Big brains in Berlin

I attended an extremely interesting conference in Berlin last week.  It was hosted by the German Federal Ministry for Family Affairs, Senior Citizens, Women and Youth (BMFSFJ) and the Hans Bredow Institute in collaboration with the European Commission and Klicksafe.de  The event was peopled principally by academics. They were drawn from many different countries, both inside and outside the EU. There is no doubt that, overall, the quality of the discussions was somewhere between high and stratospheric.

Complexity

I particularly liked  Uwe Hasebrink’s analysis of the problems of complexity which the internet has thrown up – although in my view the fundamental point about that is if the incentives are strong enough market forces can generally be relied upon to find a way to address them. The internet is no stranger to complexity. How it pans out is generally a question of money. The internet is not a social service. True there are public interest spaces dotted around it but, ultimately, even these  will to some degree depend upon or float on top of  investments which have been made by private corporations.

A dose of realism needed

Having praised the overall quality of the debate in Berlin,  it  nevertheless has to be said there was also a slightly  unworldly dimension to some aspects of it, for example about data, the life-blood of researchers although the type of “unworldliness” I have in mind is by no means the sole property of academics.

Picture the scene: an internet company analyses  its data and spots some stuff which strongly suggests that all is not well for a particular class or type of user.

In Berlin a belief was expressed that a “confidential space” could somehow be created where companies would share this type of information ( in this case specifically with academics, presumably with  a special interest in or knowledge of the field). In more extreme versions of the fantasy, the “confidential space” might also contain other companies, some of  whom are very likely to be or could become competitors.  At the utterly deranged end of the spectrum even governments or regulators are invited into the metaphorical (or actual?) room, all joining in a good-natured  (and of course still confidential) pursuit of truth. It’s as if companies, academics and consumer and child protection advocates are assumed to share absolutely identical goals which are and always will be co-terminus.  No way Jose.

Even accepting that each of the different  constituencies’ interests can and do overlap the degree of overlap could be extremely narrow and I suspect often is.

Data on children and young people may not exist anyway

In respect of children and young people,  on one of the forays I made into this space I discovered that a  large (household name) company simply was not collecting any data that would allow them to determine how young users  of their services were faring. They were not targetting children although they of course knew they had hundreds of thousands if not millions of  young users. My guess is, with obvious exceptions, this will be the situation with many other online enterprises.

Adverse impact on share price or confidence

But for now let’s assume some companies do have data on young users. What they found reflected badly on the company or service or it was ambiguous.  If news of that seeped out  it might affect their share price or be commercially sensitive in any number of ways. It could undermine confidence in the company and its current management.

Thus a penny gets you a pound the company concerned will seek to restrict access to such information to the largest extent possible, even among their own direct employees and paid consultants. The idea that they would voluntarily  hand it  over to outsiders, never mind competitors or regulators,  is simply absurd.

Even if the outsiders were completely well-intentioned the company could never be certain where the knowledge or the data it is based on might end up, accidentally or intentionally.

I do not have a problem with any of this. It is precisely what one would expect and in no sense is it a criticism of anyone. Academics want to get their hands on data to improve their understanding of how the internet is reshaping our world. Companies exist to make a return for their investors. Yes they will want advice from external sources from time to time but they will normally be keen to ensure those sources are and remain closely tied to them, typically through a commercial consultancy contract.

I have little doubt the hypothetical company that did spot a problem that was affecting its younger users will try to sort it out or resolve the issue as quickly as possible but they will try to do so privately, in a way that did not potentially open them to bad media coverage with everything else that goes along with that.

Voluntarism has its place

Getting back to where there is an overlap of interests, there is no denying that, for example, within the framework of  EU based initiatives such as the CEO Coalition, the ICT Coalition and the Community of Practice certain types of knowledge and experience can be and have been usefully shared, especially to the advantage of maybe smaller enterprises or start-ups.  Changes might even have been made to policies, procedures or presentations by larger companies and in the end such may well be sufficient justification for continuing to support those types of initiatives but we ought not to kid ourselves about how far they can or will ever go if significant economic interests are at stake.

