6 year olds, hard core pornography and credit card companies


The word “pornography” has become an obstacle to understanding. To many people, perhaps particularly slightly older individuals who are not regular internet users, it conjures up memories of Playboy centrefolds and Health & Efficiency magazine.

A bit of fun. Never did me any harm. Don’t be such a prude. Might actually be helpful.

People who say things like that just have no idea what is being peddled in cyberspace today. And it’s all free, available 24/7. The publishers make their money by persuading only a tiny minority of visitors to buy extra services. The rest is marketing.

What the law says

Under English case law any site which publishes hard core pornography is meant to have an age verification system in place to keep out sub-18 year olds.

Anybody who thinks the law is foolish and that the material on display, in a giggly, slightly naughty but essentially innocent way, might be useful to youngsters, perhaps deprived of alternative sources of information about sex, is hugely wide of the mark. On the contrary these sites are contributing to an increasingly coarse, brutalised, sexualised culture which puts pressure, particularly on girls but also on young men, to behave like porn stars.

ATVOD steps up

Last week the Association for TV On Demand (ATVOD) published the results of a pioneering study which examined whether or to what extent children and young people between the ages of six and 17 were nonetheless able to access such sites.

The research methodology employed was similar to that used to measure TV viewing figures. The work was carried out by Nielsens. They looked only at access via PCs and laptops, in other words they excluded smartphones and handheld devices. Had these been included there seems little doubt the results would have been different and worse.

In a single month

The period examined was a single month, December, 2013. ATVOD identified 1,266 porn websites which were being visited by UK users. Only one of these was a service regulated in the UK.

Here is ATVOD’s shocking summary:

(This survey) provides the most authoritative picture yet established of the exposure of children and young people to “R18” material. “R18” is the classification of the strongest legal video pornography permitted in Britain and covers content which, on a DVD, can be found only in a licensed sex shop or cinema and is restricted to buyers 18 or over. It portrays a range of real, rather than simulated, sex acts.

At least 44,000 primary school children accessed an adult website… that is one in 35 of six to 11 year-olds in the UK going online.

200,000 under-16’s accessed an adult website from a computer. This is one in 16 children in that age group who went online in the same month…..

One in five teenage boys under 18  going online were clicking on porn websites from a PC, and one adult site – which offers free, unrestricted access to thousands of hardcore porn videos – attracted 112,000 of these teenagers.

…..at least 473,000 children between the ages of six and 17 accessed an adult internet service, mostly offshore – one in ten of young people that age who went online.

Pusillanimous banks and credit card companies

ATVOD’s suggestion was that the credit card companies, and the banks that own them, should stop processing payments to the identified sites. The financial institutions expressed sympathy but they said they wanted fresh legislation to hold them harmless of any claims. In other words they refused to act.

Such pusillanimity is disappointing. I seriously doubt the banks and credit card companies need any legislation to pull the plug on payments to sites which are demonstrably breaking the law. Quite the opposite. Could it not be argued the banks and credit card companies are themselves committing an offence? By allowing these sites to use their payments systems   are they not aiding and abetting the commission of a crime? Are they not helping to sustain sites that are harming our children?

Government’s weak response

When ATVOD’s numbers came out there was a suggestion from the government that the recently announced policy on  internet filters would deal with the problem of keeping under-18s away. The filters definitely will help but the implication was nothing else needed to be done. Wrong. The filters should act as a backstop not as the first line of defence.

I have no problem with Parliament stepping in to put the matter beyond peradventure, but really? As far as the banks and credit card companies are concerned if it were a site selling drugs or guns what would happen? They act against sites using their logo in connection with child abuse images and WikiLeaks showed they could be galvanised if they thought the issue was sufficiently important or were put under enough pressure.

What should the new law say?

The Crown Prosecution Service has been reluctant to authorise actions against hard core porn web sites under the Obscene Publication Act. They say juries do not want to convict. That being so, the answer is obvious. Remove the need to bring obscenity charges. Create a new regulatory offence. Web site owners would be required to show they had a robust age verification mechanism in place. Not having one would be a crime. This is not so very different from what we already do with online gambling web sites.

Because most of the owners of the porn sites in question reside overseas the penalties for the proposed new offence would have to be sufficiently severe to allow extradition treaties to be invoked to bring people to the UK to face trial in our courts.

Such a new law could also make clear that companies providing any sort of service in connection with the provision of an online hard core pornography web site e.g. a bank or credit card company, an advertising agency, a web hosting company or domain name supplier for that matter, would need to satisfy itself that the site was complying with the age verification law otherwise they too would be committing an offence.

That should do the trick.


