ICANN lets down child abuse victims, again

There is a major story in today’s Sunday Times.  It has a front page splash and a half page inside.  It concerns two remnants of Empire, technically known as British Overseas Territories, the Chagos Islands and St Helena, the latter is in the South Atlantic the former in the Indian Ocean. Both have country code Top Level Domains: .sh and .io respectively. As the Chagos Islands are, theoretically, uninhabited, you might wonder why it needs a country code at all but let’s leave that on one side for now. Actually there are people living there but they are all in the US military. We evicted the former inhabitants, the Chagossians, in order to make way for a naval base.

As with all country codes these were awarded to a Registry, presumably after someone or other within the British Government gave it the the thumbs up. The Registry in question, responsible for both .sh and .io, is owned by a company called ICB, which has an office in Bournemouth on England’s south coast.

So far, so unremarkable. However, two weeks ago the IWF published its Annual Report. Turns out the IWF found one url with child abuse images on a .sh domain but the Chagos Islands had  nearly 1,500. It has gone from almost zero to being the world’s 4th largest source of child abuse images.  .io “only” had 3% of the global total, with .com and .net way ahead on a combined 70% (.com and .net, by the way, are owned by the same Registry, Verisign, based in Reston, Virginia). Even so, for .io to get to be global number 4 overnight takes some doing, or rather it takes some indolence.

This highlights once again the uselessness of ICANN’s system of granting Registry Agreements without insisting on and policing basic security measures and checks. It is hard to believe anyone would register a domain then use it for criminal purposes if they knew their real world identities and home addresses were easily discoverable by anyone with a legitimate reason to know.

Part of the story in the Sunday Times was that the Foreign Office was conducting an urgent enquiry into how all this came about. I’ll bet they are. It’s clearly an oversight. A decision almost certainly taken by a low level official who probably had little or no expert knowledge of the issues associated with domain names, Registries and the like.

The logical and obvious answer is for the Government to say, in future, anyone who needs their permission to run a Registry for anywhere in the former colonies, dominions or dependencies must agree to follow identical policies to Nominet, who are responsible for .uk. And if they cannot do that perhaps Nominet could be prevailed upon to do it for them or else the country code will have to wait or be withdrawn until it can be made to run in an acceptable manner.








About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International, Technical Adviser to the European NGO Alliance for Child Safety Online, which is administered by Save the Children Italy and an Advisory Council Member of Beyond Borders (Canada). Amongst other things John is or has been an Adviser to the United Nations, ITU, the European Union, the Council of Europe and European Union Agency for Network and Information Security and is a former Executive Board Member of the UK Council for Child Internet Safety. He is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. This was renewed in 2018. More: http://johncarrcv.blogspot.com
This entry was posted in ICANN, Internet governance, Regulation, Self-regulation. Bookmark the permalink.