Serious money

Interesting story today. Seems the  UK gambling industry is willing to pay a levy which would generate £100 million pounds to tackle problem gambling. At the moment they contribute 0.1% of their profits (not turnover) to this kind of work. That generates £10 million. Over the next 5 years they will up it to 1%. That’s what delivers £100 million. The Regulator only asked for £70 millions so they were outflanked, but in a good way.

It seems not every gambling company is offering to pay into the levy but those that are believe it is essential in order for the industry as a whole to improve its image after
some terrible stories appeared about their failures to address problem gambling.

Is this ringing any bells?

An idea is most definitely beginning to form in my mind. No prizes for anyone who guesses where I am going with it.

I am reminded of “Audacious Projects” where the fund was US$280 millions. I am not sure how much of this went to Thorn but I believe it was a very large lump.

Children’s groups are so used to hustling for nickles and dimes we settle and are grateful for ridiculously small grants which, inevitably, means we are always scrabbling around working with small scale projects.

Time to lift our eyes and be a whole lot bolder?

Posted in Child abuse images, Internet governance, Regulation, Self-regulation

ICANN – signs of institutional bias. What a huge non-shock!

A distant friend worked out I have an interest in ICANN (how did that happen?). She sent me a link to an examination of the backgrounds of people who actively participate in its affairs. Called  “ICANN Diversity Analysis”  it shows that it isn’t. Diverse. I am pretty sure reports have appeared in the past which reached similar conclusions.

With this latest one the authors looked at individuals who were members of the five most active mailing lists between January 2016 and May 2018. Mailing lists are a key part of the way the whole ICANN consultative and policy evolution processes function.

There were 218 people on these lists but only 92 were judged to meet a threshold of active engagement. Of the 92, 17 were ICANN staff and were ruled out. It  might have been interesting to know more about them but, even so, 17 out of 92 does suggest a significant level of involvement by the employees of the agency whose policies the consultative processes, at least to some degree, are meant to be scrutinizing and influencing. I guess that’s inevitable but the ratio was surprising.

So we are left with 75 individuals. 56 were males (74.7%) and 19 were females (25.3%).

57.3% were identified as members of the “technology and industry community” and 25.3% were said to come from “civil society”. Shame there is no gender or other breakdown of these two groups. In particular it is a pity there is no analysis of the civil society participants and the sources of their funding.  Same goes for the 8%  who are described as “Academics” and the  8% “Other”. 8% is 6 people. There is a suspicion that a number, by no means all, of the non-industry participants receive funding from industry sources so they can act as surrogates for industry interests.

There is no breakdown of the ethnicity of the participants but representatives from more prosperous parts of the world are over-represented when compared with their presence among the global population of internet users.  Since they are largely acting on behalf of their employers that is less surprising, but still a worry. The analysis points out, for example, that 48.7% of all internet users are from Asia but people in the study who were based there came to only 14.7%. China, with the world’s largest group of internet users (700 million) had only one person.

ICANN professes a commitment to multistakeholderism but, as the above numbers illustrate, it is substantially phoney. The costs of participation in its complex processes are absurdly high. Someone more cynical than myself might conclude that this is intentional.

Intentional or not, ICANN would benefit greatly from hearing the authentic voice of a broad range of consumer interests of which children are but one. ICANN could act to make the internet safer for children. They choose not to and at least in part that is because we barbarians are not banging hard enough on their gates. We can’t afford to.


Posted in ICANN, Internet governance, Self-regulation

Great news from Latin America

I recently wrote a couple of blogs where I named five top level domains the IWF had found contained the lion’s share of all csam reported to or found by them in 2018. It included three Country Code Top Level Domains (ccTLDs): Colombia (.co), Russia (.ru) and Tonga (.to).  ccTLDs are important because, ultimately, the Government in each country determines which company or entity gets the contract to administer the domain.

After these blogs appeared someone at the IWF contacted me and drew my attention to an article that appeared around the same time as my first blog. I’m sorry I hadn’t seen it beforehand because, in some ways, it tells an even more important story.

When the IWF drew the attention of the .co Registry to what had been happening on their domain the owners were completely shocked and disgusted. But instead of just saying they were shocked and disgusted they got busy.

You can read a fuller version of the story here  but the long and the short of it is in their weekly report on 10th May, 2019 the IWF were able to say there were no domains in the .co space that were carrying csam. A big, fat zero.

It turns out there were only ever 44 unique sub-domains within .co responsible for the illegal traffic in child sex abuse material but of course behind that small number of sub-domains could lie a very big one in terms of the quantity of  abusive images of children being distributed.

