More progress on tackling child sex abuse material

Things may be going crazy in Brussels but in Alexandria, Virginia, excellence and calm sanity remain the norm. The International Centre for Missing and Exploited Children (ICMEC) has just released the 9th edition of the always eagerly awaited Model Legislation and Global Review.

Over the years the scope of the review has expanded beyond “simply” recording how countries address each of the original“five factors” highlighted in the recommended model legislation. While these remain at the constant core, the 9th edition has evolved to become a rich and authoritative source of information on thirteen

“fundamental topics/provisions that are essential to a comprehensive legislative strategy to combat child sexual abuse material”

In relation to the original five factors, ICMEC tells us that while at the time of the first edition in 2006, only 27 countries in the world had a legislative framework considered sufficient to allow them to tackle child sex abuse material, today it is 118 and between the 8th edition (2016) and the 9th the rate at which countries have been making things right in this department has noticeably quickened. The message is getting through thanks to the work of a multiplicity of agencies, many of which are mentioned.

While in 2006 95 countries had no legislation at all specifically addressing the problem, ICMEC advises today we are down to 16. Let’s hope by the 10th edition we hit zero. Another number that needs to get closer to zero asap concerns simple possession of child sex abuse material irrespective of an intention to distribute. 38 countries still do not explicitly say that is illegal. They should.

ICMEC is at pains to point out

“As always, it is important to note that the legislative review accompanying our model legislation is not a scorecard or a scold, but an effort to assess the current state and awareness of the problem. Realizing the importance of taking into consideration varying cultural, religious, socio-economic, and political norms, our model legislation continues to resemble a menu of concepts that can be applied universally….”

Quite so.

Good laws are rarely in themselves sufficient but they are an essential building block.

Posted in Child abuse images, Internet governance, Regulation, Self-regulation

Mr Ansip’s Terms and Conditions

Is this what Mr Ansip has in mind for all companies’ Ts& Cs in the future?

“Please feel free to distribute illegal content using our facilities. We won’t do anything to try to detect it or stop you. Knock yourself out.”

If that’s what you mean, why not say it?

Or else

” These Ts&Cs don’t mean anything because we don’t do anything to ensure they are being honoured. Have fun. We thought we would state the position honestly because, thanks to the EU, the chances of us finding out you misbehaved are so close to zero that they might as well be zero.”

Law enforcement agencies across the world have candidly admitted they cannot address the volumes of illegal behaviour online, which includes the distribution of child sex abuse material. They have constantly called for companies to step up their efforts to rid cyberspace of this kind of material. So have the victims. What does multistakeholderism mean if it excludes businesses from doing the right thing in a way that jeopardises nobody’s rights?

PhotoDNA and similar look at patterns. If I post a picture of  my kitten or a recipe for banana cake it will not see either. PhotoDNA only picks up files containing patterns that match images that have already been found to be illegal and are included in a database. In what meaningful sense of the word is that “surveillance”?

PhotoDNA has been “out there” for nine years. We constantly hear calls for evidence. We have lots of evidence about PhotoDNA’s  successes. Where is the evidence that anything is going wrong? And why did nobody, repeat, nobody, talk to anyone in the child protection world before they came up with this ridiculous idea?

Anybody who is looking for bad stuff must necessarily look at non-bad stuff in order to eliminate it. Thus, PhotoDNA and similar can therefore be seen as a highly targeted  form of anti-surveillance. It does not go through every file of mine saying “Not another kitten video. Let’s move on. Oh dear, the same crap recipe for banana cake, has this guy no imagination? Ah ha. This is new. I wonder what it is? Nah. Pictures of his parrot. Has he not got a life?” As I said, in what meaningful sense of the word is that “surveillance”?

Posted in Child abuse images, Internet governance, Regulation, Self-regulation

News from the front

Yesterday Ministers from the 28 Member States met to consider progress on the new e-Privacy Regulation. They could still not agree a final text so the matter remains unresolved. I have only been able to listen to those Ministers who spoke in English (quite a few did) but it is clear we have strong support from some countries.

My network will be letting me know what “their”non-English-speaking Ministers said once they have had a chance to listen to and translate the proceedings but I would say we are moving in the right direction.

Vice President Ansip’s office has emailed me to say he will reply to the NGOs’ letter in due course so watch this space.

If you click  here and go to 2 hours 22 minutes and 26 seconds you will hear the Vice President say that police powers are not affected by the proposed e-Privacy Regulation in respect of investigating and prosecuting child sex abuse material cases. We already knew that. Police powers were never in question.

What is at issue is the continuing ability of private companies to take proactive measures to detect, report and delete known child sex abuse materials e.g. through deploying PhotoDNA, as they have been doing since 2009, with fantastic results and no known or reported downside.