Posted in Age verification, Pornography, Regulation, Self-regulation

Piracy web sites – threats to kids in Singapore


In a previous blog I referred to research carried out in Australia looking at the sort of items and services that were provided, advertised or associated with piracy web sites. I have just come across another report on the same issue. This time Singapore is the focus.

My interest in this subject stems principally from my involvement with online child protection. Too many parents – and policy makers for that matter – think that piracy web sites are simply places where kids go to have a bit of fun by ripping off big companies that can probably afford it anyway. So what’s the worry? They don’t take the problem seriously because they don’t think it’s a serious problem. They are completely wrong.

In the Singapore study the researcher went to Pirate Bay and typed in the word Brave, being a reference to the animated Disney cartoon about a heroic young Scottish girl. Sure enough Brave was there but surrounding it were ads for stem cells that apparently would provide you with a larger penis, an ad for a dating agency featuring a scantily clad young lady in a shower and an invitation from local “sluts” who want to….well, actually, I think I can leave that bit to your imagination. The Singapore study was therefore not so very different from what had been found in Australia.

Fully 90% of all the ads on the Singapore-facing site were linked in one way or another to what the author calls “high risk” areas e.g. for gambling scams, malware or sex, meaning prostitution. 13% of the ads fell into this latter category. The largest proportion – 40% – were devoted to malware, typically “free” software that really just allows bad guys to take over your computer so they can rip you off or enables them to use your machine to rip off others, probably both.

None of this is a surprise I suppose. No respectable or responsible business would ever knowingly advertise on a site that was so completely wedded to the promotion of unlawful activity in the way pirate pages are.

The site was offshore so it seems the Singapore authorities thought there was little they could do to prevent it from continuing to operate. I’m not so sure.

Despite their early pretensions to be somehow part of a progressive anti-monopoly current, the truth is these piracy sites exist to make money for the owners and the cash comes from advertising. That means someone somewhere is processing payments. Thus if international law enforcement activity isn’t going to deliver a result perhaps the banks and the credit card companies could step up?

This isn’t just about protecting the interests of rights-holders it is also very much about helping to create a better internet for all of us, but above all for our kids.

Posted in Uncategorized

Taking age verification seriously – not


Outside of the family, with few exceptions, children tend to mix with other children of roughly the same age. They do so within environments which, similarly, are likely to consist principally of their peers.  The adult world is not so very different although, obviously, there is more scope for mixing. Where we find adults drawn to children’s spaces, or children gravitating towards adult ones, we rightly see this as a potential marker for problematic behaviour and risk.

In the real world societies across the globe have constructed well defined lines of demarcation between adults’ and children’s places. Certain types of retail establishments will not allow under 18s on the premises. Many pubs and clubs are the same. Where children gather, for example for sports activities, unaccompanied grown ups are often barred. Then there is a whole raft of items which sub-18s may not buy. Alcohol, tobacco, pornographic movies and violent video games are perhaps the most salient in this context.

Age related rules are meant to be taken seriously

We have attached legal sanctions to many of these age-related rules. A breach can land the offender in prison.  These regulations were relatively easy to enforce when the item or service was secured by walking up to a counter and asking for it. Proprietors had a legal obligation to satisfy themselves as to the person’s age. If there was any doubt and proof could not be provided there and then they had to halt the transaction.

But not on the internet

By contrast the internet has created spaces which are open to everyone with equal facility. With a single, important exception in the UK (online gambling), content and services which are very obviously intended for adults in practice are just as easily available to kids. Few people try to justify or celebrate such a state of affairs by referencing a mission to improve inter-generational understanding. Instead the message sent out to some is that the real world rules are not meant to be taken that seriously after all.

Why is age verification only working with gambling?

The answer to that question I’m afraid is very simple. Despite many of the online gambling companies repeatedly saying they took the issue very seriously the fact is the problem of under age betting online wasn’t solved until the law changed and everyone was compelled to introduce age verification as a condition of getting a licence to run a site. Up until that moment, with a small number of honourable exceptions, none of the major companies had wanted to make a move because they were worried they would lose business to less fastidious rivals. They changed when everyone else did, and everyone else did because they had no choice.

If 18 is the benchmark 

Thus, as with gambling, where the sale or provision of any product or service is legally limited to persons aged 18 or above there is simply no excuse for companies getting it wrong. However, because they do not need to obtain a licence far too many companies knowingly continue to break the law every day in the belief that the possibility of being prosecuted is small and, if found guilty, the consequences are negligible.

But what about other online spaces, where the law is silent but companies themselves designate their services for persons aged 18 or more? Recommendation 5 of the Bailey Review reads as follows

…..those providing content which is age-restricted, whether by law or company policy, should seek robust means of age verification…..

I do not know of a single online business that has followed Bailey’s recommendation.