The role of self-regulation

This leads me neatly to the hairy old topic of “self-regulation”. This also cropped up in Berlin. If the starting point for any government or governmental agency  is that they will only ever go as far as they can persuade businesses to go, and no further, then we might as well all take an extended vacation and wait for bulletins from corporate HQs.

If “self-regulation” was the optimum way to proceed why is it virtually unheard of in lots of jurisdictions,  not noticeably to their detriment? In particular why did it never take hold in the USA where the FTC and FCC have a whole battery of powers?

I appreciate that Europe has different jurisprudential and political traditions but my point is if self-regulation  was truly a superior way of working it would be far more widely adopted than it is.  In particular the Americans would have taken to it. They didn’t and they won’t.

An idea whose time has passed

The idea of  self regulation keeps being trotted out, particularly by the EU, and it is not helpful. It confuses things. It sows illusions. It’s time we either disposed of it altogether or only allowed it to be mentioned when it was surrounded by heavy qualifications or caveats. It was fascinating to hear in Berlin that the system they follow in Germany is called (something like) “regulated  self-regulation”.  Hmm.

We got into  self-regulation as the declared default position in the UK and the EU because, at the time the notion began to take root – the mid 1990s –  too many governmental bodies felt they did not have sufficient expertise or knowledge  to challenge or even engage with the internet industry and perhaps they were conflicted to a degree anyway. They didn’t want to make life too  difficult for internet businesses because in truth they wanted their economies to benefit from the golden promise of cyberspace. They wanted the jobs and the new wealth.  There is still  more than a little bit of that hanging around.

In my view so-called self-regulation only works when the industry is truly convinced that if they fail to act  “voluntarily” legislation will swiftly follow. I doubt any company has ever felt that in respect of anything the EU has talked about in the past five years or more when it comes to online child protection issues. Contrast that with what has happened in the UK. Substantial things have been achieved but pretty much  in every case the possibility of legislation was very real and immediate. The companies knew this  so they took steps to obviate the need for it.

Closing question: in March, 2011, who suggested that elements within the European Commission  had previously passively acquiesced in self-regulation in the online child protection space only because they were

“not ambitious enough”?

The answer is Robert Madelin.

The challenge to the internet industry is to convince legislators around the world that they are “handling things”, that the public (voters) are broadly satisfied that they are doing everything they can to make the internet as good as it can be. If they cannot do that I’d say the EU and every major jurisdiction will sooner or later end up with something like the FTC and/or the FCC. Internet businesses will be scrutinised  just like every other major industry is scrutinised. In the public interest by publicly accountable institutions.

 

Posted in E-commerce, Self-regulation, Default settings, Consent, Privacy, Internet governance, Regulation

Letter published in The Times (of London)

The Times (of London) published a letter from me today welcoming the Conservatives’ proposal to address porn sites that did not have age verification but criticising the suggestion that they would fine ISPs that fail to block non compliant sites. Their letters page is behind a paywall so I cannot provide a link. Sorry.

Posted in Age verification, Default settings, Regulation, Self-regulation

Tackling porn web sites? Yes please but there’s a better way

The Conservatives took to the presses and the air waves over the weekend with an election pledge to  “ban porn web sites”  that did not implement age verification.

Obviously, I like this idea a great deal. It is something the children’s organizations have been arguing for for a long time, most recently in our Digital Manifesto, published last week.

However, the system the Tories appear to be proposing seems to me to be excessively complicated and may well fail to achieve its stated objective.

None of the porn  sites are philanthropic. They exist to make money and they only get their hands on it because the credit card companies and banks provide them with online payments facilities.

The onus should be on these financial institutions to determine whether the sites have age verification in place. If they don’t then they should not provide them with the means to collect or process any cash. That should pretty much do it, more or less overnight and would avoid the necessity to “fine” ISPs or anyone else. Incidentally the legality of that may be open to question as it appears to create a form of intermediary liability, which would be contrary to EU law (unfortunately).

Tackling this via the credit card companies and banks would also solve the problem of the sites being based overseas. A similar system already works extremely well in respect of gambling web sites and the banks and credit card companies have said they are sympathetic to the idea, as long as they are held harmless of any potential liability. That would require legislation to put the matter beyond doubt although arguably they would be in the clear anyway.

