Evidence to the House of Lords Communications Committee

On 19th July I appeared before the House of Lords Communications Committee. They are holding an Enquiry into  Children and the internet.  On the day I was largely responding to oral questions.

Will Gardner from Childnet was alongside me. Will tended to lead on the (many) questions about what was happening in schools, particularly around bullying. I majored on other issues.

There is little point in having a Parliamentary Enquiry simply to recite or celebrate how well  the UK is doing in the online child protection space.  Make no mistake I remain firmly of the view that the UK is a world leader in this area. This was therefore a (rare) opportunity to highlight where improvements  or changes are still needed.

What follows is a summary of what I said, plus one new point (compensation for victims of child abuse images) which I added when I later sent in a written version. That’s allowed!

Digital Economy Bill 2016-17

The Digital Economy Bill is directed at larger commercial pornography sites, almost all of which are domiciled outside of the UK and therefore, for practical purposes, beyond the reach of UK courts and law enforcement. While nominally these sites are “free” in that they do not charge to look at the bulk of their wares they are nevertheless highly commercial in nature, collecting their income in other ways e.g. through direct sales and advertising.

The Bill is most welcome but it has a fatal flaw. The Bill requires the sites to introduce age verification to prevent persons under the age of 18 from being able to look at their content.  The assumption is that the credit card companies will threaten to withdraw payments facilities and the advertisers will threaten to withdraw advertising from non-compliant sites (which would be operating illegally) and this will be a sufficient incentive for most porn publishers either to comply or cease publishing into the UK. This is a reasonable assumption. The Bill will also create a Regulator with a power to compile a list of non-compliant sites. This list will be circulated to interested parties e.g. credit card companies and advertising agencies but neither are obliged to act although, as already noted, it is anticipated most will. However, if a commercial pornography site uses no UK-based payments facilities and receives no advertising from UK sources, or it changes its business model to arrange things that way, it could continue to operate with impunity.

Thus for persistently non-compliant sites the Bill should give the Regulator a residual power to require access to non-compliant sites to be blocked, in a manner similar to that which, de facto, already exists for child abuse images.

Big social media platforms are like public utilities

We need to start thinking about the major social media platforms in the same way as we do public utilities. Certainly in respect of children and young people the platforms’ dominance in some areas means children and young people may feel they have little choice but to join and be part of the social milieu to which all or the great majority of their friends belong.  It is unacceptable for there to be no way for the public or parents  to be reassured about the efficacy and appropriateness of these businesses’ internal systems for dealing with complaints from or issues raised by children. An independent regulator (perhaps Ofcom) should have the legal power to compel at least the larger platforms to open their books and allow independent inspection and verification of their public-facing processes to ensure they are working satisfactorily.

Filtering in the UK

The UK’s system for providing filters to customers of the UK’s “Big Four” domestic broadband providers is excellent but there appears to be significant variations in the levels of take up between the different ISPs. At first sight this seems strange because the demographics of their customer base do not look as if they are wildly different. In any event the claims the ISPs make about levels of take up have not been independently verified. When the last (and so far only) checking exercise was carried out, Ofcom merely asked the ISPs to inform them of their take up levels. Ofcom sought neither to verify the claims the ISPs made nor to explain the reasons for any differences. This is not satisfactory. Moreover the current voluntary system for providing filters only extends to the customer base of the “Big Four”. It seems they reach only 90% of households. Children in the other 10% deserve the same level of protection.

The system of filtering for mobile networks appears to be working satisfactorily but it has never been thoroughly inspected and verified by an independent agency.

Ditto in relation to “Friendly WiFi” i.e. the system where the providers of internet access via WiFi in public spaces take steps to limit access to adult content and illegal materials. A key question here would be to determine how extensively it is operating and perhaps also to identify any major enterprises or concerns that had not adopted “Friendly Wifi”.

