It is two weeks and a day since Mr Cameron disclosed to the Daily Telegraph that he wanted to ensure, where internet access was being made available via WiFi in public spaces, the WiFi provider would take steps to block access to porn web sites.

A public space is defined as somewhere children and young people are likely to be found on a regular basis. David Cameron was not concerning himself with what happens in nightclubs, casinos and the like so it’s clear this is not about free speech. It’s about a time and a place, common decency.

At stake is not just what children and young people might themselves access on the internet away from the constraints of home or school but also what they could be exposed to by thoughtless or inconsiderate individuals whom they may have the misfortune to sit next to in a WiFi enabled coffee bar, hamburger joint, train or what have you.

Does this mean the PM anticipates legislation to compel WiFi providers to deploy anti-porn filters? Not as far as I can tell although it would be very popular with parents. Through the work being carried out by Claire Perry and the UK Council for Child Internet Safety (I am a member of its Executive Board) a voluntary code of practice that will deliver what David Cameron wants was on the cards at one point. However, as of yesterday at any rate, the WiFi industry has started to shy away from the idea. I cannot believe the industry will die in the ditch to defend a “no code” position but stranger things have happened at sea.

The rather thin argument being advanced by the WiFi suppliers in opposition to the idea of having a public code of practice is that, unlike in other areas of internet self-regulation, this is fundamentally about how they conduct business with other businesses e.g. Starbucks and McDonald’s, as opposed to consumers. Even a moment’s thought blows away that analysis. It is one step removed from consumers but it is an exceptionally small step.

No code means no transparency and no accountability, no permanence. No code means we have nothing by which we can judge the performance of businesses or their fidelity to the Government’s declared intentions. The WiFi companies have offered to write individual letters to Ministers telling them what they are doing but that’s as far as they want to go. I am not sure if they realise all the correspondence would be available under the freedom of information rules. All they would achieve, therefore, is a delay in disclosure and they would greatly annoy the civil servants who have to process the FOI requests.

There has been some talk about encouraging a de facto code to emerge by way of a kitemark scheme. I have no objection to that but, even there, to satisfy legitimate public policy concerns there has to be some sort of oversight or evaluation of how it is administered. Anyone can think of a funky child-friendly name, create a nice logo and set themselves up to sell or provide a WiFi kitemark. For it to be credible and acceptable to a wider community though it needs the backing of an organization or individuals who have an established reputation in content classification. There aren’t many of those about the place.

Finally, it seems some WiFi providers are still torn over whether or not to charge extra for helping businesses to protect children from pornography. Just formulating the proposition in that way points to the rather obvious answer.

Those WiFi providers who have already decided to absorb the cost of filtering in their basic offering are smart. No one will be able to accuse them of profiting from porn. Any company that wishes to charge for such filtering, albeit on a “cost recovery” basis will not be able to shelter behind that wall and I hate to think what might get thrown over it.

There are a number of corporate standards which one would expect every reputable business to adhere to irrespective of where in the world they operate. For example I doubt a company like Microsoft is likely to announce any time soon that while they are trying to pursue green policies in Europe elsewhere they really couldn’t give a stuff. Similarly you could knock me down with a feather the day Rolls Royce proclaims it will start assembling machine parts in North Korea using slave labour.

I mention this because I am still thinking about the implications of an email I received from Starbucks HQ in Seattle, USA, a couple of weeks ago. I had asked them about their policy towards WiFi and child protection.

To be clear, in the context of this discussion Starbucks UK is exemplary. In every one of their coffee shops in Britain they installed simple, inexpensive technical measures to protect children from accessing or being exposed to pornographic material via the internet connection the company itself supplied. Big round of applause but in respect of their wider field of operations this is what they said

Starbucks strives to create a welcoming environment and community in our stores around the globe. While we don’t have a specific enterprise-wide, global policy on what customers can and cannot access on our free in-store WiFi, we do reserve the right to stop any behaviour that interferes with our customer experience.

Starbucks has several specific enterprise-wide global policies. The look and feel of their premises. The quality of the coffee and the food that is served with it. With these sorts of things Starbucks does not simply reserve rights. Every franchisee everywhere must conform with closely specified standards that are actively policed and enforced. The company regards them as being core to the Starbucks brand. They take no chances.

Starbucks High Command obviously doesn’t think online child protection is important enough to qualify as an enterprise-wide global policy. Its decisions to block porn or not vary from market to market. That’s a real shame.

Hello McDonald’s

McDonald’s was among the first major providers of WiFi on British High Streets but they anticipated the point about porn. McDonald’s insisted on anti-porn filters being installed from the start. Bravo. Three gold stars. Ten out of ten.

However, I am an Adviser on these sorts of things to the United Nations and the European NGO Alliance for Child Safety Online. I have a professional interest which goes beyond the shores of dear old Blighty. McDonald’s is in over 100 countries. I wanted to know what they did there, so I asked.

In the beginning the McDonald’s Press Office was very friendly but, in the end, they let me down. They did not answer my question about their practice outside of the UK.

McDonald’s in Moscow and Washington DC

I was in Russia last week at the Russian Internet Governance Forum. I decided to conduct a test. I went to McDonald’s on Pushkinskaya (I’m told this was the first McDonald’s to open up in Moscow following the fall of Communism). The WiFi provider was a company called Beeline and I got straight through to hard core porn sites.

The only other country where I arranged for a McDonald’s test to be carried out was the USA. A colleague who lives there did it for me. Different WiFi provider, same result. I’m guessing this means McDonald’s follows the same line asStarbucks i.e. in different territories they put anti-porn measures in place only if the national law requires it or they feel they must because of local conditions. Not the most elevated ethical stance.

Local markets and cultural differences

I accept there are several factors in any business which are bound to be strongly tied to local market conditions but surely there are some which ought to be universal? Specifically in relation to children we have the UN Convention on the Rights of the Child as well as several other international treaties which support that view.

I fully appreciate also that as between countries there can be differences in attitudes towards how children are brought up.  I acknowledge there are greater and lesser degrees of tolerance towards, for example, pictures which feature nudity or even mildly sexual imagery involving adults.

However, the kind of hard core porn sites I have in mind are a very long way away from anything of that nature. We are not talking about a Playboy centrefold c. 1980. There cannot be a parent on the planet who would want their children to be exposed to that kind of material, ever, or want their children to be able to access it, inside or outside the home, accidentally or deliberately.

Only in America

What is even more baffling about this area of policy is how, in Britain, American companies can feel compelled to introduce anti-porn measures whereas in their own backyard they don’t. Are British and American kids so very different? I don’t think so.

Certainly there would be no legal obstacle to Starbucks and McDonald’s introducing anti-porn filters in the USA or proclaiming that it was their intention to do the same worldwide.

Some people seek to explain the attitude of Starbucks and McDonald’s to their domestic market by referring to a prevailing 1st Amendment culture. However, what the 1st Amendment actually says is

Congress shall make no law…..abridging…..freedom of speech

In other words under the US Constitution if an arm of Government attempted to mandate that certain types of content on the internet should be banned it could give rise to a successful legal challenge. But the Constitution is entirely silent in relation to the decisions of private individuals or corporations. It is for them alone to decide.

