In the pantheon of bad actors in the internet space there are two distinct classes. There are the criminals and fraudsters themselves. Clearly they bear the greatest part of the burden of guilt for the harm their actions cause. However, there are also those with the power to stop or at any rate reduce the scope of the malevolence but instead choose to look the other way. In this second category two stand head and shoulders above the rest. One is ICANN, based in California, the other is Verisign based in Virginia. The relationship between ICANN and Verisign is symbiotic.
Child sex abuse materials
By common consent there are now billions of images of children being sexually abused circulating in cyberspace. The vast majority of these began their virtual life by being posted on the open internet.
If ICANN had done their job properly this would never have happened or the size of the problem would have been much, much smaller. The volumes now defeat the best efforts of any and every law enforcement agency. It needn’t have been that way.
What is ICANN’s job? Simple. To make sure everyone who buys and operates a web site provides truthful, accurate and up to date details of who they are and how they might be contacted. Last time I checked less than a quarter (23%) of domains were accurately registered in the way ICANN’s rules say they are supposed to be. In other words accuracy is the exception rather than the rule. In this environment criminals thrive. Children suffer.
And it is not just children’s interests that are harmed by ICANN’s indifference and inaction. The same pathway is exploited by every kind of scammer.
According to figures published by the Internet Watch Foundation around 70% of all child sex abuse materials found on the internet in the UK are located in two domains: .com and .net. They are the market leaders by a country mile and have held that inglorious title for many years. Who owns and operates them? Verisign.
Verisign is the biggest single contributor to ICANN’s finances. Does this explain why ICANN does not bear down on Verisign? Whatever the contractual details of the relationship might be between ICANN and Verisign, Verisign’s moral responsibility could not be clearer. Yet they ignore it. Seemingly with impunity.
To put things right would cost money. If there were more checks on a would-be purchaser’s real identity and contact details it would likely hit sales and therefore, ultimately, both Verisign’s and ICANN’s revenues could be threatened. Not good enough reasons for doing nothing.
Cherie Blair speaks out
Cherie Blair QC is a distinguished lawyer, a judge and someone who cares deeply about children. Following a request made by the Children’s Charities’ Coalition on Internet Safety Ms Blair wrote to Mr Xavier Becerra, the Attorney General of California in the following terms:
Dear Mr Becerra,
You will, of course, be familiar with the powers and functions of the Internet Corporation for Assigned Names and Numbers (ICANN) which is domiciled and incorporated in California as a 501(c)(3) non-profit organization.
A coalition of British children’s organizations have drawn my attention to what they say are significant failings on the part of ICANN in relation to key issues which impact on children as internet users.
In the first instance they refer to the fact that for many years two domains – .com and . net – both owned by Verisign Inc., have been the largest source of child pornography on the open internet. While one might have hoped Verisign would themselves have chosen to introduce measures to reduce or eliminate the traffic in these appalling materials, they only act as Registry for the domains in question in the first place by virtue of a contract which they have with ICANN.
The suggestion I am hearing, therefore, is that ICANN is equally at fault, or perhaps is even more at fault, because it has consistently failed or refused to bear down on Verisign to improve the situation. In the last year for which figures are available (2016), .com and .net accounted for 70% of all child pornography reported to the UK’s Internet Watch Foundation, yet .com and .net between them represent only 44% of all domains.
The second matter concerns the creation of a .kids domain. Approximately six years after ICANN began the process of creating the domain in the English language the matter remains unresolved. Yet in Cyrillic script the domain was delegated to a Russian organization which, when asked, said ICANN had made no stipulations in the contract about, for example, the importance of ensuring that any potential Registrants did not employ or use persons with convictions for child sex offences.
The way .kids was handled contrasted sharply with the way .bank, .pharmaceuticals and .insurance ended up at the conclusion of the same process of establishing new Generic Top Level Domains. The difference between banking, insurance and pharmaceuticals interests and children’s interests is fairly obvious. The former can afford to employ lawyers and lobbyists, the latter cannot. Yet precisely because that is the case one might have hoped that ICANN itself would have stepped in to ensure that children’s interest were properly safeguarded. They didn’t.
I have not yet had the opportunity to look further into these matters, but I am aware you have taken a great personal interest in child welfare as well as the wider issue of online safety as it impacts children. For that reason it occurred to me that you may already be actively engaging with ICANN with regard to the points I have raised. Either way I would be very grateful to hear how you see ICANN’s responsibilities vis-à-vis children and I would also like to ask if you are satisfied with the way they are discharging them?
Mr Becerra replied on 13th April. He assured Ms Blair he appreciated her concerns about
“how actions or non-actions taken by ICANN may affect the security of children. Keeping kids safe online is a multi-front battle, which comprises combatting exploitation, including child pornography, as well as creating protected spaces for children such as .kids domain. ICANN’s responsibility for managing the internet’s domain names places it squarely in the thick of this fight.
For these reasons, my office and I, including the Bureau of Children’s Justice, will continue to give scrutiny to the issues you raise. Protecting children remains central to what we do at the California Department of Justice.”
A call to action
I trust colleagues in California and elsewhere will be encouraged by Mr Becerra’s response and will be keen to follow up with the Bureau of Children’s Justice to see how the project is moving along.
I wrote an extremely long (10 pages) background briefing on all this. You can find it here if you want to delve deeper.