The nature of the challenges becomes clearer

Last week Keith Bristow, Director General of the National Crime Agency, confirmed what had previously been disclosed on national TV in 2013 by Assistant Chief Constable Peter Davies, the then CEO of the Child Exploitation Online Protection agency (CEOP).  Bristow was quoted in the following terms

I don’t think I can be more candid than say if there are 50,000 people involved in this particularly horrible type of criminality (downloading child abuse images), I don’t believe that all 50,000 will end up in the criminal justice system being brought to justice.

So far so regrettable but, as we have seen, it was not in itself a new disclosure.  What made Mr Bristow’s words unusually interesting was  the fact that he had chosen to raise the issue again. Taken together with the Government’s recent acknowledgement of the wider position  (think Savile, Rotherham, Rochdale and the rest) that rather elevated the point, giving it new political  legs and salience. Entirely predictably Bristow led the early evening news and was all over the papers the next day.

Am I reading this right?

But what Bristow  apparently  said next was definitely new, and at the same time far from reassuring.  In effect he established or gave official blessing to the notion of  a hierarchy of child sex abusers. Since it appeared in my newspaper in reported speech, not quotation marks, and it differs from the official press release I cannot be certain if the journalist got him absolutely right. Nevertheless the sentiment is clear enough. Indeed to a degree it is hinted at in the official release. Here is  The Guardian‘s account

Keith Bristow…..said the police were simply unable to pursue all of those engaged in downloading child abuse images. He said law-enforcement agencies must instead focus on the highest-risk offenders, who at the top end were criminals who sexually abused children. This meant that lower-risk suspects could fall through the net.  (italics added for emphasis)

Now at one level Bristow is expressing what looks like a common-sense idea.  Let’s go after the baddest baddies first and to qualify for that soubriquet you have to be suspected of being a contact offender, actual or potential.  I’m not sure  I would define dangerousness quite so narrowly but it sort of sounds ok because  it suggests we might be able to prevent more children from being abused or stop any on-going abuse that is already underway.

But in this newly declared hierarchy it seems the unpalatable truth is some of the guys at the bottom end  (who presumably are judged not to be potential or actual contact offenders?) likely will never be troubled by a knock on the door. The starkness of this latter declaration shocked many pundits and members of the public alike although this has in reality pretty much been the position for  a good many years. Only now are senior police officers being open about it. Not before time.

How do you grapple with such gigantic quantities of data?

The problem, though,  is starting with the large volumes of data that are now flooding into police operations rooms about online accounts that are being used to engage with collecting or exchanging child abuse images, we simply do not know how, rapidly, reliably or easily, to get from an undifferentiated mass to a list of the baddest or the most likely baddest,  about whom further enquiries ought to be made as quickly as possible.

The broader debate about child abuse in Britain

Rightly there is a much broader debate going on about how we try to stop child abuse happening in the first place (and see Simon Bailey’s  comments) ,  how we help children and young people to develop the knowledge, confidence and skills to avoid being groomed, report abuse and get help should abuse nevertheless happen. That forms an important part of the backdrop to a discussion about child abuse images but there are quite distinct and particular aspects to the online images issue which need separate consideration.

Online child abuse images

In the remainder of this blog I want to focus on some of the specifics which arise in connection with the existence on the internet of extremely large volumes of images and from the fact that they are regularly being accessed by so many people who live within our borders. It is important also not to forget that because a large proportion of these images are produced and stored outside of the UK there are limits to what we can achieve here solely as a result of policies we might adopt in our green and pleasant land.

Finding the baddest from among image collectors 

Faced with a new list of persons suspected of involvement with online child abuse images it is probably obvious that people with prior convictions for child sex offences ought to be high on the list for further investigation and probable arrest but please note that, historically, a goodly proportion of those who have been identified as being involved in downloading images have no prior convictions of any kind for anything.

Persons in positions of trust or authority, or individuals who work with children should also come near the top but it by no means follows that a person who does not fall into one of these first two categories is going to be any less dangerous than anyone who does.

There appears to be no common factors or themes

In fact if we know anything about child sex abusers in general and in particular guys who get involved in collecting child abuse images it is that we have not yet been able to discover any common, defining  or overarching characteristics which would allow us easily to separate them out from the general population. There is no  demographic that yields a larger number of baddies than any other at least not if we set the standard as being the potential for a given person  to engage in contact sex offending with his own or other people’s children.

About all we do know, and we know it with a high degree of certainty, is that everyone found in possession of child abuse images, at first sight carries with them the raised probability that they are already or will eventually become a contact child sex offender. Thus  all image collectors are abusers by proxy and an unknown number will be current, past or future hands on abusers as well.

Some (barely believable) studies have suggested that the proportion of individuals arrested solely for possessing child abuse images who have already abused children in real life might be as high as 80%. A CEOP study of likely contact offenders at one point put the figure at over 50%, other reports have come out around 15% or thereabouts. All of the numbers I am aware of imply that the proportion is too high to ignore if safeguarding children from future  or current contact offending is at the core of your concerns.

It follows from this argument that, yes of course, if the police can assemble additional information about individuals which points to the presence of extra risk factors then that should move someone up the list for investigation and likely arrest but emphatically the absence of such additional data at the time of the initial enquiry should never be taken to imply that everyone else  is probably “just a harmless saddo who is only into pictures so we needn’t fret so much”.

The images themselves tell you little  

Our difficulty is that we simply have no way of knowing, solely on the basis of the types of images a person collects, the volumes, the demographic they belong to or the length of time they have been collecting,  how to separate out  actual or potential contact offenders from those who undoubtedly will never lay hands on a child with evil intent.

More research is urgently needed

It is widely assumed, and this is an assumption I share,  that if we did enough, large scale research we might be able to get a better handle on how to spot the potential or actual contact offenders (past, present and future) or at least prove beyond all reasonable doubt that  there is nothing to spot because there is no pattern to find.