In US movie theatres a privately-established system of film classification is rigidly observed and on TV there are also exacting standards.  Anyone in any doubt about that need only recall the outcry following Janet Jackson’s wardrobe malfunction when a single nipple was momentarily visible. The US nearly went into meltdown yet for years every day in Starbucks and McDonald’s………

My understanding is that this sorry state of affairs exists because the “internet porn question” has been taken up in the USA principally, if not exclusively, by the Christian Fundamentalist wing of the Republican Party and elements even to the right of them. This has led, in the political class, to the great body of centre and liberal opinion identifying it as a toxic issue. It’s not that they think porn should be accessible all of the time, everywhere to everyone, including kids, it’s just that they don’t want to be seen associating with people whose views, in almost every other respect, they abhor. That’s often how things go in politics but, in the interests of children, it seems to me there ought to be a way of navigating a path through.

And what do children say?

The most recent report of the LSE’s EU Kids Online project is entitled In their own words: what bothers children online? It is based on interviews with 10,000 kids drawn from 25 mainly EU countries. Pornography was named by 22% of the children as their foremost online concern, and there appeared to be no gender based difference. This made pornography the No. 1 issue for kids i.e. it was mentioned more frequently than any other single issue. Video-sharing websites were the ones most commonly associated with pornographic content. Not surprisingly younger children were more likely to be upset by porn than older ones.

Anyway the key point is this survey shows worries about online porn are more than just a projection of adult anxieties. They are rooted in what children and young people themselves feel. It is true that parents may have helped create certain apprehensions about porn in the minds of their children but that hardly changes the current reality for an individual child.

An absence of complaints does not make something right

Within the UK and a few other countries it is definitely the case that there has been a level of activism around online child protection issues in general and about WiFi in public spaces in particular which has not been replicated in other places. Should I say “yet”? However, in any given country the mere absence of complaints or campaigns does not prove no one cares, nor does it make something acceptable. Companies should not drag their feet or duck and dive so as to delay spending money to do what they know in their heart of hearts is right. This is a question of corporate social responsibility.

This not about free speech

Leaving aside sex shops, pubs and similar adult environments I seriously doubt any company operating on a UK High Street would argue that anyone coming on to their premises has a positive right to access porn whilst there. On the contrary, most expressly forbid it in their Terms and Conditions of Use so plainly they do not see this as a free speech issue. They are right. It isn’t. However, it is a challenge in terms of how much further companies are willing to go to make sure the policy works.

No one is saying there should be no porn on the internet. Neither is anyone saying adults should not be able to access porn. This is about a time and a place, common decency. It’s about a desire to shield children from sights and sounds they cannot properly evaluate or process, hence the risk of harm.

A health and safety issue for staff

Moreover what about the people who work in environments which have WiFi? American Airlines introduced WiFi on domestic flights. The unions insisted it be filtered to screen out porn. They didn’t want their members walking up and down the aisles constantly having to look at it on people’s iPads.  The company agreed. Well done to both unions and management. I’m not sure how many trade union officials in Britain or other parts of the world read this blog. I hope at least one or two do and that they will act accordingly.

It’s not every morning you wake up to find yourself on the front page of a major national newspaper sharing a slot with your country’s Prime Minister. That’s what’s happened to me last Wednesday. The media focus was on WiFi in public places.  For these purposes a public space is somewhere one might reasonably expect children and young people to be found on a regular basis.

WiFi in public places : two issues 

The UK’s children’s organizations strongly welcome the greater availability of WiFi but we had become concerned that businesses were providing it in public spaces without having thought through some of the consequences.

We wrote to the UK’s big six WiFi providers.  Inter alia we pointed out that, at home and on mobile phones, parents may have taken great care to ensure filters are in place to protect their children from various types of online content. Yet such measures can be reduced to naught if unrestricted WiFi is available on the street or in places where kids can easily get at it. Albeit unwittingly WiFi providers could be subverting good parenting.

Aside from what kids themselves might access, there’s then the little matter of what they may be exposed to by others whilst on or in the vicinity of the premises of companies or organizations providing WiFi access. The vicinity is important because WiFi signals “leak”.

There is an analogy with what happened historically with porn magazines and videos. Most High Street shops did not sell them.  Where they were on sale normally they would be inside a cover which obscures any sexual detail. Such publications would also usually be placed on the top shelf so as to be out of the line of vision of children as well as adults who might not want to view them involuntarily.

However, coffee shops, burger bars and other places on today’s High Street are now big WiFi providers. If someone is sitting next to you at the same table or at an adjoining one, and they are using a large screen tablet or laptop, even the least nosey person would not be able to avoid “sharing”. Step forward David Cameron.

The PM says

Last Tuesday Mr Cameron disclosed his backing for a code under which providers of WiFi in public spaces would screen out pornography. Big round of applause. Seemingly the final details of the code, the small print, will be reported to the next meeting of the UKCCIS Executive on 7th May. Watch this space.

The UK’s children’s organizations identified the growth of public WiFi as a policy challenge about five years ago. However, it was the more recent discovery of what was happening at  Starbucks, or I should say what was not happening, that piqued and revived our interest.  But first a minor but interesting legal digression.

Sexual Offences Act 2003

s.12 of the Sexual Offences Act, 2003, makes it a criminal offence for an adult to cause a child to watch a sexual act, and that includes images of such an act. A transgressor could face up to ten years in prison.

There are two key elements to the crime. The adult must cause the child to watch the sexual act for his own sexual gratification and, it follows, it must be intentional. Clearly that rules out shopkeepers, coffee bar owners and the like but we are in proximate territory. Motivation is important in terms of establishing criminal intent but in relation to the potentially harmful impact on the child it hardly matters.

Starbucks’ Terms & Conditions of Use

Back to Starbucks.  In the UK as far as I can tell the terms and conditions applying to users of Starbucks’ WiFi had always prohibited people from displaying obscene material. However, the company had failed to implement any of a range of easily available, inexpensive and simple practical measures to underpin and help enforce their no porn rule. Several other big brands operating in the same sort of markets had done so. McDonald’s and Costa Coffee are two that spring to mind most readily.

Following a chance encounter with a senior member of staff at Starbucks I tried to engage with them starting back in July, 2011. My assumption was there was no way the company would have knowingly and deliberately taken a high level decision to make porn and other gruesome stuff available in their shops. It was an oversight. They would put everything right the minute it was drawn to their attention. Wrong.

Talking to Starbucks. Not.

After months of endless emails I was getting nowhere. Stonewalled. I then stumbled on the fact that in the UK Starbucks had a PR agency: Edelman. It is one of the biggest in the world. I got in touch with them. Stonewalled again.

Edelman have an excellent reputation so I ruled out incompetence or rudeness. I assumed Starbucks had instructed Edelman to ignore the issue or put it on a slow back burner.

16 months later – time to try a new approach

Quiet diplomacy is almost always the preferred route but from where I was sitting eventually I concluded that had comprehensively failed. Disappointing, but there you go.

