The Dirty Dozen – Verisign is in it. Again

Imagine you own or manage a web site. Your name, address and contact details are accurately recorded and stored somewhere. Anywhere. Would you nevertheless allow that site to engage in the distribution of child sex abuse materials or fake, possibly lethal, pharmaceuticals? Would you mind if it helped facilitate any of many different types of financial scams? No. I didn’t think so.

On the contrary, isn’t it more likely, rather than risk rapid arrest, incarceration and public disgrace you would take active steps to ensure nothing of that nature could ever be linked to you? Wouldn’t you be keen to avoid even a suspicion of careless complicity? 

Yet inaccurate (sometimes completely fake) records of who owns or manages a web site are the reason why a whole range of problems persist online.

The banality of it

The banality takes your breath away.  Accurate  ownership and management records would mean fewer crimes. Fewer children being sexually abused. Not none. But fewer.

Your mood will not be improved when you discover that the people responsible for this state of affairs have rules which say they are supposed to collect and store accurate data. But they don’t, principally because it costs money and takes time, for which read “reduces their revenues and profits”. 

The punchline

If that’s not enough to send you to the barricades, here’s the ironic punchline. The people responsible can get away with not doing what they are supposed to because they know with absolute certainty the “supervisory body” responsible for enforcing the rules will never seriously trouble them. Why? Because that supervisory body is itself  dependent on the blood money generated by the racket in question. You’re asking them to attack their own income stream, put their own pay cheques at risk.  Saintly they are not. Conflicted they most certainly are.

Wall Street and the US Federal Government are also partly to blame

Companies quoted on the New York Stock Exchange are in this up to their not-so-pretty necks. In these days when boycotts are becoming fashionable again maybe the Stock Exchange authorities will start hauling people over the coals? We live in hope.

It is shameful, but the infuriating thing is it could have been stopped if the US Federal Government (Obama) had been paying attention or it could yet be stopped if the Attorneys General in a number of US States chose to get more active.

That aside

I cannot believe there isn’t a US Federal or relevant State law which says, something like

“where a business or other organization knows or ought to know their practices are leading, or are likey to lead, to the abuse of children,  and these practices can be changed, they are under a legal obligation to make whatever changes are necessary to eliminate or reduce the risk of the abuse occurring or continuing.”

For the moment I am going to call this “Carr’s Law” but as soon as anyone shows me such a law already exists I will remove my name and insert the correct one. 

It should be impossible to avoid “Carr’s Law ” 

No business or organization should be able to avoid  Carr’s Law  or reduce their obligations under it by the simple if devious act of changing their own internal by laws or governing principles. And if some Smart Alecs think they already have done so, the bad news is their changes are null and void.

Btw the relevant US States here are California, Virginia, Delaware and Arizona although arguably because agents of the perpetrators will be active in every State of the Union, every AG could have a part of it. 

Complexity is no excuse

If you allow yourself to get sucked into their bizarre world, the culprits will give you a thousand reasons why “nothing can be done”. Or “this is the best we can do”. Shut your ears to these siren voices. Jump out of the rabbit hole and keep focused on a single, simple proposition: make the ownership and management records accurate. As they were always supposed to be.

Access matters. Access to rubbish matters a great deal less

In a spectacular own goal the European Union messed up badly with the GDPR by complicating the rules under which web site data can be accessed. That is being addressed now but it is entirely different and distinct from the accuracy point. Don’t get bamboozled.

No more working parties or study groups

In the internet business delay is the same as money.  For kicking stuff into the long grass the guys who have contrived to make this mess would hands down win an Olympic Gold every time. They water and feed the long grass then disable the lawn mower.

Why am I writing about this?

Last week those brilliant people at the  National Center on Sexual Exploitation (NCOSE) published the 2022 version of the “Dirty Dozen” . This is a list of companies and organizations that are letting children down.  Verisign is in it. Again. Based in Virginia they are the world’s largest Registry, owning .com and .net. According to the latest available figures, 82% of csam found by the IWF was located in the .com and .net domains. That number does not refer to a one off or to a peculiar year. High percentages in .com and .net  have been recorded since records began, many, many years ago.

A bit more information for the interested reader

The EU concluded a consultation on “security of network and information systems” and this topic was part of it. On behalf of ECPAT International I wrote a short paper which gives a little more background. It is available here.