If we could find a pattern then, no argument: those  who comply with it are the ones to go for first but since at the moment we do not have one  I am bound to feel our current selection methods are going to be random to some extent or are being tailored more  to the available resources. Nothing wrong with that at one level but we should say that is the case and not try to dress it up with a spurious justification which in fact amounts to deception.

What we would all love is, based on observed behaviours,  for someone to develop a magic formula that algorithmically  could look at a mountain of digital data about a large number of suspects and from that in a few seconds produce a list of the ones that ought to be looked at urgently. That might or might not include everyone the police currently classify as being among the most dangerous, but I have a hunch it would draw in others.

It’s a pipe dream

Anyway, this is a pipe dream because the research has just not been done and as far as I know no one is currently doing it on a large enough scale to allow such an algorithm to be produced even though there are many academics and police officers who would give their eye teeth to get such a project going. It’s a question of money and nobody is putting it up.

In the meantime what we must absolutely never, ever do is simply look at the type of pictures a person has been collecting, or the numbers they have amassed, or the period of time over which they have been collecting them, and deduce from those facts alone whether or not the individual concerned is a greater or lesser risk in relation to current, past or future contact offending.

I have often heard it said that because so and so was found in possession of what we used to call Level 5 images – featuring scenes of sexual torture or rape of children, that the individual concerned must plainly be a greater threat to children in terms of contact offending in the past, present or future.  Counter intuitive it may be, but there is absolutely no basis for such a belief.

The Bradbury lesson

Take the case of Myles Bradbury, a paediatric hematologist at Addenbrooke’s Hospital in Cambridge. In an operation led by the Canadian police information concerning Bradbury was passed to CEOP but officers graded the images as Level 1 – described as ‘depicting erotic posing with no sexual activity’ – or lower and did not pursue the matter.  Bradbury was eventually convicted on 12 counts of engaging in sexual activity with a child, mostly at his hospital. Now this error was finally picked up internally by the police but the sloppy thinking which allowed it to happen in the first place is in many ways more worrying.

We must never lose sight of the importance of dealing with the images

There is yet another aspect of this discourse that is potentially worrying. Implicit in a lot of people’s thinking is that the images matter only insofar as they point to victims  who can be identified, located and rescued, or they enable the police to identify persons who are currently involved in child abuse,  have been in the past or are likely to be in the future.

Of course nobody would argue with any of those objectives but the point is this relegates the images, as such, to a level of instrumentality. The images matter only in so far as they are useful because they serve a  law enforcement end. If they do not then maybe it’s not so important to get them deleted or to ensure that access to them is denied. I have even heard it suggested that in some ways it is a great advantage to the police to have known images out there because it allows them to identify potential offenders whom they might otherwise never detect. Assuming for the moment there could be something in that argument (and I don’t think there is)  we now know the police and the criminal justice system as a whole  cannot cope with the existing volumes of offenders so an argument that rests only on the premise that such an approach will help them find more offenders or suspects really falls at the first hurdle.

Images are a cause and an effect

For a good many men the images are both a cause and an effect of paedophilic behaviour (and that is true whether the images are real or pseudo). So even if the police are not able to identify, locate and rescue every child in every image,  or even if it is impossible to identify, locate and arrest every perpetrator or downloader, that does not mean there are two classes of image: those with some investigative potential and those with none.

All child abuse images matter for at least two reasons:  as previously noted, real or pseudo they are both a cause and an effect of paedophilic behaviour which by definition is likely to put children in danger both now and in the future. Then in the case of real images there is the question of the rights of the children depicted in them. They have a legal right to human dignity, to say nothing of the egregious breach of their right to privacy.  We cannot allow or be indifferent towards the continued circulation of these images or keep them in circulation as bait not least because  they put the child  at risk of further abuse or harm both in the here and now, and also potentially into the distant future ( see Amy’s case).

This is not a problem the police can solve

For these reasons I  do not see the problem of images on the internet as being  principally a problem for the police. Yes we need agreed mechanisms for determining whether or not particular images would be illegal in each participating jurisdiction but beyond that and after that the challenge lies with the internet industry to stop or reduce the traffic. The internet industry is central  to this project and happily most of the large and responsible players are up for it.

We need to employ more police officers but that alone will never do it

In some quarters there is undoubtedly a degree of ambivalence towards the idea of looking to technology to solve the problems presented by the extremely large quantities of child abuse images being circulated on the internet.  Undoubtedly some would rather we simply increased the number of police officers employed on this work so that anyone who engaged with the images might reasonably fear that sooner rather than later there would be a knock on their door following which they would be arrested then convicted. I do not doubt there is an extremely strong case for more resources to be given to the police to fight this type of crime and I hope that Theresa May’s different reviews and enquiries reach the same conclusion. But let us not kid ourselves.  Even if we were living in times of super abundance, as opposed to times of austerity, we still need to suppress the trade in images and that is first and foremost a challenge to the industry not the police.

And it involves the whole criminal justice system

Moreover it is important to remember it is not just the numbers of trained police officers that is important here. With an increased number of arrests for image related offences would also come an increase in the demand for forensic examinations of seized equipment, an increase in the demand for staff capable of carrying out psychological or other assessments of those arrested, an increase in probation and prison staff, possibly also an expansion in the number of prison places, not to mention an increase in the number of court rooms, judges, lawyers and associated staff to make all this work. As I have said, it is doubtful, in the midst of a global recession, whether or not it is realistic to expect countries in the richer parts of the world to be able to contemplate the sorts of expansion in public expenditure such an approach suggests but it is surely completely unrealistic to expect less prosperous parts of the globe to be able to do likewise.

