No more low hanging fruit

Advertising, Age verification, Child abuse images, Consent, Facebook, Google, ICANN, Internet governance, Microsoft, Pornography, Privacy, Regulation, Self-regulation 18 Minutes

I have been reflecting on the achievements of the UK’s still largely voluntary framework for making the internet a better and safer place for children and young people. We have an impressive record. Yet I was struck by a quite dramatic but at the same time also a rather obvious and melancholy realisation. Read on.

Let me count the ways

First I will set out what I think are the principal outcomes of the work  different people, organizations and companies have engaged with and delivered over the years.

The Children’s Charities’ Coalition on Internet Safety (CHIS), of which I am Secretary, has played an absolutely pivotal role. Even in those areas where CHIS was definitely not in the lead, our presence around the edges will have helped sustain forward momentum.

I have tried to present the developments broadly chronologically. That’s not always been possible. Things constantly crossover and overlap.

For very good reasons, some processes unavoidably take longer to make progress or conclude than others do. In and of itself, time taken therefore does not necessarily tell us anything of importance. But it does make it harder to identify an exact starting or finishing point.

Some initiatives may have been delayed or speeded up by parallel but unrelated events that were shaped by the political climate. I won’t labour the point further. Simple chronology can be misleading.

Year Zero

For practical purposes I regard 1995 as “Year 0”. The internet had been around for several years by then, but it was still largely the preserve of relatively small numbers of geeks, academics and imaginative small businesses.

In the early 90s the first web browsers started to appear. However, in 1995 Microsoft published and, in effect, started giving away its own browser: Internet Explorer.  It did this by incorporating Explorer into the Windows operating system.

1995 is therefore when you start to see the huge growth in internet usage among the general public. This is when the internet started reaching into people’s homes and soon schools at scale.  This coincided with and was partly propelled by a fall in hardware prices and telecoms costs. These three things together set the internet on its journey towards becoming the mass consumer product we know today.

It opened the door to an array of  fantastic opportunities but also to serious unforeseen, unintended and unwanted consequences.

Analogue meets digital

Lest we forget, by 1995 the UK had a number of laws which suddenly acquired new or additional significance, despite being rooted in what was, for practical purposes, a pre-internet age. 

I’m thinking, for example, about the Telecommunications Act, 1984,the Computer Misuse Act, 1990 and wider laws dealing with threats against the person of which the  anti-stalking laws are an example. These laws had arisen from events in the physical world  but they then found an echo in and became relevant to cyberspace.

The dawning of the internet age

While fascinated by the novelty and utility of the new medium, a range of concerns began to engage policy makers, parents, children and the general public. These fell under three broad headings

  • the hugely increased availability of child sexual abuse images (then commonly referred to as “child pornography”)
  • children’s exposure to new forms of paedophile activity (now referred to as “grooming”)
  • children’s exposure, on a completely new scale, to ostensibly legal adult pornography

Of these the first two were almost certainly regarded as the more pressing and urgent although it would not be long before the last one started to feature.