In early November, 2012 I discovered a debate was due in the House of Lords on online child protection. On 8th November, 2012, I briefed Baroness Massey. The debate was the following day and in it Lady Massey referred to the facts about Starbucks that I have outlined above.

A Government Minister was in the chamber for the debate. He heard what was said about Starbucks and expressed horror, as did several other Right Honourable Members. Anyone watching the debate on TV via the Parliament Channel or the internet must have had to pinch themselves. Within hours Starbucks issued a statement saying they would introduce anti porn measures before Christmas. But the public relations damage was done.

PR failure

The next morning the Starbucks story featured on the Today programme, the UK’s premier current affairs broadcast slot, and it was in the Daily Mail, the Daily Telegraph and The Sun. Inevitably it spread to the blogoshpere. Maybe in comparison with the bad press Starbucks was by then getting on tax the porn thing was playing in a minor key but that was no reason to ignore it. The fact that they caved so quickly showed it was avoidable.

After the debate in Parliament no one from Starbucks or Edelman contacted me consequently, on 19th December, 2012, once again I took the initiative and contacted them. I asked Edelman if the promised Christmas deadline was going to be met. I was told it might slip a week or two but was assured someone from Edelman would let me know when it was all finally up and running. Nobody got in touch. I had to find out for myself. I did a check, I think in mid or late January, but I was happy to see Starbucks had kept their word. Starbucks had become a porn free zone. It was a good outcome. As far as I was concerned the matter was then closed. Wrong.

Ooops. Double standards

Towards the end of February I had to go to a conference in Lisbon. There happened to be a Starbucks more or less next to the venue. I discovered Starbucks Portugal was exactly the same as Starbucks UK had been before the change in policy. In other words Starbucks seemed to be doing one thing for British kids and something different elsewhere.

Utilising my network of online security experts around the world I initiated research in 25 countries where Starbucks operates. Long story short: in each of the European countries that were tested, 14 in all, hard core porn was accessible in Starbucks via WiFi. In one instance, in Copenhagen, Starbucks used the WiFi made available to all the traders in the shopping mall where their establishment is situated, whereas normally Starbucks itself arranges the WiFi supply directly with a contractor.

Outside of Europe hard core porn was again accessible via WiFi in Starbucks in eight of the eleven countries where tests were carried out. The three where porn was inaccessible had local laws which required all internet access providers to block sites of that kind.

Is this a case of double standards? Starbucks will restrict access to porn where the law requires it or where it comes under pressure to do so, but not otherwise. That is not an easy line to defend.

Here we go again

After my previous experiences of non-communication with Starbucks and Edelman I felt under no obligation to consult them further or discuss my new research findings with them.

I published a blog setting out what I had found in the 25 countries where tests were carried out. This went up on 18th March. My wife, who is a member of the House of Lords but has a different surname, tweeted about it to her 3,000 followers. The next day she got an email from the CEO of Starbucks UK & Ireland asking if he could speak to her.

On the phone call CEO Engskov gets straight into it, seemingly oblivious to the fact that he was speaking to my better half. He did not dispute the accuracy of my account. His point was largely that

…..it’s a lot more complicated than John Carr’s blog suggests

Hmmm. I know Starbucks works through franchising but if they can control the taste of the coffee and croissants in every shop on Earth bearing their name, if they can determine the look and feel of all the premises carrying their logo, it must be possible for them to exert themselves in order to protect the interests of children and families. It’s a matter of corporate social responsibility.

I have heard mumblings about how the laws in some countries might make it difficult, if not impossible to follow the line I am advocating. OK. If it can’t be done in a number of jurisdictions so be it but that’s no reason not to do it where it can be done.

Incidentally I will take some convincing that there could be any legal barrier which prevented a Starbucks franchisee saying to a local WiFi provider

I would like to pay you to provide my customers with access to part of the internet, not all of it. Please exclude adult sites but let them have everything else. I’ll explain to my customers the limitations I have set.

Certainly there would be no legal obstacle to Starbucks doing it in the USA.

1st Amendment

Congress shall make no law…..abridging…..freedom of speech

In other words under the US Constitution if an arm of Government attempted to mandate that certain types of content on the internet should be banned it could give rise to a legal challenge. But the Constitution is entirely silent in relation to the decisions of private individuals or corporations such as Starbucks in matters of this kind. It is for them to decide. They have no obligations under the 1st Amendment.

The second bit of good news

The alacrity with which CEO Engskov responded to a Tweet by a Member of the House of Lords demonstrated again that Starbucks and (presumably) Edelman are capable of moving swiftly when they want to or feel they need to but otherwise they are obviously content to hand out the mushroom treatment.

But once more there was a welcome result. Several of the colleagues in other countries who had been helping me with the research vowed to take up the issue locally immediately following the publication of my blog. My German colleagues were one of the first out of the traps. On 21st March Starbucks Germany replied saying they were planning to introduce an anti-porn filter as soon as they possibly could.

On 22nd March Starbucks Germany got in touch again, this time on the phone, to say they were raising the matter “at European level.” I have since had this confirmed by a third party, but I am not yet clear exactly what “at European level” means. Are Starbucks going to insist on anti porn measures only in EU countries, or the whole of Europe? And what about outside Europe?

One last conversation with Starbucks

Before publishing this blog I made one final attempt to get an authoritative statement from Starbucks about their plans. I was in touch with their Head Office in Seattle and with the UK Press Office. This is what they said on 22nd April

Starbucks strives to create a welcoming environment and community in our stores around the globe. While we don’t have a specific enterprise-wide, global policy on what customers can and cannot access on our free in-store Wi-Fi, we do reserve the right to stop any behaviour that interferes with our customer experience.

Note they do not have an “enterprise-wide, global policy on what customers can and cannot access on our free free in-store WiFi”.  Does this mean that in some countries they do not explicitly prohibit the display of obscene material, as they seemingly always have in the UK? That would be odd, would it not?

Starbucks should have an “enterprise-wide, global policy” about their responsibilities to children and young people who use their facilities. If they did it would swiftly follow that in all of their shops where WiFi is available they would require that active anti-porn measures are taken.

When I pressed them on the global dimension, all I got back was they have

Currently no plans to share

Is that code? Are they saying the following?

We’re going to do it but we’ll announce it in our own good time

How could this happen?

I am still mystified by several aspects of this sorry saga. How could a large, high profile company such as Starbucks, one that rightly cherishes its reputation as an ethical enterprise, allow this sort of situation to develop in the first place? How come their PR company failed to steer them rapidly into clearer, calmer, less troublesome waters?

I cannot believe the customer demographic for Starbucks would be in the least bit put off to discover that the company was taking active steps to ensure hard core porn was no longer going to be accessible in any of their stores worldwide. Quite the opposite.

What next?

I think Starbucks should make a public announcement soon. They should say their intention is to ensure that, as soon as and wherever possible, when WiFi access is provided on their premises, every shop will have technical measures in place to block access to porn if not also to a wider range of materials not suitable for minors. All of the UK’s mobile phone networks have been doing something similar since 2004. This is not rocket science.

