An opportunity grows out of a crisis

There is no need  for me to recite here the litany of events which led to the establishment of the Independent Inquiry into Child Sexual Abuse  (IICSA). These have been painfully and painstakingly documented elsewhere. Suffice to say it would be difficult to exaggerate the enormity or  significance of the task  now facing the Inquiry.

The auguries seem set fair. The Honourable Lowell Goddard, who heads the Inquiry, comes with a weighty reputation and she appears to have been given the appropriate legal powers, time and budget. A formidably talented team is being assembled to help her with the work.

It would be ridiculous and offensive to try to rank the different elements of the Inquiry’s remit by order of importance. Each one is vital, not only in its own right but also as part of a larger mosaic which created the conditions that allowed the awful things we now know about to  happen in the first place to so many of our children and, just as importantly, also allowed them to go unresolved for so long.

Having said it would be ridiculous and offensive to distinguish between the component parts  of the Inquiry one would nevertheless have to have a heart of stone not to recognise the centrality of creating space for previously “unlistened to” victims to present their experience to people avowedly willing to hear.

Returning to the title of this blog though, where is the “opportunity” which emerges from the crisis the Inquiry seeks to resolve? In fact there are several opportunities but in what follows I want to focus on just one of them. The research element and its relevance to the online child protection agenda.  Through it IICSA has the chance to do a great service not only for children living in the UK, but for children in all parts of the world.

The pillars of the Inquiry

The IICSA web site states the Inquiry’s three guiding principles. There is to be a

Truth Project

The Truth Project will allow victims and survivors of child sexual abuse to share their experiences with the Inquiry.

Public Hearings Project

The Public Hearings Project will resemble a conventional public inquiry, where witnesses give evidence on oath and are subject to cross examination.

Research Project

…the Research Project will involve a comprehensive literature review to bring together, for the first time, analysis of all the published work addressing institutional failures in child protection.

Important though such an aim is, the next sentence greatly excites me. IICSA says

We will …commission sector specific research to better understand the scale of the problem and to identify recommendations for change.

So what don’t we know?

In relation to the online world the answer is “quite a lot”.

I am not going to attempt to cover all the terra incognita this instant but below are a few of the more obvious matters.

In no particular order:

Thanks to  the HMIC’s excellent  report “In Harm’s Way” we are much better informed  about how law enforcement is  failing to meet  the challenges presented by the scale of offending against children where the internet plays a key part in the identified behaviour.

It was beyond the scope of the Inspection to devise a detailed or at any rate a complete prescription for remedying every aspect of the mournful scenario which it described. Perhaps the research wing of IICSA could take that agenda further forward? I am certain IICSA will find many willing helpers, particularly within parts of the industry.

Child abuse materials

Child abuse images and videos typically are evidence of a serious crime having been committed against a child. In addition their publication and continued circulation on the internet  represents a  further and significant assault on the depicted child’s right to privacy and human dignity. This compounds and extends the original offence thereby adding to and probably worsening the initial injury.

This situation cries out for justice and part of that will depend on the ability of law enforcement to locate the child in real life and affect a rescue and removal to a place of greater safety, linked to the provision of tailored counselling or other forms of help.

Victim identification

Starting with the images themselves are we satisfied with the proportion of victims being identified and located?  Are there any removable obstacles to locating more? Does the level of therapeutic or other support services available to victims meet the level of need? If there is a gap, how large is it?

The children’s workforce

Do all parts of the children’s workforce feel they are adequately equipped and trained to work in the the digital context that is such a major part of practically every child’s life in 21st Century Britain?

Reassuring victims that effective action is being taken

Where a child has been sexually abused and imges of the abuse have appeared online their path to recovery may well also depend on  the authorities or counsellors being able to reassure them that effective efforts are being made to achieve the rapid deletion of the abusive  images or videos in question from every known originating source or server and, pending that, that restrictions have been put in place which will reduce the availability of the said materials to new viewers or collectors.

IICSA might take a view as to whether these latter arrangements are working well enough. The consensus is that they are.

Viewers and collectors

What about the individuals who help sustain or encourage the production of child abuse  materials by downloading, exchanging or collecting them?

We have been told repeatedly that the numbers of people involved in that type of activity greatly exceeds the processing capacity of our law enforcement and justice systems.  Yet at the same time it is conceded that each such individual could represent a current or future threat to children, meaning not only that they may continue to collect and possess child abuse images but, perhaps more urgently, they might already be engaged in contact offending or are likely to become so. Alternatively have they offended against children in the past but the abuse has not yet been disclosed or detected?

How good are we at identifying actual or potential contact offenders from the data – digital and otherwise – obtained via police actions or from internet platforms ?

Big data techniques?

It now almost qualifies as a platitude to say

…..there are no identifiable personality traits or  demographic characteristics which would allow for the easy or rapid identification of ‘dangerous individuals’  from the  mass of undifferentiated  data which, typically, is what law enforcement is confronted with, particularly in the immediate aftermath of large scale police operations against paedophile rings or following arrests connected with child abuse image related offences.