I am not sure when, exactly, it became clear that the police had been beaten by the volume of offenders and images but I sincerely doubt that it is a recent phenomenon. Look at Operation Ore. That started back in the 20th Century when the UK police were handed over 7,500 names and credit card numbers of guys who appeared to have been buying child abuse images over the internet. In other words this  should have been easy peasy. No question of time consuming tracking down of names and addresses of users  where the only information available was an IP address. The credit card number takes you straight to an individual with a specific home address. Yet it is understood that between 2,000 and 3,000 of the 7,500 never had any contact with the boys and girls in blue.

I said earlier that I thought the timing of  last week’s announcement was interesting in the context of  the current debate in the UK about child abuse in general. I suspect over the coming months and beyond we are going to learn a lot about several shortcomings and failures on the part of law enforcement  and others in relation to how they have handled activity in this space but it would be both wrong and unjust to lay all the blame at the door of the police, which was how things were shaping up. If the police have erred at all it is because they did not speak out publicly sooner.

Time for radical experimentation?

However, rather than try to allocate blame and start name calling we should all focus on working out what we do next. And in that regard I think we need to get ready for perhaps some radical experimentation. If we cannot arrest everyone, surely there are other things we can do which might persuade people to cease their involvement with collecting or distributing child abuse images online?  Maybe this is a second best outcome, but it is definitely better than no outcome at all.

Posted in CEOP, Child abuse images, Self-regulation

A safe, secure and sustainable internet and the role of stakeholders

This week the European NGO Alliance for Child Safety Online (eNACSO) organized a lively seminar at the 9th Internet Governance Forum in Istanbul. Larry Magid, CBS Technology Correspondent acted as moderator with contributions from a glittering list of speakers, and me.

Teen Identity Theft

Larry opened with some startling revelations about the scale of teen identity theft and the problems this can cause young people when, many years later, for example when applying to College, they suddenly find out they have a bad credit history which then becomes an obstacle to them being able to put together the necessary funding to pay their tuition and living expenses.

New Forms of Governance

Eric Jardine, Research Fellow at the Canadian, Centre for International Governance Innovation spoke about various models which were emerging in different countries to frame new approaches to internet governance and regulation in both the criminal and civil spheres.

Hazards of Piracy Sites

Ted Shapiro of leading media law firm Wiggin spoke about a study which was commissioned by the UK’s Industry Trust looking at the prevalence of several different types of malware scams, credit card scams and other frauds which are associated with fully 97% of video piracy sites. Many piracy sites rely on the TOR network to try to preserve their anonymity and that of the users in this more modern form of Peer2Peer networking.

Perils of Peer2Peer

Ted’s comments tied in neatly with my own. I told the workshop about something that happened to me several years ago when I was doing research on Peer2Peer networks. I got on to one server which allowed visitors to look at everything on the hard drive. Like an idiot I clicked on a folder and quite unexpectedly was presented with a series of images which I’m guessing had been taken in a mortuary or stolen from a police station. The sick individual I was dealing with had published hundreds of pictures of the mangled human remains of victims of motor car accidents. Sadly those pictures are burned into my memory forever. I still have unpleasant flashbacks about them from time to time. I was in my late 40s when that happened and I thought straight away about the effect exposure to that kind of stuff could have on a child who might have stumbled across them perhaps when they were looking to rip off some music or a video.

More recently we have also become aware of the role of Peer2Peer networks in helping to distribute gigantic quantities of child abuse images, to the point where almost every police force in the world is acknowledging that they are overwhelmed by the numbers.

Phoney Claims

Moreover we have seen how piracy web sites, far from being champions of the little guy against faceless big business, are in fact run by people who profit, among other things, from ad revenues derived from prostitution, fake drugs and, once again, malware merchants.

Need to Reach Out to Parents and Teachers

The last time I had an opportunity to talk to some parents and teachers about Peer2Peer networks and piracy sites they appeared to know very little about the grimy realities of those environments. On the contrary,  to the extent that they did, many seemed to take a perverse pride in the fact that their kids had sufficient nerdy knowledge to be able to use those sorts of programmes.

The Importance of Education and Awareness

This bring us neatly and finally to the last contributor from the platform: Shane Tews is the Chief Policy Officer at 463 Communications and a Visiting Fellow at the Center for Internet, Communications and Technology Policy 

Shane has done a huge amount of work in the field of education and awareness raising in relation to young people’s safe use of the internet. Shane’s view was that whilst there was a proper focus on educating children themselves about the internet’s rules of the road, and in this schools of course have a vital role to play, we still have to find better ways of reaching out to much larger numbers of parents. The home is where children pick up key signals about morality and about behaviour towards others. It is where many important habits develop or mature so modern parents must be equipped with knowledge and insights to help them help their offspring make the right choices both in the online and the offline worlds.

In the discussion that followed the platform presentations it was suggested that one way of dealing with the sort of seedy sites being referred to was to attack their sources of revenue, in particular the ad networks that were channelling funds their way. Perhaps the payments industry itself could become more actively engaged?

No One Wants Kids Mixing with Criminals

There was a widespread consensus that irrespective of the view one took about the laws on copyright and copyright infringement, piracy sites essentially drew kids into contact with criminals and thereby put them in danger from any of a number of different sources. And it is in no one’s interests for any youngsters to grow up believing that to steal other people’s property is cool or clever.

Posted in Advertising, Child abuse images, E-commerce, Internet governance, Pornography

Soros – happy with an unequal playing field

Many people, including me, admire much of the work of the Soros Foundation and in particular the financial support they give to their Open Society Foundation (OSF) as well as lots of individual organizations that are funded through it.  Indeed it was through the work of two such bodies I came up close and personal with the consequences of Soros.

The organizations in question were the European Digital Rights Initiative (EDRI) based in Brussels and one of their close associates the Open Rights Group (ORG) based here in London. Both receive financial support from Soros.