So why isn’t it happening?

I have already given one reason: no one feels under any pressure. Other or additional explanations are also occasionally aired by various voices e.g. the enforcement of age related rules on the internet would require online businesses to be even more intrusive, to collect even more information about us than they already do.

The idea that the key online businesses would, as a matter of principle, be against collecting more information about their customers is implausible in the extreme. They know practically everything else about us as it is. Their businesses depend upon it.

It’s all about the ads

At one level, of course, companies have no interest in knowing who you actually are, much less your real age. You are a data point. You generate behavioural information that is utilised to present you with targeted advertising.  Everything else is superfluous or a cost which also adds to the complexity of the operation.

Security concerns

It has been suggested that collecting information about children would necessitate building large databases which could become magnets for paedophile hack attacks or create similar security threats. Hmmm. That too stretches one’s credulity. Either companies are confident they can keep their data secure or they aren’t, and if they aren’t they shouldn’t be in business anyway. I’m sure such concerns are genuine but if I was a customer of a company that said something like that I’m sure I’d want to know they were taking just as much care of my data as they were any child’s or group of children.


Not every country has the available online databases which would allow the policy to work as smoothly as it does in the UK with online gambling.  Or so I’m told. Maybe there are even legal obstacles in some jurisdictions. But even if either or both these things are true, and they could be, that’s no reason to refuse to do it where it could work.

For sub-18 groups it’s different 

18 is an important cut off point in every country. It generally marks the arrival of adulthood and with it full legal competence. But in many countries, including the UK, there can be other age levels below 18 which also have legal significance. The problem here is the online databases to allow these to be verified just aren’t there. So that does present a challenge but it is one which is well within the collective and probably also the individual reach of a number of large internet companies. And once more the fact that you cannot do it for everyone right now is not a reason to refuse to act where it could be done.

Other alibis for inaction

Companies might be concerned that if proof of age is required people will be afraid this means they may also have to offer up other details of their true identity. They might be too embarrassed to do that for certain types of goods or service or on certain types of site. It could cost the business some customers. 

Alternatively,  businesses might think age verification systems are expensive, clunky and time consuming. They would put people off and again cause them to lose customers.

Wrong on all counts: at scale age verification for persons aged 18 or above can be very inexpensive, the processes can be completed in sub-two seconds without the client ever leaving the web site. Systems are also available which allow accredited third parties to vouch for a person’s status as an over 18 without them having to surrender any other personally identifiable information. A digital token or something similar  could be attached to a log in to flag that this person has been confirmed to be over 18. In fact you could view a policy of this kind as being consistent with broader principles of data minimization.

However, if big internet players don’t like the available methods of age verification they have it within their means and power to develop their own. 

Current framework of engineered uncertainty cannot last

Unless and until the dust has settled over the Edward Snowden revelations I doubt this question will get much of an airing in public policy circles but it is only a question of time and timing. Everybody in the business privately acknowledges the current arrangements are unsatisfactory and are not sustainable in the long run.

All we are waiting for is the spark which will bring about the necessary and inevitable change. In the meantime a disproportionate burden is placed on the shoulders of parents. Keeping kids safe on the internet is a shared responsibility but that implies all the partners in the joint venture pull their full weight. At the moment they do not.

This blog is based on one that appeared in the Winter 14 edition of Outlook magazine

Posted in Age verification, Consent, Default settings, E-commerce, Internet governance, Privacy, Regulation, Self-regulation, Snowden

Sexual offences against children on the internet


In my last but one blog I discussed some research published by Pew. It showed that a surprisingly high proportion of internet users in the USA thought the internet had been a bad thing for society as a whole. Pew didn’t say why people thought this but I am pretty sure one of the factors was the way cyberspace has repeatedly been associated with or linked to alleged or apparent increases in sexual crimes against children.

But has there in fact been such an increase and, if there has, can any of it be attributed to the emergence of the internet as a mass consumer product?

Enter the Prof

The doyen of research in the field of online sex offending against children, Professor David Finklehor of the University of New Hampshire, discussed the issue in a paper he published in 2011 entitled

The Internet, Youth Safety and the Problem of “Juvenoia”

Finklehor looks at whether or to what extent the existence of the internet can be said to have made things worse for kids in the sense that it is exposing them to a higher incidence of sex crimes. This is what he says (pp 5, 6).

…..the concern has been that the Internet was making children more vulnerable to sexual victimization. But sex crimes overall and against children in particular have dropped dramatically in the US…..According to FBI data, forcible rape is down 33% from 1992 to 2009 (about half of forcible rape reports involve juveniles). The child welfare data show sexual abuse of children down 61% from 1992 2009. Those statistics reflect reported cases, but self-report data from the National Crime Victimization Survey and other sources also show big declines in sex offenses against juveniles. So both sex crimes reported to police and child welfare authorities and sex crimes self-reported by victims in various victim surveys are down.