Posted in Age verification, Default settings, E-commerce, Pornography, Regulation, Self-regulation

A Digital Manifesto for Britain’s children

Today CHIS published its “Digital Manifesto”.  The manifesto sets out the UK children’s organizations’  proposals for the consideration of the main political parties contesting seats in May in  the General Election for the Westminster Parliament. The parties’ responses will be published as soon as possible.

The document is downloadable here.

There is a great deal of meaty stuff in the manifesto. Below are some of the key points

1. The government should consider creating  a new legal right for victims of child sex abuse to obtain financial compensation from persons found in unlawful possession of an image of that abuse.

2. It should be made a crime for any bank, credit card company or other organisation,to provide financial or other services to websites involved in the commercial publishing of pornography without having a robust age verification mechanism in place to ensure children cannot access it.

3. The same principle should be extended to all businesses selling any type of legally age restricted goods or services over the internet.

4. A new body should be established, or a new division created within an existing one, with the legal powers to ensure internet companies are transparent and accountable in respect of actions aimed at supporting online child safety, and in particular in relation to potential sexual abuse  or content that encourages damaging behaviour.

5. Such a body or division should also be given the power to make legally binding orders requiring internet companies to take necessary and proportionate measures to safeguard children online, both generally and in respect of their position as economic actors and targets of advertising.

6. Every UK territorial police force should have a dedicated unit with appropriately trained officers to deal specifically with sexual and other online offences against children.

7.  A major review of public policy in respect of child abuse images online should be established.

8. The next government should take the lead in establishing an international body to mediate between industry and law enforcement in relation to illegal online content to ensure it is identified and removed from the internet rapidly.

9. The next government should press for an amendment to, or clarification of, the E-Commerce Directive to ensure it does not act as a disincentive to firms actively seeking out content or activity on their sites which breaches their terms and conditions of service.

10. The next government should establish a ‘high-tech social fund’, financed through corporate contributions, to support research into online child protection and the deterrence of online offenders, as well as  initiatives to support children who have been the victims of abuse online.

Posted in Advertising, Age verification, CEOP, Child abuse images, Consent, Default settings, E-commerce, Internet governance, Mobile phones, Pornography, Privacy, Regulation, Self-regulation

“Selfies” – some difficult issues

  1. There is a great deal of understandable concern about “selfies”,  in this instance commonly understood to be self-produced and self-published images of oneself in which one is nude or semi-nude, or where one is engaged in sexual activity, typically alone but not necessarily.
  2. If the person or persons in the images have reached the age of majority such  pictures may be ill-advised but they are not illegal. For legal minors, in the UK at least, the “simple” production and publication of pictures of oneself  nude or semi-nude is hugely problematic but not necessarily illegal.  Only if there is a sexualised component to the image or there is an undue focus on sexual organs do questions of legality arise.
  3. But legal or illegal if a young person creates and publishes these types of selfies, often to pass on to their boyfriend or girlfriend, the potential harm they might do is enormous. When such images have eventually gained wider currency within a school or  a community, for example as “revenge porn” after a relationship has ended,  they have not infrequently caused the child depicted major distress, sometimes leading to them committing suicide or having to uproot themselves to move to another school or neighbourhood.
  4. There have been several different surveys conducted into the extent to which young people are engaging in the production of selfies of this kind. Annoyingly there is not a universally accepted definition of what constitutes  this genre of selfie but there is widespread acknowledgement that significant numbers of youngsters seem to be doing it.
  5. The “hot question” that arose yesterday concerned the age at which such selfies can truly be said to be  selfies i.e.  self-produced and self-published?
  6. At a conference held in Microsoft’s offices in London’s Victoria the Internet Watch Foundation presented some research which had been sponsored by Microsoft.  Entitled Youth produced sexual content the IWF report appeared to say that children as young as 10 had become engaged in the self production and self publication of child sex abuse selfies.
  7. One journalist (who had clearly read the whole of the IWF research report rather than simply the press release) even spotted that children younger than 10 had somehow been drawn in. Here is what Dave Barrett wrote in the Telegraph  Children as young as seven appear naked in content on the internet which has been posted by themselves or surreptitiously recorded by a third party, the study found. (emphasis added by me)
  8. Now here’s the thing: think about all the practical steps needed to locate a place on the internet where you can or would post selfies of this nature. Think about all the practical steps you need to take to produce the sort of video content and stills which the IWF described, then upload them.
  9. Now think about what must be going on inside a 10 year old’s or a 7 year old’s head – and how the ideas and knowledge got there – which lead them to do both of the things just mentioned. Almost nobody with  a child protection background who was present in the room believed the implication of what the IWF was saying, which was that the child had full and sole agency in this matter. On the contrary several people were highly vocal in suggesting that – whatever the IWF might have observed or deduced simply from looking at the images or videos (noting that no one else appeared  to be in the room with the child at the time the images were made) what was really going on here was a form of coercion or manipulation by third parties, to say nothing of the manifest failures of parenting. Thus the IWF was quite wrong to call this material “self-produced”. It detracted from and confused an otherwise important story about some of the terrible things that are happening to obviously very young children.
  10. However, it does not end here.  The IWF had carried out a similar investigation a few years earlier (2012). Some of the same sites which were found to be hosting this type of content then were found to be hosting it again but the IWF had not taken any steps to inform the public of the names of these sites. Three years later? No change?  What possible justification can there be for not naming the sites? It was suggested that the IWF was seeking to engage with the sites and therefore naming and shaming would be counter-productive. That is a barely credible explanation and it is certainly an unacceptable one particularly as, apparently, some of the culpable sites are fee-paying members of the IWF. That means the IWF is sitting as judge and jury in its own cause.
  11. We all encourage parents, teachers and others to talk to children about the sites they are visiting but if parents do not know which sites they should specially look out for then what good is that? Microsoft and others produce tools to allow parents to monitor access to sites their children visit but, without getting too Rumsfeldian, how do you know what you don’t know? You cannot restrict access to or counsel your children about sites whose names have never crossed your line of vision.
  12. For that reason I can see no justification for the IWF sitting on information about sites which they have identified as being perilous to children. On the contrary I think the IWF is obliged to publish their names so concerned and interested parents can check.

