In search of seamless safety


The emergence of “3G” was a hugely important milestone in the evolution both of mobile phones and the internet.

Before 3G it was theoretically possible, via a mobile phone handset, for people to access cyberspace or obtain a range of content and services directly from or via their network operator. But in practice there was comparatively little take up of either. The networks were slow and screens were small. 3G made everything faster, smarter, better. It prompted a flurry of innovation. Phones got neater, screens bigger.

Faster, smarter better

Everyone correctly anticipated that faster, smarter, better would mean more services, content and applications would be developed specifically for mobiles. More people would start using and consuming them. Including kids.

Long story short: children’s access to the internet had, up to that point, largely been channelled through computers which were in fixed places, typically the home, school or the library.  Whatever view one took of parents’, teachers’, librarians’ or others’ responsibility to supervise and support children’s use of the internet when they were on computers in static locations, going online via mobile phones made such notions redundant. Mobile phones are private, personal and portable. Every mobile network operator in the UK agreed more was needed and that it should work industry-wide.

This posed a challenge. Up to then in the UK network operators traditionally only collaborated on technical issues and market preparation activity. An exception had arisen in the mid 1990’s when they came together to respond to the Stewart Enquiry on alleged health effects. They co-funded independent research into the issue. The operators also worked together on texting and the evolving short codes market.

At the time all this was going on the UK’s flagship body for dealing with online child safety was the Home Office Task Force on Child Protection on the Internet. In 2002 the Chairman of the Mobile Data Association joined it. The following year negotiations got underway which led to the adoption of the “UK code of practice for the self-regulation of new forms of content on mobiles” (the Code).  Every mobile network signed up. The Code became operative in January 2004. It was also destined to make an important contribution to mobile-related policy across Europe (see below).

The mobile networks agree

Under the Code the networks agreed to do three things, each of which was then revolutionary in its own way.

First they all joined the Internet Watch Foundation (IWF) and started deploying the IWF list on their networks so as to block access to child abuse images.

Second, while the mobile phone companies rapidly expanded the range of branded and co-branded content and services which they themselves provided to their customers they also decided all of it had to be rated either as suitable for adults only or for everyone.

Obviously the UK’s mobile networks had no responsibility for or control over the generality of internet-based content or services. Nonetheless the operators took the view that they needed similar treatment i.e. internet-based content and services had to be classified as being suitable either for adults only or for everyone. To do this they deployed internet filtering programmes.

The third and final step involved the UK networks putting all adult sites, content and services, both their own and from the internet, behind what became known as an “adult bar”. Short codes which provided access to adult content or services also went in.

The adult bar was applied by default to all Pay As You Go phones. Overwhelmingly these are what children and young people use. With contract phones it is more complicated because the working assumption is that every contract phone owner is an adult. However, most of the mobile phone network operators in the UK decided to apply the adult bar by default to monthly accounts as well.

Thus, today, in Britain if you want to get at any of the services or materials behind the adult bar you first have to prove to your network operator that you are 18 or over. An individual wanting to have the adult bar raised does not have to say which type of adult content he or she is interested in. The bar is either all on or all off. Nobody can ask for access to child abuse images to be made available to them because in that case it is illegal and therefore strictly off limits.

Big round of applause for the UK’s mobile companies. Each of these were world firsts.

The EU wades in

In 2007 similar ideas were taken up in an EU-wide “European Framework for Safer Mobile use by younger teenagers and children”.  The provisions of this document were nothing like as specific or tight in relation to content and services accessible via mobiles from the internet, but the big step forward it did make was in respect of establishing a process for independently reviewing and monitoring implementation. We had never managed to get a similar agreement in respect of the UK’s Code although a one off review was carried out in 2008. Score one for Brussels.

So far three independent reports on the implementation of the EU framework have been produced. They show steadily increasing adoption of its provisions across the 27 Member States. Score two for Brussels.

How do you define what a mobile phone is these days?

