A misguided approach
EU measures to block access to websites which host indecent child images threatens both our freedom and privacy, and is not the most effective way to combat child abuse
Image: CC-AT Flickr: srqpix (Clyde Robinson)
A new directive tocombat child exploitation is reaching the final stages in the European Parliament. The draft measures contain controversial powers to block access to websites believed to host child abuse material, but would impose a censorship infrastructure on the Internet.
Child abuse crimes are undoubtedly a serious issue but the use of overtly emotional language can be dangerous and misleading. The tone adopted by some supporters of the proposals risks distorting the debate, and it leaves those who oppose the plans in the tricky position of being portrayed as arguing against defending children.
But there is much evidence to suggest that blocking is not an effective way to prevent child abuse, and that these proposals are ultimately harmful. The German organisation MOGiS (MissbrauchsOpfer Gegen InternetSperren, or Abuse Survivors Against Internet Blocking), who have been campaigning since 2009, assert: “We are opposing the blocking of web pages as a means to tackle the circulation of the images of sexual child abuse on the internet”. Founder of the group, Christian Bahls, speaks and writes powerfully about his deep concern for these plans to “block access to websites using a secret blocking list that is being exchanged by police forces without any involvement of the justice system”.
Also campaigning against the measures is EDRi, an international non-profit association which promotes digital rights. EDRi have published a booklet titled Internet blocking: Crimes should be punished and not hidden, which is full of detailed analysis. As Joe McNamee, an expert with EDRi, explained in a meeting at the European Parliament and in an article for Index on Censorship, web blocking is “useless” and means that “citizens are led to believe that something is being done, and politicians can take refuge in a populist policy in the full knowledge that blocking has no positive benefits and leaves the websites online”.
A similar argument was put forward by EuroISPA (who represent over 1800 ISPs) who emphasised that “blocking allows images to remain online and available for use by those who present a real danger to children. These criminals make it their business to know how to circumvent blocks and continue to copy and share images”.
Opponents argue that the proposed measures are flawed: they fail to adequately address the actual issue of child abuse; implementation across countries with vastly differing laws is technically implausible; there is a lack of judicial control; and they pose a distinct threat to fundamental rights, most notably freedom of expression and the right to privacy (more on these rights-based issues in an open email to MEPs).
Worryingly, these measures have already passed through preliminary stages. Last week, the Committee on Civil Liberties (LIBE) held a hearing to discuss the plans in more detail, and members now have a brief chance to table amendments with a vote scheduled for 3 February. After this, the directive will advance to the final stage, when all MEPs have the opportunity to vote on it.
Whilst we debate Article 21 of the proposed directive that is set to sanction the censoring powers, it is important to remember that other Article 21 (of the Universal Declaration of Human Rights), which upholds that “the will of the people shall be the basis of the authority of government”: herein lies our right to protest against flawed, ineffective and potentially dangerous measures.
Amalia is an independent writer who supports human rights including internet freedom. She writes at amaliaking.co.uk and tweets as @amaliakinguk
*This article was modified on 20 January 2011
Share this article
Comments
Comments (13)
Latest Articles
Featured Article
Schmidt Happens
Wendy M. Grossman responds to "loopy" statements made by Google Executive Chairman Eric Schmidt in regards to censorship and encryption.
ORGZine: the Digital Rights magazine written for and by Open Rights Group supporters and engaged experts expressing their personal views
People who have written us are: campaigners, inventors, legal professionals , artists, writers, curators and publishers, technology experts, volunteers, think tanks, MPs, journalists and ORG supporters.
Nigel Hawthorn:
Jan 19, 2011 at 05:26 PM
There's no disagreement I would think that taking down this content is the best outcome.
However, where sites are in other juristictions, a take-down measure may not be possible and in such cases I would argue that a block on the most egregious content is appropriate.
in the UK, the IWF http://www.iwf.org.uk/ is the point for reporting content as potentially showing images of child abuse. They investigate the content, they issue take-down notices if hosted in the UK (now rare, partly as they have been so effective over the years), they try to identify the victim and pepetrator, work with the CPS to prosecute and provide evidence in court. The IWF is an organisation that is set up purely to work within strict legal criteria, paid for by the government, ISPs, filtering vendors and police forces and so is completely immersed in the legal system of the UK.
They also provide a list of URLs to ISPs and filtering vendors for blocking of this illegal content. So, if a URL cannot be taken down, surely a block is better than doing nothing.
The balance between freedom and restrition is a tricky one in a liberal democracy and I am pleased we are debating it, however as no-one would normally defend someone's rights to shout "fire" in a crowded theatre, it is interesting to note that some people apear to be defending people's rights to distribute an image of someone committing an offence or encourages others to do the same.
The article repeats sweeping comments about non-accountable bodies and technology not being effective and contain emotive words, similar to the accusation being made against those recommending blocking.
My view is that an organisation set up in a similar manner to the IWF can be effective and the small number of child abuse sites hosted in the UK is a proof-point that when legal/political and industry teams get together, a good outcome is possible.
Interested parties can visit the IWF facilities and talk to the team, Amalia may want to do so to see just what is possible and look at the figures from their yearly reports.
I hope this comment helps the balance of the debate.
nigel
Jim Killock:
Jan 19, 2011 at 08:16 PM
Hi Nigel,
Thanks you for your comments, which I think are helpful.
