More on online child protection and net neutrality

In the leaked draft prepared by the Latvian Presidency,   to which I referred in an earlier blog,  I “revealed” the author’s apparent intention to do two (new) things:  (a) make it a requirement for prior explicit consent  to be given before parental controls software could be deployed  on an end user’s account by an internet access provider and  (b) to insist  that such consent could be withdrawn at any time, presumably either temporarily or forever.

This is problematic in the UK because, for example, in respect of our mobile networks at the moment minors  simply cannot consent to being exposed to adult content.  The Presidency document would have ended that.

Right now in the UK if an end user is unable to prove he or she is over 18 the adult bar stays in place. Full stop. Incidentally the overwhelming majority of people are able to prove their age online, or via a phone call.  It’s easy and quick. There is an option to “go into the shop” to carry out or conclude the age verification process but, contrary to impressions that may have been given elsewhere, that is definitely not the only way.

The system of classification  used to determine whether particular content is or is not “adult” is underwritten for the mobile networks  by the British Board of Film Classification, an entirely independent, much respected body in the UK. Its brand is almost universally recognised.

Before the BBFC got involved some stupid mistakes were made. All new processes tend to have teething difficulties but now a procedure is in place which will swiftly rectify any errors that may occur – I mean will occur – in the  future.

For kids but not by kids

Say you bought a mobile for someone under the age of 18, or indeed if they bought it themselves (perhaps for cash in a supermarket) under the terms of the Latvian draft, precisely because they are under 18, it seems they would not have the legal standing to ask for the filters to be turned on. Thus a measure designed to protect children from age inappropriate content, in theory, cannot be activated by children. Brilliant.  Who thought that one up? And were we meant to understand that while only an adult could ask for parental controls to be turned on  anyone of any age can get them turned off?

A lot worse for WiFI?

In respect of providers of WiFi in public spaces where kids are present,  another problem presents itself in relation to consent. Under current arrangements in such environments nobody is asked if they consent to access to porn being blocked. It follows nobody can withdraw what they haven’t given.

Do some kids deserve protecting while others don’t?

In respect of any ISP or other type of provider that applies default-on filters in the way described above,  it is one thing to argue that the filters are rubbish and valueless but if one accepts that filters have some value in protecting children from age inappropriate content, why is it that only some kids should be allowed to benefit from them, those being the ones whose parents have the knowledge, time, inclination and competence to initiate their use?

Do we just say “tough luck”  to those kids unlucky enough  not to have parents like that? “Not my problem. Move along.”

A question of hoops

If parents want to jump through hoops to liberalise or completely abandon filters that’s fine, it’s their choice but it should never be the other way around.

When you buy a bottle of bleach in a shop it comes with a safety cap on it. Recognising that huge number of ever younger kids are internet users, the same should apply. Filters are a virtual safety cap. Not the only thing we should do to help keep kids safe when they go online but one of them.

The internet is a mixed environment

It is no longer acceptable in my book to assume that the internet is a predominantly adult environment where “special measures” may need to be taken from time to time or in particular circumstances to take account of the fact that kids might be users.

The internet is a mixed environment where kids  will always make up a very substantial proportion of all users.  Everybody’s thinking about almost any and every aspect of internet policy should be framed with that cardinal fact constantly in mind. It should never be an afterthought, irritating or otherwise.

Looking a little wider than the EU, in some parts of the developing world sub-18s are close to being about half of all users and there will be a significant proportion of child users who have no parents at all.  Do we owe them no duty of care? Is that double bad luck for them?

I appreciate people’s concerns about the way “bad governments” could misuse the notion of online child protection  to “slip in” other forms of societal control or oppression but that is a larger, wider, bigger and different political problem. It should not be solved at the expense of protecting children.

Censorship is not the issue here

Remember we are not talking about censorship. No legal content that is on the internet will disappear or be changed as a result of anything I have advocated here or elsewhere. This is about seeking to replicate in the online space policies and practices that have long been taken for granted in the real world to keep age inappropriate materials out of the reach of minors. I acknowledge that this might cause minor irritations or small delays to some adults who want to access material that is not intended for children but only the most curmudgeonly nerds will truly resent such measures if they accept the wider benefits that they can bring.

Posted in Age verification, Default settings, Internet governance, Regulation, Self-regulation

Life’s little ironies – Part 1

Some of those who have most vociferously argued for the state to keep out of the internet’s affairs, arguing everything should be left to “the community” to sort things out in a self-regulatory way, are among the most voluble in urging that governments should step in to declare and preserve  (their notion) of “net neutrality”.