The list

The development of internet self-regulation  in the UK can be charted as follows

  • Creation of the IWF (1996).
  • Two children’s representatives were appointed to its Policy Board. I was one.
  • In The Netherlands and Norway similar hotlines were also established about the same time.
  • The purpose of these hotlines was to receive reports of child sexual abuse material, trace where it was being hosted and inform the hosting provider. This, in effect, put the provider on notice that it was facilitating the distribution of child sexual abuse material. Typically this prompted them to remove it. Once on notice, failure to act “expeditiously” to remove illegal content could open the hosting company to criminal sanctions.
  • At this time most child sexual abuse material was being found in Usenet Newsgroups. Also at this time, in the UK and many other countries, it was illegal for private individuals or entities to seek out child sexual abuse material intentionally, therefore every report received by the IWF, theoretically, had been discovered accidentally by whoever reported it. A rididiculous policy which lasted a long time and persists in many jurisidictions (the IWF now has legal authority to proactively search for child sexual abuse material).
  • For completness, please note 1996 was also the year the Government divested itself of the responsibility for adminstering the .uk domain. It gave a contract to Nominet to  do that.
  • Taken together the two developments referred to above, the formation of the IWF and the estabishment of Nominet, marked the beginning of internet self-regulation as official UK Government policy. It was going to last a long time.
  • Back to my list.
  • 1997 a new Government was elected.
  • 1998 a Review of the operation and governance of the IWF was initiated
  • IWF changes its governance structures.
  • 1998 UK’s National Crime Squad leads Operation Cathedral, the first major, coordinated international policing operation (12 countries) against organized criminals, members of the Wonderland Club, who were involved in exchanging child abuse images and facilitating child abuse
  • 1999 the Children’s Charities’ Coalition on Internet Safety (CHIS) is formed, drawn from but independent of a pre-existing coalition on child sexual abuse. NCH Action for Children (as it then was) and the Children’s Society were the moving forces, someone from Barnardos came up with the name and we met at the NSPCC’s offices
  • 1999 INHOPE, the global association of hotlines is established after initial help provided by the IWF and, later, Childnet International
  • 1999-2001 DTI Internet Crime Forum asked to look into grooming. They publish “Chat Wise, Street Wise” . Two years was a shockingly long time to wait for what was such a low-powered report
  • 2000 Regulation of Investagtory Powers Act (RIPA) introduces a power to require decryption keys to be handed over
  • 2001 Creation of the Home Office Task Force on Child Protection on the Internet. The first time any national government had established a national focus on online child protection
  • 2001 IWF accepts it is governed by the Human Rights Act1998
  • 2001 Important changes were made to the policies of the IWF to enable them to become more proactive in the fight against online child abuse images. After almost a year long fight/campaign against opposition from industry interests, the IWF started blocking access to entire Usenet Newsgroups where child sexual abuse images were being found on a regular basis or where the presence of such images was being advertised. This was a world first, enormously important. It would have very far reaching, global consequences. If this fight had not been won it is doubtful if Cleanfeed (see below)  would have been possible or, at any rate, it would have been delayed.
  • 2002 Picking up on work done by Ethel Qualye and Max Taylor of the University of Cork, a system for classifying child abuse images was established by the Sentencing Advisory Council and adopted by the Court of Appeal
  • 2002 Operation Ore arrests get underway with over 7,200 UK names of persons suspected of buying child abuse images from the Landslide web site in Texas
  • 2003 Microsoft closes MSN Chat
  • 2003 National Crime Squad leads in creating the Virtual Global Taskforce
  • 2003 Several changes in the law were introduced by the new Sexual Offences Act to address problems which, for practical purposes, were either substantially new or had greatly increased following the arrival of the internet as a mass consumer product
    • s15, created the offence of grooming
    • s45, age for participating in pornographic depictions raised from 16 to 18
    • s10, causing or inciting a child to engage in sexual activity e.g. via webcams
    • s12, causing a child to watch sexual acts, remotely or otherwise
    • s72, extraterritoriality provisions created to help combat child sex tourism
    • s114, introduces foreign travel orders to help combat child sex tourism
    • The range or length of sentences following a conviction or caution for different child sex offences was extended by this Act and others
  • Legislatures around the world started to copy or adapt some or all of the above, particularly the EU.
  • 2004 The announcement of “Cleanfeed” by BT, a mechanism for restricting access to urls containing child sexual abuse images. Another world first for the IWF  (and BT). It would have monumental importance globally.
  • Several other initiatives swiftly followed within the UK
    • The universal adoption of the IWF url and Newsgroups block lists by UK mobile phone companies
    • The near universal adoption of the IWF  url and Newsgroups lists by fixed line ISPs in the domestic market and its take up by other electronic service providers
    • The adoption of the IWF lists by the major search engines
    • These policies soon started to be taken up in many other countries.
  • 2004 The adoption by the mobile phone companies’ of age verification systems to restrict children’s access to adult content
  • 2005 The creation of the Independent Mobile Classification Body
  • 2005 The Gambling Act required all online gambling companies to introduce age verification systems. This was the first time anywhere in the world that age verification had become a legal requirement for any kind of  product or service provided over the internet.
