Final version of the letter to the NTIA

Age verification, Child abuse images, Consent, ICANN, Internet governance, Pornography, Self-regulation 6 Minutes

The  UK children’s charities sent this in to the NTIA on 17th July, 2018.

Dear NTIA,

Thank you for this opportunity to submit comments on the future of the US Government’s international internet policy priorities.

One in three human internet users is a child

One in three human internet users is a child. In parts of the developing world this can rise to around one in two.  In the higher income countries the proportion hovers around one in five. Thus, whatever else one might believe, imagine or want the internet to be it is a hugely important medium for  hundreds of millions of children. This may not have been anticipated in the early days, when many internet governance institutions were established but, unquestionably, it is a fact today.

Multistakeholderism has failed children

Multistakeholderism is said to be a core operating principle for internet governance institutions. Below we give examples of how multistakeholderism has egregiously failed to ensure children’s interests are taken into account. The main focus is the IGF and ICANN.

The IGF forgot about children

NETmundial was an IGF sponsored initiative of considerable importance.  It took place in Brazil in 2014.  In the final communiqué  there are references to three international treaties:  the Covenant on Civil and Political Rights, the Covenant on Economic, Social and Cultural Rights, and the Convention on the Rights of Persons with Disabilities. The Convention on the Rights of the Child did not feature. There is not one word about children in NETmundial.

There were not enough children’s voices at NETmundial to press for their rights or concerns to be recognised and while doubtless no one present in São Paulo wished any harm to come to children when they go online, neither were children’s interests front and centre of why anyone made the trip. Why were there not enough children’s voices? Partly for a very practical reason: money. Or rather the lack of it.

ICANN takes no account of children’s best interests

In 2012 ICANN decided to expand the number of available generic Top Level Domains (gTLDs). This resulted in the creation of over 1,000.  ICANN agreed “.kids” would be  one of them. For .kids in the English language there were three bidders: Amazon, Google and the .Kids Foundation. Six years later a decision on who should be awarded the contract to be the Registry for .kids in English has still not been taken. This gives some indication of the priority attached to children’s interests within ICANN.

Yet .kids has been let in Cyrillic script. The following questions were put to the Moscow-based entity that won the contract to be the Registry:

Do you make any stipulations about who may buy a .kids domain name e.g. nobody with criminal convictions, or convictions for child sex offences? And if you do, do you carry out any checks to make sure the people meet those criteria?

Answer: No.

Do you make any stipulations about who may work for a business or organization operating a .kids domain name e.g. nobody with criminal convictions, or convictions for child sex offences? And if you do, do you carry out any checks to make sure the people meet those criteria?

Answer: No.

At the time of writing there is no information suggesting anything untoward has happened with any Cyrillic .kids websites, but it should be noted that the volume of sales so far has been low (1,500 at the last known count).

Concerns of the kind alluded to in the questions above should never have been left open in the way they were. This is because a domain such as .kids is guaranteed, sooner or later, to attract the attention of paedophiles. They go where children go. That being so ICANN’s failure to insist on and insert in the Registry Agreement even the most rudimentary safeguards, commonly found elsewhere and not infrequently required by law, is shocking.

Moreover, stipulations about ownership and operations have nothing at all to do with the nature of any content that might appear on a website. No free speech concerns arise.

No advice about children’s best interests was sought

In correspondence ICANN has acknowledged that when it came to deciding who would be awarded the contract to be a .kids Registry, and on what terms, they did not seek or consider any expert advice in relation to what might be in the best interests of children.

Neither were any extra or specific requirements imposed within the application or assessment processes used to decide who might become the .kids Registry. In effect .kids was looked at in the same way as .grocery, .London, .cruise and .baseball.

The GAC nevertheless offered advice

ICANN’s Governmental Advisory Committee (GAC) , on its own volition, offered quite specific advice on children’s interests in respect of the new gTLDs being created.  This was ignored. True enough it was issued after the process had started but it was still well within a timescale that would have allowed ICANN to act, were it so minded.

It was different for .bank, .pharmacy and .insurance

As part of the same process that created .kids, .pharmacy, .bank and .insurance also became new gTLDs. However, here, fearful of the consequences of bad actors being able to buy and run websites which implied a link to legitimate pharmaceutical, banking or insurance related activities, interested businesses combined to establish what are now known as “Verified Top Level Domains”. To buy a domain within any of these categories, individuals or entities must first go through a pre-approval process to determine they are fit and proper.

How did banks, pharmacies and insurance accomplish this?

The banking, insurance and pharmaceuticals industries had an established presence within ICANN. They had developed expertise in the substantive issues and become familiar with ICANN’s arcane procedures. Crucially, they had the wherewithal to employ the necessary lawyers, lobbyists and staffers to deliver what, for them, was a highly desirable outcome.

The children’s organizations had and have no similarly endowed or entrenched interlocutors and no one within ICANN accepts that they have or had any kind of obligation to ensure children’s interests are or were properly safeguarded. They could, for example, have stepped in and insisted .kids be created as a  Verified Top Level Domain. They didn’t.

Child pornography

Down the years the lion’s share of child pornography on the internet has been found within just two domains: .com and .net.

In 2018 the IWF reported that around 70% of all child pornography reported to it in 2017 was found within .com and .net. Those proportions were similar to the levels reported in 2016 and many previous years. .com and .net are both owned by the same company, Verisign, based in Virginia. Verisign is the largest single contributor to ICANN’s funds.

Astonishingly, among the new gTLDs established under the 2012 process the IWF also discovered that over 1,000 domains appeared to have been created solely to distribute child pornography. This was up from 272 the year before. These are relatively small numbers but any one of these domains could be responsible for distributing millions of illegal child pornographic images.

ICANN chose money over the safety and security of children

It was open to ICANN to decline to expand the number of available domains under the new gTLD process until they were satisfied they could not be misused in precisely the way they have been. They didn’t choose that route. They chose to bring in more cash and in so doing added to the well-known problem of child pornography being distributed over the internet.

If only WHOIS worked as intended

It is hard to believe even one web site would be engaged in distributing child pornography if the identities and contact details of the persons buying or operating the domain had been robustly verified.  This is what is supposed to happen but ICANN turns a blind eye. This helps crooks to harm children.

The offer of a PDP

In correspondence and discussions ICANN officials would not accept they had any specific or particular responsibilities towards children. They merely suggested the children’s organizations should try to initiate a “Policy Development Process” (PDP) within which our ideas could be discussed by the wider ICANN “community”.

PDPs are the traditional way in which policies are aired and debated within ICANN prior to the ICANN Board reaching a determination.

An ICANN PDP can last several years. It was pointed out the children’s organizations simply do not have the resources that would allow them to engage in one. ICANN appeared unmoved.

More importantly, the obvious implication of a PDP is ICANN believes it has a discretion in relation to the position of children. The contrary view, advanced here, is ICANN has a legal obligation to act in ways which take account of the best interests of children. That is an obligation which, hitherto, ICANN has conspicuously failed to discharge.

Principal recommendation

The US Government should use its influence to ensure multistakeholderism works as originally envisaged and in ways which guarantee children’s interests are fully represented and supported at all stages and levels in key internet governance institutions. Alternatively, if the US Government concludes that this is not possible within current frameworks, it should look for and promote an alternative model.

Yours faithfully,

 

 

Published by John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International and is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John is now or has formerly been an Adviser to the Council of Europe, the UN (ITU), UNODC, the EU and UNICEF. John has advised many of the world's largest technology companies on online child safety. John's skill as a writer has also been widely recognised. http://johncarrcv.blogspot.com

Published