Nothing stands still. We all now want access to all of our online content and all of the online services we normally use from anywhere and at any time, with equal facility across a range of internet enabled devices, probably using cloud-based services.

Mobile phones are now being replaced by smartphones. Smartphones are, in effect, mini computers which also incorporate the features of a telephone. Some smartphones are more powerful than leading edge desktop machines were only a few years ago. Smartphones have faster and better access to the internet than their predecessors. When 4G arrives the speed of access will step up another notch, a big notch.

However, the boundary between what is a phone and what is not a phone is becoming decidedly blurred. A wide range of handheld or easily portable devices that are capable of connecting to the internet are on the market. Add a programme like Skype and you have the potential, willy nilly, to turn almost any of them into a phone of sorts.

Some of these handheld or easily portable gadgets are very popular with children and young people. Think about laptops. The sale of desktop PCs is in secular decline as they and a range of other easy to carry devices take over. According to an Ofcom report (Table 26) back in 2010 already 42% of young people in the UK aged 15 or less accessed the internet at home via a laptop. In a later research report it was noted that less than a third (32%) of 18-24 year olds use a desktop computer to access the internet at home. The trend could not be clearer.

Think about iPads and other tablets, think about MP3 players and eBook readers. Think about games consoles produced by companies such as Sony and Nintendo. I saw a father of three teenagers interviewed on TV recently. He had counted twenty different devices in the family home, all which could access the internet. Most belonged to his kids. As the “internet of things” develops, so more and more objects, portable and otherwise, will be online doing something or other.

The common denominator which makes it possible for this wide range of handheld or easily portable devices to connect to the internet is that they have built-in or attachable WiFi. Some may or may not also have a SIM card inside them. Others might be able to make use of a broadband dongle but WiFi  is the invisible thread that brings them all together, opening up a doorway to countless virtual worlds.

Yet mobile phones remain special

Despite the fact that I say the boundary between what is and what is not a mobile phone is getting fuzzy at the edges, the small still easily-recognizable thing that we currently call a mobile phone, the gadget that children and young people carry about in their pocket or satchel, is still special and will be for a long time.

Mobiles are out there in vast numbers. Children and young people rank them among their most treasured possessions. Moreover mobile phones in the UK are covered by a Code, or in the EU by a framework, which expressly says or at any rate implies that by default the device will keep adult content and services out. This alone sets them apart.

The WiFi component in a child’s smartphone is therefore extremely important. It enables the handset to sidestep, thereby making completely redundant, all of the cleverness and money the network operator has invested in keeping its user safe. The promise of security evaporates in an instant.

And taking that sidestep is so easy to do. All it requires is for the handset user to log on to a public WiFi access point or “hot spot” as they are more commonly called. Typically access will be free and have zero or minimal formalities.

Nobody knows exactly how many publicly accessible hot spots are scattered around the country. Perhaps Ofcom could start mapping them in the same way that it is does mobile phone cells? BT Openzone runs its own network of hot spots. It claims to have over 3.5 million of them but you have to be part of the BT FON network to obtain free access, which means it is not really free. Right now the number of truly free hot spots is unlikely to be as large as BT FON’s agglomeration but it may not be long before it is.

Who are the WiFi providers?

The main providers of free WiFi access to the public are companies that have no relationship at all with any mobile phone network. They are bound by no Code. At the moment it is extremely unlikely they will be running any kind of filtering. Normally they will be high street retailers and companies that operate in airports, railway stations, bus stations and the like.

A provider will buy in a WiFi service from a relatively small number of WiFi suppliers. It’s seen as an extra service which the provider hopes will attract and help retain customers. Because the access is free it means, in effect, it is also anonymous. Even if there is a small charge or a requirement to buy something e.g. a cup of coffee, the usage will still probably be, for all practical purposes, anonymous. As soon as the word “anonymous” hoves into view, in this context at least, certain kinds of problems will not be far behind.