  • 2005 UK Kids Go Online is published
  • 2006 US-based International Center for Missing and Exploited Children establishes the Financial Coalition Against Child Pornography to focus the attention of credit card companies, banks and others on the financial aspects of the trade in child abuse images
  • 2006 the creation of CEOP. A product of lobbying by CHIS, supported by parts of industry. I was on the Board which formally helped establish CEOP.
  • Other changes in the law took place at different times
    • 2006 Online moderators have to be CRB checked
    • 2006 A bank or credit card company can be officially informed if someone has been convicted of using one of their products to buy child abuse images
    • 2008 Extreme pornographic images were made illegal
  • 2008 BBFC launches a system for age rating digital downloads
  • 2010 the Digital Economy Act becomes law and changes the rules on the sale of computer-based games to children, bringing them into line with comparable laws which already applied to the sale of movies
  • 2010 Procurement Policy Note 05/10 established a requirement for ISPs wishing to supply services to Government Departments to block access to web pages containing child abuse images
  • 2010 a new Government is elected
  • See below (Starting Over)
  • 2011 the BlackBerry affair became public, marking an inglorious moment for the mobile phone industry, although the speed with which the government
  • 2012 Ofcom stepped in to drive forward a rapid response to the Blackberry failings
  • 2012 Revelations about Habbo Hotel raised important issues about moderators
  • 2012 The misuse of Twitter’s network also starts to raises questions
  • Across a range of issues there were several developments which are hard to pin down in terms of when they started or were finalised
  • For example, a range of extremely important technical tools were developed and deployed
    • CETS,  PhotoDNA and other forms of pattern recognition technologies help in the fight against online child abuse images and in the identification of victims
    • Companies such as Facebook and AOL have been willing to deploy them in ways which have pushed the boundaries very much in the right direction
    • The EU funds work to enable similar breakthroughs in relation to video content
    • Systems have been developed and deployed to allow text to be analysed for signs of inappropriate interactions involving children and young people
    • Google introduced Safe Search settings to allow parents to control access to legal but age inappropriate adult content, Bing and Yahoo have similar arrangements
  • A range of sex offender treatment and management programmes have been developed specifically to address online offending behaviours
  • Training modules for different professional groups who work with online sex offenders have been created
  • Training modules for teachers and trainee teachers have been established introducing notions of safe online practice as well as encouraging the creative use of the internet in the pedagogic process
  • Similar modules have been developed for other professional groups that work with children e.g. social workers and residential care staff although it appears this is more ad hoc and they have not yet been fully or systematically integrated into officially recognized training standards or qualifications
  • In relation to children’s and young people’s online habits and usage patterns, following on from UK Kids Go Online other outstanding, pioneering research has been published, most notably by Professor Sonia Livingstone of the LSE and Ofcom
  • In relation to research into the criminal misuse of the internet the research and publications of the IWF, Professor Julia Davidson, Elena Martellozo, Professor Ethel Quayle and CEOP have been world class
  • There has been a series of brilliant awareness raising, educational and outreach initiatives undertaken by several groups often drawing on children’s and young people’s own views and direct experience of the internet, aiming to underpin, mirror and reinforce both good practice and legal requirements
    • CEOP’s thinkuknow web site and other materials they have produced are good examples, Beatbullying, Childnet International, Stop It Now, NSPCC and the late, much lamented BECTa are also among the best known leaders in the field
    • Childline is now much more engaged with the online space
    • Sections of the printed and broadcast media have developed a range of materials
    • The BBC in particular has produced various marvellous resources but more than one major TV network has chipped in from time to time
    • Coronation Street and East Enders have both run story lines which featured “internet incidents” that helped get positive messages across to vast audiences, and  there has been a multiplicity of investigatory reports by journalists working for radio and every kind of media outlet
    • The creation of Safer Internet Day and the UK Internet Safety Centre by the EU were and remain extremely important
    • Some of the resources put together by individual companies on their own web sites or, in the case of the mobile phone companies, in their own shops, have been outstanding
    • Vodafone’s “Digital Parenting” is now a prized resource with a global audience and Teach Today would not have happened if several enterprises had not dug deep to get it off the ground
    • Volunteer programmes where staff from high tech firms go into schools to talk about online safety stand greatly to the sponsoring firms’ credit
  • The fact that the EU took a major interest in online child safety generally has been of huge importance not least because it made clear to several multinational companies who otherwise might have been less keen to engage that this area of policy was not just a British foible
  • The EU’s part-funding of the IWF and its part-funding for Sonia Livingstone’s research and the Safer Internet Centre has been key
  • At one point the UK Government directly funded advertising campaigns on radio, in cinemas and on billboards
  • The UK Government also commissioned research to track the impact of the campaigns
  • Government issues new guidance on the sale of alcohol which makes it clear that persons selling it remotely are obliged to do age verification at the point of sale and may also be required to do it at the point of delivery (2012)

