Back to School

As the new school year gets underway Internet Matters has just published its latest safety advice. It’s aimed primarily at parents but I am sure lots of  teachers and many children will find all or parts of it very useful.

As you would expect, an important part of the guide takes you through what you can do at home using the parental controls that  the big four ISPs provide to their UK customers. There are links to some wonderful, easy to understand videos.

However, there is also a great section on games consoles, smartphones, apps and those ubiquitous “social networks”

Individual guides are also provided  to explain what you can do on a range of different platforms Although at first glance you might think it will only cover You Tube and Google, in fact if you click on the link there’s a lot more besides, including all the major games consoles, iTunes, and BBC iPlayer.

Usefully there  are in addition specific sections on  Instagram,   Whatsapp and Snapchat.

Interesting and weird statistics

Internet Matters did a little bit of number crunching. 

So now we know, for example, that Newcastle is the smartphone capital of Britain where a whopping 90.5% of 8-11  year olds  own one. The national percentage is  65%, by the way, so there is obviously something in the waters of the Tyne that is spurring them on. I’m embarrassed to say that my home town, Leeds, came near the bottom (46.2%) while otherwise generally funky Brighton was the actual bottom at 40%.

Less easy to explain is why, while 23% of parents “let” their children take a smartphone to school, apparently 80% of them nevertheless think smartphones should be banned from the playground. Clearly they either believe their little cherubs  will dutifully leave handsets in their back packs, desks or lockers or they are willing to allow teachers to get into frisking or patrolling the playground with either a metal detector or something that will pinpoint radio wave transmissions. Probably both.

Posted in Regulation, Self-regulation

On the meaning of “consensus”

There are probably fewer than three people on the entire planet who read the whole of the output of the various online groups that address issues of internet governance. They are all/both academics with a professional interest.

I dip in and out as different topics flare up. I recently dipped into a discussion on the meaning of consensus in the context of ICANN’s  decision-making processes. The writer who caught my eye on this occasion was Milton Mueller. Here is my favourite, slightly edited extract

.….after 18 years….. I have less and less an idea what “consensus” means (within ICANN). The term has been abused so frequently…..I wince every time I hear it. I know what it used to mean – no objection from any engaged party (Quaker consensus). But neither ICANN nor…..anyone except perhaps Quakers actually operate that way.

Of late it seems it has become the fashion in ICANN (and other internet governance quarters) not to refer to a consensus because in truth there never is one. Instead we hear internet governance leaders refer to a rough consensus.  What does Milton make of that?

So  (now) we’re down to “rough consensus” or what I prefer to call “declared consensus” which means in essence that some Working Group chair gets to decide which people/opinions he or she is going to ignore….. 

Elsewhere Milton implies that simply voting isn’t a noticeably superior way of determining matters within ICANN, not least because of the way the weighted voting system itself has been constructed.

Ah well. What can I say? Once Alice followed the rabbit down the hole…..





Posted in Internet governance, Regulation, Self-regulation

Mobile phones as electronic tags for victims of domestic abuse

Interesting release by the excellent Jennifer Perry at the Digital Safety Trust.  Although the focus is on domestic abuse – an extremely important issue in its own right –  it has obvious implications for other types of abusive behaviour

Domestic abuse has gone digital. Mobiles are a perfect tool for abusers to use today. It makes the task of monitoring, threatening, intimidating and harassing a victim so much easier, and safer for the abuser than having to do it in person”  says Jennifer Perry, CEO of the Digital-Trust.

Victims keep their mobiles close to hand, they use them for all their social media, texts and emails. It is a wealth of information for an abusive partner. It can show who their partner talks to, how long, how often. It tracks where they are right now and where they’ve been. The right app allows you to remotely read text and listen in on conversations.