In a similar vein Finklehor also refers to several other aspects of youth health and welfare where, again, the macro trends all appear to be positive in recent years, years that coincide with the growth of the internet.

Does this mean we can say the internet deserves any (or all) credit for the apparent fall not only in recorded incidents of sexual crimes involving children but also in terms of the wider improvements in their health and welfare? No. Moreover, at least in respect of sexual crimes involving children, it is entirely possible there may not have been a fall. Indeed there could have been an increase.

On page 8 of his report Finklehor says

To be clear, none of (the) indicators can individually or collectively dispute the idea that the Internet could have been amplifying deviance and increasing risk. They do NOT provide a rigorous test of the hypothesis about risk amplification. The increased risks from the Internet may still be new enough that they have not started to influence these macro trends or influence them very much. These venerable social problem indicators may also not be good at picking up the specific Internet component of the danger. So for example the sex crime measures may assess violent sex crime but not statutory sex crime, which could be what the Internet is fostering.


Finklehor goes on to say he is sceptical about the latter proposition but acknowledges its existence as potentially valid. He might also have added that the trends he refers to tell us nothing about what might have been happening with or within particular sub groups of children and young people. Macro trends can mask perhaps important shifts at micro level. These will only become apparent if we have better and more granular data.

In summing up (page 23) Finklehor says the following

There may be people who conclude from this essay that all the talk about Internet danger is an exaggeration. But this is also wrong. There are dangers on the Internet. We need to understand them, prevent them and eliminate them. We need active police presence online, hotlines, prevention programs, and pressure on ISPs and social networking sites to minimize risks. We only need to know that there are dangers in order to warrant this. We do not have to argue that the Internet is especially dangerous, any more than we have to argue that our local town is especially dangerous in order to justify law enforcement and crime prevention activities there. We justify airline security not because flying is particularly dangerous, it is not, but because there are some dangers. Even in a comparatively safe city or environment, there are crime and social problems there that warrant serious attention. We are comfortable with this kind of logic elsewhere, we should be comfortable about it in regard to the Internet neighborhood as well.

I could not have put it better myself. But I’ll try. Knowing whether there has been an absolute or relative decline or increase in the volumes of sexual offending against children, or whether this or that proportion of sexual offending is taking place online or offline, is interesting and may also be valuable in helping to form priorities for action, but it is not necessarily the most important thing to know. There shouldn’t be any offending at all and for as long as there is everybody has a duty to mitigate it wherever it is happening.

Data from one country but…..

To make an obvious point, Finklehor is only looking at US data, but this raises the possibility, some might say probability, that the position is similar in other developed nations. However, as the internet begins its march into countries or territories in parts of the world where there is limited availability of social and educational resources, insufficient machinery within the law enforcement community for dealing with online crime, low levels of awareness of the new technologies among parents and teachers, and perhaps high levels of poverty, the hypothesis sketched out for the USA is likely to be of little relevance.

Law enforcement see things differently

It should be noted police all over the world strongly dispute the point Finklehor is so careful not to make but which others wrongly attribute to him.

If Finklehor is saying the jury is still out, by contrast the police have most definitely brought in a verdict at least for that larger portion of the planet which is not the USA.

The police say they are being deluged by entirely unprecedented numbers of cases of online sexual offences involving children. Their evidence is normally not published but the message is consistent from police forces across the world. A lot of it turns on the growth in the number of child abuse images being reported to them, videos and stills.

So how might we explain this?

As Finklehor acknowledges, the downward trends he was commenting on, derived from the “venerable” indicators, may not be connecting with those currents that are now producing the growing number of reports the cops are speaking about.

As a result of being groomed or coerced, if a child knowingly created or appeared in an image or video of themselves engaged in a sexual act, would they be more or less likely to disclose this as a form of sex abuse than would have been the case in earlier times when the abuse might have been more direct or hands on without any image or video being created, much less one that went out on to the internet? It could well be they wouldn’t. That would explain more images ending up with law enforcement but a steady or falling level of reports of abuse showing up in the venerable indicators.

Otherwise we are being asked to believe that more people are looking at and collecting images than ever before, more are in circulation, but this does not necessarily betoken a rise in actual cases of sexual abuse. I guess that’s possible but it seems unlikely.

Could it be the police are finally getting a truer perspective on sex offending against children, an insight into levels which previously had been hidden or didn’t surface to the fullest extent they could, for example because they were subsumed within other types of offending and law enforcement did not manage to obtain or record full disclosure? Previous levels of disclosure were therefore always understating the real levels of abuse and the internet is only now exposing that.