However, the truth is most of the academically robust studies on which the near-platitudinous statement is based have been quite small scale.  The methodologies may have been sound  but, precisely because of their limited sample size, few experts are fully convinced any of them represent the last or definitive word. That needs to change.

Have our new Masters of the Universe – the algorithmic alchemists – ever been given free rein to analyse or have at the relevant data mountains? Am I simply hoping against hope here? Indulging a pipedream? If GCHQ/National Crime Agency have not already done it maybe Google could be prevailed upon to help out in one way or another? I for one would be reassured to know such a route had at least been tried.

More traditional ways?

Not wanting to put all one’s eggs in the algorithms basket might there also be a possibility for IICSA to commission more conventional or traditional types of research in this field, only on a large enough scale to settle (once and for all?) whether or not there is a robust method for the police to identify  and separate out the more dangerous individuals from the less so?

I know the police themselves and probably everyone in the child protection world would rather we were able “simply” to arrest or individually appraise every single suspect who showed up on the radar but this is not going to happen. That being the case  what else can we do to help law enforcement develop sound, rational techniques for prioritising within their crushing workloads?

Macro v micro

Is it really  the case, as many police officers strongly believe, that the emergence of cyberspace has led to a net increase in child sex abuse abuse?

There is no doubt it has led to a gigantic increase in the availability of child abuse images but how does that translate in terms of the quantum of abuse now occurring? Intuitively one might imagine that there was a relationship but it has yet to be convincingly proved.

Some surveys say on the whole children in the global North are healthier and happier than they have ever been but might it nevertheless still be the case that while the overall level of sex abuse may have remained static or even declined there has been  a substantial degree of  displacement or redistribution within or between different categories? Could there even be elements of growth which are detectable at the micro level e.g. by serving police officers, while remaining hidden from view at the macro?

The absence of reliable baseline data might make it impossible ever to reach an uncontested answer to questions of this sort but the search for a better understanding of the dynamics of the processes at play may be illuminating in any number of ways. Yet as long as there is any child sex abuse going on, civilized society and civilized people cannot ignore it, whether it is trending upwards or downwards.

The least propitious moment?

In the unfolding aftermath of Snowden, as more and more technology companies seek to distance themselves from any voluntary or not legally required entanglement with arms of the state, is this the least propitious moment to say that in any reasonably foreseeable future we are going to have to find more and better ways to bring Silicon Valley and its satellites and acolytes into a greater acceptance of the inevitability of them becoming more involved with ensuring the internet is a safer place for children?

Even if we were living in times of super abundance, as opposed to times of austerity, I just cannot see how the historic methods used by the state to secure compliance with the criminal law will ever be able to measure up to the volumes of offending which, for all its wonderfulness in other areas, the internet has facilitated.  The alternative is that we somehow learn to live with, accept or accommodate a number of dismal conclusions. I just do not see that happening.

While we are about it

Could IICSA succeed where the NSPCC failed? When the NSPCC last asked the 43 police forces in England and Wales how many child abuse images they had seized in the previous two years only five replied. What’s going on with the other 38?

How many arrests and convictions have there been both for image related offences and other illegal behaviours involving children which are linked to the online environment e.g. grooming?

How constrained do judges feel at sentencing based on their knowledge of the availability of prison places or sex offender treatment programmes? Is the new classification system for images helping clarify what the possession of different types or volumes of images might or might not signify?

Has there been a growth in the use of cautions for online offences and, if there has, are we convinced this is justified on its own terms and that it is not merely a pragmatic or tactial response to an otherwise unmanageable caseload?

Are we entirely satisfied with the data collection and recording processes now in place where the police investigate any suspected criminal activity involving a child where the internet played a significant part? Do we therefore have a good enough  picture of the full spectrum of online activity in terms of hazards to children?

Where child sex abuse material has been found in the unlawful possession of a third party is there anything to be said for developing a new right for any child depicted to obtain compensation from that person, along the lines of the decision in Amy v Paroline in the US Supreme Court?

The truth about social networking sites

I know of  few commercial concerns that willingly, never mind  voluntarily, disclose data about their internal operations, particularly if they touch or concern certain aspects of their business. That type of information might be considered to be price sensitive and therefore be governed by Stock Exchange rules and the like, so unless you have an obligation to publish likely you won’t. But perhaps there is a larger public interest at stake?

For example: on a typical or average day do we know how many paedophiles are active on some of the major social networking sites, as evidenced by, for example, the volume of reports of grooming received and investigated by agencies such as CEOP or other police forces?  What counter measures are being deployed by the best and the worst social networking sites to limit grooming and  other forms of illegal behaviour? Do they work well enough to reassure parents and the public that everything that could reasonably be expected is in fact in place and working to an acceptable standard? Is there room for improvement? Can and should best practice be translated into mandatory practice, if so how and by whom?