This allows the victim’s mobile to become a very powerful electronic tag with their abuser as their guard. This intrusive monitoring stops victims from having any privacy, isolating them and can prevent them from getting help says Perry


Surveillance behaviour starts when the victim is still living at home. Using a mobile an abuser can:

  • set-up the phone so they have control of the phone account/master password
  • force the victim to provide access to their phone by sharing password or pin
  • read their texts or social media like Whats App
  • see who is in their contact lists
  • look at the location information that shows where they’ve been
  • put spyware or tracking app on the phone

The Digital-Trust has written easy to use step by step guides on how to secure a smartphones. There is a guide for the iPhone, Androids and Windows mobiles.

It isn’t just mobiles – technology such as spy cameras, listening devices and car trackers are becoming much more common in abuse cases.


Digital abuse is a challenge for anyone working with victims and the problem is rapidly escalating. In a survey of domestic violence victims by Women’s Aid 75% reported concerns that the police did not know how best to respond to online abuse or harassment.





Posted in Location, Mobile phones, Privacy, Regulation, Self-regulation, Uncategorized

Starting from scratch – would we reinvent ICANN?

If we were starting over – with all the benefits of hindsight – do you think we would recreate or reinvent ICANN? I don’t.

Crucially what we would not do is allow the key technical functions which ICANN performs to become enmeshed  or intertwined with the economic interests of Registrars and Registries. The public interest – actually almost anybody else’s interests – and the interests of Registrars and Registries do not always coincide. And it shows. The Registrars’ and Registries’ agendas are prioritised. Everything else takes second or third place.

Paying the piper, calling the tune

When I looked at this previously, between them the Registrars and Registries provided 94.3% of ICANN’s total revenues.  ICANN’s policy-making and voting systems recognise and entrench their paymasters’ ability to call the tune and allow them to disregard or minimise anyone else’s plaintiff cries for relief or help.

When is a contract not a contract? When ICANN says so

ICANN constructed a set of rules  by which it said the domain name system would be governed.  However, it then announced to the rest of the world that  in many vital respects it is everybody else’s responsibility to make the rules stick. Not theirs.

So ICANN went through a series of elaborate processes to devise their rules. They clothed themselves with words like agreements and contracts but now say they won’t enforce major aspects of them.  Unbelieveable.

How can I say  all this? Actually I don’t have to.  ICANN said it themselves, or rather someone called Allen Grogan, ICANN’s Chief Contract Compliance Officer did in his recent blog entitled ICANN Is Not the Internet Content Police.  Fadi Chehadé, ICANN’s CEO, has also been saying pretty much the same thing for a while.

Here is the opening salvo.

ICANN is not a global regulator of Internet content, nor should (our) 2013 Registry Accreditation Agreement (RAA) be interpreted in such a way as to put us in that role….

A linguistic sleight of hand?

ICANN seems to have managed a linguistic sleight of hand by redefining the meaning of the word content to cover  anything and everything that happens on a web site or is associated with it. This includes what the rest of us would call activity.

Grogan goes on to say

Institutions already exist that have political legitimacy and are charged with interpreting and enforcing laws and regulations around the world. These institutions, including law enforcement (local and national police agencies as well as intergovernmental organizations like Interpol), regulatory agencies and judicial systems, have the expertise, experience and legitimacy to police illegal activity and to address difficult questions such as jurisdiction and conflicts of law. In most countries, these institutions also offer procedural due process and mechanisms for appeal and are experienced in addressing difficult issues such as the proportionality of remedies. If content is to be policed, the burden is on these institutions, and not ICANN, to undertake such regulation.

I can see what Grogan is driving at but the problem is ICANN’s rules have become so complex, time-consuming and expensive to follow that, when wedded to the enormous volumes  of complaints or issues being generated by those same rules – think phishing, fake pharmaceuticals, spam, child abuse images – for practical purposes the bodies ICANN hoped would enforce their rules actually can’t or they can do so in only a hit and miss way which goes nowhere near meeting the total need.

How to fix it?

More to the point it goes without saying that most of what needs to be done to ameliorate the situation would involve Registrars and Registries taking a more active role in ensuring that registrants do what they are supposed to do and don’t do what they’re not. It’s hard to make a buck out of this kind of thing.