If we look at what happened in the UK in the aftermath of the Jimmy Saville case there was a huge increase (77%) in persons stepping forward with previously unreported cases of sexual abuse, mostly dating from long ago when they were children. Maybe that latency has been around for years. Link that to the comparatively low rate of convictions for sexual crimes and it is not hard to imagine that venerable may also be inadequate.

An intriguing suggestion was put to me by a colleague. She pointed out that the peaks of sexual offending were during adolescence and middle age and we do not know how long the pathway to contact offending might be. As the internet has just celebrated its 25th birthday we might be moving towards a new high point that has been gathering momentum over recent years. Furthermore with the continued growth of the internet in other parts of the world a new and higher plateau of offending may still be ahead of us. The police are simply seeing it ahead of the social scientists.

The fourth possible explanation is much simpler: cops have little to gain from minimizing the scale of the problem. On the contrary some say they are likely to exaggerate it either to excuse poor performance or as part of a (never ending) claim for more resources.

I very much doubt this is in any way a significant part of the answer. Every police force I know in every part of the globe is saying more or less exactly the same thing. I just do not believe they would be motivated or able to concoct and sustain a conspiracy on the requisite scale.

Whatever the explanation the uncertainty about what is happening to kids in relation to online sex crimes feeds into an on-going debate that is entirely false and unhelpful.

On the one hand there are those who argue everything’s cool, the kids are alright and anyone who tries to suggest otherwise is scaremongering or getting things out of proportion usually because they are trying to raise money for their own research or organization. Against that there are those who argue the internet is a terrible place, a constant threat to children and young people if not civilization as we know it and anyone who argues to the contrary is an apologist for Silicon Valley, usually because they are trying to raise money for their own research or organization. Or something like that.

A wide range of patterns of behaviour are changing in many different ways because of the fantastic possibilities the internet is opening up.  It seems quite likely that we might need to develop new or different tools to ensure our understanding of what is going on is sound. Venerable may need to move over to make way for contemporary.

Of course we all want to stay positive and upbeat about the internet. Its achievements and benefits are staggering. But just as we should not assume everything new is good and inevitable equally everything old is not necessarily bad and doomed. Once more, research will illuminate the path. Yet more work for scholars!!

I get just as tired of listening to those who want to close down the internet as the only way of keeping kids safe as I do listening to Panglossian excesses about its limitless and unquestioned virtues.

Posted in CEOP, Child abuse images, Consent, Default settings, Regulation, Self-regulation

Nudity on the net


In most countries of the world there are legal controls governing the display and supply of pornographic images. Essentially publishers or distributors are subject to laws which seek to restrict access to adults. Quite severe penalties can be visited upon anyone found to be out of compliance.

There is a gigantic quantity of pornography on the internet and there is little doubt much of it is being published illegally i.e. it is being made available without any checks to determine whether or not the viewer has reached the requisite age limit, usually 18.

But what about pictures depicting “simple” nudity i.e. showing naked people but without there being any sexual component? Such images are not illegal in many places, although they are in some.

Lots of us who are not prudes or at all prissy recognise that attitudes towards nudity can nevertheless, quite legitimately, span a great range of perspectives among persons of many different cultural backgrounds. There is no single or “correct” view. There is therefore generally a widespread expectation that displays of nudity will be restricted to appropriate environments. Rarely will these encompass public spaces.

Even in the most liberal and liberated countries nudist beaches are generally in a secluded spot or the nudist part of the beach is clearly demarcated. This is founded on a respect for people’s right to deal with personal matters of this nature in their own way.

When it comes to the internet nudity presents special problems. It would be impossible for software to pick out an image containing a lot of human flesh and then also be able reliably to determine if there was a sexual component to it which would convert common or garden nudity to pornography. Moreover, on large platforms there simply aren’t enough human eyes available to see everything that gets posted. For this reason most of the internet companies I know of that operate in the mass market simply ban all forms of nude displays or displays of sexual organs on their site.  This is a sensible, precautionary step to protect sensitivities in relation both to nudity and pornography

If people really want to publish pictures of themselves with no clothes on or to look at pictures of other people in the buff there are thousands of sites where it is perfectly possible for them to do that. But for the larger sites a ban on all forms of nudity is probably the only practical approach.

Posted in Age verification, Internet governance, Pornography, Regulation

The Internet at 25


25 years ago in Switzerland Tim Berners-Lee developed the basis of what we now know as the worldwide web.  With the arrival of this technology the internet would soon cease to be the exclusive preserve of academia, geeks and big business.