What about reports made by children of abusive or other forms of  troubling behaviour, including bullying? How efficiently and speedily are such reports investigated and resolved by the company receiving them? Is there a satisfactory feedback loop to complainants and does it work well enough to encourage a feeling that it is worthwhile continuing to make reports  if the situation requires it?

The efficacy of self regulation

Inevitably enquiries like these will raise issues about the efficacy of the UK’s historic approach to online child protection. Has self-regulation had its day?  Has all the low-hanging fruit been picked? Is it time to move on?

Improved digital literacy and outreach to parents

Unavoidably IICSA is going to focus on a range of issues which quite naturally fall primarily to be considered under a child protection heading or deal with law enforcement preoccupations. Particular attention may need to be given to the position of vulnerable children but it will be important for each of these strands to be located in a wider context.

Are the different initiatives aimed at developing children’s resilience and improving their digital literacy working well enough to protect them from harm or the risk of harm when they go online? Are parents being helped enough so they can act as a first and principal bulwark in respect of  their children’s online concerns?

Leaving aside the efforts made by individual companies in respect of their own users, are the wider  mechanisms available to children to report abuse or seek different kinds of help working well enough?

Need for changes in the law or procedures?

Are there any legal, procedural or evidential  obstacles to improving police performance  in this area?  I suspect many senior police officers could produce a useful list in short order. Perhaps  IICSA could  look into these and any others they identify themselves and  set them out in a document which is published. I am thinking, among other things, about the rules governing the collection, analysis and presentation of data about the often gigantic volumes of child abuse images found on a suspect’s digital devices and about the practical and legal difficulties associated with exchanging data with or accepting data from foreign law enforcement agencies or sources.

In the end, given the global nature of the internet, in the context of law enforcement activity a great deal is always going to depend upon securing improved international  co-operation between law enforcement agencies, organizations and companies domiciled outside the UK but without a publicly known, widely accepted, clearly stated set of objectives the fear must be that little progress will be made because the necessary head of political steam will fail to materialise as everything gets lost in a miasma of vague sound bites about the importance of (never achieved ) harmonization. Meanwhile police officers are simply left to cope as best they can with a still escalating level of demand.

Are we satisfied with the speed of the evolution of the law enforcement environment at an international level both in relation to dealing with child abuse materials and more generally? For example could  more be made of the Virtual Global Taskforce and if the answer is in the affirmative is there anything the UK Government or UK law enforcement can do to speed up that process or help it along, for example within the framework of the #We Protect initiative?

Are the different components of what might loosely be called the international internet governance community doing the best they can to ensure  children’s online experiences are as safe as they can be? In particular is ICANN’s wilful blindness to the wider consequences of its decisions any longer acceptable? Has the huge power of the Registrars and Registries within ICANN ‘s machinery simply turned it into a self-serving money-making machine that prays in aid its essential technical functions as a smokescreen designed to divert attention from the  commercial purposes that lie at its real core? Do we need the UK Government to become more energetically engaged in steering ICANN towards a better and acceptable path?

The dark net?

Could an independent body such as IICSA shed at least some light on the scale and nature of the challenges posed by the dark net? The problem otherwise is if the Government, security services or law enforcement agencies speak on this subject a substantial part of what they say will immediately be discounted for obvious reasons. With appropriate specialist advice IICSA may be able to move the discussion on even if it cannot find an answer. On a related theme how is the rise of encryption impacting on current investigations and what is the prognosis should current trends continue?

The rule of law

Very few people do not support the ideas which underpin the rule of law but here’s the thing. The rule of law carries with it the implication that the law can, in fact, be enforced. However if, through human ingenuity and an ever more urgent search for online privacy we have in fact created systems which, for practical purposes,  make it impossible for the law to be enforced where does that leave us?



Posted in Child abuse images, Default settings, Google, Internet governance, Privacy, Regulation, Self-regulation, Uncategorized

Neuroscience providing new insights

Advances in imaging technology are having all kinds of beneficial effects in medicine. Apart from reducing the need for invasive exploratory surgical procedures in all parts of our bodies it is also helping neuroscience to develop apace. We can now see a lot of what our brains are actually doing in response to given stimuli. We no longer simply have to theorise or speculate about it.

However, it seems parts of the online and computer games industry are also catching on. A neuro scientist friend tells me he is aware that modern games companies are  judging the effectiveness/acceptability of new games they commission by the extent to which they trigger observable  and substantial dopamine effects. If the bang isn’t big enough it’s back to the drawing board. The designers are asked to do “better”.  In other words  some games companies are engineering potentially addictive or near addictive behaviour.

Am I alone in thinking there is something unbelievably distasteful about this sort of appliance of science? We know the advertising industry has for many years been  a major employer of psychologists who exploit their knowledge of human behaviour in order to help their employers sell more product but there was always a comforting  degree of imprecision surrounding what they did . This new level of purposeful, intimate intrusiveness feels to me like it is crossing an ethical line. We outlawed subliminal advertising years ago. How is this so very different?