Starbucks coming out in this way would make every retail outlet in the world think about the issue. More than likely it would also capture the attention of municipalities and other sorts of bodies that supply or are thinking about supplying WiFi in public spaces. That would be real leadership. Starbucks could add a little more lustre to their ethical crown.

The International Association of Internet Hotlines, INHOPE, does invaluable work in the fight against online child abuse material. It coordinates the activity of 43 member hotlines in 37 countries worldwide.

Historically where INHOPE was not so good was in publishing reliable data about the outcome of their collective labours. That has finally been put right. The 2012 figures provide a comprehensive and highly informative set of numbers. The picture that emerges is greatly encouraging at one level but it is extremely depressing at another, especially if you live in the Netherlands. I trust the Dutch Government and Parliament will take an urgent look. The situation is truly shocking.

But first the good news – faster take down times

Typically a hotline passes on a confirmed report of an illegal image to the police or the hosting company, sometimes both simultaneously. In the past there have been cases where, even so, the images might still be visible on the web years later. The reasons for this were many and varied but often they could be linked to a lack of police resources in the hosting country. Now INHOPE tells us

in the majority of instances the content is taken down in days and sometimes just hours

More good news -  from North America

At one point the USA and Canada accounted for nearly 90% of all the child abuse material found on the internet. That didn’t mean American or Canadian citizens were necessarily directly involved in producing the pictures. The large number of inexpensive or free hosting services based in North America attracted criminals from all parts of the world. There were too few systems in place to block them or root them out.

Nor did that high percentage mean the victims depicted in the images were bound to be American or Canadian children.  All that could be said with certainty was that the images were being hosted on or could be traced back to machines in either country (with the USA’s share outstripping Canada’s by quite a margin). The USA or Canada were therefore the last hop on what might well have been a long and complex distribution chain. 

However, in 2012 “only” 38% of confirmed child sex abuse material found online was traced to the USA and Canada. Quite a drop. That is still disproportionately high but a long way from what it was and moving in the right direction, downwards.

The bad news

Sadly the number of confirmed reports of illegal material is still going up. In 2012 they reached 37,404, compared with 29,908 in 2011, a year on year increase of 25%. It’s impossible to say how many individual images any one of these reports might have led on to. Following further investigation any single one could have netted millions and resulted in the identification and rescue of many children.

However, Europe’s share of infamy is moving in the wrong direction. It’s going up, now accounting for 55%. Incidentally “Europe” here refers to 26 out of the 27 EU Member States (Sweden does its own thing), Bosnia and Herzegovina, Iceland, Turkey and Russia.

Unbelievably, hosting companies in Holland accounted for 62% of the entire body of illegal images hosted within Europe. It is understood that one Dutch-based company alone accounts for the lion’s share.

On my reckoning this means Holland is hosting 34% of all of the illegal images in the world. Quite how this has come about is what the Dutch authorities need urgently to explain although I suppose we really want to hear what they are going to do about it.

Russia was in second position at 23% of Europe’s tally but it is hard to credit that Holland is responsible for almost three times that amount. Germany was a long way back in third place with 7% and France even further behind at 2%. I’m glad to say so little was found in the UK we didn’t even rate a mention. The Czech Republic, Latvia and Romania were the only other states to feature by name at 1% each.

Commercial v Non-Commercial Hosting

Many have argued that these days the whole of the distribution of child sex abuse material on the internet is an “amateur” affair conducted by and between evil individuals who make no charge for their wares.

Even if that were true I’m not sure it would be much comfort to the victims but anyway INHOPE’s numbers show that fully 18% of the traffic is commercial in nature. We do not know what sums of money are being generated but the point is this suggests the existence of complex systems which in turn may indicate organized crime continues to be involved.

What the INHOPE numbers do not show

What we do not know from INHOPE’s numbers are the proportions linked to different activities or technologies that are used on the internet. How much is linked to web sites or Newsgroups and how much came out of Peer2Peer networks or other technologies which are harder to police? Some INHOPE members take reports and investigate them irrespective of where they originated. Others limit themselves to the web alone.

It could be that these shifts in the technologies will explain the changing patterns of distribution in ways which are more important than observations about alterations in proportions between countries and continents. Neither should we forget that we still have no way of knowing how much of the total trade in illegal images is being reflected in these latest figures. Let’s call this a “known unknown”.

I suspect INHOPE’s figures capture only a small and shrinking fraction of all the online trade in child sexual abuse material. I say this because of persistent reports I hear from police officers in many different countries about criminals with an interest in child sex abuse going deeper into the Dark Web, using onion servers, strong encryption and the like. This in no way diminishes the importance of INHOPE. Quite the opposite. Law enforcement alone can never solve the problem.

More power to INHOPE’s elbow

INHOPE is now under new management. The early signs are very good. We need a reinvigorated INHOPE to keep up the good work and make sure it is aligned with where the greatest needs are, rather than where they used to be. With all the uncertainties which beset projects currently funded under the EU’s Safer Internet Programme there can be no doubt that INHOPE, or something very like it, has to be preserved until the scourge of child abuse images has been decisively dealt with.

We are a still long way off that moment. Unfortunately.

Amazon is one of the world’s largest suppliers of cloud computing services. Hundreds of thousands of businesses, big and small from all over the world, use Amazon as the backbone of their own individual enterprises. Amazon’s business is itself firmly rooted in the cloud. However, I doubt I will be alone in rejoicing at the way Amazon have been able to utilise this substantial cloud-based platform and industry leading position to make the obvious next move up. They are now getting in to celestial computing. How else can I explain this email that I received today?

Benjamin Britten was a giant of 20th Century classical music, but sadly he died in 1976. The idea that he might have a “New Album” coming out on 22nd April, 2013, is simply ridiculous. Of course it is not difficult to work out what Amazon, or whoever is behind this advertisement, was trying to say. The tenor Ian Bostridge and a number of associates are bringing out an album containing new renditions of some of Britten’s songs.

I don’t think Amazon were being deliberately deceptive in presenting the ad in this way. It is just another example of how lousily the online world deals with classical music. They may be able to distinguish to the nth degree between the different genres of more modern fare but when it comes to the classical world they are simply not at the races.

The email Amazon sent invited the reader to click on a link to “learn more” about Benjamin Britten’s songs. I did.  I was offered a biography of Britten and more links to “works” by Britten, although here Amazon made no distinction between CDs containing pieces composed by Britten and CDs presenting concertos by Bach or symphonies by Haydn where Britten was “simply”the conductor.  That’s alright up to a point but there was nothing about any of this which led me to believe Amazon had given any serious thought to how it curates and presents classical music on its site.

I guess there isn’t a lot of money to made out of getting these sorts of things right, otherwise they would. Even so you would expect a company such as Amazon at least to take some professional pride in how it catalogues, displays and describes what it is selling. They should hire someone, or maybe several people who know their classical onions and task them with upping Amazon’s game. I will not be an applicant for such a position but, depending on the outcome, I might buy more from them if they were to show a greater degree of respect for the materials they are trading in and the people who made them.

