concoct and sustain a conspiracy on the requisite scale.

Whatever the explanation the uncertainty about what is happening to kids in relation to online sex crimes feeds into an on-going debate that is entirely false and unhelpful.

On the one hand there are those who argue everything’s cool, the kids are alright and anyone who tries to suggest otherwise is scaremongering or getting things out of proportion usually because they are trying to raise money for their own research or organization. Against that there are those who argue the internet is a terrible place, a constant threat to children and young people if not civilization as we know it and anyone who argues to the contrary is an apologist for Silicon Valley, usually because they are trying to raise money for their own research or organization. Or something like that.

A wide range of patterns of behaviour are changing in many different ways because of the fantastic possibilities the internet is opening up.  It seems quite likely that we might need to develop new or different tools to ensure our understanding of what is going on is sound. Venerable may need to move over to make way for contemporary.

Of course we all want to stay positive and upbeat about the internet. Its achievements and benefits are staggering. But just as we should not assume everything new is good and inevitable equally everything old is not necessarily bad and doomed. Once more, research will illuminate the path. Yet more work for scholars!!

I get just as tired of listening to those who want to close down the internet as the only way of keeping kids safe as I do listening to Panglossian excesses about its limitless and unquestioned virtues.

Posted in CEOP, Child abuse images, Consent, Default settings, Regulation, Self-regulation