So hats off to the Colombian Registry and well done to them and the IWF for the work they did to bring this about. Colombia is now part of a small but growing list of Registries who take seriously their responsibilities for the protection of children.

I look forward to reporting back about Tonga and Russia. I also look forward to reporting back on how other Top Level Domains copy this marvellous example from Latin America.

Is it too much to hope that even ICANN will stir itself?

Posted in Child abuse images, ICANN, Internet governance, Regulation, Self-regulation

US$ 80 trillion

I imagine the heading for this blog caught your attention. 80 trillion is not a number you hear or see very often. 80 trillion dollars is a mind bogglingly large sum.

It was uttered in a meeting room in Parliament yesterday. In the room were several institutional investors, financial analysts and representatives of groups or networks of investors. We’re talking pension funds and other types of big bucks operators, some of which I had heard of before, several of which I had not.

One of the people introduced herself as representing a network of investors who between them managed funds in the order of 80 trillion dollars. That was only one of them. Trying to add up the amount of money managed by everyone present broke my calculator.

This was a unique gathering. The first of its kind in the UK and I have not heard of anything similar elsewhere in Europe. I was glad to have been able to help convene it.

But it was not the first meeting of its kind anywhere. There is a group of ethical investors in the USA that had previously become shareholder activists to press businesses in which they had money to act on climate change, sex trafficking in the tourist industry, slave labour and matters of that kind.

Following a call from the Child Dignity Alliance several Christian led funds decided to address tech companies to discover what they were doing to keep children safe when using their products or services. They co-opted me as one of their advisers. Verizon was one of the first companies the group engaged with publicly although they have met privately with several others. I gather the preferred strategy is not to press for votes at company AGMs, but if all else fails…..

These ethically-based shareholder activists were linking up with conventional funds and having a great deal of success in convincing them that the growing threat of regulation in so many countries around the world meant their money was at risk. These investors owed it to the people whose money they managed to get “their” businesses to up their game, and right sharpish.

Money talks. From little acorns, mighty oak trees grow. Pick your metaphor.On 24th May, 2019, of all days, I have a smile on my face. Watch this space.

Posted in Child abuse images, Internet governance, Privacy, Regulation, Self-regulation

A postscript about Top Level Domains

In a previous blog I reported that in 2018 the Internet Watch Foundation (IWF) identified and took action against 105,047 urls containing child sex abuse material. That was an increase on the previous year where they identified 78,589.

Of the 105,047, 84,055 (80%) were concentrated in just five top level domains. In order of magnitude these were: .com, .net, .co, .ru, and .to.  By a large margin .com and .net were miles ahead of the field.

On further analysis of the data I learned that the 105,047 urls against which the IWF took action were located in 3,899 sub-domains  (up by 3% on the previous year) which, in turn, were spread across 151 top level domains.

In total there are approximately 1,500 top levels domains.  Thus,  about 10% of all the top level domains generated 100% of the action taken by  the IWF against all domains.

I suppose it must be possible that in other  top level domains there were child sex abuse materials that were not reported to the IWF or  were not found by them through their proactive searching, but absent any data on that it does rather look as if  the  problem is highly concentrated in a comparatively small number of places.

Maybe the crooks and paedophiles who engage in this sort of activity know where to avoid and where to target. And if they do, so must others in a position to act to bring this disgraceful state of affairs to an end.

Posted in Child abuse images, Default settings, Pornography, Privacy, Regulation, Self-regulation

Things are not getting better

The Internet Watch Foundation (IWF) recently published their Annual Report for 2018. There is a lot in there but here I want to focus on one small part of it. I  have written about this particular topic a lot so I apologise if I sound a bit like a broken record, as we used to say in the days when vinyl was the only way to listen to pre-recorded music on demand rather than being, as it now is, the first choice of audio fashionistas.

In 2018 the IWF identified 105,047  urls containing child sex abuse material (up from 78,589 the previous year). 80% of the 2018 urls, 84,055,  were concentrated within only five top level domains: .com, .net, .co, .ru and .to.

84,055, and 105,047 are very small numbers relative to the total volume of urls but the point is behind each url there could be anywhere between one and tens of thousands of child sex abuse images. However, if everyone did what they were supposed to do there wouldn’t be any at all, or there would be far fewer. Read on.

The worst offending domains are .com and .net, containing 40,424 and 17,744 urls respectively.  Added together they make up over half of the total or 69% of the top five.