A small number of providers of publicly accessible WiFi hotspots, for example and notably the McDonald’s hamburger chain, understood aspects of this issue early on, at least in the UK. They asked their WiFi supplier to install an anti-porn filter. They did not like the idea of someone using internet access which they had provided to display pornographic images on any sort of screen while sitting next to a Mum and her two kids who had just popped in for lunch.

McDonald’s foresight does them great credit. O2 now runs the McDonald’s contract. In the press release announcing their engagement with McDonald’s O2 lists other companies and organizations that are now taking a similar view. Bravo!

Why would you choose to use WiFi?

If you have a modern 3G smartphone why would you choose to use WiFi instead? There are several possible answers to that question.

One is cost. Lots of mobile phone companies have deals which give you a large but limited amount of internet access as part of a price plan. Once you exceed that limit you pay. If you use a WiFi connection instead you will not be using up your quota. Children and young people can be extremely cost and budget conscious because their parents give them a set amount of pocket money. Once they grasp that a free alternative is available children and young people will be quite likely to use it.

Alternatively speed might matter. In many parts of the country the 3G network is becoming so overcrowded it sometimes slows down access times to a crawl. Defeats the whole point. WiFi is likely to be a lot faster. In fact in order to relieve congestion and improve speeds some mobile phone networks are understood to be deliberately shunting internet traffic off their 3G networks on to any locally available WiFi. Potentially this is problematic if the WiFi hotspot has no filtering on it. Whether or not the user would know they had momentarily gone off their usual network to be placed with a local WiFi provider is unclear. Presumably if they did not know, in practice, it would make no difference, although I am pretty sure people will be looking for reassurances on that point.

There again a person might opt for WiFi precisely because they want to escape their mobile phone company’s filters. However, only kids would have a reason to want to do that because if you are an adult you can get adult content anyway.

All providers of public WiFi should…..

I am not suggesting there should be a law or regulation making it compulsory for Wifi providers only to make available a family friendly service. If individual companies operating in a wholly adult environment want to provide adult content on their network self-evidently they should be free so to do. Alternatively companies providing WiFi access might want to offer a choice to their customers. If they did they ought also to develop age verification systems. Perhaps piggyback on the mobile phone networks’ existing databases of age verified customers?

I hope every WiFi supplier to companies that wish to become WiFi providers to the public will make clear that their default offering is family friendly and that no cost penalty or premium price attaches to choosing it. Being family friendly should not be an expensive optional extra.

The fact of internet access is important, not how it is acquired

From a parent’s or a teacher’s point of view, from the perspective of child protection, what matters is the fact of internet access, not how or via which device access is acquired. In “Do we have safer children in a digital world?”, published in March, 2010, Professor Tanya Byron makes a similar point at paragraph 4.9.

The focus on mobile phones remains crucially important because of children’s and young people’s heavy use of and strong attachment to them but it makes no sense at all to look only at mobile phones. Fixed line providers and device manufacturers have to be part of the same, overarching equation.

To put that slightly differently, the self-regulatory regimes governing access to content and services via mobile phones which we have in the UK and within the wider EU are obsolescent or at any rate they are starting to look decidedly dated. We need a new approach that works in the new conditions of widespread and growing wireless connectivity in which many different types of machines can be actors at any given moment.

Today WiFi is important. Tomorrow it will be über WiFi as other parts of the radio spectrum are released for commercial exploitation. In a world of the always-on internet seamless safety has to be the way to go. Parents would then know exactly what the position was at the off and would not have to learn, for twenty different internet enabled devices in their home, potentially up to twenty different ways of making them acceptably safe for their kids. Equally they would not have to worry quite so much that when their child took one of the portable internet enabled devices outside the home e.g. their smartphone, that they would instantly and inevitably be back in the Wild West.