Same goes for those who believe the operation of markets is typically/usually/almost always superior to any attempt to constrain behaviour by state sponsored regulation. If the free marketeers were to be given free rein in the internet space “net neutrality” would not make it out of the starting blocks.

Net neutrality advocates are trying to hold back the tide by insisting that the internet as it once was  or as it was originally conceived to be should be preserved in that way in perpetuity.  If only. Net neutrality is a lovely idea. I am quite clear about that but it has finally collided with the real world and my guess is the real world will win. It usually does.

And some of us who are less engaged with these matters may wonder why, when so many other aspects of the original conceptions behind the internet have been trashed or disappeared we should go into battle on this one?

The net neutrality argument is a battle about different business models. Excuse me if that does not float my boat or have me rushing to the e-barricades.


Posted in Default settings, E-commerce, Internet governance, Regulation, Self-regulation, Uncategorized

You couldn’t make it up

I wonder if Nigel Farage – leader of the UK’s  anti-EU party – has a cousin or at any rate a friend working within European institutions, conspiring with him to help convince Brits we ought to leave the EU? I’m beginning to think so. How else can we explain the utterly bizarre attack the EU seems to be mounting on online child safety in the UK?

Here is the essence of the story. When you’ve read it you’ll know why I chose the headline you can see above.

It begins with roaming charges and net neutrality

I think we all know what roaming charges are: these are the extra costs the mobile phone networks levy on us when we use our mobile phones outside of the country in which we normally reside.

Many of us think roaming charges are or have been extortionate and so did lots of Members of the European Parliament and the Commission of the European Union. Last summer a measure was brought to the Parliament which would restrict the ability of the mobile networks to charge so much.  Bravo.

I am not sure why exactly but the stuff on roaming charges got put into a single legislative instrument that also dealt with net neutrality. No falling asleep at the back please. Pay attention. I’m getting there.

Net what?

While huge numbers of people  will know about roaming charges I doubt if you randomly selected  a hundred thousand people you would find more than one who was tuned in to (nerdy) net neutrality. The other 999,999 would probably guess it has something to do with  saving baby dolphins.

In fact the debate about net neutrality is fundamentally an argument about managing traffic on the internet. The companies who build and own the physical infrastructure of the internet –  the cables, wireless masts  and so on –  think it is unfair that businesses like Netflix, Google and Facebook (for example) can amass great fortunes without making any direct contribution to the cost of the internet’s nuts and bolts. As they see it such companies get a free ride on other people’s investments.

And it’s going to get worse

As the demands on the  internet’s  infrastructure grow, particularly in respect of the increasing amount of video being transmitted, so some of the infrastructure companies dreamed up the idea of offering to give preferential treatment to  online businesses that paid them for it.

Critics argued this offended against a basic tenet of the internet which holds that all (legal) traffic should be treated equally. It was further suggested that bigger, richer, already established businesses could afford to pay premium rates to get their product, service or content delivered more quickly or reliably, and in so doing they would be discriminating against new start ups. This, in turn,  would stifle innovation.

No mention of children

By now you will be asking what  any of this has got to do with children and their use of the internet? The answer should be absolutely nothing but sadly that is not the case, thanks to the diligent efforts of Nigel’s cousin.

In the bit of the proposal designed to deal with traffic management the wording originally proposed appeared to ban any attempt by any internet access provider e.g. a mobile phone company, an ISP or a WiFi provider, to restrict or manage any kind of legal content on the internet. But that is precisely what has been happening in the UK for many years in respect of pornography and other types of adult content. The mobile phone companies started doing it in 2005 and following David Cameron’s recent energetic intervention the ISPs and WiFi providers have been doing likewise.

For the avoidance of doubt

In order to avoid any doubt about the legality of what the UK internet industry was already doing, during the “Trialogue” discussions (don’t ask) UK civil servants proposed some new words  be included in the draft law. These words would make it clear that steps taken to protect children when they went online would be exempt from a general ban on traffic management.

You might have thought such a proposal would be readily accepted. It wasn’t. On the contrary the latest version of the text demands that before parental controls can be deployed in respect of an individual account the access provider must obtain the explicit prior consent of the account holder.