13. At the very least the IWF should  announce that it has put every company where the material involving children was found (17 sites) on notice that they intend to check again in the near future and if the same sorts of images are found there once more their name will be put in the public domain.

Posted in Child abuse images, Microsoft, Regulation, Self-regulation

“The State of the Net”

 

Last week I attended the “State of the Net” conference in not-so-snow-bound Washington DC. It’s the first one of these  now annual events I have been to and I would definitely like to go again. There was a stunning array of speakers drawn from politics,  regulators, journalism, geeks, academics, advocates, lobbyists, and entrepreneurs.  I managed to sit in on all the plenary sessions and learned a lot of new stuff,  some of which  I will tell you about here. However, obviously,  since I was on a panel I couldn’t attend all the break outs so this is not going to be a comprehensive report of everything that happened. I believe if you go to the web site videos of each session are available.

The challenge of anonymity

By way of preamble, on the flight over I finished “The Dark Net” by Jamie Bartlett. It’s beautifully written and therefore easy to read.  As the title suggests the book is not exactly a detailed appraisal of all the positive things the internet has given the human race although Bartlett does, of course, allude to these.  That said I doubt you will find a better exposition anywhere of how some of the whackos, terrorists  and criminal fraternities of the world have flourished thanks to the creation of cyberspace.  Are such groups and individuals threatening civilization as we know it? Does the downside outweigh the upside of the internet? Definitely not, at least not yet. But anonymity through encryption are the keys to the success of these undesirable elements and while, right now, one might easily dismiss people’s anxieties as self-serving paranoia promoted by police and intelligence agencies it is nevertheless hard not to feel a mite unsettled about where it could all lead.  I mean if, 25 years ago, you had said that, one day in the not-too-distant-future,  videos of kittens dancing with each other would be readily available, simultaneously, on billions of screens in every country of the world, who would have believed you?

As Bartlett’s book reveals some (by no means all) of those pushing the anonymity/encryption agenda most vigorously have pretty near total contempt for western or indeed any other kind of democracy. It is a terrible conundrum.

How are we going to balance the legitimate uses of anonymity and encryption with the state’s primary obligation to protect its citizens, perhaps especially the weakest of its citizens, from evil doers?