I have no major complaints about either of these bodies. I am glad they exist and I often find myself agreeing with different positions which they advocate. But equally I am clear that when it comes to questions of children’s rights in the digital environment they are not the first places I would look to for sage counsel.

Yet both organizations chose to intervene in a major way on an issue which was of very direct concern to children’s rights on the internet.  A couple of years ago they  mounted a campaign over the European Commission’s proposal to make it mandatory to block access to web sites known to contain child abuse images. The Commission lost. In the end EU Member States were merely given an option to block such sites.

I do not intend to reopen the whole argument about blocking but what struck me in the course of the debate was how well organized and resourced our opponents were as compared with the  great majority of the children’s organizations that were trying to intervene and make their points. No complaints about that either but when I saw ORG and EDRI were receiving financial support from Soros I thought I would approach OSF to see if they would consider funding an initiative that would help put an alternative point of view e.g. by prioritising children’s rights in cyberspace

At first I found it very difficult to make a connection with the relevant person in the appropriate bit of the Soros empire but eventually a friend of mine casually mentioned that he knew various people there and I asked if he could introduce me. He did.

Long story short, I was offered a meeting in June which I accepted. The only point that was not resolved in our correspondence was where we would meet. On the morning of the appointed day I dropped Soros a further email to ask for confirmation of the place (I assumed their offices). I got a reply within minutes saying I had misunderstood (I hadn’t) and that no meeting had been arranged (it had).

My correspondent then told me that that day in June  was now impossible but maybe they could fit me in in August? In the meantime, Soros told me that if I wanted to talk about blocking web sites I should speak to EDRI or ORG. No irony was apparently intended

As a matter of fact, in asking Soros for a meeting I had made no mention of web blocking. I said the following

I work with children’s organizations and have an interest in how we reconcile the openness of the internet with the need to protect children.

I am not saying Soros had necessarily jumped the gun – most certainly the issue of web blocking was a trigger for my approach – but it was not the only one and anyway I hadn’t mentioned it at this point.  There is a much bigger picture. They might at least have done me the courtesy of hearing me out.

Risibly and gratuitously, making matters worse not better,  I was then  told Soros itself took no position on web blocking. They “rather let our grantees speak” But the OSF then somewhat spoilt that angle when their correspondent added

As I understand it, web blocking would not be the solution to help get the children out of situations of abuse and make the images unreachable. They need to be taken down through law enforcement coordination. 

This shows how pitifully little Soros understands about the issues involved, but there you go.  Anyway, as I said I was offered a date in August but I was also told:

We would not be in a position to fund children’s rights groups but would hope (other) funders would (help) with this type of advocacy.

Passing the buck? Refusing to accept responsibility for what their money is doing?

My concluding words therefore were:

So are you saying there is no point in my coming to see you in August because it is clear the Open Society Initiative cannot consider funding the type of work I have alluded to? 

The reply was

It would be a big departure from our strategy (i.e. we are funding digital rights advocacy groups around the world). So the answer is that I do not think we’d be able to fund the groups you are thinking about. I’d recommend (you) try (someone else).

So there we have it. The OSF are content to fund interventions which run counter to children’s interests and  they  just hope someone else will pick up the tab when it comes to ensuring there is a balanced debate. Very unimpressive.

Posted in Child abuse images, Default settings, Internet governance, Regulation, Self-regulation | 1 Comment

“Friendly ” WiFi gets off the ground in the UK


I know I have written about this before but last week something that was going to happen, finally did.

On 17th July Britain became the first country in the world to roll out a national scheme which informs members of the public that the wifi being offered in this or that shop, coffee bar or other establishment, or on this or that train or bus, in a  municipal Lesiure Centre, park or whatever, is Friendly because it has got filters installed which block access to porn sites and web addresses known to contain child abuse images.

The UK’s main WiFi providers have signed up to the scheme although some are blocking additional types of adult content, over and above the basic minimum described above.

Thus, if a business wants to offer wifi to their customers and it goes through one of the main providers it will be supplied with  a filtered service by default.

If a business does not want any filtering they can either find another supplier or they can ask for the filtering to be modified. Obviously in either case they will not be able to use the Friendly logo (see below) to advertise their compliance with the scheme.

Obviously no wifi supplier will agree to lift the block on child abuse sites but the porn filter could be made to vanish. It is anticipated  that only businesses  operating in an overwhelmingly adult environment e.g. nightclubs and casinos, are likely to be interested in such a possibility but it is there.

The organization that is administering the scheme – the  Registered Digital Institute –  has developed a neat little logo that will appear in shop windows and the like to indicate that the wifi service being provided conforms to the minimum standard. It is to be hoped that it will quickly become recognized by parents and other discriminating internet users and they will either go into the shop or coffee bar, or not, based on whether or not the logo is visible, and that will act as an incentive for a great many  businesses to sign up. Here is what it looks like


friendly wifi


Tesco is one of the first big brands to get behind the Friendly WiFi idea. That’s a very good start. Lots of people will be watching how this works out. Stay tuned.







































Posted in Child abuse images, Default settings, E-commerce, Internet governance, Pornography, Regulation, Self-regulation, Uncategorized

ICANN and children’s interests


According to ICANN’s web site its next public meeting is the 50th in the series and it’s being held in my home town – London. A golden moment of sorts. This set me thinking about ICANN’s record in relation to issues affecting children’s and young people’s safe use of the internet.  It is not impressive. That’s a great pity because there is much that could be done to make things better if ICANN was so minded.


Many children’s organizations supported the idea of establishing a xxx domain. It had the potential to help shield minors from age inappropriate pornographic content. For different reasons not everyone in the free speech community or in the porn business agreed. Nonetheless steady progress was made through the ICANN machinery.  xxx was moving towards approval. Late in the day President George W Bush heard about it. The US government fired a shot across ICANN’s bows.