The worrying bit in the Vice President’s remarks comes at the end where he says that “mass surveillance is not allowed”. Where did that come from? Who wants mass surveillance? Not me.

PhotoDNA only matches known illegal images and it does so to defend a child’s right to privacy and human dignity.  No one has a right to exchange images that have already been deemed to be illegal and which harm someone else’s fundamental rights. Do they? Anti-spam, anti-phising and various other security programmes undertake similar functions.

Several Ministers at the meeting were at pains to point out the proposed Regulation does not impact on measures taken in any country in the interests of their national security. Don’t our most vulnerable citizens, our children, deserve a similar level of consideration?

Thus, we need an explicit carve out in an Article in the Regulation which makes clear that measures to detect child sex abuse material and other forms of abusive behaviour towards children are outside the scope of the Regulation. Alternatively  the text of an Article should state such measures are legal without the need for derogation.

That is limited, clear and proportionate. It gives no get out for any company to exploit any data thus obtained for commercial or indeed any other purpose. And it absolutely knocks on the head any possible suggestion that the user’s consent is required before such processing can take place.

As I said, I will report again when I have heard from Vice President Ansip.  Meanwhile we need to keep our foot on the gas.

Posted in Child abuse images, Consent, Default settings, E-commerce, Internet governance, Privacy, Regulation, Self-regulation

Bravo Tumblr

Well done Tumblr for  deciding to ban porn from its site. There can be no justification for a platform that specifies 13 as its entry age also publishing content expressly designed for adults. Twitter next?

Posted in Pornography, Regulation, Self-regulation

A global protest

I have just  released the text of a letter I wrote on Friday to the President of the European Union, Mr Juncker, to Vice President Ansip, Commissioner Gabriel, the Austrian Presidency and Signor Buttarelli, the European Data Protection Supervisor. The letter expresses grave concerns about the draft e-Privacy Regulation currently making its way through and nearing the end of the European Union’s legislative processes. In its present form the measure will seriously harm children.

The text can be downloaded here … it was……

A very international effort

I signed the letter on behalf of over 50 NGOs from all over the world.  Each one indicated their support by sending me a copy of their logo. These are all shown in an attachment to the letter.

Children’s groups in every EU Member State except Hungary and Malta signed up. If there had been more time I’m sure we could have made it a full house but as it is I cannot recall ever having seen such widespread backing for an initiative of this kind. The powers that be in Brussels need to rethink their approach. There is a critical meeting on 4th December.

Key international organizations such as ECPAT International, the International Center for Missing and Exploited Children, INHOPE and THORN  also sponsored the letter, as did major national players with an international reach such as the Canadian Centre for Child Protection, the IWF and NCMEC.  Groups from Norway, Taiwan and Colombia jumped in to express their solidarity. Again, with more time the list could have been larger.

What is being proposed puts children everywhere at risk

I won’t repeat all the arguments here. They are in the letter, but the core point is the proposed e-Privacy Regulation attacks the operation of automated systems such as PhotoDNA which, hitherto, have been working spectacularly well to reduce the volume of Child Sex Abuse Material circulating on the internet.  It also threatens other technologies designed, for example, to detect and prevent children being groomed.

Where did this ridiculous idea come from? I have never heard even one voice raised against PhotoDNA and similar tools. On the contrary I hear law enforcement agencies and NGOs constantly calling for their larger scale adoption.

Even on the most generous interpretation of the draft – an interpretation not shared by many –  the Regulation would introduce a huge degree of uncertainty about the use of programmes such as PhotoDNA.  Conservative corporate lawyers, and I have yet to meet a radical one, will go for the line of least resistance and smallest risk. They will abandon PhotoDNA and advise against using anything like it.

Yet any company that provides storage or network services to the public, whether free or paid for, must know that unless they take positive steps it is pretty much a cast iron certainty their facilities will be being abused in ways which deprive children of their right to privacy and human dignity, in ways which damage children. Rather than attacking, circumscribing or undermining automated systems which work to protect children, European institutions should be going out of their way to promote, even require their use.

Who dreamt up these provisions in the e-Privacy Regulation in the first place and why? I have been unable to find a single person with a background in online child protection who was consulted at any stage in the pre-legislative or legislative processes. Had they been I doubt anything so egregiously wrong would have seen the light of day.

Posted in Child abuse images, Internet governance, Regulation, Self-regulation

Sexual Extortion and Nonconsensual Pornography

Carrying on a tradition of high quality and original research the International Centre for Missing & Exploited Children has just released a report containing a chilling set of insights into the horrors that can overtake children and young people who fall prey to aggressive sexual predators or who make the mistake of trusting someone with intimate images of themselves only to find that trust is later betrayed.