The Rule of Law is what makes the modern world work in an acceptable way for the overwhelming majority of us but that concept implies at least the possibility that the laws which we are meant to live by can in fact be enforced as and when or if they need to be. The emergence of large scale encryption and anonymity threaten that idea. Incidentally, both in Bartlett’s book and at the “State of the Net” conference the role of BitCoin and other forms of  anonymous e-payments systems got a lot of coverage, illuminating both their potential for good but also the way in which they can play into substantial challenges to the continued existence of the Rule of Law and its constant companion, the (tenacious) Nation State.

Internet governance

Unsurprisingly, internet governance was a major theme throughout the day in DC. In particular the IANA transition came up a lot. This is about the US Government surrendering the last vestiges of  (potential) control of a key part of the technical infrastructure of the internet although, guess what? It is far from being a done deal. There are at least three different clouds on the IANA horizon:

  1. The US Congress may yet decide to legislate on this topic. Although such legislation could end up tying the hands of the Administration in any number of ways, including minimally, it is hard to imagine anything more destructive of the idea that the internet is now really a global medium  operating in a multistakeholder environment, serving no single country’s interests more than it does any other.
  2. Even if the transition goes ahead in the way many hope it will, as with the ICANN Affirmation of Commitments the agreement is likely to be justiciable only in US Courts and perhaps enforceable only by the US  Government should it later judge that the terms of the transition are not being honoured. Linked to this idea several opinions were aired about what should go into the putative transition agreement. It was suggested that certain red lines ought be drawn and locked in forever. This is just another way of saying that a lot internet activists/acolytes believe the rest of the world is not to be trusted to do the job right. Such an attitude is not calculated to win friends in the capital cities of other nations but that is clearly an unimportant detail for those whose life seems to be completely dedicated to keeping the internet the way it is today or, better still, the way  it was yesterday.
  3. There is a deadline for reaching agreement on the transition.  It is 30th September, 2015 – the date the existing IANA arrangements expire. If this slips, as seems quite likely at the moment because of uncertainties about the US’s  final position, this will be interpreted in “some quarters” (which I think is code for China, Russia, India, Brazil, Iran and their associates) as evidence of a lack of a serious intention on the part of the US authorities actually to allow the transition to proceed. That, in turn, will increase mistrust and hasten the  demise of the global internet. Apparently.

Internet governance, children and un-American activities

In my workshop, inter alia, there was a great deal of discussion about how, in essence, the internet had been constructed around a set of cultural and political assumptions which reflected the values and outlooks of those who first put it together and this was now causing inevitable tensions. Nobody should be surprised to discover that not everyone  shares the founders’assumptions. On the contrary they feel that, at any rate within their own jurisdictions, they have a perfect legal and moral right to do things their own way.  US/European hegemony is coming to an end in the world as a whole and in relation to the internet too. We just need to get used to it or find a way to accommodate it.

I made a sort of similar point in relation to the position of children and young people.  The shared cultural and political assumptions of those who built the internet and some of its leading companies reflect the values and outlooks of the (typically) well educated, nerdy adults, predominantly male computer and network engineers from the richer countries who were in the cyber vanguard.

In the early days kids simply didn’t feature. To the extent that anyone was aware of any possible issues  about minors being online they were considered not worthy of the attention of the mega brains who were focusing on changing the planet through technology. Kids were, are or ought to be the banal and trivial preoccupations of parents and schools, not “serious scientists” or, for that matter,  political campaigners intent on using the internet to overthrow (their version) of tyranny everywhere.

At that time children and young people were, indeed , literally  non-existent as internet users and for quite a while  they constituted only a small percentage of the total number. However, in the coming period all of the large scale growth in internet user numbers is going to take place in countries where the demography is completely different. Legal minors in some cases are about 50% of all the country’s inhabitants. This suggests the proportion of internet users who are kids may soon exceed 50% in those places. Yet if you survey the contemporary landscape of internet governance you would be hard pressed to find any recognition, much less acceptance of this fact.  

Your socks and your toothbrush 

Seemingly socks and toothbrushes are now on sale which can collect and broadcast data about what you are doing with  them and where you are doing it. Many of these “wearable” and personal  devices, one thinks of health and fitness trackers for example,  often come without any kind of screen which would allow the user to change the settings, at least not easily or rapidly but they are capable of amassing extremely intimate information about you, or your children.