Age limits

There has never been a proper, independent evaluation of the optimal age limits for using social media platforms. The single lower age limit of 13 is the product of a US Federal law which was passed in the 20th Century before social media platforms existed. With one or two exceptions e.g. Spain, the rest of the world acquiesced rather than sought to examine critically the appropriateness of that age standard.  Perhaps we need more than one age level depending on the nature of the platform and the type of activity in question. In addition the absence of any obligation to verify the age of customers is leading to a huge level of non-compliance. This is not satisfactory.

Compensation for victims portrayed in child abuse image

A new law is required to allow victims of child sex abuse to claim compensation from persons found in possession of images of that abuse. The USA has a similar law specifically designed for this purpose. Aside from assisting with victim recovery it could also act as a major deterrent to a certain class of person who collects these images. The MoJ is currently considering this idea.

An unambiguous duty of care

We ought to establish that the providers or suppliers of digital services have an unambiguous legal duty of care to consider the online child safety aspects of any and every service before it is released. One of Facebook’s founding ideas was “Move fast and break things”, otherwise expressed as, “it is easier to apologise after the event rather than seek permission before it”. It is understood that this has now been formally renounced by Facebook yet it remains a dominant idea across the whole of the internet industry.

Internet governance

There are several notable weaknesses in internet governance institutions and processes: one is their failure to take proper account of the fact that children and young people are a very substantial constituency of users and that they have rights under international law which are routinely ignored. ICANN in particular has been woeful in several key regards. HMG has an important leadership role in this area.

Helping parents

Finding ways to help parents to help their children get the most out of the internet while remaining safe is a major and urgent societal challenge.  We cannot blithely assume it is a problem which will solve itself with the passage of time.  In this context schools have an important role to play but if we see them as the sole or principal route to parents we will fail because too many schools continue to be seen by too many parents as unwelcoming places. A public health sort of approach may therefore be worth considering as an additional or complementary strategy. What we are talking about, in essence, are the skills needed for 21st Century parenting. That repertoire of skills must now include a knowledge of how the internet fits into young people’s lives and how best to support children and young people in the use of the technology.


Posted in Age verification, Child abuse images, Consent, Default settings, E-commerce, Facebook, Internet governance, Pornography, Regulation, Self-regulation

It seems like only yesterday

It seems like only yesterday……hang on a minute, it was only yesterday (well – two days ago but I claim poetic licence), I was predicting that once McDonald’s had agreed to introduce filtering (for adult pornography and child abuse images)  into their system for providing free WiFi access on their premises in the USA Starbucks would soon follow.

It wasn’t a fix – at least not on my part – but late last night another press release hits my Inbox telling me that Starbucks are looking into to doing just that. Well done to Enough is Enough and their energetic CEO, Donna Rice Hughes.

Again Donna was kind enough to acknowledge that she took inspiration for embarking on her campaign from what had first been done in the UK. However, to negotiate the shores of US politics on an issue which many (misguidedly) see as being connected to free speech rights, requires substantial political skills and clearly Donna has them.

In David Cameron’s valedictory speech in the House of Commons  the other day he said

In politics you can achieve a lot of things..nothing is impossible if you put your mind to it.

He might have added

But first you have to believe in something and want to do it.

I can hardly think of a single worthwhile reform I have been involved with in the internet space where, at the beginning, powerful forces argued it couldn’t or shouldn’t be done. It was either impossible, too expensive or  it threatened others’ irreducible vital interests.

Well there you go. Cheers to Donna Rice Hughes.

Posted in Default settings, Pornography, Regulation, Self-regulation

Good news from across the pond

From little acorns…., the march of a thousand miles starts with a single step…..and so on.

In what is otherwise a fairly miserable period in terms of public policy developments, at least if you live in the UK, word reaches me that, following a campaign that was started in the USA in the Autumn of 2014 McDonalds have agreed to introduce filters to restrict access to legal pornography and child abuse images in their outlets in the USA.

The campaign was headed up by Enough is Enough and its CEO was good enough to acknowledge in her announcement that she was emboldened to begin the campaign by the success we had had in the UK.