Defining terms

Sexual extortion, sometimes referred to as “sextortion”, is defined as the process through which one person is blackmailed by another “to extort sexual favors, money, or other benefits” under the threat of sharing the victim’s intimate images, videos, or other sexualized media without their consent. If the victim fails to provide the requested sexual favors, additional intimate images, money, or other benefits, their images may be posted online for the purpose of causing humiliation or distress, or coercing the individual into generating additional sexually explicit material. The perpetrator may be motivated either by sexual gratification or financial gain. While frequently discussed in relation to adult victims, children are equally as vulnerable to victimization through sexual extortion.

Nonconsensual pornography, also referred to as “nonconsensual sharing of intimate images” , sometimes called “revenge pornography,” is the distribution of sexually explicit materials without consent of one or more of the individuals involved. It is considered by some to be a form of cyber-harassment, for example when a perpetrator uses the Internet to annoy, embarrass, or emotionally distress another individual. The explicit images or videos are most often shared publicly in order to embarrass or humiliate the victim, although “not all perpetrators are motivated by vengeance”.  


The report acknowledges that nonconsensual pornography shares some characteristics of sextortion but argues it should nevertheless be distinguished from sextortion. While sextortion is “dependent on secrecy,” nonconsensual pornography “derives its effectiveness from public damage to the victim’s reputation.”

A cornucopia of facts and case histories

One reason why  ICMEC reports are so valuable and important is because they normally include  an enormous amount of data, meticulously documented. This is no exception.

One of the first cases referenced ( on page 7) is that of Amanda Todd from Canada.  After that we learn (page 9) about the activities of 31 year Florida man Lucas Michael Chansler who over a three year period  targeted hundreds  of children. Then (page 16) there’s the Australian who befriended a 14 year old girl as a result of which she sent photos of herself naked which he then threatened to release. He went to jail for three years.

The report rounds off with an astonishing  list of examples of initiatives and best practices drawn from what looks like all four corners of the world.

It’s a must read.

Posted in Child abuse images, Consent, Internet governance, Regulation, Self-regulation

Down Under goes Up Front

The Australian e-Safety Commissoner, Julie Inman Grant, was in London yesterday for a press conference to mark the publication of  a report by  the Technical Working Group of the Child Dignity Alliance. The report addressed  the proliferation of online child sexual exploitation and sex abuse imagery on the internet.

The Alliance was launched last year by Pope Francis and the  Centre for Child Protection at the Pontifical Gregorian University in Rome. I was honoured to attend the inauguration and subsequently to be invited to join the Working Group.

Pope Francis is an individual with huge moral authority in the modern world. The fact that his name is associated with the initiative pretty much guarantees its reports and recommendations will be seen and considered by a great many policy makers and political and industry leaders who might otherwise not engage.

Another Working Group member, Baroness Beeban Kidron, joined myself and Inman Grant at the London press conference which was moderated by Professor Richard Wortley a leading scholar in the field.

Inman Grant is the Chair of the Technical Working Group and because I played such a modest role in the writing of the document I feel I can say it is without doubt one of the best summaries of the problems and what to do about them that I have ever read.  Inman Grant and her staff deserve a huge amount of credit for the report’s succinct elegance which nevertheless presents a thorough overview of the breadth and complexities of the considerable challenges.

Having praised the report for its succinct elegance I am not going to try to compress it further. It’s an easy read. I will, however, highlight two bits which particularly grabbed my attention. On page 3 it says

” The report…highlights the need to acknowledge that some of the impediments to collaboration (between key actors) are more perceived than real, more the result of custom and practice than unsolvable. More often than not, these are based on risk avoidance, lack of trust in systems, procedures and intent, and an inconsistent  application of law and policy. In some cases, barriers are a legacy of organisational history, and no longer reflect the issues that are most relevant today.”

Bang on. Then, in amongst many great recommendations, on page 7 we find this:

Industry should be strongly encouraged, or even required through domestic legislation to…..scan their networks, platforms and services….to detect known child abuse imagery.”

I’m edging more towards “required” than “encouraged”. Anyone who has read or heard the testimony of survivors of child sex abuse, where images of the abuse were made and distributed over the internet, will know how strongly they feel about getting the images removed or made inaccessible on the largest scale possible as fast as possible. This was a point made with great force by Inman Grant and reported at some length in one of our leading national newspapers.

Joseph Stalin famously once asked  “How many divisions does the Pope have?”. The answer, of course, was none but, to jump over to Victor Hugo, “there is nothing so powerful as an idea whose time has come”. When someone like the Pope decides to take up the cudgels you have a sense that the time is now.



Posted in Child abuse images, Privacy, Regulation, Self-regulation