Yet according to research carried out by Pew, even in the richest and probably most techno-saturated country in the world, the USA, today 13% of the adult population do not consider themselves to be internet users. The correlation between one’s level of educational attainment, earnings and being online is extremely high.

Surprisingly, while 76% of adult internet users say the internet has been a good thing for society, fully 15% say it has been a bad thing and 8% say it has been both a good and a bad thing in equal measure. So that’s nearly a quarter of adult internet users who clearly have reservations. Respondents were more positive about the effects of the internet on themselves as individuals, as opposed to society as a whole, but even in this group almost 10% thought the internet’s impact was negative.

Can we add non-users to those with negative feelings and get a larger demographic of outsiders and cyber malcontents? Probably not. You could be a non-user for all sorts of reasons and still think the internet was good for society.

Pew doesn’t tell us why people felt one way or another so, at one level, we’re not much further forward. However, since governments can be elected or thrown out on the basis of similar vagueness what we’re left with is an overall impression, and it’s one that we ignore at our peril. Therein lies vulnerability to the vicissitudes of politics.

Taken together I would say these numbers suggest the internet is doing very well, but maybe not quite well enough. My gut feeling is that, at least in part, the problem is that too many people think of the internet as if it was a seamless, single entity. Something bad that happens on one bit of it, or with one application, somehow reflects on the whole kit and caboodle. The internet is still not properly understood on a wide enough basis.

To be a trusted medium, to be truly accepted as part of the warp and weft of a modern society the Pew numbers need to be higher across the piece. The internet needs to be thought of as a public utility, in the same manner as household gas, electricity, water and the highway. If something undesirable happens on one or other part of the electricity grid nobody calls into question its underlying structure or purpose.

The industry ought to appoint a new PR agent but it also has to develop a more convincing narrative which in turn can only be based on demonstrable improvements in several areas. Not an easy thing to pull off in such a heterogeneous, highly competitive environment. But if it was easy it would already have happened.

Posted in Consent, Default settings, Internet governance, Regulation, Self-regulation | 1 Comment

Taking stock of the Coalitions


In December, 2011, Vice President of the European Commission Neelie Kroes identified five areas where she wanted to see internet companies taking action to make the internet a better place for kids. In the name of self-regulation Kroes asked the industry to promote

  • Simple and robust reporting tools: easy-to-find and recognisable features on all devices to enable effective reporting and responses to content and contacts that seem harmful to kids;
  • Age-appropriate privacy settings: settings which take account of the needs of different age groups (such settings which can determine how widely available a user’s information is; for example whether contact details or photos are available only to close contacts rather than to the general public);
  • Wider use of content classification: to develop a generally valid approach to age-rating, which could be used across sectors and provide parents with understandable age categories;
  • Wider availability and use of parental control: user-friendly tools actively promoted to achieve the widest possible take-up;
  • Effective takedown of child abuse material: to improve cooperation with law enforcement and hotlines, to take proactive steps to remove child sexual abuse material from the internet.

Not the best possible start

Nobody I know acknowledges having been consulted about the choice of items that Kroes decided to highlight, moreover their sudden emergence suggested a certain froideur which sat ill with what was supposedly the birth of a new era of co-operation. Coming not that long after what industry saw as a “dangerously radical”, vaguely menacing speech by the then new DG, Robert Madelin, suspicions were aroused. Mistrust stalked the corridors. Not the best possible start.

More grumbles, a big breakthrough and some good work gets done

There were also grumbles about some of the companies Commission officials chose to invite to meetings, and those they didn’t, but the really good news was major mobile phone handset, tablet  and games console manufacturers agreed to climb on board. Previous attempts to get them to engage had failed while all manner of new internet enabled portable and other devices were rapidly moving centre stage.  Definitely one up to Neelie.

31 companies enrolled as members of what soon became known as the CEO Coalition. See the table below for the full list.

Over the following two and a bit years multistakeholder working groups and sub-groups were formed both to document what the 31 businesses were already doing on the five points and to set out the new things they were proposing to do to respond to the challenge.

For a number of the smaller, newer companies these different groups and their outputs were perhaps the most valuable aspect of the CEO Coalition. What they learned in the course of the discussions helped nudge them towards better policies and practices. It’s a shame this dimension has not been given greater acknowledgement.

Maybe even some of the larger, longer-established businesses also changed a few things as the odd loophole, inconsistency or poor design was uncovered during the process. On both counts the Commission deserves another big thumbs up.

With no fanfare or flashing lights

On 9th February, 2014, in time for Safer Internet Day, the companies’ final reports to the CEO Coalition were published on a Commission site. I say “final” somewhat tentatively because there is a degree of imprecision about where exactly the CEO Coalition now stands. Either way these reports and the web page they are on most decidedly are not the least bit user-friendly or journalist-friendly. It looks to me as if zero thought and probably zero money were invested in presenting and promoting what should have been a high point if not also the end point of a lengthy and at times an extremely intense affair. Thus did the CEO Coalition fizzle out. RIP.