Their next target in the US is Starbucks. I have a hunch they are going to win.


Posted in Child abuse images, Pornography, Regulation, Self-regulation

Good but with a serious weakness

Porn in the UK

In 2010 the UK established an excellent system for dealing with TV-like hard core pornographic material published online by businesses domiciled within the UK.  Age verification is an essential feature of such sites.  Ordinarily the porn is therefore not accessible to persons under 18.

The problem is the vast majority of online porn is being published by businesses based overseas and they have no real barriers to access. Young people, including children, are being exposed to graphic material which was never meant for them.

While the content is generally “free” to view these sites are in fact highly commercial. They sell things and collect the money via credit cards or other online payments mechanisms or they derive revenues from advertising.

A new approach

Earlier this week the draft Digital Economy Bill, 2016-17, appeared. If the relevant provisions become law all commercial online publishers of pornographic material directed at or available in the UK will be required to introduce an age verification mechanism to keep out under 18s. This measure was promised in the Conservative Party’s Manifesto at the 2015 General Election and was referred to in the Queen’s Speech  in May, 2016.

There is no doubt this is a very positive step forward but the Bill as presently drafted has a major flaw which needs to be corrected.

Aligning the real and virtual worlds – simple but revolutionary

Pornographic material is defined as any sexual content which is or would be likely to be rated as R18 or 18 by the BBFC, the UK’s official film classification body.

In other words the modest (but otherwise revolutionary) aim of this Bill is simply to create a closer alignment between how things work on the UK’s portion of the internet and how they work in the physical part of the UK.

What do the public think of this idea?

On the same day the Bill appeared the Government released the results of the public consultation that was held about the policy underpinning it. Here is an important extract from the summary.

Overall, there was a roughly even split between those supporting age verification (44%) and those not in favour (48%). Responses from individuals made up the vast majority of those which were submitted via our online questionnaire (94%). Over half of the individuals were men, the majority of whom were between 18 and 34 years old.

Crucially, however, many of the key organisations we work with in the online child protection sphere ­ – children’s charities, support and advice groups, the BBFC, internet service providers, and payment service firms and credit card companies ­ – indicated their support for the proposalsand the overriding policy goal of protecting children online. (bold added by me for emphasis)

That seems pretty straightforward.

A new regulator is to be created

An independent age verification regulator will be established to oversee the new regime.  If a pornography publisher does not introduce age verification mechanisms the regulator will have the power to issue an enforcement notice directing them so to do. Ultimately, if the publisher fails to comply they could face a fine of £250,000 or of up to 5% of their turnover. In civil courts the regulator could seek an injunction or “any other appropriate remedy.” Now there’s a thought!

I’ve got a little list, but…..

The regulator will create and maintain a list of non-compliant porn sites and circulate it to payments service providers, advertisers and other businesses that provide ancillary services to the publisher.  In effect the notice will identify the non-compliant publishers as law-breakers who are putting children at risk.

But neither the payments service providers nor any provider of advertising or ancillary services will be required to do anything with the information the regulator gives them.

Cutting off the money?

Of course the not unreasonable expectation is that the UK-based payments and other service providers will not want to associate with or support a business that has been identified as operating unlawfully in ways that harm children. They will threaten to withdraw their services and that alone will be sufficient to compel the publishers either to cease publishing into the UK or bring in age verification. Either way we get a good result. This is known as the follow the money approach.

However, it was always clear we had to face the possibility that while a good portion of the payments companies, advertisers and other service providers would be likely to respond positively a large enough chunk of them might not. Even sites that were willing to comply might then change their minds if competitors began eating their lunch. The policy could quickly  be left in tatters.

To avoid such a scenario the regulator must have a bit more heft. If all else fails, when every follow the money avenue has been exhausted the regulator must have the power to name persistently non-compliant sites and require ISPs and others to block access.