.com and .net are examples of Generic Top Level Domains (gTLDs) and are both owned by the same, highly profitable business, a Registry called Verisign. It is domiciled in Reston, Virginia, metaphorically in sight of the White House (driving into DC from Dulles Airport you have to pass the exit  for Reston). Verisign is a company quoted on NASDAQ in New York and nominally it is externally accountable to ICANN but the key word  there is nominally.  Last time I checked Verisign was, by a country mile, ICANN’s largest single source of revenue, providing it with about 30% of its annual income. Few rush to bite the hand that feeds them and ICANN is no exception.

The other three domains were within a category known as Country Code Top Level Domains (ccTLDs).  In these cases the companies or organizations which act as the Registries are appointed by and are accountable to the Government or a governmental agency in the country concerned.  The three countries and the number of urls found are: Colombia (.co) 9,339, Russia (.ru) 8,714 and Tonga (.to) 7,834.

I haven’t checked to see if the beneficial owners of each of these ccTLDs are not-for-profits or businesses  like Verisign. There is something singularly repulsive about building “shareholder value” out of the sale or distribution of images of children being raped but I am not sure if one is in a hugely morally superior position if you only do it to pay your staff’s wages and the rent on the office space you use.

So there we have it.  At the cost of untold misery to an unknowable number of children three Governments and a publicly quoted company have  presided over a situation which is wholly avoidable.

There shouldn’t even be one

Why is it avoidable? Simple. In order to obtain a domain in the first place or on its renewal, somebody has to provide their name, address and contact details and these are meant to be verified.  It is hard to imagine there would be even one url with child abuse material on it if that was happening. It is possible a small proportion of the urls were on sub-domains that had been hijacked by malevolent third parties but what we are seeing here is a pattern of some antiquity. The numbers quoted above and their distribution are not a fluke or a one off.

Now it is true that because of its history Verisign is not in exactly the same position as other Registries but all Registries have identical moral obligations. Verisign is failing its on a spectacular scale.

Time to act

The Colombian, Russian and Tongan Governments should tell their ccTLD Registries to insist on the robust verification of all entities acquiring or managing domains within their purview or else risk losing the contract.

And what is to be done about Verisign? ICANN? See above but if ICANN won’t act why aren’t the legal and political institutions of California doing something? Can that be fixed? Watch this space.

What about the US  Federal Government and the Attorney General, Governor, and Legislature of Virginia? Can that be fixed? Watch this space.

Shareholders? I will return to them in another blog but obviously they have not, hitherto, stirred themselves sufficiently to insist that steps are taken to reduce the levels of criminal abuse of the company’s systems. Could that be because this might eat into profit margins and therefore hit returns? Probably not. I suspect it is largely ignorance and the inertia which it breeds. Can that be fixed? Watch this space.

Posted in Child abuse images, ICANN, Internet governance, Regulation, Self-regulation

The only show in town

Recently I took part in a couple of events attended by high level professional child welfare and child development experts from across Europe, EU and non-EU. A great crowd.

I thought I spotted someone at the second event whom I had met at the other one. Turns out she hadn’t been at the first event. I apologised for  my mistake and casually remarked how I was now starting to meet a whole new raft of people who had never previously been part of the “cyber set”.

She came back straight away saying

These days cyber is the only show in town.”

I was almost deafened by the sound of the penny dropping.

Of course, her statement was not meant to be taken entirely literally but it certainly showed how core elements of the children’s workforce now appreciated the centrality of digital spaces in the lives of young people. And this individual was clear that the work of the Council of Europe had been of major importance in bringing cyber to the mainstream.

For ages one of my lines in presentations I give to adults who work with kids has been

“If you don’t get cyber it will be hard for you to do  important bits of your job properly because it means you don’t get how children are living today.”

The “cyber set” as currently constituted is going to disappear to be replaced by elements of the mainstream of the children’s workforce and, as the novelty of digital wears off, by academics more associated with research into children’s welfare, child development and children’s lives than with the ins and outs of privacy settings, police procedures and other (important) minutiae. This has implications not just for the children’s workforce but also for the  regulatory framework within which we will all have to operate going forward.

Of course, there will always remain a need for a specialist focus on parts of digital but the field will be more crowded, less lonely, less nerdy, less exotic. Which is how it should be.

I am tempted to end by saying “Welcome to my world”, but maybe it should be “Glad we finally met.”



Posted in Consent, Default settings, Facebook, Google, Internet governance, Privacy, Regulation, Self-regulation