If new arrangements of the kind I have outlined do not come into force it will slowly undermine the case for the UK’s and other European mobile phone networks carrying on doing what they are currently doing. The Codes and the framework will wither on the vine, fading into irrelevance.

In other parts of the forest we constantly hear calls for platform, technology and network neutrality. I agree with that. The baseline for every type of access to the internet should have child safety built in by default. If they are all in the same business no one segment of it should have to carry a greater or lesser regulatory burden than the other. I’m not saying everyone should have to “do child safety” identically, even less that they should have to do it in a manner prescribed by any Government or Governmental agency. But a widely agreed floor should be established. In a sense that brings me neatly back to my larger point. The importance of bringing fixed line internet access providers and device manufactures into the ball game so all bases are covered. In the UK we have made a start.

Active Choice revisited

Fixed line providers were discussed in the Bailey Review, published almost a year ago. The UK Government endorsed a proposal that Internet Service Providers (ISPs) should provide their customers with an “Active Choice” in terms of online child safety. ISPs’ subscribers will be presented with an unavoidable screen which would force them to decide whether or not to opt-in to using filtering and child safety tools that would be provided at no extra cost.

The UK’s “Big Four” ISPs, Talk TalkVirginSky and BT, got together to produce a statement setting out the broad principles of how they intend to implement their interpretation of Active Choice. The successor to the Home Office Task Force, the UKCCIS Executive Board, is monitoring progress on implementation of the statement and doubtless will be looking to other, smaller ISPs to join in.

There was an early result. Talk Talk were out of the traps before the ink on the Bailey Review was dry. They announced the commencement of their implementation of Active Choice in May, 2011. We have still to see how, in practice, Virgin, Sky and BT will implement their versions but already storm clouds are gathering. A growing number of people seem to think the Active Choice opt-in model for child safety, while a welcome step in the right direction, is still far too feeble. They want child safety to be on by default. They want people to have to opt out of child safety if they want to opt-in to adult content. In other words they want a system rather like that described above as run by the UK’s mobile phone network operators.

Baroness Howe of Idlicote introduced the Online Safety Bill to the House of Lords earlier this month (April, 2012). If passed it would give effect to just that sentiment but sadly only in relation to pornography, not the full range of adult content. Somewhat bizarrely Lady Howe’s Bill would also make it mandatory for all the mobile networks to carry on doing what they have been doing voluntarily for over eight years.

There are also provisions in the Baroness’s Bill in relation to age verification but these are insubstantial because they refer only to ISPs’ and mobile networks’ “subscribers”, meaning the persons who pay the bills. It says subscribers must be verified as being over 18. If they are paying the bills almost by definition they are bound to be. If Lady Howe had specified “users” rather than subscribers that would have been an entirely different and more complicated kettle of fish. Perhaps an amendment will be moved to that effect as the Bill goes through Parliament but even so many will see its exclusive focus on pornography as its core and fatal weakness.

Close on the heels of Lady Howe’s Bill Claire Perry MP has announced the results of her Parliamentary Enquiry. Among many other things she too is asking for Active Choice to be looked at again. Incidentally Perry also picks up on the point about the absence of a child safety policy on WiFi. Add to the dynamic duo of Howe and Perry one David Cameron. Our Prime Minister. He is constantly sending out the message that internet safety for children is a dearly held personal priority. Then we have Commissioner Kroes. No one should think for a minute that the pressure is going to let up any time soon.

Active Choice+

The Bailey Review, which had a very much wider canvas than the internet and technology, did not discuss WiFi, or if it did it was only indirectly. Fixed line was its major target and perhaps tactically that was the right decision at the time. However, what that means is that, as presently constructed, Active Choice does nothing to address the challenges thrown up by public WiFi. It is therefore not so much a case of bolting the stable door after the horse has bolted, it’s more akin to failing to realise that there are now large numbers of kangaroos in our midst. The horses will be fine if they stay at home but the ‘roos are everywhere. Eventually even the horses will learn to jump like ‘roos then…..actually I can feel this metaphor breaking down. I’m going to abandon it. I hope you get the point.