The major weakness

Sadly the Government seems to want to rule out blocking. In the explanatory notes that accompany the Bill the following appears at paragraph 23

The Bill does not provide for the blocking of noncompliant websites by internet service providers on the basis that this would not be consistent with the treatment of other harmful or illegal content.

The other harmful or illegal content being referred to are child abuse images and terrorist material. Yet here both types of content are illegal whereas much of the porn will not be. Businesses that might happily act voluntarily in respect of child abuse images and terrorist material may not feel the same way about legal porn.

If  inconsistency is the Government’s only worry or obstacle the answer is obvious: make them all consistent with each other. Alternatively we could just learn to live with the untidiness. The scale and nature of the porn problem is anyway completely different.

Some ISPs have expressed opposition to the idea of blocking on the grounds that the filters they provide can deliver the same result. The first point to make in response is the ISPs that provide filters cover only 90% of the domestic broadband market. Children in 10% of households also need protection. Secondly the Digital Economy Bill addresses the responsibility of publishers not heads of households who are perfectly free to turn off the filters any time they like for any or no reason. That does not give porn publishers a licence to ignore UK law.

Poor show. Ideology intrudes?

It is a poor show for the Government to say, in effect,

Yes we think it is a good idea for children to be protected from this  kind of material but we are only willing to go so far and no further

The opposition to blocking has more than a whiff of ideology about it.

A residual power

Let’s not forget, under the overarching principle of proportionality which is core to the Bill, there is no suggestion the regulator would try to catch every tiddler in the pond. They will only be targeting commercial sites with a significant online presence. Thus if the regulator were to have a power to mandate blocking it would only be used in relation to a large commercial site.

So when the Bill begins its progress through Parliament I will be lobbying for the regulator to be given such a residual power. Just knowing it exists should greatly encourage the porn industry and others to engage.

Alternatively if the Government  first wants to see if the  follow the money strategy works it could insert a clause giving the regulator blocking powers but the clause would only be brought into effect by the Secretary of State in the event it became apparent the primary route was not having a good enough impact.

Fines for the payments and ancillary service providers?

Another obvious possibility would be to allow the regulator to issue an enforcement notice against any payments service provider or any provider of advertising or other ancillary services that failed to withdraw their facilities when notified that they were helping to prop up a business that was acting unlawfully. The notice would require them to withdraw the facilities. If that didn’t do it a fine or an injunction would be the next steps but, again, these would probably only work if the relevant businesses had some legal presence in the UK. This wouldn’t be an alternative to mandatory blocking but it would further underline the Government’s serious intent.

Who will the regulator be?

Who will the new regulator be? That remains to be seen but the obvious candidate is Ofcom, perhaps in a joint arrangement with the BBFC. However, there are persistent rumours that Ofcom is not keen to be involved because they think there is a significant possibility the policy will fail and if it fails they do not want any criticism attaching to them. In 2006 when discussing the possibility of blocking IP infringing sites Ofcom said the following

Nevertheless, site blocking could contribute to an overall reduction in online copyright infringement – especially if it forms part of a broader package of measures to tackle infringement.

I hope and trust that Ofcom and anyone else who might be involved in this latest policy initiative will see  it for what it is: an extremely worthwhile challenge which they should enthusiastically embrace. The world’s eyes are upon us. No democratic country has tried to do this before. Everyone needs to step up and give it their best shot.





Posted in Age verification, Default settings, E-commerce, Pornography, Regulation, Self-regulation

Comments on participating in internet governance discussions

The following was  written by myself and Professor Sonia Livingstone.  It is addressed to the various luminaries who are holding a Retreat to reflect on the future of the MAG and the IGF itself.

Submission from John Carr and Professor Sonia Livingstone

1 in 3 of all internet users in the world are below the age of 18. In parts of the developing world this rises to almost 1 in 2.

The age of 18 is important because under international law and in national domestic law in practically every jurisdiction in the world 18 marks the point when a person ceases to be a child and becomes an adult with full legal capacity.