Not on the above list

There was also a series of good practice guidance documents developed over the years. I could have referred to them as examples of the success of the UK approach, of internet self-regulation. Several of us spent years negotiating them, writing them and believing in them but I am now minded to discount the lot. As far asI can tell they had minimal impact on anything of importance and we simply do not have any data which points in a different direction because the online platforms have never released any. Even if they had, without some kind of independent evaluation what would we make of it? No ways of checking or measuring were ever agreed.

Nonetheless for the sake of completeness I will provide the non-list of UK good practice documents because the sentiments they express remain relevant.

The BSI kitemark for filtering software also turned out to be pretty much a waste of time and effort. Only one company ever took it up

The melancholy reflection

If anyone was to plot a chart showing how policy and practice developed from the mid-1990s it would peak sometime in 2006. After that, with one or two exceptions, less and less has happened that one could honestly say is genuinely new or different in the sense that it was likely to take us much beyond where we were  before.

We have had an ocean of education and awareness initiatives – any amount of them, often showing great ingenuity and novelty – but that’s where we seem to be stuck. A line has been drawn.  This line has not been declared, but it has been drawn nevertheless.

The best possible defence for any child

I am very strongly in favour of more and better education and awareness initiatives. The best possible defence for any child is their own knowledge and resilience. This will normally most likely come about if the child is nurtured within a loving family with parents who, in turn, are up to speed on how the technology works and how their own children use it. The positive messages parents pass on to their children should be reinforced at school by highly digitally literate teachers and be reflected in the wider media and in mainstream advertising.

But if the world of online child protection from here to eternity is to be limited to a never ending cycle of media literacy  or education and awareness programmes, and that’s all the industry wants to do,  then someone somewhere should at least have the decency to spell that out and stop pretending that we are engaged with anything else.

The low hanging fruit

To some degree perhaps it was inevitable that we should reach such a point. We opened up a new field. We identified everything that was both obviously wrong and in the main was relatively inexpensive and comparatively easy to do.

Although many of the processes and discussions outlined above were lengthy, hard fought, at times complex and ground breaking, we have ended up “simply” picking all the low hanging fruit.

It is simply implausible to suggest the fact that (too many children) still end up being harmed when they go onnline is down to past failures of communication or shortcomings in media literacy programmes. The implication  of that line of thought is we simply need to make our communications more effective and the problem will be solved.

Nobody is against better communications or more and better media literacy but it is really unhelpful to suggest that is the be all and end all.

Parents’ anxieties are genuine. They are rooted in something real. They are also shared by large numbers of children. Overwhelmingly these anxieties are not, as some would have us believe, merely the fictitious products of clever manipulation by sensationalist, irresponsible journalists egged on and abetted by self-interested campaigners. Like me.

If the low hanging fruit has gone, what else needs to be done if we are ever to reach the sunny, untroubled uplands for which we all strive?

Professor Tanya Byron arrives

In September, 2007, the previous Prime Minister called in child psychologist Professor Tanya Byron to look things over. The Byron Review appeared in March, 2008.  Byron put her finger on a number of important pulse points. When the Government and Opposition Parties endorsed her final reports this generated a huge new sense of energy. Byron had no axe to grind. She was not an insider. Byron commissioned original research, talked to everyone then spoke as she found.

Byron’s findings remain hugely significant. Sadly they have also become a sort of monument, a high water mark, the  point of melancholy realisation I mentioned earlier.

Following Byron cosmetic changes have been made. The creation of UKCCIS is a continuation of the old Task Force by another name only slightly restructured. But few of the major recommendations have been implemented. We’re not even close.

However, we have to acknowledge that part of the problem with Byron was simply one of timing. The good Professor came along when the last Government’s political authority was rapidly ebbing away as demoralisation set in among Ministers faced with the certainty of approaching electoral defeat.

Starting over?

In May, 2010, we got a new Government, led by David Cameron, a man with a clear passion for child welfare issues, both generally and specifically in relation to the internet.

Every new Government has a considerable period of latitude to read itself in and with the overwhelming nature of the economic problems the country is facing Cameron’s Coalition perhaps had more latitude than most. Nonetheless the early signs were good.

Well-informed, tech-savvy, energetic Ministers were allocated the UKCCIS brief. In late 2010 Prime Minister Cameron called in Reg Bailey to look into the sexualization of childhood. Reg reported in June, 2011, and had some incisive things to say about aspects of online policy.