At a stroke this kills off the default-on approach  which has been adopted by of all of our mobile phone companies, by  Sky Broadband as well as the WiFi providers who have signed on to the Friendly WiFi scheme. And it all seems a bit sneaky or tacky for this to have come about as the result of a measure which, ostensibly, has nothing whatsoever to do with online child safety.

Why did the British internet industry go for default-on in the first place? Because time and again parents in the UK said they liked the idea of using filters but they had found the whole business of setting them up to be too daunting or difficult. Default-on  filters streamlined and simplified the whole process.

Parents should not have to jump through hoops to make the internet safer

If parents want to liberalise the settings that’s their choice.  They can do it with a modicum of effort. This  is not about censorship  but parents shouldn’t have to struggle to make things better and safer for their kids.

Left hand not knowing what the right hand is doing?

Elsewhere in the Commission a lot of work has been going on around online child safety but clearly Robert Madelin’s reach does not extend into all the parts it needs to. Once again the case is made for stronger, higher level co-ordination of policy affecting children.

The ill-considered  proposal should be withdrawn forthwith.

There should be no penalty or prohibition attaching to any internet access provider taking reasonable steps to help protect children from age inappropriate content or services on the internet. The opposite should be the case. The European Union should be encouraging access providers to do just that.

Posted in Consent, Default settings, Facebook, Google, Internet governance, Mobile phones, Pornography, Privacy, Regulation, Self-regulation | 1 Comment

Another nail in the coffin of piracy sites

In the early days of the internet, and still today to some degree, in ill-informed parts of the media the organizations  or individuals who run or ran piracy web sites somehow managed to project themselves as being modern day Robin Hoods: brave and selfless, cyber Che Guevaras heroically, disinterestedly  “sticking it to the man” on behalf of the little guy.

Perhaps in the not-too-distant future a raft of PhDs will trace how this remarkable falsehood ever gained currency.  In these putative doctoral theses I am sure we will find many references to research recently carried out by Incopro.

It won’t win a prize for the snappiest, catchiest title of 2015 but “The revenue sources for websites making available copyright content without consent in the EU” shows just how money-focused the piracy web sites are. The only little guys  being helped are the pirates themselves, in particular their personal bank balances. Incopro looked at 250 sites in each of five different countries: France, Germany, Italy, Spain and the UK.

Why does this matter to someone like me who is primarily concerned with the welfare of children and young people when they go online? It matters because while piracy web sites are dangerous and unsavoury places for adults they are far worse for kids.

When you go to these sites you are not only offered access to pirated material you are also tempted with adverts for a range of different types of products or services. You can even buy certain things directly through some of the sites.

Incopro identified nine different categories of adverts and activity. Here are the top three:

Trick Button/Malware: 31.5% (1,118 instances)

Gambling: 18.1% (642 instances)

“Adult”: 10.4% (368 instances)

The “adult” category wasn’t broken down further but in other, similar  reports we can see that it embraces not only hard core porn – stills and videos –  but also, thanks to the internet’s geo-location capabilities, to locally-based prostitutes. In addition some of the links strongly suggested a connection to child abuse images (child pornography).

Whatever you think about the rights and wrongs of copyright theft, any way you look at it these are not the sort of sites kids should be visiting. Parents and teachers need to know. It ain’t smart and it ain’t clever.

But here’s the thing:  the piracy sites are being aided and abetted in their illegal activity by advertisers and  ad networks, to say nothing of the companies that provide online payment facilities. Visa and Mastercard figured most prominently. Astonishingly even Google Wallet and Pay Pal featured. This cannot be right.

The ad networks and payments providers are helping to sustain the core illegal activity on the sites and in the process  they are also putting kids at risk by exposing them to a range of materials  or possibilities with which they are singularly ill-equipped to deal.   These intermediaries cannot claim they don’t know  what is happening and how they are helping it so what are they now going to do about it?

And what about the  companies whose brands are being associated with this grubby,illegal environment?  They need to get on the case.

Not that long ago in the UK several household name businesses woke up to a storm of protest as their ads started appearing on the web site of a deeply racist but well known political organization. The businesses  concerned acted swiftly and the problem was promptly resolved. It has never happened again – at least not with those brands.

That’s how it should be. It’s easy to do and every self-respecting business that advertises online should do it. Pronto. I’ll even save a bit of time by drafting the email for them.