However, in relation to the internet, 18 is by no means the only benchmark of legal or operational relevance. It is acknowledged this complicates some issues.  Thus, in this context when referring to “children” we mean persons below the age of 13 and “young people” are between 13 and 17.

Every State has a set of obligations towards its citizens who are below 18. These obligations are extensive and become more so at the younger end of the spectrum. Some of these obligations are protective or defensive in nature, others are about providing positive opportunities for children and young people to learn, develop, express themselves and participate in processes that affect them.

The internet is of huge significance in the lives of children and young people yet you would be hard-pressed to see this reflected either in the composition of the MAG or in the proceedings of the IGF. Given the salience in so many countries of issues connected with children’s and young people’s use of the internet this is surprising.

The reasons for selecting some child-oriented workshops at IGFs are not always obvious to those closely engaged in the field. There has only been one plenary session devoted to children’s and young people’s interests. That was in 2008. This happened solely because the host country chose to make it a priority. In the NetMundial statement there is not a single reference to children and young people, and this against a background where a number of other interest groups managed to register their presence in the text. Markus Kummer said the reason was simple: children and young people “were not mentioned”. Even if that is not literally true it obviously is the case that if there were any “mentions” they were not loud enough to be heard in the room where the drafting took place.

Given the practical difficulties of engaging directly with children and young people, the role of organizations that are recognized as working with them and on their behalf is key. Right now there is nobody on the MAG from such a background. This has been true for most of the MAG’s existence, though not all of it. Of course there have always been people on the MAG who have spoken up for children’s and young people’s concerns but that is not entirely the point. People on the MAG are likely to feel a primary responsibility to advance or represent the institutional or other interests from which they are drawn. Their ability to take up or negotiate other agendas may be limited.

There is a perception that selection for membership of the MAG and Workshops at IGFs is highly political. Lobbyists are at work and insider networks operate which reflect different historic stakeholder groups. Children’s and young people’s organizations are not within the “magic circle” and even if they were it cannot be stated strongly enough that resource constraints would severely limit their ability to take part.

Fundraising to help child refugees and abuse victims is difficult enough. Fundraising to send people to Geneva, New York, Paris, Guadalajara et al to take part in talks about internet governance is a long way from being a realistic possibility. So it really comes down to a simple question: does the IGF want closer involvement with this substantial stakeholder group and if it does will it find a way to make it happen? We appreciate why special funds exist to help people from the developing world to attend IGF meetings and events. An analogous case can be made for ensuring representation for children’s organizations from all parts of the world.


Posted in Internet governance, Uncategorized

A strange day to be in Brussels

Yes. I was in Brussels today, attending a meeting of something called “The Community of Practice for better self- and co-regulation”. I went to sleep last night  in my Brussels hotel convinced and glad the UK’s membership of the EU was safe and secure and that we could finally draw a line under the endless in/out debates. I had intended to sit up watching the results as they came through but probably mercifully Morpheus took me away. Hey ho.

It felt very strange being in the meeting I had gone over for. As a Brit, as someone from a country that had just announced they were walking away from the EU, I was  immediately seized by the idea that I lacked any legitimacy to continue discussing anything that was connected with the EU’s future. I’m not going to be part of it and neither, in all likelihood, are my children and grandchildren. But then I reminded myself I was at the meeting to represent the Rome-based European NGO Alliance for Child Safety Online so  in that context I felt I could pitch in to the debate. I will write more about this meeting soon, but not now. The aftermath of a seismic shock is not the best time to start erecting a new edifice or commenting on the old. We need to let the dust settle and see how the land lies.

I have never voted Conservative in my life and I cannot conceive of any plausible circumstances in which I would but there is no question whatsoever in my mind that, from the perspective of dealing with online threats to children, David Cameron has been the best Prime Minister the UK  has ever had. Children in Britain have every reason to be grateful to him and, with the launch of #We Protect, children around the world similarly owe him a debt of gratitude. I await anxiously to see who will succeed him and earnestly hope that whoever it is shares his personal interest and passion.