A couple of Reg’s recommendations were acted on quickly e.g. in relation to “Brand Ambassadors”  and advertising near schools, but in relation to the larger challenge of adult content online, particularly pornography, being easily accessible to children, the outcome was indeterminate.

The Prime Minister conceded that point on 3rd May, 2012, by ordering a fresh public consultation on what had become known as Active Choice. 

The consultation closed on 6th September.  A meeting that was to have been held on 17th September to consider the outcome of the consultation. But just when we thought we were going to find out finally whether the new Government was prepared to break out of the impasse and take radical measures, just when we thought we were going to find out finally whether the new Government was willing to embrace a major shake up to get things moving again, there was a Reshuffle.

Three out of the four Ministers who had any connection with the Bailey Review either had to walk the plank or were transferred. The meeting that had been scheduled for September was moved to late October.

The jury is still out

Consequently as I write the jury is still out.

My contention is that if we leave on one side the Talk Talk Home Safe  initiative, the period between Byron and Bailey has been characterised overwhelmingly by stasis camouflaged by meetings which give the appearance of action. The bulek of the ISP industry did not like Active Choice.

I hope when UKCCIS does finally meet to discuss the future of Active Choice Ministers will not bottle it. If the outcome is simply another milk-and-water easy-to-evade piece of window dressing it won’t just be the Daily Mail asking what is the point of UKCCIS?

Use it or lose it

While the outcome on Active Choice will be a key test, it is not the only one.

We speak about “self-regulation” as the basis of internet policy in the UK. But that is really not what we have got. The word “regulation” carries with it an implication of some level of certainty, some degree of “ascertainability”, the possibility of enforcement or at least of sanctions for any proven failure to comply. Yet in this space, outside of matters connected with child abuse images, very little is certain or ascertainable. Nothing is enforced. There are no sanctions except insofar as they arise under what I think we can call for these purposes “other headings” e.g. the data protection laws.

Every part of the internet industry in the UK has resisted any and all attempts to establish mechanisms which would allow for the independent review of their practices as they impact on children’s and young people’s online safety. By 2008  the Home Office Task Force was more self-delusional than self-regulatory. We came together periodically for jolly chats, arranged the odd conference or photo-call for Ministers and talked about interesting things that had been happening. Er, that was it.

Operating at the margins of corporate PR

Internet businesses sitting around the table will now not even disclose to the UKCCIS Board any data which are not already in the public domain. We are thus operating entirely at the margins of companies’ corporate PR.

It can be important from time to time to have a place where you can chat to companies in a collective way with Government and law enforcement in the room. Some good things may happen as a result, but we ought not to dignify it with the misleading idea that this is in any sense “regulatory” in nature. The “R” word should be banished completely. Or rather we should use it or lose it.

Addendum 

This section is being added many years later. Specifically after the murders of April Jones and Tia Sharpe. Quite a  few things of note happened in between the last entry above and today’s writing but the murders of those two little girls in 2012, and the trials of their killers in 2013, had seismic consequences in the UK . Once again these reached far beyond our borders. I will not rehearse all the details but suffice to say that in the aftermath of the trials, after ferocious and sustained criticism in the media and Parliament, Google and Microsoft announced they were taking steps  globally to eliminate any and all links to paedophilic content from their search engines. They also pledged to introduce a link to help services which would pop up if anyone tried to search for paedophile material using their services. Google announced the award of £1 million to the IWF, then the largest donation ever to a child protection NGO anywhere in the world. In a speech in  2014 David Cameron announced the creation of what became the WeProtect Global Alliance and donated £50 million to it.

A final PS added many years later

And now we have the Online Safety Act 2023.

Unknown's avatar

Published by John Carr

John Carr is one of the world's leading authorities on children's and young people's use of the internet and digital technologies. He is a former Senior Technical Adviser to Bangkok-based global NGO ECPAT International and a former Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised the Council of Europe, the UN (ITU), UNODC, the EU and UNICEF. A former member of Microsoft's Policy Board for Europe, the Middle East and Africa and a former Vice President of Mspace, he has also advised several of the world's largest technology companies on online child safety and ethical investors with shares in high tech businesses. John's skill as a writer has also been widely recognised. http://johncarrcv.blogspot.com and https://substack.com/@johnc1912

Published