The International Centre for Missing and Exploited Children (ICMEC) is rightly recognised across the world as being a unique and a key player in the online child protection space. Based in Alexandria, Virginia, within sight of Washington DC it works closely with but is independent of its founder and sister body the USA’s National Center for Missing and Exploited Children (NCMEC), another world leader.

Dealing with online child abuse images is a major part of the work of both ICMEC and NCMEC. Back in 2006 ICMEC published the first of its invaluable research documents. Entitled Child Pornography: Model Legislation & Global Review ICMEC looked at how different countries were shaping up to the challenges of child abuse images in cyberspace or, as it turned out, how they weren’t.

ICMEC draws on the language and recommendations of a range of international treaties and conventions. This means, for example, ICMEC reports always refer to the illegal pictures and videos as child pornography, not child abuse images as is now customary in some parts of the world, particularly in Europe.

A new compliance standard

ICMEC examined countries under five headings:

1. Does legislation exist which specifically outlaws child pornography, and not just pornography in general?
2. Is there an established legal definition of child pornography?
3. Are there laws which expressly criminalize computer-facilitated offences?
4. Is “simple” possession of child pornography an offence, irrespective of an intent to distribute it?
5. Are internet service providers (ISPs) required to report child pornography to the police or some other nominated agency?

In effect ICMEC established a compliance standard.

In the 1^st Edition, 184 countries were reviewed, specifically these were INTERPOL member nations. Only five got a tick under all of the above headings. These were the USA, Belgium, Australia, France and South Africa.  This caused some ruffled feathers. It all centred on point 5, mandatory reporting.

More than one way

Some countries just do things their own way. It’s not a question of good and bad, better or worse. It’s about differences in jurisprudence and legal traditions. Take the UK. There is no general legal obligation to report crimes of any sort but, that aside, the fact is the degree of co-operation between British ISPs, the police and our nominated agency (the Internet Watch Foundation) is so well entrenched I would bet a £1 to a penny that on every single occasion an ISP finds suspected child abuse material it will be reported within seconds, and if it is hosted on a UK server it will now be gone within 60 minutes. For an ISP not to report would be so incredibly stupid it is hard to imagine under what circumstances that might happen. The reputational and legal risks are just too great.

Anyway the result was countries like the UK, Germany and so on were relegated (as they saw it) to the second tier  whereas, and here I am going to spare people’s blushes, it was known that at least one of the countries which got the gold star for having all the right laws in place would score zero or very close to it if anyone attempted to measure what they were actually doing on the ground in terms of implementation and police action.

Only 27 countries came up to scratch. 95 countries had nothing in place.

Disregarding point 5 ICMEC found that 27 countries met an acceptable standard i.e. ticked four out of five of the boxes. That was an astonishingly low, enormously disappointing number but the very fact that ICMEC took the time and the trouble to put that review together established for the first time ever a public reference point which immediately became a spur for legislators and policy-makers in all parts of the globe to get busy.

That same initial report also showed that 95 countries had no legislation of any kind which specifically addressed child pornography. Speaking as a Brit I was shocked to discover just how many of the 95 countries were members of what we used to call “The British Commonwealth” and which we now, less imperialistically, simply call “The Commonwealth”. Thankfully people involved in various Commonwealth institutions also noticed the same thing. The Commonwealth IGF asked me and ICMEC to put together a policy paper and an online child protection toolkit which could be sent to Commonwealth member states to help them with their thinking and planning.  The level of activity on this subject in Commonwealth countries has noticeably increased.

We’re up to 69 & down to 53

ICMEC has just published the seventh edition of their Review. It now covers 196 countries which I think means it is aligned with membership of the United Nations. The 27 countries recorded in the first edition as meeting all the criteria bar the one on reporting have now been joined by a further 42, making 69 in total. The number without any legislation addressing child pornography has come down to 53. Interestingly the rate of progress seems to be picking up. Between the first publication in 2006 and the sixth edition in 2010 the number grew from 27 to 45. Between 2010 and 2012 it moved from 45 to 69. Big round of applause to all concerned not least to the folks at ICMEC for keeping the spotlight tightly focused.

“Simple possession” must be illegal

Obviously the aim must be to get every country up to 5 out of 5 or 4 out of 5, but for me outlawing “simple possession” has to be the cornerstone of any real advances. However, the seventh edition reveals there are still 47 countries where possession is not a crime. In my book this is a fatal flaw. If law enforcement have to prove an intention to distribute (whether for financial gain or not) this severely curtails the range and scope of the enforcement action they can take. Moreover we know from research elsewhere that possession is a key marker which can signal that the possessor is himself a potential hands on child abuser. And if possession is legal it means there is a de facto market. A signal is sent to others to keep on abusing children in order to produce new pictures. The link between possession and abuse is very direct.

Will we ever reach the magical 196? It’s important that we keep on trying. Just as we saw with money laundering, as soon as countries gear up to deal with the issue properly and comprehensively so the bad guys will be forced to go off looking for somewhere else to park their wares. Such disruption is valuable in itself but the goal must be to deprive them of any alternative venues by making every square inch of the planet a hostile environment for child abuse and child abuse images.

More about definitions

Having said that, I think we may hit an insurmountable barrier in relation to the definitions ICMEC and the rest of us use. I remember in particular discussions I had with Iranian Government officials who said they simply could not see a distinction between child pornography and what we call adult pornography. They accepted it was a more grievous crime to harm a child sexually than it was an adult but their view was this could be reflected in court through sentencing policy. Thus, in principle, for them there was no line to be crossed between one type of pornography and another and therefore no need to have separate definitions in law. Both types of pornography are equally profane. I know not all Muslim countries share this view but equally I have no doubts about the sincerity of those Iranian civil servants with whom I debated the point.

The seventh edition also develops earlier work which ICMEC undertook on model legislation, suggesting a range of wider measures that need to form part of any comprehensive approach to tackling crimes against children in this area. In addition the Review contains a summary of the relevant major legal instruments drawn from international law and it discusses issues around implementation.

A “must have”

All in all this is a “must have” publication for law enforcement professionals, child safety advocates, policy makers in the private sector and elsewhere, Governments and editors on every continent. Much has been achieved, but there is still a lot to do. Already I am looking forward to the eighth edition to record yet more progress. But more than anything I am looking forward to a time when there will be no need for any editions at all.

In Britain we have a breed of small, wild apples which tend to have extremely sharp flavours. They are called “crab apples”. I have just had a run in with the other Apple. It left a bitter taste in my mouth. I winced at their incompetence, or perhaps it was simply their sharp practice which made me pucker up .

Here’s the thing. A little while ago a message appeared on my iPad telling me a system update was available. I installed it. Pretty much immediately the installation finished a large icon appeared in the middle of the screen which said “Sound Effects”. There was nothing I could do to shift it. The iPad became unusable. I’d had it about six months.