Dear Ad Network,

We are happy to continue placing our online advertising business with you but please be aware that we do not want our company name or any of our products  to be found  or placed on any web site that is engaged with or linked to online piracy of any kind. This is such an important issue for us I think it is only fair to tell you that should you fail to comply with this request we will have no option but to terminate our contract with you. Please confirm by return that you have understood  this instruction and that you are willing and able to comply forthwith. 

Posted in Advertising, Child abuse images, Default settings, E-commerce, Pornography, Privacy, Regulation, Self-regulation

Big brains in Berlin

I attended an extremely interesting conference in Berlin last week.  It was hosted by the German Federal Ministry for Family Affairs, Senior Citizens, Women and Youth (BMFSFJ) and the Hans Bredow Institute in collaboration with the European Commission and  The event was peopled principally by academics. They were drawn from many different countries, both inside and outside the EU. There is no doubt that, overall, the quality of the discussions was somewhere between high and stratospheric.


I particularly liked  Uwe Hasebrink’s analysis of the problems of complexity which the internet has thrown up – although in my view the fundamental point about that is if the incentives are strong enough market forces can generally be relied upon to find a way to address them. The internet is no stranger to complexity. How it pans out is generally a question of money. The internet is not a social service. True there are public interest spaces dotted around it but, ultimately, even these  will to some degree depend upon or float on top of  investments which have been made by private corporations.

A dose of realism needed

Having praised the overall quality of the debate in Berlin,  it  nevertheless has to be said there was also a slightly  unworldly dimension to some aspects of it, for example about data, the life-blood of researchers although the type of “unworldliness” I have in mind is by no means the sole property of academics.

Picture the scene: an internet company analyses  its data and spots some stuff which strongly suggests that all is not well for a particular class or type of user.

In Berlin a belief was expressed that a “confidential space” could somehow be created where companies would share this type of information ( in this case specifically with academics, presumably with  a special interest in or knowledge of the field). In more extreme versions of the fantasy, the “confidential space” might also contain other companies, some of  whom are very likely to be or could become competitors.  At the utterly deranged end of the spectrum even governments or regulators are invited into the metaphorical (or actual?) room, all joining in a good-natured  (and of course still confidential) pursuit of truth. It’s as if companies, academics and consumer and child protection advocates are assumed to share absolutely identical goals which are and always will be co-terminus.  No way Jose.

Even accepting that each of the different  constituencies’ interests can and do overlap the degree of overlap could be extremely narrow and I suspect often is.

Data on children and young people may not exist anyway

In respect of children and young people,  on one of the forays I made into this space I discovered that a  large (household name) company simply was not collecting any data that would allow them to determine how young users  of their services were faring. They were not targetting children although they of course knew they had hundreds of thousands if not millions of  young users. My guess is, with obvious exceptions, this will be the situation with many other online enterprises.

Adverse impact on share price or confidence

But for now let’s assume some companies do have data on young users. What they found reflected badly on the company or service or it was ambiguous.  If news of that seeped out  it might affect their share price or be commercially sensitive in any number of ways. It could undermine confidence in the company and its current management.

Thus a penny gets you a pound the company concerned will seek to restrict access to such information to the largest extent possible, even among their own direct employees and paid consultants. The idea that they would voluntarily  hand it  over to outsiders, never mind competitors or regulators,  is simply absurd.

Even if the outsiders were completely well-intentioned the company could never be certain where the knowledge or the data it is based on might end up, accidentally or intentionally.

I do not have a problem with any of this. It is precisely what one would expect and in no sense is it a criticism of anyone. Academics want to get their hands on data to improve their understanding of how the internet is reshaping our world. Companies exist to make a return for their investors. Yes they will want advice from external sources from time to time but they will normally be keen to ensure those sources are and remain closely tied to them, typically through a commercial consultancy contract.

I have little doubt the hypothetical company that did spot a problem that was affecting its younger users will try to sort it out or resolve the issue as quickly as possible but they will try to do so privately, in a way that did not potentially open them to bad media coverage with everything else that goes along with that.

Voluntarism has its place

Getting back to where there is an overlap of interests, there is no denying that, for example, within the framework of  EU based initiatives such as the CEO Coalition, the ICT Coalition and the Community of Practice certain types of knowledge and experience can be and have been usefully shared, especially to the advantage of maybe smaller enterprises or start-ups.  Changes might even have been made to policies, procedures or presentations by larger companies and in the end such may well be sufficient justification for continuing to support those types of initiatives but we ought not to kid ourselves about how far they can or will ever go if significant economic interests are at stake.