ICANN has thus, in effect, presided over and in many ways created a constant buzz of unlawfulness and frustration.  Yes we are so extremely grateful for  the good bits  but in reality ICANN has also created a platform for crooks. Meanwhile in the name of increasing competition  more and more domain names are made available (more cash for you know who) and a recent report suggests this is simply leading to increased levels of abuse. Brilliant.

Welcome to the labyrinth

To give you some idea of how these things pan out in practice you could do a lot worse than read the Open Rights Group’s correspondence complaining about the behaviour of the City of London Police’s Intellectual Property Crime Unit.

Now I am not going to argue that the police, or anyone, should have carte blanche to behave inappropriately or to trample on anyone’s legitimate interests but just take a moment to look at the hoops and steps set out in the ORG letter. The whole edifice which ICANN has constructed is turning into a nightmare – a virtual Day of the Triffids

Should we rename ICANN The Lawyers’ Benevolent Fund?

Perhaps we should rename ICANN and the heavenly bodies which are sucked into its orbit as the Lawyers’ Benevolent Fund. Meanwhile innocent people and blameless businesses continue to lose out.

People’s patience will eventually expire

Up to now to fend off critics ICANN  has been able to  hide behind its technical role and the threat of potential alternative governance models handing too much power to (ill-intentioned) states. These are not bad defensive positions but they won’t last forever. People’s patience will eventually disappear.

Sure the internet is founded on a technical layer which needs to be preserved and maintained but this technical layer has huge social, personal  and real world impacts which have to become an equally important part of the equation not constantly dismissed as “someone else’s business” or as being in some way only second order concerns. They are first order concerns for the people dying from contaminated drugs, losing their life savings or having their creative work stolen.

Do I have an answer? No. But to return to a theme I expressed in my last blog: we should all refuse to accept that the ongoing abuse of cyberspace is the inevitable price we must all pay in perpetuity for the many undoubted benefits the internet has brought us. ICANN seems to be too mired in vested interests to be capable of reforming itself. The only question in my mind is what will be the trigger event which forces the change?

In the meantime, unless and until ICANN and the rest of us can devise better ways to reduce the amount of online abuse taking place on or through non-compliant web sites no new domain names of any kind should be created.

Posted in E-commerce, ICANN, Internet governance

Italian police expose major link between online crime and Bitcoin

A couple of days ago the Italian police announced the outcome of a major operation against a number of hidden services on the darknet.  There are several interesting aspects of the reports which appeared as a result of the fuller briefing given to  a number of media outlets, as opposed to the bare bones of the Europol press release:

1. In the course of the operation the police seized 14,000 Bitcoin wallets worth about 1 million euros (£700,00 or US$ 1.1 million)

2.  There was evidence that around 170,000 different transactions had taken place through the services in question. These covered a broad range of crime: drugs was a big part of it but also on offer were  false identity papers, hacker kits, credit card codes and other stuff.  The police got into this wider set of crimes through  an  initial operation which began with looking into the distribution of child abuse images.

3. It took the Italian police two years  to complete their work and get to the point where they could arrest the site’s organizer, seize the Bitcoin wallets, close everything down and announce the results.

4. I am sure two years  was needed but one is bound to wonder about the sort of world we have allowed to be created where it takes such a long time to  deal with  something like this. How much damage might have been done while the investigative processes were being completed using undercover policing methods? What level of resources was devoted to this action and  are they sustainable?

There has to be a  better way. We should all refuse to accept that this type of outrageous abuse of cyberspace is the inevitable price we must all pay in perpetuity for the many undoubted benefits the internet has brought to the world.


Posted in Child abuse images, E-commerce, Regulation, Self-regulation

A geek’s view of the world

I was at an event recently that was governed by Chatham House rules. For this reason I cannot name the individual concerned but he is an uber geek, with very strong ties to the Internet Engineering Task Force. The topic of conversation was the ongoing fall out from the Snowden revelations. The upshot was,  according to  my uber geek friend

We have become so concerned about the behaviour of governments around the world we are taking steps to protect the internet from their unacceptable predations.