Clearly there is a gigantic amount of work to be done to ensure consumers understand all this before they buy or use such products, but equally any business that collects and keeps these types of data has an enormous responsibility both to store it securely and use it properly. The  internet of things is finally here and it raises a whole new raft of concerns for all of us.

Posted in Consent, Default settings, E-commerce, ICANN, Internet governance, Privacy, Regulation, Self-regulation, Snowden | 1 Comment

A different way of looking at things

 

A little while ago I attended  an extremely interesting symposium at the University of Aberystwyth. There were only a handful of people there whom I had met before. This was for the very good reason that, in the main, the participants whom I managed to hear were specialists in the field of international politics.  They really should get out more, by which I mean I greatly regret not having come across them before. Their take on the internet was breathtakingly  and refreshingly different. Maybe it’s me who should get out more?

A divine mystery

Of course it is foolish  to suggest there is or ever could be a single narrative which would fully explain the history of the internet, much less the nature of the challenges currently facing it but there is one which tends to dominate in many forums.  According to this view the internet is seen as having emerged from a form of techno Parthenogenesis, unsullied by any form of grubby intercourse with politics or politicians. The internet’s  midwives were drawn from a saintly elite  group of computer scientists who miraculously appeared from nowhere and the only hope for the  continued useful existence of cyberspace in the longer run is somehow to get back to  this (imagined but blissful)  prelapsarian idyll.

According to this version – more or less explicitly stated  depending on the speaker and the audience- worldly politics and in particular its most reviled form, “the state”, for which here, for these purposes, read the US Federal Government, played little or no part in anything of importance to do with the invention or development of the internet.

OK so maybe politics had a little bit to do with it

Yes, it is conceded the US Department of Defence provided key initial funding which really got things moving in the early days and, ok,  it is also true, they allow,  that for a while the US Government owned the domain name system and that it still exercises a degree of beyond the grave control through the Affirmation of Commitments and, well, it is acknowledged  IANA  has  still not transitioned, moreover if it does, as with ICANN, it will do so with tombstone strings attached.

All these  things are explained away, minimized or dismissed.  It’s almost as if there is a belief in certain quarters that the civil servants and US politicians who were responsible at different critical moments for the relevant areas of policy were simply being manipulated by the über smart geeks who were the only ones who knew what was truly going on.

This type of de haut en bas denial of the role of politics, which is almost invariably linked to an aggressively stated wish to keep things that way is infuriating.  It makes it extremely difficult to have an intellectually coherent or honest discussion about what is happening on Planet Earth and the part the internet plays in it. Yet it is a recurring theme that crops up constantly in many different sorts of discussions about one or other aspect of the internet and its associated technologies.

I once made a presentation at an IETF workshop that was establishing a new standard for collecting data through the browser about the physical location of devices connected to the internet.  It wasn’t true of everyone in the room but  a goodly proportion of those present were plainly disgusted by my invitation to them to consider some of the wider implications of what they had embarked upon.

That was so not their job, they said. This was a purely technical question and that was how it should be. They didn’t quite say  we are only following orders. Scrub that. A number of them did but, weirdly, they did so in a palpable fug of moral superiority because somehow this showed they worked on an entirely different and superior plane. In their book policy and politics were words with which no self-respecting geek should engage. Those were the concern of others, less fortunate than themselves.

A wider view

This is why people need to listen to or read more of the stuff being put about by the likes of Richard Beardsworth and  Madeline Carr (no relation) both of whom gave brilliant talks at the Aberystwyth Symposium. They locate discussions about internet governance in the context, for example, of the rising  economic, military and diplomatic power of China or the emergence of a multi-polar world where the Old Order  is having to face up to challenges posed by the emergence of new large players : think Brazil, India and so on.

Hilary Clinton was perhaps the most prominent public exponent of the notion of the internet as a technology with a political mission to change the world to make it, in her view, a better place. Lots of people will share her hopes in that regard but in so doing they cannot at the same time be disdainful of all the large and small “p” political baggage that goes with it.

Posted in Internet governance, Regulation, Self-regulation, Snowden, Uncategorized