The role of self-regulation

This leads me neatly to the hairy old topic of “self-regulation”. This also cropped up in Berlin. If the starting point for any government or governmental agency  is that they will only ever go as far as they can persuade businesses to go, and no further, then we might as well all take an extended vacation and wait for bulletins from corporate HQs.

If “self-regulation” was the optimum way to proceed why is it virtually unheard of in lots of jurisdictions,  not noticeably to their detriment? In particular why did it never take hold in the USA where the FTC and FCC have a whole battery of powers?

I appreciate that Europe has different jurisprudential and political traditions but my point is if self-regulation  was truly a superior way of working it would be far more widely adopted than it is.  In particular the Americans would have taken to it. They didn’t and they won’t.

An idea whose time has passed

The idea of  self regulation keeps being trotted out, particularly by the EU, and it is not helpful. It confuses things. It sows illusions. It’s time we either disposed of it altogether or only allowed it to be mentioned when it was surrounded by heavy qualifications or caveats. It was fascinating to hear in Berlin that the system they follow in Germany is called (something like) “regulated  self-regulation”.  Hmm.

We got into  self-regulation as the declared default position in the UK and the EU because, at the time the notion began to take root – the mid 1990s –  too many governmental bodies felt they did not have sufficient expertise or knowledge  to challenge or even engage with the internet industry and perhaps they were conflicted to a degree anyway. They didn’t want to make life too  difficult for internet businesses because in truth they wanted their economies to benefit from the golden promise of cyberspace. They wanted the jobs and the new wealth.  There is still  more than a little bit of that hanging around.

In my view so-called self-regulation only works when the industry is truly convinced that if they fail to act  “voluntarily” legislation will swiftly follow. I doubt any company has ever felt that in respect of anything the EU has talked about in the past five years or more when it comes to online child protection issues. Contrast that with what has happened in the UK. Substantial things have been achieved but pretty much  in every case the possibility of legislation was very real and immediate. The companies knew this  so they took steps to obviate the need for it.

Closing question: in March, 2011, who suggested that elements within the European Commission  had previously passively acquiesced in self-regulation in the online child protection space only because they were

“not ambitious enough”?

The answer is Robert Madelin.

The challenge to the internet industry is to convince legislators around the world that they are “handling things”, that the public (voters) are broadly satisfied that they are doing everything they can to make the internet as good as it can be. If they cannot do that I’d say the EU and every major jurisdiction will sooner or later end up with something like the FTC and/or the FCC. Internet businesses will be scrutinised  just like every other major industry is scrutinised. In the public interest by publicly accountable institutions.


Posted in Consent, Default settings, E-commerce, Internet governance, Privacy, Regulation, Self-regulation

Letter published in The Times (of London)

The Times (of London) published a letter from me today welcoming the Conservatives’ proposal to address porn sites that did not have age verification but criticising the suggestion that they would fine ISPs that fail to block non compliant sites. Their letters page is behind a paywall so I cannot provide a link. Sorry.

Posted in Age verification, Default settings, Regulation, Self-regulation

Tackling porn web sites? Yes please but there’s a better way

The Conservatives took to the presses and the air waves over the weekend with an election pledge to  “ban porn web sites”  that did not implement age verification.

Obviously, I like this idea a great deal. It is something the children’s organizations have been arguing for for a long time, most recently in our Digital Manifesto, published last week.

However, the system the Tories appear to be proposing seems to me to be excessively complicated and may well fail to achieve its stated objective.

None of the porn  sites are philanthropic. They exist to make money and they only get their hands on it because the credit card companies and banks provide them with online payments facilities.

The onus should be on these financial institutions to determine whether the sites have age verification in place. If they don’t then they should not provide them with the means to collect or process any cash. That should pretty much do it, more or less overnight and would avoid the necessity to “fine” ISPs or anyone else. Incidentally the legality of that may be open to question as it appears to create a form of intermediary liability, which would be contrary to EU law (unfortunately).

Tackling this via the credit card companies and banks would also solve the problem of the sites being based overseas. A similar system already works extremely well in respect of gambling web sites and the banks and credit card companies have said they are sympathetic to the idea, as long as they are held harmless of any potential liability. That would require legislation to put the matter beyond doubt although arguably they would be in the clear anyway.

Posted in Age verification, Default settings, E-commerce, Pornography, Regulation, Self-regulation