In saying this he was merely reflecting a widely held view within his professional circles. They were most forcefully set out by every uber geek’s uber geek, Bruce Schneirer

Only an idiot could fail to recognise that trust in governments and the security services has been substantially eroded, not just by  what Snowden revealed but by many other things. My uber geek friend spoke, as Schneirer does, of them – the geeks – making the internet “fit for purpose, trusted again”.

Now I get that and I don’t doubt that most of the people involved in trying to give effect to such a vision are completely genuine in their sense of  being engaged on a righteous mission. Their righteous mission.

But excuse me if this does not rather underline the intensely political nature of the project.

Here comes the cavalry, only it seems the guys in charge of the horses are not elected, not accountable to anyone but themselves. They sit in quiet rooms  on Mount Olympus writing code, pained by and disdainful of the inadequate ways of mortals.  Do I find that any more reassuring than leaving it to the traditional public policy making methods of yesteryear?  You know – where people got elected and if the people who elected them didn’t like what they were doing they threw them out? Hmm. Let me get back to you on that.


Posted in Default settings, ICANN, Internet governance, Self-regulation, Snowden

Audio Visual Media rules must change

Some time ago, in my capacity as Secretary of the UK’s Children’s Charities’ Coalition for Internet Safety, I received a complaint about a hard core porn site that was freely accessible to anyone and everyone although it was clearly aimed principally at a UK audience. It even sported a Union Jack on its home page. I am not going to publish the url. I don’t promote such places, even to my battle-hardened readers.

To be fair, the home page also contained a prominently placed warning about the explicit adult nature of the material within and you had to click on a button to confirm you were 18 or above to access it but in my book all this acted largely as a come on and not as a deterrent or as a serious warning.

Aimed at Britain, based in Holland

But here’s the thing.  The site is domiciled in Holland.

In my view there is no question the sort of stuff they publish would not qualify for certificate 18 status in the UK. Some of it might struggle to get  R-18 although for now let’s assume it would. This means, had the site been located in Blighty it would have fallen within the jurisdiction of ATVOD. That, in turn, would mean it would have to have age verification built in. If there was age verification built in  I would never have got involved in the first place. But it isn’t so I am.

Country of origin principle

Now here’s the problem. Under the EU’s existing Audio Visual Media Directive the country of origin principle applies. In other words if the relevant authorities in the EU Member State where the content is published from consider something to be OK and in line with their interpretation of the Directive then everyone else has to live with it.

The relevant part of the Directive reads as follows in respect of online materials

Content which might seriously impair minors must only be made available in such a way that ensures that minors will not normally hear or see (it)

In the case of the site I am referring to – very obviously aimed at the UK –  it seemed to me that the site’s owners were indulging in a little bit of sharp practice or exploiting a loophole precisely to avoid being caught by UK regulations.

I got on to ATVOD and, after explaining the Euro-law to me, they nevertheless agreed to speak to their Dutch colleagues  – NICAM – to ask for their assessment of the site.

The Dutch take a different view

NICAM doesn’t think the material on display would

…..seriously impair the physical, mental or moral development of minors.  This means that according to the Dutch Media Act, (NICAM) considers the warning page to be sufficient in terms of the protection of minors and does not intend to take any further action in relation to the site.

Now I appreciate that a country of origins principle is probably simpler to operate but most of us live in destination countries not countries of origin. Should simplicity  be the only important consideration in a matter such as this?

Where a country’s cultural traditions and perspectives are at stake shouldn’t they be accorded some weight?

Simplicity can just be  code for cheaper 

As a general rule simple is best but it can sometimes just be a way of saying cheapest  or easiest and quickest to implement.  Simple is therefore not always a synonym for most appropriate.

We should remember that because there is a new consultation just getting underway on the Audio Visual Media  Directive  and, more broadly, as the EU marches ever more strongly towards a Digital Single Market this or similar challenges are likely to arise again.

Posted in Age verification, Default settings, E-commerce, Pornography