Eventually I rang Apple. I got some rhubarb about how the support person had never heard of this type of problem before. This happened again on a subsequent call with another Apple guy. Am I being overly suspicious to imagine that this is an oft’ used tactic designed to put you on the defensive by implanting the thought in your mind that the issue you are ringing about is so unusual it must somehow be your fault, not theirs, so you’re just grateful that they seem willing to navigate you away from this self-made mess?

I told the first Apple helper that, before ringing, I had searched the Apple online support community bulletin boards and found several references to the same issue. He told me not to take any notice of those boards because sometimes “nutters” go on them and say all kinds of crazy stuff which, if acted upon, could completely wreck the device. I refrained from asking the obvious question about why Apple supplied links to boards inhabited by “nutters” who could do damage? I thought the boards were approved by Apple otherwise why would they promote them in the way they did?

Anyway in that initial call that lasted over one hour I backed up the iPad and did a complete reinstall. The support person left me to it confident all would we well. As soon as the system came back up so did the annoying icon. Failure.

Because I had an extended warranty I then had a number of options open to me about what to do next. I could send the iPad back to Apple. I was told that if Apple were not able to fix it they would simply replace the iPad “no questions asked and straight away”. Alternatively I could go see an expert in an Apple Store. If the expert couldn’t sort it I was assured it would be replaced. I chose to go into the Apple Store in Covent Garden. This is where I met Nico. Nico tried to rip me off though my guess is he was only following orders.

When Nico looked at my iPad he spotted a small scratch on the volume control button. From this he concluded that I must have dropped the iPad or abused it in some way and  this was the cause of the problem. He didn’t run any tests. He saw a scratch. Enough.

Nico took my iPad and showed it to an Apple buddy standing at an adjoining table. I observed the two of them turning my iPad upside down and sideways. Nico then came back and told me his colleague concurred with his “diagnosis”. By the way the section of the store you are directed to for this high level of service is called the “Genius Bar”. Some genius. Maybe Nico had a PhD in scratch detection.

Long story short because, according to Nico, the problem had arisen from my obvious mistreatment of the iPad my warranty did not cover me for a repair or a replacement. I reminded Nico that the guys on the telephone Help Desk had said that if it couldn’t be fixed on the spot I would be given a replacement. Nico said that was irrelevant because the Help Desk guys had not been able to see the iPad. They couldn’t have known about the scratch. That’s undeniably true.

I asked Nico to explain the connection between the scratch and the appearance of the icon. He burbled about icons like mine being known to appear when something went wrong with the volume control button but, absent any test, I was far from convinced. I asked Nico if he thought it was simply a coincidence the message appeared immediately following a systems upgrade. He said it was.

I told Nico how unimpressed I was with his explanation. Nico asked me if I would like to speak to a manager. I said I would. A few minutes later he came back and told me a manager was not available. Hey ho.

Nico then shifted his ground. He pointed to the power socket and said there was a pin in there which had been bent, probably because “excessive force” had been used when plugging in to a connector. Alternatively I might have bent the pin when attaching the iPad to external speakers.

I can say with complete certainty that the latter had never happened but the fact remains Nico was talking about and pointing to a pin I couldn’t even see. For all I know it doesn’t exist but it is certainly convenient to be able to invoke something like that. I wonder if there is a passage in the Apple Manual which says

If all else fails and the customer seems obstinate or awkward blame the invisible pin. Say it was bent because “excessive force” must have been used. Nobody can know exactly what that means so no one can honestly say it isn’t true.

Again I asked Nico to explain the link between the supposedly bent pin and the appearance of the icon. He repeated the mantra.  Seemingly bent pins are also known to cause error messages of the kind I was receiving. He had done no tests or provided me with any references which linked bent pins to troublesome icons. I think he was making it up as he went along. His job was to refuse a claim under the warranty, and he would not be denied. Essentially I was told to get lost.

Although actually that’s not what Nico said. He told me that, because I had an extended warranty, they would cut me a deal and allow me to replace my iPad at half the normal replacement price. He said he would confirm this in an email. I am looking forward to receiving it. Three days have passed. Hasn’t arrived yet.

But guess what? The very same day when I got home and turned on the iPad I was greeted by a message from Apple advising me that yet another operating system upgrade was available. I installed it. The icon disappeared. Immediately. I wonder if Nico has an explanation for that? Perhaps it’s a miracle? Divine intervention? Another coincidence?

I think it suggests the problem was not in any way linked to bent pins or scratched volume control buttons. It was a software issue triggered by the previous installation of the Apple operating system. If I had accepted Nico’s deal I would never have found that out and Apple would be around £200 richer at my expense.

So watch out in future. If a problem develops with your Apple device and there is any kind of surface abrasion you are doomed. Apple won’t feel obliged to explain or prove the link between it and the problem. Superficiality rules. They’ll just ask you to get out your plastic and give them some more money.

Today if you take a modern motor car into a garage they stick a few sensors on different parts of the engine and chassis. Within seconds you will have a more or less complete picture of every single bit of the vehicle and how it is performing. Makes servicing decisions so much easier and more precise. There are bits of software available that will do something similar on PCs. Couldn’t the guys at the “Genius Bar” have tools like that to help them with their diagnoses and with their recommendations? Or am I missing something?

WiFi access is available in every Starbucks coffee shop in the UK. BT is the WiFi supplier.

Until recently Starbucks UK applied no restrictions to their WiFi connection. This meant the company was providing access to every kind of web site, including those displaying hard core pornography.

Starbucks is not a nightclub or a casino. It’s a coffee bar. A public space. Anyone can go in. Young people and children are often there on their own or with their parents. In light of all the very public debates about the hazards associated with the early sexualisation of children and young people, a company like Starbucks ought really to have clocked this and acted accordingly. Why did they leave their WiFi open in that way?

McDonald’s had worked it out for themselves. When they introduced WiFi to their burger joints in Britain they put a porn filter in place. As far as I am aware they did that without any external prompting. This is not about free speech, it’s about common decency and a time and a place. No self-respecting business or other organization should provide such ready access to hard core porn in those kinds of environments.

Following protests by UK children’s organizations and a speech by Baroness Massey in the House of Lords in November, 2012, Starbucks and BT announced their intention to move swiftly to introduce controls to block access to online porn via their jointly provided WiFi service.  They kept their promise. Starbucks UK is now a porn free zone. But last month I discovered it’s a different story elsewhere.

I was in Lisbon for a conference. There was a Starbucks pretty much next to the venue. I went in, bought a coffee and logged on to their WiFi network. Maybe I shouldn’t have been but I was surprised to notice that the WiFi provider was BT. A little bell rang in the back of my head. Adjusting my false beard, dark glasses, long raincoat and wide brimmed hat, sitting in a corner so I knew I could not be overlooked, I typed in the url of the worst legal porn site I know and got straight through. The noises emanating from that little bell were now deafening.

The investigation

Working with a network of online safety experts on five continents I initiated some research into how Starbucks presents WiFi around the world.

I asked my “crew” to access the same site I got through to in Lisbon. If they couldn’t locate it I asked them to look for similar sites but to send me screenshots of what they found so I could be sure we were still talking about comparable material. In only one instance was that necessary.