Then as now ICANN is meant to be an independent body but they ran scared. There followed roughly seven years of consultation, arbitration, litigation and all manner of exceptionally detailed investigation but in the end, in March 2011, the red light got the green light. The key point to grasp here, however, is that substantial commercial and political interests had become engaged. They captured ICANN’s attention big time.

child oriented domains

The contrast between the story of xxx and what happened with a new raft of child oriented domains could not be sharper.

In 2011 ICANN announced a process to expand the number of generic Top Level Domains (gTLDs). This is now drawing to a close. A great many gTLDs appear to have been approved and others are still wending their way through.

At the commencement ICANN issued general guidelines to all potential applicants informing them of the conditions they would need to fulfill to become a Registry for one of the new domains. ICANN’s starting point was that, fundamentally, all entities applying to become a Registry would have to meet the same criteria.

Major players zeroed in. Lawyers, lobbyists and governments got involved. Bankers and pharmacists, for example, became concerned about who might be given the right to sell domain names ending in .bank or .pharmacy and on what terms.  Without strict controls and strong vetting they worried all kinds of cowboys might end up with a .bank or .pharmacy web site and hold themselves out as being legitimate banks or pharmacies, perhaps with disastrous consequences for millions of people and for legitimate enterprises.

Complex, protracted negotiations took place. At least in respect of .bank and .pharmacy a good outcome was finally achieved.

What happened with the child oriented proposals e.g. .kids, .games, .toys, .juegos, and others of similar stripe? Not a lot. ICANN ignored every communication sent to them by at least one major children’s organization which is full of people with a great deal of expert knowledge in this area. Informal conversations took place with a friendly ICANN insider but that was all. It quickly became clear the procedures had already gone way too far. Even ICANN’s  Government Advisory Committee made some sympatico observations but these seemed to gain no traction or the comments on children were simply lost in a welter of wider and (for them) bigger issues they had raised.

Maybe if some of the children’s organizations had had the time and resources to track ICANN’s Byzantine ways they could have intervened in a timely manner, or if they’d had buckets full of cash they might have hired lawyers and lobbyists to go in to bat on their behalf. Things may have turned out differently. But they didn’t. ICANN itself obviously never thought children’s interests were important enough for them, prompted or unprompted, to act to ensure that the right issues were properly considered. No doubt negligence lawyers will be making careful notes should there ever be a case arising from this lack of appropriate oversight.

Thus, for example, while ICANN made general stipulations about not allowing people with criminal convictions to be involved in owning a Registry it gave no indication as to how it intends to ensure this rule is honoured either in relation to the Registry itself or any entities which might subsequently buy and use a domain issued under its auspices.

Could a convicted paedophile end up owning a domain name that directly appealed to children? What about the employees of companies running one of the new child focused domains? Will there be any rules or stipulations about levels of security, supervision or training? In every other area of activity connected with children such provisions are commonplace but ICANN showed no awareness of this dimension and, much worse, no inclination to find out.

Web addresses as illegal advertisements

Some time back in the UK an authoritative legal opinion was obtained by the IWF which made clear that a web site name is, among other things, an advertisement.

At different times it had been suggested to ICANN that they should adopt a policy which, through their contracts with Registries, would prohibit all Registrars from allowing anyone to create a domain name which appeared to advertise, promote or facilitate the distribution of child abuse images. These entreaties were ignored. One ICANN main Board member was adamant such matters could not be made the subject of an ICANN policy because that would involve ICANN in matters of content and content was none of its business.

This argument is baloney. Content is what you find on web sites. Domain names are, as commonsense dictates and the UK lawyer suggests, advertisements for or pointers to that content. Moreover, even if you reject that distinction, since 1999 ICANN has had a disputes resolution procedure to determine apparent conflicts between trademarks and domain names. Clause 3 (b) (ix) (3) asks the complainant to say why the domain name(s) should be considered as having been registered and being used in bad faith. How can anyone make a judgement about bad faith without looking at more than the words themselves? Context is everything and you cannot take a view of that without also having regard to the content itself.

If someone creates a web site called  then fills it with child abuse images there is probably little or nothing ICANN, any Registry or Registrar could have done to anticipate such an eventuality. They are entirely free of blame.

But if an entity is permitted to register and maintain a domain name which makes it plain one is likely to find child abuse images at the site then all three links in the chain are culpable. It is not good enough to say that the domain would eventually be deleted when law enforcement or someone else reports it. That might take years or never happen. The system is at fault for allowing it in the first place.

There is no jurisdiction anywhere in the world where it is legal to advertise the availability of child abuse images. ICANN can and should therefore create a mandatory policy for the whole of the internet banning any domain names which on the face of the record appear to advertise or promote child abuse images, and they should make sure it is enforced. Will it be easy? No. But that is not a reason for refusing to make the effort. The .uk Registry (Nominet) operates such a regime and jackboots are not marching down British streets.

Incidentally, the same principle could be applied to other types of sites that are openly promoting other types of illegal behaviour e.g. in relation to copyright theft and drugs. It is difficult to say what sort of impact such a policy would have but symbolically it would be extremely important: ICANN would be saying it was not prepared to stand idly by and let the domain name system be abused by criminals. Speaking of which…..

The never ending saga of WHOIS

From the beginning the WHOIS directory was intended to be a publicly available virtual document which contained accurate information about who owned which domain names and how to contact them.

As recently as 2009, in the important-sounding Affirmation of Commitments, ICANN solemnly undertook to turn WHOIS into the thing it had always been meant to be.

Along with the FBI and the UK’s Serious and Organized Crime Agency in 2010 I appeared before ICANN’s Government Advisory Committee to plead for urgent action on WHOIS. The inaccuracies and failure to undertake any systematic checking of domain name owners’ credentials was giving a variety of criminals – including those who distribute child abuse images, copyright thieves, drug runners and others – a great helping hand.