The results

As the table shows, of the 31 companies that signed up to the CEO Coalition 26 completed the course, at least in the sense that they submitted the required reports. That’s a pretty good hit rate. Five companies appear to have fallen by the wayside. They are not shown on the Commission’s web site. 26 out of 31 means, in my book, the Commission again gets lots of Brownie points.

Aside from submitting reports what actually happened?

What do these reports represent? The simple truth is there are no mechanisms in place to evaluate them. Yes, anyone can download the documents and look but who will have the necessary time, stamina, expertise and understanding of the context?

Right now we therefore cannot know if the reports rendered under the CEO Coalition give a true and fair representation of what the company in question is doing to make the internet a better place for kids much less what they changed to make it so following the Commissioner’s clarion call. This also means, at one level, we cannot generalise or draw conclusions about how well the approach embodied by the CEO Coalition has worked. But wait. What’s that I see?

Winding back a bit – the ICT Principles Coalition hoves into view

Six months or so before the announcement by Commissioner Kroes key players in the internet industry had already decided to come together to push forward the online child safety agenda. Was this a defensive measure or a positive gambit? Search me. Could be both. Anyway the companies concerned formed the  ICT Principles Coalition.

Since the Principles Coalition was initiated and was going to be financed wholly by industry it had all the hallmarks of a genuine attempt at self-regulation. Referring back to my earlier point about the suspicions that were around, many industry people therefore wondered why exactly the Commission felt it needed to jump in just at the point when companies appeared to be getting their act together? The whiff of politics hung heavy in the air. Rumours were rife about who was politicking with whom.  This is not altogether surprising when you hang out around the Berlaymont building but that only underlines the need for care and transparency with certain kinds of processes.

The stated idea of the ICT Principles Coalition was to get hi-tech businesses to sign up to a framework of undertakings which would describe their strategic approach to children’s and young people’s use of their products. The Principles Coalition subsequently decided to incorporate Kroes’s five points into their statement of objectives, thus effectively merging the work streams of both Coalitions. The Principles guys then added a sixth one all of their own to address education and awareness.

The difference between the two Coalitions

The ICT Principles Coalition differed from the CEO Coalition in one vital respect: in contrast to the CEO guys it was clear from the outset that the reports provided under the Principles set up would be independently evaluated by an expert honest broker. The companies agreed to fund the evaluation. They appointed a highly respected academic from Ireland, Brian O’Neill, to select and lead a team to do it.

Thus, given the overlap between the two Coalitions, here is an interesting question: how many companies that made reports to Commissioner Kroes under the CEO Coalition will, in effect, have their performance independently monitored or evaluated by virtue of them also being part of the ICT Principles Coalition?

Participation in the Principles Coalition seems to have fluctuated. At the moment it is understood to have about 21 members. As you will see from the table they include eight companies that were never part of the CEO Coalition.

Of the 31 CEO Coalition companies only 13 decided to become members of the Principles group. That means only 13 CEO Coalition members are guaranteed to have their efforts looked at in detail.

I am not suggesting companies in the CEO Coalition that refused to join the Principles Coalition did so in order to avoid their work being given an independent examination. Definitely not. But if we look at the CEO Coalition as an exercise which carries with it the potential for the sort of public reassurance that such scrutiny implies, the net outcome of the CEO Coalition, all those meetings and all that angst, comes down to and involves only 13 businesses. Admittedly some of them are large and important, but that’s not quite or entirely the point.

The Coalitions’ membership and performance

CEO Coalition ICT & CEO ICT Only
Apple AVG
BT Club Penguin
Daily Motion Bwin.Party
DeutscheTelekom DeutscheTelekom Portuguese Telecom
Facebook Facebook TDC
Google Google Telekom Austria
Hyves Unibet
Liberty Global
Nokia Nokia
Orange Orange
Skyrock Skyrock
Telecom Italia Telecom Italia
Telefonica Telefonica
Telenor Telenor
TeliaSonera TeliaSonera
Vodafone Vodafone

The sites marked in red are the CEO Coalition members whose statements did not appear on the Commission’s web site on 9th February, 2014.

Principles Coalition helped the CEO Coalition

My own view is in a strange way even though the Principles Coalition predated the CEO Coalition the fact that the CEO Coalition was formed gave extra weight to the Principles’ processes. If the CEO Coalition had not been established with energetic backing from Robert Madelin and his staff who knows how the Principles Coalition would have turned out? That said, to end up with the work of only 13 of the CEO Coalition’s members being looked at in detail has to be a little disappointing. If the CEO Coalition put lead in the pencil of the ICT Principles Coalition it wasn’t very much lead.