I also asked the doughty team to test how easy it was to get online in Starbucks. Were there any serious pre-sign on formalities or authentication requirements? I did this on the (unproven) assumption that if someone believed their activities might easily be traced it would be likely to modify their behaviour in some way.

I set myself a deadline. When it expired I had results from 25 out of over 50 different countries where Starbucks has a presence. I think I could have carried on and got results from all 50-odd but 25 seemed a reasonable number to work with.

The results

In relation to pre-sign on formalities robust authentication was the exception rather than rule both in Europe and the rest of the world.

In every European nation in which a test was carried out, 14 in total, hard core porn sites were accessible in Starbucks via WiFi. In 11 of the countries we were able to identify the WiFi provider. In Poland and Ireland we were not. Nonetheless hard core pornography was still accessible. In Denmark the Starbucks shop where the test was carried out was inside a shopping mall. The WiFi signal was provided by a third party, to the mall as a whole, but through it hard core porn was again accessible inside Starbucks.

As you will see from the table below in four instances where the provider was identified it was BT.

Outside of Europe a further 11 countries were tested. In Australia, Brazil, Canada, Egypt, India, Japan, New Zealand and the USA hard core porn is on tap courtesy of the WiFi connection available in Starbucks. A range of WiFi providers were being used. BT did not feature as a supplier in this batch.

In Oman, South Korea and Thailand porn was inaccessible in Starbucks via the WiFi service they provide but that seems to be because of wider legal restrictions which apply to such sites in those countries.

Corporate social responsibility?

There is a normative aspect to this question. It’s about companies taking responsibility for what they do. Anyone wanting to access porn on the internet will not be short of alternative venues, and even if they were do Starbucks really think they have a special mission to remedy that? At the expense of what?

It is true that even if filters were in place on the Starbucks network, providing they had previously downloaded it, a person could nonetheless still bring up pornographic content on the screen of their laptop, iPad or smartphone. Or they might have independent wireless access to the internet. Pornographic material could therefore still be seen by children and others sitting nearby. Starbucks’ own rules prohibit this type of behaviour but that only adds weight to the argument that as a company Starbucks should not themselves be providing customers with the means of breaking those rules, particularly when a simple and inexpensive fix is available to prevent that from happening.

Double standards

What’s good for British kids I reckon is good for children everywhere but instead what we see is Starbucks blocking porn seemingly only where it comes under public pressure to do so, as in the UK, or in other jurisdictions where it is a legal requirement. Hardly the most elevated ethical stance.

Starbucks should put this right. And perhaps someone from either Starbucks or BT, or both, would care to explain why their consciences seem to be limited by geography?

Loft insulation makes huge sense. The subsidies provided by Government mean that within sixteen weeks of installation it has paid for itself and thereafter you save money every month. Then there’s the little matter of helping preserve life on the planet, not to mention the patriotic satisfaction of making the nation more fuel efficient, less dependent on imported energy sources. It’s not often we get the opportunity to make ourselves better off financially whilst also being virtuous. So why were so few people taking it up?

This was the riddle the Behavioural Insights Team (BIT) within the UK Cabinet Office set out to solve. BIT is sometimes referred to as The Nudge Unit. Nudge theory, initially championed in the fields of economics and psychology, seeks to explain why in particular instances people do not always take decisions which are in their apparent economic or other best interests.  Nudgers discovered diverse factors can get in the way. A lot of this sounds like applied common sense but the genius is often in being the first to point this out then finding a way to fit it into an intelligible framework which allows for its wider deployment as an analytical tool.

Nudging people towards change

Thus, to achieve changes in people’s behaviour it might not always be necessary to regulate or legislate. A particular end can be more surely achieved via a different route e.g. if you tell everyone that the great majority of people in their neighbourhood are doing x this nudges those who aren’t already doing x to start doing so. Alternatively, there might be a small or not instantly obvious reason why something that is clearly desirable is not happening. Call for the nudgers.

It didn’t take BIT long to make headway with the loft insulation challenge. They found the answer was laziness. Inertia. Before you can get your loft insulated you have to shift all the rubbish that has gathered up there over the years.  People just kept putting it off and putting it off. Eventually they forgot.  Earth gets closer to total burnout killing us all but nobody has to miss Match of The Day. Hey ho.

What did the Government do at this point? What they did not do is say

We’ve given everybody the opportunity but we cannot force them.

No, the Government decided their wider obligation – in this case to tackling global warming and reducing the UK’s energy consumption – meant it had to look for more and better ways of getting people on to the better path despite their apparent cussed determination to avoid it. Some might say this was the nanny-state-gone-mad. Others could see it as highly responsible. I favour the latter view.

Loft clearance becomes part of the service

Back to those uninsulated lofts. At the suggestion of BIT the Government persuaded the insulation companies to offer to clear out the junk from people’s attics and get rid of any unwanted stuff. Within weeks take up had increased threefold. When the clearance service was provided at cost and rolled up into the total price of the insulation the numbers multiplied by a factor of five.

I wonder if BIT could have a look at take up levels in the field of internet filtering and perhaps online child safety generally?

Explaining the gap

Whenever you speak to parents about using technical measures to prevent access to age inappropriate content overwhelmingly they say they can see the value of them. Yet the actual levels of take up fall a long way short.  The reasons for this are evident from interviews with parents: they find the technology intimidating and the presentation bamboozling. No surprises there but, given what’s at stake is their children’s safety, what would it take to get the numbers up?

No way am I suggesting the proportion of households with kids under the age of 18 should exactly equate with the number of households using filters but I would expect them not to be massively out of line. Indeed we know from the mobile space that lots of adult customers choose to leave the adult bar (filters) turned on on their handsets because they simply don’t want all the porn or what have you appearing on their little screens. That would suggest the numbers using filters in the family home if anything should be appreciably higher than the number of households with kids.

Faced with this conundrum TalkTalk went in for a bit of nudging.

TalkTalk shows the way

TalkTalk is one of the UK’s largest ISPs. It developed a package of protective technical measures. They were bundled together in a product called HomeSafe. There are three components: web filtering, time management and anti-virus.

TalkTalk introduces HomeSafe to every new customer at sign up. It’s very simple. All you have to do to activate it is tick a few boxes. Roughly 1 in 3 new customers joined HomeSafe and this broadly equates to the number of households across the UK that have kids. Moreover 60% of those who opted in to HomeSafe acknowledged that they probably would not have done so were it not for the fact that TalkTalk prompted (nudged?) them.

It will stand to the eternal credit of TalkTalk that they pioneered such an approach. The children’s organizations had been arguing for something like this for years but our pleas fell on deaf ears. It was quite clear that ISPs as a whole had decided it was likely to be bad for business to talk about safety too much or too aggressively because, in effect, you would be reminding people there were issues of that kind and it might put some off altogether. Like they don’t read newspapers, watch TV, listen to the radio or their children.