However, an ICANN official later revealed that if the promise about WHOIS had not been written into the Affirmation paper the US Government would never have agreed to sign off on it. So much for solemnity. ICANN never intended to keep its word and now they are delaying action for as long as they can.

Today when you ask anyone involved in ICANN what is happening on WHOIS you are told we all need to rethink the modern relevance of WHOIS. A convenient rationalization. Meanwhile dodgy characters register crooked domains because they know in many areas no one will bother to determine their real world identity or whereabouts.

Once again it should be noted that .uk does not do things this way but for such an approach to be taken up globally ICANN has to want it to happen. Obviously it doesn’t. And it’s not too hard to work out why. The fear is the extra bureaucracy and cost of having robust identity verification in place would lead to a reduction in registrations or renewals or to an erosion of profit margins, probably both, for ICANN’s paymasters.

Follow the money

Despite all its breezy rhetoric about being a multistakeholder environment the fact is that, at least until recently, almost all of ICANN’s cash came from two sources: the Registrars and the Registries.  The decision to create new gTLDs also helped boost their coffers to a substantial degree. They received 1,920 applications, each of which cost US$185,000, just to submit. That’s over US$350,000,000. Not bad work if you can get it.

Of course ICANN plays an essential role in maintaining the domain name system and the internet’s technical infrastructure but nothing that will materially affect the revenues of its major sources of finance happens, either at all or at any rate quickly. Multistakeholderism plays straight into that space by slowing everything down.

It’s quite likely ICANN will get away with the present arrangements for some time because the politics of unpicking them or finding an alternative are too fraught with difficulty. But I wouldn’t say it is guaranteed to last forever. Hubris will have its way.

The challenges of multistakeholderism

There is no doubt there are many selfless, dedicated people who, often on a volunteer basis, devote a great deal of time and energy to ICANN because they broadly adhere to and support the liberating idea that the internet embodies.

However, as a close observer of ICANN described it

Most of the ICANN processes are so complex and arcane that only the purebloods, supernerds and those involved in making money out of them are capable or motivated to keep up to speed 

On closer inspection even many of those people involved in ICANN who seem to be volunteers – pitching in for the reason given earlier – when you look more closely you find they are either directly or indirectly in the internet business. For that reason, it must be questionable whether or to what extent the ICANN community is truly representative of any sort of broader public interest.

A UK-based company – InterConnect Communications – looked at this issue, reporting in late 2013. In a uniquely ICANN-esque way, which in part explains a deeper problem, the less than riveting title of the report was

ATRT2 GNSO PDP Evaluation Study

That has to win a prize of some sort. It described its purpose in the following way

This document is an attempt to assist ICANN’s Accountability and Transparency Review Team 2 (ATRT2) in its assessment of the Generic Names Supporting Organization (GNSO) Policy Development Process (PDP). ATRT2 was convened, in part, to review the GNSO PDP with a view toward identifying its strengths and weaknesses, differences between defined process and actual practice, and the extent to which it incorporates the views, advice and needs of all stakeholders, both those active in ICANN and those not typically present for ICANN deliberations.

Here is one of their key findings, to be found on page 51

In the last five years:

  • The vast majority of people who participate in (policy development) Working Groups participate only once. 
  • A small number of participants who have economic and other support for their ongoing engagement have dominated (policy development) Working Group attendance records. 

This has a set of clear implications for policy development. Having such a small pool of regular participants poses accountability, credibility, and resource risks for the policy development process. At the same time, that small pool of regular participants are carrying the load of the PDPs. Of particular concern is the fact that there is a very small pool of potential participants who have the experience to lead, moderate and bring to completion the difficult work of guiding participants and policy through the (policy development process)

If only a way could be found to bring genuine civil society organizations more into the ICANN processes and similar internet governance entities, but it would have to be meaningful not tokenistic. And if this cannot be done maybe we should rethink the whole model or at the very least call it something else.

Remote participation is not a serious way to engage in any sort of complex discussions on a sustainable basis, particularly in multilingual environments. So, first off, at present to be a real part of the ICANN world you need be able to jump on aeroplanes, fly to exotic locations and stay for several days. Flights and hotels cost money, often a lot of money.  You also need time to read the tons of emails and the threads that whizz about. The whole business can rapidly become all-consuming and if it doesn’t the risk is you will serve an ornamental rather than an instrumental purpose because you will be completely surrounded by people whose livelihoods depend on them keeping on top of everything and knowing everybody.

Looked at from the outside it seems pretty much that many of the processes of internet governance have become a justification for their own continuation. As we have seen, the people involved speak their own language largely to themselves. Multistakeholderism as an idea is therefore becoming discredited because it turns out it is anything but. And, to make the point one last time, everything moves at a snail’s pace or not at all which suits many interests down to the ground. Meanwhile, in a parallel universe sometimes known as the real world, companies in Silicon Valley, Seattle and elsewhere, governments and their security services around the world get on with doing their thing, creating, managing and snooping on the internet as it is actually experienced by end users.

The Guardian and Edwards Snowden had more impact on internet governance debates than any number of regional, national or global convocations of the already converted.

Posted in Child abuse images, Consent, Default settings, E-commerce, ICANN, Internet governance, Regulation, Self-regulation, Snowden

Those sensible Germans


Recently I attended an extremely interesting meeting at Google’s offices in Brussels. Principally it was a briefing on a range of initiatives the company is taking in the field of online child safety and about their efforts to make the internet a better place for kids. There were several references to how Google co-operates with external agencies.

One of those agencies is a German organization called Literally translated the main part of their name means child protection. The addition of net makes clear that is the principal focus of their work.