If any reader knows any more about this sort of stuff please get in touch.

Posted in Advertising, Consent, Default settings, E-commerce, Privacy, Regulation, Self-regulation

The strange and sudden death of self-regulation


In the UK, and  among EU institutions, the idea of self-regulation has reigned supreme pretty much since the arrival of the worldwide web in the early to mid 1990s started the internet on its trajectory  towards becoming the mass medium we know today.  The policy appeared to be widely and strongly supported by the internet  industry as well as the politicians and senior officials who espoused it.

At EU level the most recent and prominent examples of the doctrine at work  was evidenced by the creation of the CEO Coalition, followed swiftly by the ICT Coalition.  A  “Community of Practice” was even created to institutionalize the notion.

It all started with child abuse images

In the late 20th Century  across a number of  EU Member States hotlines began springing up to address the growing challenge of child abuse images appearing on the internet. In the UK’s case we established the IWF in 1996. In Britain and several other countries industry took the lead in getting the hotlines going but the EU stepped in to encourage this trend by helping with money.

Filtering and blocking child abuse images arrives

Around 2004 the IWF and BT  pioneered url blocking as a means of restricting access to urls known to contain child abuse images prior to their eventual (and hopefully speedy) deletion at source. Historically, apart from  Italy  no country required internet service providers to carry out this type of url blocking but a large and growing number of online businesses did so on a voluntary basis.

I cannot speak for every hotline or  speak to how they each handle these matters but the IWF compiles a list of qualifying urls  and updates and distributes it twice daily to the many companies that use it to help keep their networks free of child abuse images. The practice has never been challenged in the courts, moreover the wider legal basis on which the IWF operates was set out in a memorandum issued jointly by the Crown Prosecution Service and the Association of Chief Police Officers. Later a leading human rights lawyer gave the IWF a clean bill of health in respect of compliance with human rights standards.

Parents are very concerned about a range of adult content

In the UK we also took things a step further. We responded to parental concerns to shield their children from age inappropriate but otherwise legal content by introducing default-on  parental control software that operated at network level.

The mobile phone companies started doing this around 2005. Sky Broadband joined the club more recently. In the case of Sky parents could decide to modify or completely remove the filters.  In relation to mobiles it was necessary only to complete an age verification process to get the filters lifted. In addition WiFi providers decided to introduce default-on filters but these would only work in public spaces where it was reasonable to expect children to be found on a regular basis.

Default- on filters met a huge parental demand for simplicity of implementation. It is accompanied by a great deal of education and awareness activity both before and after the fact.

Not censorship

This is not censorship. No content on the internet is removed or changed because of parental controls software.  In the UK we have simply been seeking a way to replicate in the online space measures  or rules which have been taken for granted in the physical world for a long time. The internet is not exempt from these standards but it has been difficult to find a way to implement them.

The UK’s approach was and it is still, strictly-speaking, experimental because we have yet to see a report as to its effectiveness. As we shall see in a moment, however, clearly the lack of evidence one way or the other did not deter legislators at the EU. They took a decision about the UK approach that was ( obviously?) based on first principles of some kind  – but first principles of what sort exactly?

All blown away

It looks like all of the above has to go. Henceforth each Member State that wants to engage with online child safety in the ways outlined will have to pass a law either to allow  parental controls software to be deployed at network level or, in the case of blocking access to child abuse images, to make it mandatory. You won’t be permitted to block access to known child abuse urls on a voluntary basis. The state has to require you to do it.

How did this come about?

In a legislative instrument that addressed net neutrality.

In the past when the EU has debated issues concerned with online child protection it has been clear from the title of the document or the draft instrument that this was the focus of the measure or at any rate that it was a principal focus. The online child protection community, parents and children’s organizations were put on notice and were able to engage, mobilise, lobby and express their views. Officials in the Commission, and doubtless within Member States, concerned with children’s policy  were drawn in to the debate.

None of this happened here. It really is a disgraceful way to make new laws and to end a 20- year old policy. I leave on one side for now the potential political impact in countries such as the UK where Euro- sceptics  will doubtless make hay with it.

There will be a transition period

The final text of the Directive has yet to be published but I have seen a (leaked) copy of the words that emerged from the Trialogue and I have spoken to several people close to the process, including lawyers. I am reasonably sure my reading of the situation is correct although “check against delivery” is always sound practice.

It appears there will be a transition period so nothing will end abruptly. I don’t doubt the UK will be able to pass the necessary laws, in effect to preserve the status quo, in roughly 5 minutes if needed but can we be confident that there will be no legislative congestion or other political complications in every Member State?

The future of the IWF in the balance?