Moreover the question of how all or any of the work done under the CEO Coalition will impact on or be taken up by a wider range of businesses has been left hanging in mid-air. I do not think the ICT Principles Coalition is strongly minded or equipped to go on an evangelical mission.

Thus I think the ICT Principles Coalition may have to tool up to get evangelical and, of course, it goes without saying that the evaluations currently being carried out by Brian O’Neill need to come out strongly positive. If either of those conditions is not met we may be back to square one with a question mark hanging over how we get the sort of internet our kids deserve.

Must be more to self-regulation than promises nobody checks

I mentioned earlier that the whole world is free to look at all of the reports published by the CEO Coalition, and I indicated a degree of scepticism about whether or to what extent this would happen in any sort of meaningful way.

When questioned, Commission officials appeared to assume, and on at least one occasion expressly said, they believed the ever-vigilant media, NGOs, academics (or competitors?) between them would keep everyone in the CEO Coalition process honest. Companies would worry that a false declaration or the absence of a declaration could expose them to reputational damage. That would be enough to guarantee participants’  integrity.

Any process or idea which depends upon the self-starting vigilance of the media is seriously flawed. It leaves too much to chance. Putting on one side the vagaries of the daily news agenda, news outlets around the world are increasingly hard-pressed. Too many journalists are under constant pressure to produce copy. In some spaces journalism has become little more than  churnalism. There has always been a bit of this around but today it’s on steroids.

The temptation to go for the easy-to-report, easy-to-find stuff can be overwhelming, even on our most revered and esteemed national organs. This tendency is more pronounced where there is a geeky element to the narrative which may require a little extra effort to understand the basics. Alternatively the techie journalists who already are or easily could get clued up are either not interested in kids’ stuff, or their affiliations to one or other part of the internet industry makes it difficult for them. Then there’s the little matter of cross-media ownership and how that might influence the way different challenges are viewed.

As for relying on NGOs to act as scrutineers: many would love to. They try their best but too many are using their hard earned resources working directly with children or they are living hand-to-mouth, struggling to stay afloat or to find the next grant or contract to keep them going. Academics and other commentators equally can be severely constrained by entirely external factors.

Not any kind of regulation worthy of the name

Under-resourced units within the Commission and a motley array of NGOs, academics and others are having to contend with the PR Departments, Government Liaison Officers and research facilities of some of the richest and smartest companies on the planet. It is very far from being an equal struggle. To call this self-regulation is to trivialize and reduce the concept to nearly nothing. Self-regulation meets Amateur Night. Self-regulation in the advertising industry and in many other areas does not work like that.

It is completely unrealistic to expect the target or subject companies to put all this to rights by their own hand or volition although some of them are plainly capable of moving in the right direction. Among the major players there are just too many conflicting or competing interests to allow them to come together in that way.

Many of the internet based companies look in horror at the way the Telcos are tied up in knots by regulation and they are determined to avoid getting sucked into any sort of comparable situation, whether voluntarily or not, by stealth or not. They intend to exploit the advantages their relative freedom gives them. In other words at bottom almost every internet firm is, in truth, quite happy to keep things as loose as possible for as long as possible.  Turkeys should never be expected to vote for Christmas is probably how they see it.

And so, the end is near…..and a new beginning beckons

I could be wrong. Maybe the Commission can stay out of it. Whether or not the Principles Coalition turns out to be a good model for self-regulation depends on what we make of the 13 reports currently being assessed by Brian O’Neill and his crew. If they come out the other side with a net positive, and they find a way to draw in many more online businesses, maybe that will point the way ahead. Self-regulation will triumph.

Later this year we will have a new Commission. Doubtless they will want to take a view on the way forward. This time around we will all be a little wiser, a little less innocent.

DG Connect has a lead responsibility for encouraging the growth of and investment in high tech industries in Europe, in order to help bolster our strategic position vis a vis China and the USA. This is enormously important to all of us. We want them to succeed. But is there something structurally wrong with asking the DG that must lead on that also to have the lead responsibility for trying to get the same businesses to change the way they work? I’m starting to think there might be.

I will do my best to read and comment on as many of the Principles reports as I can and I hope anyone reading this will do likewise. They are all here. I intend to focus on the 13 companies that were in both Coalitions.

Posted in Advertising, Age verification, Child abuse images, Consent, Default settings, E-commerce, Facebook, Google, Internet governance, Location, Microsoft, Mobile phones, Pornography, Privacy, Regulation, Self-regulation