Youth protection and the media in Germany

Germany has a federal system. The key responsibility for media regulation resides not in Berlin but with the the individual states – the Länder. There are sixteen of them. Yet Germany has nationally agreed laws on youth protection in the media. These are reflected in an Interstate Treaty.

The mandate, role and functions of Jugendschutz are defined in the Treaty, the 2003 version of which also created the Commission for the Protection of Minors in the Media (KJM) KJM is constituted as the supervisory authority for the implementation of the Treaty. It can institute enforcement proceedings and issue fines.

Jugendschutz and the KJM

Article 18 (1) of the Treaty makes clear that Jugendschutz and the KJM are organizationally linked.  One of Jugendschutz’s key roles is to remind internet service providers, platform operators and others of their responsibilities to children and young people. As far as I have been able to understand it, in essence where Jugendschutz cannot succeed by persuasion or reminding KJM may choose to step in and use its legal powers. That’s an interesting relationship.

In UK terms Jugendschutz itself is therefore more akin to an Internet watchdog. Research and assessments of cases and new online phenomena are an important part of its brief. However, it also acts as one of Germany’s three hotlines dealing with child abuse images, and gives advice to parents, children and the world at large on how to make the internet a better place for kids.   Quite an agenda.

Seemingly persuasion and reminding often works

Jugendschutz has built up a great reputation within Germany both with German and foreign owned internet businesses that operate there. Companies listen carefully to what it has to say although that may well be against a background of knowing that if they don’t the KJM could get involved. The iron first inside a velvet glove.

In Brussels the Google people acknowledged they had often acted to remove content because of representations made to them by Jugendschutz i.e. without there being a formal requirement for them so to do. Google said they were able to respond in this way because Jugendschutz is an authoritative and legally constituted body. Quite so. Other social media do likewise.

What are the online child protection issues in Germany?

So what kind of things has Jugendschutz drawn to the attention of Google and other online enterprises with a view to getting them taken down? At the Brussels meeting a specific question came up about anorexia web sites. Here are extracts from recent annual reports published by Jugendschutz

2011: Eating disorders: still numerous websites glorifying anorexia

Youngsters suffering from eating disorders can find many opportunities to contact like-minded users on the Internet. They specifically interact in communities and often encourage each other in their high-risk activities.

The number of pro-anorexia websites remains high (616). However, only half of the content could be found on traditional websites (341; 2010: 423), the rest shifted to Web 2.0 services. There, the risk of a negative impact on children and youngsters is greater than on traditional websites mostly only known by insiders.

78% of the content was in breach of youth protection laws and in 83% of the cases the actions taken resulted in removal of the content. 

2012: Pro-Ana sites: increasingly disguised as harmless

On all platforms popular among young persons found content glorifying or promoting eating dis-orders, self-injury or suicide. Platform operators are challenged to take appropriate action, but it is also important to raise users’ awareness of risks.

The number of websites glorifying anorexia has further dropped (2012: 220; 2011: 341; 2010: 423). Here, the efforts of to have endangering content removed and to sensitize communities about the risks have paid off.

However, in 2012, a new movement emerged not openly displaying and glorifying anorexia, but promoting a positive image under the cover of “with Ana”. The website pretends to raise awareness of the problem, but it actually confirms those already suffering from it. Jugendschutz will closely look at this aspect of the problem in 2013.

The number of websites promoting self-injury increased: 36 cases, i.e. three times as many as in 2011. Three out of four websites violated youth protection laws.

Broader provisions of the Interstate Treaty

The scope of the Treaty is impressive. For example Article 19 specifies the conditions under which the KJM may approve self-regulatory codes for organizations wishing to promote or engage with online child protection.

Article 10 provides for the certification of technical measures e.g. age verification, which help protect children from age inappropriate items.

Article 6 addresses the Protection of minors in advertising and teleshopping. Hmm.

Article 5 refers to any content which might impair the development of children and adolescents assuming the content in question has not been cleared for children or adolescents under the German Protection of Young Persons Act. Now there’s a thought. The article also enshrines a broadcasting watershed. Now there’s another thought.

Article 4 contains the following words

Without prejudice to any liability under the German Criminal Code, content is illegal if it…

3. incites..hatred against parts of the population or against a national, racial, religious or ethnic group, encourages violent or arbitrary action against such a group or violates the human dignity of a person or group by insulting, maliciously degrading or defaming parts of the population..

5. presents cruel or otherwise inhuman acts of violence against a person in a manner devised to glorify or trivialise such a manner which violates human dignity..

That is broad language yet there is absolutely no doubt about the intent.

The UK could learn something

Here in the UK whenever questions have been raised about problematic web content lots of people have broken out in a cold sweat. Ugly phrases like politically motivated censorship start getting splashed around. We are told it would be too difficult to define the issues closely enough. We would end up with hopelessly vague terms and so on. All in all we are told to leave well alone and do nothing.

Actually what that means is that internet companies that want to do the right thing are left entirely to their own devices. Things get dealt with informally, on an ad hoc basis. However, by this route a cloak of secrecy envelops what ought to be an openly acknowledged and clear process. Secrecy breeds a suspicion that editorial powers are being exercised in a way that the public would not understand or support or that the law would strike down as an unjustifiable interference with free speech if anyone found out.

Something to think about

I find the German model very attractive.  I can see how in the UK it would help everyone and do so on the basis of declared rules which themselves would be justiciable. Moreover the Jugendshutz-KJM partnership creates a single or at any rate a dual point of reference where a comprehensive body of knowledge and expertise could be developed around children and online media. Without having to define every potential eventuality to the Nth degree we could, as with the German Interstate Treaty, define broad objectives then leave it to such a legally constituted independent body to make determinations about them. Complex issues could be weighed in the balance and judgements reached away from immediate pressures but, obviously, as previously stated subject to judicial review if that was necessary.