Internet businesses were willing to establish and fund it when the IWF was a shining example of self-regulation. But now that seemingly everything of importance associated with what the IWF does is becoming the subject of legislation, indeed is becoming a legal requirement, some will ask why they should pay for it at all, or anyway why should they pay for it as an additional item to, say, the police service?

The EU has not covered itself in glory with this sad little episode. I fear the consequences will be far reaching. I am sure many of our leading online companies will continue to work collaboratively and voluntarily through bodies such as the ICT Coalition. The need for them to be seen to promote good online child safety practices has not gone away but the voices of the sceptics within their businesses will have been greatly strengthened. Start ups will feel even less inclined to become involved if they see that well-intentioned self-regulatory efforts can be reduced to nought so casually.

Earlier parallels?

The last time the EU seriously engaged with the question of online child abuse images was in the context of the Directive on combating the sexual abuse and sexual exploitation of children and child pornography. It was adopted in 2011.

Unlike this time around the argument was  then very public and it was protracted. There were public hearings in the Parliament and elsewhere. Arguments raged in newspapers and all parts of the media. Practically every children’s organization argued that blocking access to child abuse images prior to their deletion should be made compulsory. We lost.  Article 25, 2 of the Directive made it optional. Now the EU has moved on again. It seems such blocking is not even allowed to be optional.  Each State has to make it compulsory or it cannot happen at all.


Posted in Uncategorized

A major failure of internet governance

The Internet Governance Forum (IGF) sits at the centre of a complex network of bodies and institutions of different kinds which concern themselves with the still relatively new public discourse on internet governance.

I was involved in making submissions to the WSIS processes that preceded the creation of the IGF. On behalf of eNACSO  I have attended every (annual) meeting of the IGF except the first one, which was held in Athens in 2006. I have attended every meeting of its European regional off shoot, EuroDIG, as well as several of the UK national IGFs where I went on behalf of the UK Children’s Charities’ Coalition on Internet Safety (CHIS). Nobody can say these children’s groups haven’t invested heavily in the WSIS and IGF sponsored multistakeholder model of internet governance.

The only major internet governance event in recent times that I could have gone to but didn’t, and nor did anyone from eNACSO or CHIS, was the Net Mundial conference held in Sao Paulo, Brazil, in 2014. The children’s groups I work with just couldn’t afford to send anyone to another gig that year, especially one so (expensively) far away from home.

Big Mistake

Assuming you accept that there is some actual or potential value in the dialogue around internet governance – which I do unreservedly – it turns out that not going was a mistake. Net Mundial was the IGF on steroids. We had no way of knowing at the time how big a mistake it was going to be, but even if we had, short of robbing a bank I’m not sure what we could have done about it anyway.

Who was there?

I looked at the official list of  representatives who went to NetMundial. Governments seemed to be the largest single bloc. Post-Snowden and the revelations about the NSA tapping the Brazilian President’s phone, privacy activists also seem to have been especially thick on the ground.

Among the named civil society representatives in Sao Paulo I did not see any children’s or young people’s organizations that I knew had a history of or track record in attending IGFs or in pursuing the internet governance agenda from the perspective of children’s and young people’s rights. But then I don’t know everybody. On closer examination of the attendees I found two that appeared at least to have some connection with youth oriented affairs. These were the “Bible Hill Youth Club of India” and the YMCA Computer Training Centre and Digital Studio from The Gambia. There were none that appeared to have a connection to children’s issues.

Hello Lee Hibbard

Lee Hibbard works for the Council of Europe. He is one of the world’s leading authorities on internet governance. Last week in a workshop which I attended at the 2015 EuroDIG meeting he said something along these lines

The Net Mundial Statement (NMS) represents the best available summation and distillation of thinking on internet governance to date. It has a very broad basis of support across the world.

In diplo-speak The Statement represents the formal outcome or results of the entire event and the negotiations leading up to it. Every single word in The Statement will have been carefully weighed and considered, probably fought over.

According to Lee,  it seems before NMS was adopted there were “around 25 different charters, declarations and manifestos” which different actors had drawn up to describe what they thought internet governance is about or ought to be about. Thus a key goal of NMS was to draw a veil over such chaos. The consensus seems to be that in this respect NMS succeeded brilliantly. NMS has become a defining document. A guiding star. A new point of departure. Oh dear.

So what is not in The Statement?

If you read NMS carefully you will note that none of the following four words appear anywhere in the text: “child”, “children”, “youth” or “young”.  Not even once. How can that be when one in three of all internet users across the world are below the age of 18? In some of the developing nations the proportion is higher.

Could it be that as NMS was being drawn up the authors consciously decided not to refer to any specific or particular interest groups? Did they, for whatever reason, want to keep The Statement at a stratospherically high level so as to avoid special pleading and hang on to a universalist framework? No. That cannot be the reason because, for example, at several points explicit references are made to the position of people with disabilities in relation to cyberspace.

