ICANN lets down child abuse victims, again

There is a major story in today’s Sunday Times.  It has a front page splash and a half page inside.  It concerns two remnants of Empire, technically known as British Overseas Territories, the Chagos Islands and St Helena, the latter is in the South Atlantic the former in the Indian Ocean. Both have country code Top Level Domains: .sh and .io respectively. As the Chagos Islands are, theoretically, uninhabited, you might wonder why it needs a country code at all but let’s leave that on one side for now. Actually there are people living there but they are all in the US military. We evicted the former inhabitants, the Chagossians, in order to make way for a naval base.

As with all country codes these were awarded to a Registry, presumably after someone or other within the British Government gave it the the thumbs up. The Registry in question, responsible for both .sh and .io, is owned by a company called ICB, which has an office in Bournemouth on England’s south coast.

So far, so unremarkable. However, two weeks ago the IWF published its Annual Report. Turns out the IWF found one url with child abuse images on a .sh domain but the Chagos Islands had  nearly 1,500. It has gone from almost zero to being the world’s 4th largest source of child abuse images.  .io “only” had 3% of the global total, with .com and .net way ahead on a combined 70% (.com and .net, by the way, are owned by the same Registry, Verisign, based in Reston, Virginia). Even so, for .io to get to be global number 4 overnight takes some doing, or rather it takes some indolence.

This highlights once again the uselessness of ICANN’s system of granting Registry Agreements without insisting on and policing basic security measures and checks. It is hard to believe anyone would register a domain then use it for criminal purposes if they knew their real world identities and home addresses were easily discoverable by anyone with a legitimate reason to know.

Part of the story in the Sunday Times was that the Foreign Office was conducting an urgent enquiry into how all this came about. I’ll bet they are. It’s clearly an oversight. A decision almost certainly taken by a low level official who probably had little or no expert knowledge of the issues associated with domain names, Registries and the like.

The logical and obvious answer is for the Government to say, in future, anyone who needs their permission to run a Registry for anywhere in the former colonies, dominions or dependencies must agree to follow identical policies to Nominet, who are responsible for .uk. And if they cannot do that perhaps Nominet could be prevailed upon to do it for them or else the country code will have to wait or be withdrawn until it can be made to run in an acceptable manner.

 

 

 

 

 

 

 

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in ICANN, Internet governance, Regulation, Self-regulation. Bookmark the permalink.