At the moment in Britain we have bodies like ATVOD, BBFC, IWF, OFCOM, the Gambling Commission (in respect of age verification solutions), ASA and the Video Standards Council (in respect of online and computer games) all swirling around this space. The Office of the Information Commissioner and even parts of the work of the former Office of Fair Trading (for example on the abuse of free apps) are also in the mix.

I am certainly not suggesting that all of these bodies be divested of their current responsibilities in relation to children and for these to be merged into a single new super regulator (OfKid?) but maybe we could start to think about possible rationalizations and improvements to our present arrangements.

Up to now I had always thought OFCOM would be the obvious lead agency for matters of the kind discussed here but they keep sending out messages that they are not interested. If that remains the case maybe the world should be rearranged around them. Manifesto writers please note.


PS Apologies for the prolonged absence of my blog and thanks for the many enquiries I received about it. A family bereavement, moving house and an unusual amount of overseas travel were to blame. Normal service is now being resumed.

Posted in Age verification, Child abuse images, Default settings, E-commerce, Google, Internet governance, Pornography, Privacy, Regulation, Self-regulation

6 year olds, hard core pornography and credit card companies


The word “pornography” has become an obstacle to understanding. To many people, perhaps particularly slightly older individuals who are not regular internet users, it conjures up memories of Playboy centrefolds and Health & Efficiency magazine.

A bit of fun. Never did me any harm. Don’t be such a prude. Might actually be helpful.

People who say things like that just have no idea what is being peddled in cyberspace today. And it’s all free, available 24/7. The publishers make their money by persuading only a tiny minority of visitors to buy extra services. The rest is marketing.

What the law says

Under English case law any site which publishes hard core pornography is meant to have an age verification system in place to keep out sub-18 year olds.

Anybody who thinks the law is foolish and that the material on display, in a giggly, slightly naughty but essentially innocent way, might be useful to youngsters, perhaps deprived of alternative sources of information about sex, is hugely wide of the mark. On the contrary these sites are contributing to an increasingly coarse, brutalised, sexualised culture which puts pressure, particularly on girls but also on young men, to behave like porn stars.

ATVOD steps up

Last week the Association for TV On Demand (ATVOD) published the results of a pioneering study which examined whether or to what extent children and young people between the ages of six and 17 were nonetheless able to access such sites.

The research methodology employed was similar to that used to measure TV viewing figures. The work was carried out by Nielsens. They looked only at access via PCs and laptops, in other words they excluded smartphones and handheld devices. Had these been included there seems little doubt the results would have been different and worse.

In a single month

The period examined was a single month, December, 2013. ATVOD identified 1,266 porn websites which were being visited by UK users. Only one of these was a service regulated in the UK.

Here is ATVOD’s shocking summary:

(This survey) provides the most authoritative picture yet established of the exposure of children and young people to “R18” material. “R18” is the classification of the strongest legal video pornography permitted in Britain and covers content which, on a DVD, can be found only in a licensed sex shop or cinema and is restricted to buyers 18 or over. It portrays a range of real, rather than simulated, sex acts.

At least 44,000 primary school children accessed an adult website… that is one in 35 of six to 11 year-olds in the UK going online.

200,000 under-16’s accessed an adult website from a computer. This is one in 16 children in that age group who went online in the same month…..

One in five teenage boys under 18  going online were clicking on porn websites from a PC, and one adult site – which offers free, unrestricted access to thousands of hardcore porn videos – attracted 112,000 of these teenagers.

… least 473,000 children between the ages of six and 17 accessed an adult internet service, mostly offshore – one in ten of young people that age who went online.

Pusillanimous banks and credit card companies

ATVOD’s suggestion was that the credit card companies, and the banks that own them, should stop processing payments to the identified sites. The financial institutions expressed sympathy but they said they wanted fresh legislation to hold them harmless of any claims. In other words they refused to act.

Such pusillanimity is disappointing. I seriously doubt the banks and credit card companies need any legislation to pull the plug on payments to sites which are demonstrably breaking the law. Quite the opposite. Could it not be argued the banks and credit card companies are themselves committing an offence? By allowing these sites to use their payments systems   are they not aiding and abetting the commission of a crime? Are they not helping to sustain sites that are harming our children?

Government’s weak response

When ATVOD’s numbers came out there was a suggestion from the government that the recently announced policy on  internet filters would deal with the problem of keeping under-18s away. The filters definitely will help but the implication was nothing else needed to be done. Wrong. The filters should act as a backstop not as the first line of defence.

I have no problem with Parliament stepping in to put the matter beyond peradventure, but really? As far as the banks and credit card companies are concerned if it were a site selling drugs or guns what would happen? They act against sites using their logo in connection with child abuse images and WikiLeaks showed they could be galvanised if they thought the issue was sufficiently important or were put under enough pressure.

What should the new law say?

The Crown Prosecution Service has been reluctant to authorise actions against hard core porn web sites under the Obscene Publication Act. They say juries do not want to convict. That being so, the answer is obvious. Remove the need to bring obscenity charges. Create a new regulatory offence. Web site owners would be required to show they had a robust age verification mechanism in place. Not having one would be a crime. This is not so very different from what we already do with online gambling web sites.

Because most of the owners of the porn sites in question reside overseas the penalties for the proposed new offence would have to be sufficiently severe to allow extradition treaties to be invoked to bring people to the UK to face trial in our courts.

Such a new law could also make clear that companies providing any sort of service in connection with the provision of an online hard core pornography web site e.g. a bank or credit card company, an advertising agency, a web hosting company or domain name supplier for that matter, would need to satisfy itself that the site was complying with the age verification law otherwise they too would be committing an offence.

That should do the trick.


Posted in Age verification, Pornography, Regulation, Self-regulation | 1 Comment