More specifically within NMS there is a short recitation of international instruments which are said to be important or noteworthy in the context of a discussion about internet governance. The Convention on the Rights of People with Disabilities is listed there. The Convention on the Rights of the Child is not.

The Convention on the Rights of People with Disabilities has been open for adoption since 2007. The Convention on the Rights of the Child has been out there since 1989.

In search of enlightenment

I told everyone in the EuroDIG workshop that because I didn’t make it to Net Mundial I did not know exactly how things had panned out there. In search of enlightenment I posed a question

Is the explanation for what happened in Brazil no more complicated than this? The reason people with disabilities gets a mention in the statement  and children don’t is because the disabilities lobby was present in Sao Paulo and the children’s lobby effectively was not?

I was a little shocked by the answer, which came from Markus Kummer. If Lee Hibbard is a Prince in the land of internet governance Markus is the Emperor.

Per Markus

Markus’s reply was instant and clear

Yes that is the explanation. NMS was drawn up on the basis of a rough consensus. To the best of my knowledge the question of children and the internet wasn’t raised by anyone whereas the position of people with disabilities was.

Nobody in the room who had been to Net Mundial sought to qualify or disagree with Marcus’s analysis.

Now I am absolutely delighted that people with disabilities were recognised as having special needs in relation to the internet. I have no complaints at all in that respect. But think about what Marcus Kummer’s  answer reveals.

Who didn’t speak up for children and young people?

Think about how many (and which) national Governments were there in Sao Paulo, and about the level at which the Commission of the European Union was represented. And then there was everyone else.  None of them thought to mention one in three of all internet users in the world?

Even if there was a mention of children and young people that somehow managed to escape Markus Kummer’s hearing it is self-evidently the case that in one way or another the words were not presented persuasively or persistently enough to claim a place in

the best available summation and distillation of thinking on internet governance to date. 

Back in the world of diplo-speak zero words equals zero recognition.

Thus for all the palaver of the Internet Governance Forum since 2005-6 and all the rigmarole of its many national and regional off shoots, for all of the claims made about how the IGF has advanced the terms of the debate, with regard to children and the internet when the rubber hit the road what did we end up with? Zilch. Not even a trace.

Geo-politics and commercial interests rule

People go to events like Net Mundial and the IGF because they have an agenda. I am guessing that nobody in Sao Paulo was positively hostile to children’s interests or rights. They just didn’t think of it as being front and centre of what they were there to do and at one level I get that (although I think  a number of people have some explaining to do).

Occupying themselves with the mega geo-politics of China,  the USA, Russia, the EU, Brazil, Iran, Saudi Arabia, with ICANN, the IANA Transition, the position of rights holders, the post-Snowden agenda and the rest it is not hard to work out why kids got overlooked. But that doesn’t make it right or in any way  acceptable, not least because it happens all the time across the internet governance space.

Enough already with the hindsight

Returning to Net Mundial and continuing to accept at face value that there is some point to all this internet governance stuff, with hindsight it is clear children’s organizations should have been there in greater force and to the extent that they weren’t first and foremost represents a failure of the machinery of internet governance itself.

Truly this is a structural or institutional failing and the powers that be should think of it in that way. Instead of being defensive they should come up with some solutions. Simply apologising (again) for the imperfections or promising to try to do better next time won’t cut it. Alternatively those involved in and proselytizing for internet governance need to dial back the rhetoric of “community”, “inclusiveness” and “multistakeholder”. Travel budgets should not be the key determinant of whether or not your voice is heard and registered, particularly where that voice speaks for one in three of all internet users.

Posted in Internet governance, Regulation, Self-regulation

Time, money and internet governance

I attended an extremely interesting briefing in Brussels recently. It was organized by the European Internet Foundation  (EIF) and featured Fadi Chehade, CEO of ICANN. He is an impressive communicator. Fadi delivered a wonderfully clear and concise account of the current state of play with the IANA Transition. Fingers crossed that it all goes smoothly and, above all, to time. If the whole business of the transition gets mixed up in the forthcoming US Presidential campaigns the risk of failure increases substantially and that could have dire consequences for the future of  the internet. Apparently.

Anyway, that’s kind of a preamble. As usual at these sorts of events there was more than a small sprinkling of professional lobbyists and corporate employees whose primary job is to track developments in and around the public policy making  and regulatory arenas insofar as they affect the internet space.

Don’t get me wrong. I am not complaining about lobbyists and employees of that sort. They do an extremely important job. As long as there is a high degree of transparency about their contacts with governments and regulators I am absolutely certain they can help improve the quality of decision-making all round. If anything my remarks are tinged with great envy.  Here’s why.

I have been writing recently about what I think is a potential disaster for the UK approach to online child protection  coming down the track courtesy of the EU. At the EIF meeting I made a casual remark  along these lines to one of the lobbyist types  in the room adding that the enormity of what was going on had dawned on me only comparatively recently.