Alternatively, and here I hope I am not going to be accused of being over cynical, ISPs figured a rising tide lifts everybody’s boats. In other words ISPs really didn’t need to do very much to attract new customers. People were flocking to the internet in large numbers anyway because they had to. However, once you reach or get near to market saturation, and if we haven’t in the UK we are not far off, you have to start to differentiate yourself from the competition on other grounds. 

The caveats

The TalkTalk example, quite rightly, influenced the Government in a major way when they were thinking about how to improve online child safety. TalkTalk was seen as a positive form of Active Choice, and indeed it was. But it has a fatal flaw.

TalkTalk’s system is all on or all off. In other words within a  HomeSafe household everyone using the internet has identical access rights. If HomeSafe is on, 7 year old Jennie, 17 year old Jonnie and granddad all get the same. This is how filtering used to work back in days of yore. It was the primary reason most families quickly abandoned it. True enough TalkTalk make it easy to turn HomeSafe on and off but if families have to do that too often, in the end, they tend to give up. 

In my view unless and until every family member has their own individual log in with their own age appropriate tailored access rights, and we have developed a strong culture around the importance of only logging in using your own account, TalkTalk-type solutions ultimately will fail.

Now here’s another thing: as a matter of fact TalkTalk do not know how many families with kids are using HomeSafe. The correlation mentioned earlier (the number of UK households with kids and the number of sign ups who join HomeSafe) might be misleading, and see again my earlier reference to the experience with mobiles.

Neither does TalkTalk know how often or for how long  HomeSafe users are turning it off, either as a whole or maybe  just the web filtering part of the package. And if they are turning HomeSafe off, how long does it stay off?

The company does not know how many customers abandon HomeSafe completely and after what period of time or intensity of usage. You would expect some falling away as kids get older but what of the “early abandoners” more generally?

If you sign up for any one of the three elements within HomeSafe you show up in the stats as a HomeSafe user. In theory it is possible, therefore, that a high proportion of the people who are reported as being HomeSafe users might only be utilising the anti-virus software. Who wouldn’t? TalkTalk recently announced that the anti-virus part will be turned on by default so we may soon see how many new customers opt for either or both of the other two components in the HomeSafe offering.

Again to their credit TalkTalk are researching all these points. I await the published results with great interest. I am sure they will illuminate some of the remaining dark corners of our collective knowledge.

What about ISPs’ existing customers?

UK ISPs will shortly be coming forward with their final proposals, à la TalkTalk, to make things easier for people to turn on safety measures when they first join up. The idea is then, as far as possible, for ISPs to put their existing customers in a position similar to that which new customers encounter i.e. inter alia they will be forced to make a decision about whether or not to take up web filtering.

Given that the average annual rate of “churn” among ISP customers is around 15% it is extremely important that this works well. One ISP was heard to say all they were planning to do was send letters and emails to the people who already had accounts with them. That would fall a long way short of being acceptable. Almost certainly such missives would be interpreted as being junk mail or spam and even if some people managed to open them think about loft insulation.

There are any number of ways in which, for example, a persistent pop up could be constructed or, better still, the whole new Active Choice package could be delivered to existing customers via a software or firmware update. Even so, I have a niggling feeling some nudge theory might well help us all see a way forward.

The American Association for the Advancement of Science met in Boston last week to survey and discuss, erm, the advancement of science. Lots of interesting stuff going on with the boys and girls in white coats. One particular piece caught my eye. It concerned the position of mobile phones although I guess, in principle, it might extend to any device which we carry around with us that regularly connects to a network.

Song Chaoming of Northeastern University was able to acquire the phone records of 50,000 mobile users. He then developed an algorithm which, when applied to the data the records yielded, was able to predict with, on average, a 93% degree of accuracy where exactly that individual was likely to be at any given moment. In no case did the algorithm produce a result that was less than 80% accurate. Sam Spade is going to need to find a new way of earning a living.

Now at one level this degree of certainty about people’s movements is not especially surprising. Our lives tend to be filled with regular patterns of movement. But here we see what a single (and one imagines) well-intentioned social scientist was able to expose about us as individuals without him having to leave the comfort of his own computer terminal. I’m guessing all he had to help him were a few PhD students and that they did not have access to all the tools and tricks that “Big Data” have at their disposal.

Here’s the thing: not that long ago we had a fierce debate in the UK about the desirability, or otherwise, of having a national ID card scheme. I have no brief to defend the way the last government wanted to roll out their particular proposals, but its major opponents managed to conjure up a terrifying picture of an overbearing state which knew everything about everything we did, sometimes before we did it. I’d say we are already there, or very close, except it’s not just the state which has or is acquiring that sort of capacity.

If you add together what can be derived from mobile phones, WiFi log ins, GPS data, credit and debit cards, loyalty card schemes and, in London, our Oyster cards, congestion charge or other transport payments, not to mention CCTV, we are pretty much tied up and tracked from the cradle to the grave. And while I wouldn’t want to overstate the case I do think there is something unusually important about location data. It unlocks and points to so many possibilities, not all of them benign. If it is location data pertaining to kids things can get much scarier.

In the same field of research I came across the work of another chap who was also from Northeastern. Step forward Alessandro Vespignani. He’s an epidemiologist who has created a programme called GLEAM – Global Epidemic and Mobility Model. Vespignani has chopped up the world into little pieces and, using various bits of publicly available data about school holidays, people’s movements, some of it apparently obtained from social networking sites, he was able to predict where on the planet a particular strain of flu bug would start to do its dastardly work. In most cases he was right to within a week and he was never out by more than a fortnight.

This second case study is a marvelous illustration of how Big Data can work in ways which are likely to produce a public good, but both remind us of how increasingly small and confined our lives are becoming thanks to the internet and the many devices which hang off it in one way or another.

In the event of an outbreak of a deadly virus, I imagine if GLEAM was able to hook up with the mobile phone databases around the globe the World Health Organization might translate itself into an agency that had to authorise the sale of every airline ticket, from anywhere to anywhere. In some respects we’re not so very far off that already at least in relation to flights to and from the USA where people without any criminal convictions are being refused permission to land in or fly over US territory because of something in their past which links them to types of behaviour or organizations the US authorities don’t like.

I’m starting to feel a little claustrophobic. I’m also cross at the way various interest groups were able to derail initiatives emanating from bodies such as the UK government while appearing to be indifferent towards, silent about or unable to do anything to halt similar practices by companies quoted on the Stock Exchange.

In other words private enterprise is getting a free pass while public enterprise is getting locked up. In relation to my point about public agencies, I concede that my argument is not helped by the fact that, for example, the police rarely seem able to explain with any precision exactly why they want this or that type of information to be stored indefinitely and always to be made available to them instantly, just for asking. They think if they mention the “t” word everyone will or ought willingly to surrender everything without even troubling to ask why. Anyone who knows anything about the News of the World scandal look away now.

It is not easy to see a way forward for those who can see the creative and positive uses of Big Data, but we need to try to work one out. Strong and independent regulation has to be part of the answer. The draft data privacy directive currently wending its way through the European institutions is too flimsy a vehicle in the absence of a big, powerful transnational data protection agency capable of standing up to the might of the internet giants.