Any new initiative which addresses the fixed line environment in the home is marvellous and necessary, but on its own it is not sufficient. We need Active Choice+. This must embrace WiFi. Happily UKCCIS accepts this point. Ministers have established a working group specifically to look at it. That working group needs to crack on and the EU needs to pick up the issue as well.

The devices themselves

There could be considerable further scope for attaining the principal objective set out in this blog – achieving seamless safety – by another, or rather an additional route. Hardware is the third key variable. Manufacturers of internet enabled devices who wanted to sell them in the EU should be required to meet minimum safety standards. These could be prescribed under the EU’s R&TTE Type Approval processes and draw on pre-existing standards work to which several agencies have contributed.

I am conscious that this a regulatory rather than a self-regulatory path, but in this particular instance I do not believe there is any alternative. It’s the nature of the beast. 

And a final WiFi twist

Talk Talk’s approach to Active Choice is upstream of the subscriber’s home. It sits on their network. As a result any and all devices within the family home that might connect via Talk Talk’s domestic WiFi router will be covered. Ten out of ten. Talk Talk were the first major company to go in that direction within the UK. And it is not an unimportant direction even if one of the reasons is less obvious.

Every household with WiFi broadcasts a signal. That signal can be picked up by anyone within up to three hundred metres who has an internet enabled device. If the owner of the router has not made it secure and it provides full access to the internet then the best laid plans of mice and men will have gone awry yet again.

Talk Talk’s routers are locked down by default, as all routers should be, but even if someone standing on the pavement was to crack the code, or more likely had been given it by an accomplice within, if the family friendly settings were turned on at network level the surfing options would be constrained by the parameters the parents had set.

The good news is it is widely expected that Virgin, Sky and BT will follow Talk Talk’s lead to some degree. I doubt those three companies will put their family friendly settings on their networks but they may incorporate them into a new breed of wireless routers and so will achieve a similar effect. The problem of rogue, home based open routers or cracked routers acting as a magnet for every kid in the neighbourhood should vanish soon enough. However, lest we forget, Talk Talk is not (yet) a major commercial supplier or provider of WiFi on the High Street. Sky and BT, on the other hand, most certainly are.

The rise of Apps

People have tended to think of Apps as programmes rather than content consequently they have not received the degree of scrutiny from the child protection community which it turns out they deserve. There are concerns not just around what some Apps do, but also how they do it. How transparent are they? And not just in relation to kids. Stories of rogue Apps ripping off people’s personal data are legion. These sorts of Apps should never have got into the Apps Stores to begin with. They pose a threat to everyone who downloads them but perhaps above all they pose a threat to kids if their personal data get into the wrong hands.

Various age rating systems for Apps are now being used or promoted, for example the one being sponsored by the US-based Entertainment Software Rating Board.  Several of the individual mobile platforms run their own. However, it seems that some of these age rating systems, rather than being independently judged, are based on the individual publisher’s own assessment. Apparently for the same Apps variations are creeping in between different platforms and Apps Stores. That can’t be right.

I have not looked at how any of the age rating systems work in any detail but I do know that we are going to have to find a satisfactory way of bringing Apps into the online child safety conversation. Otherwise we will not only have kangaroos running loose, we’ll also have……….(suggestions on a postcard please to the usual address).

Once more to Brussels

Finally, to underline the several references to the EU throughout this blog, it seems clear to me that while the UK Government intends to make moves on WiFi the current CEO Coalition working at EU level somehow somewhere needs to get a grip of this too.

The most obvious Coalition working group that could take responsibility for the topic is the one on parental controls. I appreciate this is a big project which probably could never be completed within Commissioner Kroes’s tight timeframe. But at the very least it should be referenced and markers put down.

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was a appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Age verification, Consent, Default settings, Internet governance, Pornography, Privacy, Self-regulation. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s