I was met by a sneering rebuke to the effect “You can’t complain when you come to the party so late.”  I’m not going to name and embarrass the guy who said this. Maybe he was just having a bad day but actually what he was raising is an important dimension of what passes for internet governance.

If you are not a professional lobbyist, or you don’t have professional lobbyists working for you, it is simply impossible to keep track of everything that’s happening in the online world  and therefore it is impossible to know how best and when to intervene and on what. Certainly the way the Commission and the Parliament work does not make it easy for non-professionals to engage with them. It is partly a question of complexity and partly a matter of scale. You drown in a deluge of emails, newsletters and updates. And here is where the current lobbying system can break down and put the democratic process at risk.

It may asking for too much to say there ought to be a completely level playing field for everyone who wishes to represent their views to EU institutions –  I wish –  but if that famous field doesn’t get  a lot more level than it seems to be right now the risk of European citizens feeling even more isolated from the EU project will continue unabated and probably it will increase.

My work in Europe is channelled principally through eNACSO. We exist and do the best we can on a fifth of a shoe string. But even that slender thread may be plucked from us as the funding is not promised beyond September, 2016.  If eNACSO goes there will be no pan-European children’s organization that is tasked with trying to cover the online waterfront from the perspective of children’s rights. In my next blog I will show why that is absolutely guaranteed to produce undesirable outcomes for kids.

Posted in Default settings, E-commerce, Internet governance, Regulation, Self-regulation, Uncategorized

Bits of the industry have a lot to answer for

The Digital Citizens Alliance has carried out some mega research into the financial basis of piracy web sites. Specifically they looked at how advertising is helping to keep them afloat. It is the second such publication. The first one I missed. It came out in February 2014 and was called  Good Money Gone Bad. The sequel arrived a couple of weeks ago and the title alone tells us something important Good Money Still Going Bad.

Huge sums involved

I was astonished by the  amount of money the piracy sites were raking in. In the 2014 report the researchers estimated that, in 2013, the 596 sites they looked at generated around US$ 227 millions in ad revenues.  The 30 largest averaged over US$ 4 millions and some took in excess of US$ 6 million. Even small piracy sites were taking over US$100,000 per annum. This is not pocket change and underlines, yet again, the real nature of piracy sites. Modern-day Robin Hoods they are not.  Piracy sites are run by villains dedicated to their own personal enrichment off the back of other people’s  work.

In the 2015 document  589 piracy sites  were included in the sample. It was calculated that between them they had earned around US$ 209 millions.  Down a little bit although not much. But what they found in 2015 was that over 40% of the sites they had examined first time around had either closed  down or the revenues  had shrunk to  a point where they fell outside the criteria for inclusion in the research sample.

One conclusion we can draw from this high rate of attrition – and the fact that  so many new sites had sprung up to replace the disappeared ones – is that the barriers to entry to being a pirate  and starting to  collect dollars from ads must be low.

A simple step?

How difficult would it be for an ad network to inspect any new site or company with whom it starts to place clients’  ads? Before putting business their way could they not satisfy themselves that they are not going to be aiding and abetting piracy? And how hard would it be for brands to tell their advertising agencies or whoever places ads for them that they must also ensure their products do not get tainted by association with these dismal places.

Premium Brands are involved

It is surprising that, with all the publicity there has been around the issue of piracy and the sites that make it possible 132 “premium brands” were nevertheless  still found advertising their wares on piracy sites. This was up from 89 in the first study.  How did that happen? See below for more details and names.

Video-streaming piracy sites on the march

We all know that across the piece video streaming is growing rapidly on the internet but Bad Money reveals  that so are piracy sites that are based on streaming, up 40% from the first report. I’d like to look into this dimension more closely at some point – or at any rate the cops should – because of the way in which video streaming sites are starting to become a major feature in child sex abuse cases. Are there links?

Not good places for kids

Which brings me full circle to my primary interest which is the way piracy sites not only draw children and young people into believing it is OK to steal but also  how they put children and young people at risk in other ways.

For several reasons piracy sites are singularly unsuitable environments for youngsters  but one of them relates to the sort of ads they routinely carry. 17%  of the sites surveyed in the 2015 report carried  ads for “adult content”. This typically includes hard core porn and prostitution services, and that’s on top of the malware and fraudsters waiting for inexperienced or unsuspecting prey.  Then there’s the dodgy pharmaceuticals. In the UK we have had a number of reports of young people dying  because they consumed fake drugs they bought on the internet only to be poisoned by them.

Some of the famous names

Appendix E  of Bad Money lists some of the premium brands whose ads they found on piracy sites.  It’s quite an eye opener: Ford, Capital One, Nike, eBay,  ING Bank, Jeep, Volkswagen. It goes on. Have a look for yourself. And in Appendix F  we find the name of the ad networks that placed some or all of these ads on the piracy sites.

These guys need to act

Any company whose name appears in Appendix E  should be ashamed of itself. I am sure they did not intend to support thieves who put kids at risk but by failing to be sufficiently diligent in the way they allowed their ads to be placed they have truly fallen down on the job and must do better.