However, otherwise, from the perspective of policy, our departure from the EU will have no obviously serious detrimental consequences for online child protection in the UK, at least not in the short to medium term. If the EU continues to be a major player in the online child protection space – and I have absolutely no doubt it will – it will be interesting to see if we develop any mechanisms to ensure we stay broadly in step with each other. Right now, tonight, I doubt there will be many EU politicians thinking about co-operating with the UK on almost anything. When the heat has gone out of things I am sure attitudes will mellow and a new modus vivendi will emerge.

Nevertheless, at a practical level there could be several excellent projects  in the UK currently receiving funding from Brussels that will doubtless be having anxious moments. Maybe as the negotiations begin to sort out our exit from the EU specific consideration will be given to online child safety issues although someone will need to get on the case pretty sharply because otherwise my hunch is that it will not be high on anybody’s agenda.

I am hugely saddened by the vote to come out but I see it overwhelmingly as being a howl of protest against remote elites and their hand maidens. It has echoes in many other parts of the world and is truly a reflection of a deeper crisis of democratic politics.When I’m not worrying about online child protection that’s what keeps me awake at nights.

Posted in Internet governance, Regulation, Self-regulation

Children, business and the internet – when “free” isn’t

You wait hours for the No. 11 bus then two come along at once. That’s pretty much how things have turned out with investigations into children and e-commerce.

Last month first out of the traps was the mega “Study on the impact of marketing through social media, online games and mobile applications on children’s behaviour”, which was conducted by academics drawn from the LSE and the University of Catalonia.

Last week saw the publication of When “free” isn’t published by eNACSO. I was a co-author, along with Barbara Lilliu and  Professor Agnes Nairn, inter alia author of Consumer KidsWhen writing When “free” isn’t  we gratefully received lots of expert input and advice from organizations such as the World Federation of Advertisers, Eurocare and London lawyers Hunton and Williams.

I think we won the competition for the snappier title but otherwise I am glad to say that in all key respects, where they looked at similar issues, the two reports reached more or less identical conclusions.  They are mutually reinforcing. The eNACSO paper perhaps had a broader policy focus and contained a greater political and historical analysis of how we have ended up where we have but otherwise we were both on the same page.

Extracts from the LSE/Catalonia study

  • “Children do not receive equal protection against online marketing across the EU”
  • “Embedded advertisements have a subliminal effect on children”
  • “Exposure to prompts to make in-app purchases has a significant effect on children’s purchasing behaviour”
  • “More should be done to protect children against online marketing”
  • “Online marketing should be made more transparent  to child consumers and more should be done to empower children in recognizing and responding appropriately to online marketing….”
  • “…mandatory protective measures targeting children in games that include advertisements…should be considered.”
  • “The extent to which self-regulation should be relied upon…..should be based on proven effectiveness….”

Extracts from the eNACSO study

  • Many online businesses are interested in children not just in order to build brand loyalty, in the expectation that they will retain them as customers when they become adults, but also because children have substantial amounts of cash at their disposal which these businesses would like to divert to themselves as quickly as possible in the here and now.
  • “The Unfair Commercial Practices Directive should be amended. Children should no longer be considered as being simply a subset of vulnerable consumers.”
  • “The role of children as economic actors….should be explicitly recognized..”
  • If a business is willing to accept cash from children it should also be willing to acknowledge that they have a separate set of rights which are additional to those enjoyed by adult consumers. The legal principle of caveat emptor  (buyer beware) should be extended to caveat vendor (seller beware),  particularly where a business is active in an area which is known to have appeal to children.
  • Data Privacy Commissioners and the new European Data Protection Supervisor  should give detailed consideration to companies’ obligations to children in the specific context of e-commerce.

Obviously there is a lot more to both studies than I have set out here but I hope I have whetted your appetite.

Posted in Age verification, Default settings, E-commerce, Privacy, Regulation, Self-regulation