ICANN lets down child abuse victims, again

Posted on April 16, 2017 by John Carr

There is a major story in today’s Sunday Times.  It has a front page splash and a half page inside.  It concerns two remnants of Empire, technically known as British Overseas Territories, the Chagos Islands and St Helena, the latter is in the South Atlantic the former in the Indian Ocean. Both have country code Top Level Domains: .sh and .io respectively. As the Chagos Islands are, theoretically, uninhabited, you might wonder why it needs a country code at all but let’s leave that on one side for now. Actually there are people living there but they are all in the US military. We evicted the former inhabitants, the Chagossians, in order to make way for a naval base.

As with all country codes these were awarded to a Registry, presumably after someone or other within the British Government gave it the the thumbs up. The Registry in question, responsible for both .sh and .io, is owned by a company called ICB, which has an office in Bournemouth on England’s south coast.

So far, so unremarkable. However, two weeks ago the IWF published its Annual Report. Turns out the IWF found one url with child abuse images on a .sh domain but the Chagos Islands had  nearly 1,500. It has gone from almost zero to being the world’s 4th largest source of child abuse images.  .io “only” had 3% of the global total, with .com and .net way ahead on a combined 70% (.com and .net, by the way, are owned by the same Registry, Verisign, based in Reston, Virginia). Even so, for .io to get to be global number 4 overnight takes some doing, or rather it takes some indolence.

This highlights once again the uselessness of ICANN’s system of granting Registry Agreements without insisting on and policing basic security measures and checks. It is hard to believe anyone would register a domain then use it for criminal purposes if they knew their real world identities and home addresses were easily discoverable by anyone with a legitimate reason to know.

Part of the story in the Sunday Times was that the Foreign Office was conducting an urgent enquiry into how all this came about. I’ll bet they are. It’s clearly an oversight. A decision almost certainly taken by a low level official who probably had little or no expert knowledge of the issues associated with domain names, Registries and the like.

The logical and obvious answer is for the Government to say, in future, anyone who needs their permission to run a Registry for anywhere in the former colonies, dominions or dependencies must agree to follow identical policies to Nominet, who are responsible for .uk. And if they cannot do that perhaps Nominet could be prevailed upon to do it for them or else the country code will have to wait or be withdrawn until it can be made to run in an acceptable manner.

 

 

 

 

 

 

 

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International and is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John is now or has formerly been an Adviser to the Council of Europe, the UN (ITU), the EU and UNICEF. John has advised many of the world's largest technology companies on online child safety. John's skill as a writer has also been widely recognised. http://johncarrcv.blogspot.com
This entry was posted in ICANN, Internet governance, Regulation, Self-regulation. Bookmark the permalink.