I know a lot less about how ad networks operate. The names of the networks listed in Appendix F will be less well known  to most people but they are all out there now in the public domain. At the very least the people running these networks should pause for thought.Some of the ones listed in Appendix F may not care about supporting piracy sites but I would be surprised if that applied to all or most.

Piracy sites are not philanthropic. They are about making money. Everyone should try to ensure sure they don’t make any more. Our kids deserve nothing less.

Posted in Advertising, E-commerce, Internet governance, Pornography, Regulation, Self-regulation

More on online child protection and net neutrality

In the leaked draft prepared by the Latvian Presidency,   to which I referred in an earlier blog,  I “revealed” the author’s apparent intention to do two (new) things:  (a) make it a requirement for prior explicit consent  to be given before parental controls software could be deployed  on an end user’s account by an internet access provider and  (b) to insist  that such consent could be withdrawn at any time, presumably either temporarily or forever.

This is problematic in the UK because, for example, in respect of our mobile networks at the moment minors  simply cannot consent to being exposed to adult content.  The Presidency document would have ended that.

Right now in the UK if an end user is unable to prove he or she is over 18 the adult bar stays in place. Full stop. Incidentally the overwhelming majority of people are able to prove their age online, or via a phone call.  It’s easy and quick. There is an option to “go into the shop” to carry out or conclude the age verification process but, contrary to impressions that may have been given elsewhere, that is definitely not the only way.

The system of classification  used to determine whether particular content is or is not “adult” is underwritten for the mobile networks  by the British Board of Film Classification, an entirely independent, much respected body in the UK. Its brand is almost universally recognised.

Before the BBFC got involved some stupid mistakes were made. All new processes tend to have teething difficulties but now a procedure is in place which will swiftly rectify any errors that may occur – I mean will occur – in the  future.

For kids but not by kids

Say you bought a mobile for someone under the age of 18, or indeed if they bought it themselves (perhaps for cash in a supermarket) under the terms of the Latvian draft, precisely because they are under 18, it seems they would not have the legal standing to ask for the filters to be turned on. Thus a measure designed to protect children from age inappropriate content, in theory, cannot be activated by children. Brilliant.  Who thought that one up? And were we meant to understand that while only an adult could ask for parental controls to be turned on  anyone of any age can get them turned off?

A lot worse for WiFI?

In respect of providers of WiFi in public spaces where kids are present,  another problem presents itself in relation to consent. Under current arrangements in such environments nobody is asked if they consent to access to porn being blocked. It follows nobody can withdraw what they haven’t given.

Do some kids deserve protecting while others don’t?

In respect of any ISP or other type of provider that applies default-on filters in the way described above,  it is one thing to argue that the filters are rubbish and valueless but if one accepts that filters have some value in protecting children from age inappropriate content, why is it that only some kids should be allowed to benefit from them, those being the ones whose parents have the knowledge, time, inclination and competence to initiate their use?

Do we just say “tough luck”  to those kids unlucky enough  not to have parents like that? “Not my problem. Move along.”

A question of hoops

If parents want to jump through hoops to liberalise or completely abandon filters that’s fine, it’s their choice but it should never be the other way around.

When you buy a bottle of bleach in a shop it comes with a safety cap on it. Recognising that huge number of ever younger kids are internet users, the same should apply. Filters are a virtual safety cap. Not the only thing we should do to help keep kids safe when they go online but one of them.

The internet is a mixed environment

It is no longer acceptable in my book to assume that the internet is a predominantly adult environment where “special measures” may need to be taken from time to time or in particular circumstances to take account of the fact that kids might be users.

The internet is a mixed environment where kids  will always make up a very substantial proportion of all users.  Everybody’s thinking about almost any and every aspect of internet policy should be framed with that cardinal fact constantly in mind. It should never be an afterthought, irritating or otherwise.

Looking a little wider than the EU, in some parts of the developing world sub-18s are close to being about half of all users and there will be a significant proportion of child users who have no parents at all.  Do we owe them no duty of care? Is that double bad luck for them?

I appreciate people’s concerns about the way “bad governments” could misuse the notion of online child protection  to “slip in” other forms of societal control or oppression but that is a larger, wider, bigger and different political problem. It should not be solved at the expense of protecting children.

Censorship is not the issue here

Remember we are not talking about censorship. No legal content that is on the internet will disappear or be changed as a result of anything I have advocated here or elsewhere. This is about seeking to replicate in the online space policies and practices that have long been taken for granted in the real world to keep age inappropriate materials out of the reach of minors. I acknowledge that this might cause minor irritations or small delays to some adults who want to access material that is not intended for children but only the most curmudgeonly nerds will truly resent such measures if they accept the wider benefits that they can bring.

Posted in Age verification, Default settings, Internet governance, Regulation, Self-regulation