Only a few EU countries have blocking schemes, and not many are mandatory. The EU is pushing for a mandatory scheme, despite evidence that such schemes are reducing the pressure for real action, ie international takedown agreements.
It’s easy to assume that takedown cannot take place in some circumstances. But of course, this is about international agreement for law enforcement, and in the case of phishing sites, such co-operation takes place and takedown is swift and universal.
The EU is also pushing for a system which opens up the possibilities for further blocking, of course. We shouldn’t assume that all EU democracies are safe from requests to extend the use of such systems. Without wishing to sound arrogant – while the UK might have a reasonable chance of resisting calls for extension of blocking to wider problems, it seems inevitable that some member states will succumb to requests to use these systems inappropriately. Hungary and Italy have both recently shown themselves prone to push for laws which might seem to threaten freedom of speech on the net.
The UK blocking system is best understood as a service to ISP customers - they are prevented from accidentally stumbling on a tiny number of sites which would however be distressing to find. It does not prevent customers from circumventing the block and is not mandatory. Nevertheless, there are regular calls for its use to be extended to prevent access of libel, hate speech, anorexia sites and copyright infringing material.
Nigel Hawthorn:
Jan 20, 2011 at 02:19 PM
Sadly, phishing sites are not universally taken down – though perhaps we all wish they were. Perhaps if hosted in the EU they are taken down quickly, but the cooperation from authorities outside the EU is patchy and shouldn't be assumed.
The “slippery slope” argument is always a good one and we all have to be vigilant that governments do not expand the reach beyond what is agreed. On the other hand, it doesn’t necessarily follow that because of the possible threat of the slippery slope, we should do nothing.
It is true that there have been regular calls for the IWF scope to be extended, however this has been going on for the life of the IWF. Some would say that politicians looking to make a populist stance occasionally make statements that are intended to be published and not intended to be acted upon, and it has been difficult to work out how some of these would have been implemented as the judgement necessary would require a very detailed description and likely to lead to legal challenge. That’s why I believe the IWF can be pointed to as a scheme that works, primarily because its aims are clear and narrowly focused. So, instead of the arguments against the blocking measures starting from a point of view that says “this has never worked”, I believe the better discussion is around how the laws are framed so that we don’t fall down the slippery-slope to other areas as described.
Having the IWF in the UK has reduced the number of child abuse images hosted in the UK as the takedown measures have been working hand-in-hand with the filter list. Sadly, the latest report from the IWF shows that 44% of this content was hosted in Europe www.iwf.org.uk/resources/trends#Volumeworldwide – if the EU brings together a stronger take-down and filtering system in tandem, I would expect that the material hosted in Europe will reduce – however if it moves outside the EU’s jurisdiction, I believe we’ll still need a block within the EU for non-EU-hosted content.
James:
Jan 22, 2011 at 10:21 AM
And 48% is located in North America - are you suggesting the US and Canada would not respond to takedown requests of illegal material?
James:
Jan 22, 2011 at 10:22 AM
Your commenting code gives an error saying the CAPTCHA was not correctly entered when a comment without an email address is submitted.
Nigel Hawthorn:
Jan 22, 2011 at 12:05 PM
I think the answer to that is best contained in the %age you quote, the graph of the source of the material around the world and the text from the IWF report reprinted below. Happily in the report, Canada is singled out with a very positive attitude of cooperation.
http://www.iwf.org.uk/resources/trends#Volumeworldwide
"However, we still have concerns about the length of time some websites distributing images of children being sexually abused remain available around the world so we have been considering ways in which to speed up the removal of these images outside the UK, in collaboration with our international partners. We are very pleased to have been granted funding by the Nominet Trust to develop this work.
We look forward to adopting a more direct approach towards the international removal at source of potentially criminal child sexual abuse content by fostering relationships with internet service providers and hosting providers outside the UK so that, in partnership with their relevant national authorities, we can alert them to the abuse of their own networks for the distribution of child sexual abuse images as quickly as possible."
Richard Clayton:
Jan 23, 2011 at 03:01 PM
Nigel said "Sadly, phishing sites are not universally taken down"
Although correct as written, this statement entirely misleads.
The academic research that I have been involved with for many years has shown that the key reason for a failure to promptly remove a phishing website is the bank being unaware it exists.
I can recall very few sites staying up for as long as a week when the bank was actively trying to get them taken down. In contrast, all the child sexual abuse websites that we have studied the removal data for were "known" (by definition) and there the _average_ takedown time was around 4 _weeks_.
The reason for this is extremely straightforward, no attempt was being made to get the child sexual abuse image sites removed. Of course we cannot be sure how long these sites will stay up for if removal activity was at the same level as the banks achieve, but I would be most surprised if this group of criminals did any better than the phishing criminals -- where we measured the take-down time to be an average (mean) of four hours, with a median of 0 hours (ie half the sites were removed before we could even start to measure their lifetime).
See: http://www.cl.cam.ac.uk/~rnc1/takedown.pdf for the academic paper and all the exact figures. Although the paper is now a couple of years old, I believe the data to still be similar, the main difference being quite a significant reduction in child sexual abuse image websites as the purveyors are (sometimes) arrested and (substantially) moving to other means of distribution.
The biggest impact the IWF could make, in my opinion, would be to make reports to the hosting companies. Unfortunately, they have decided it is better not to "tread on the toes" of their companion hotlines in other countries by making such direct reports. I think this is extremely undesirable, since it is clear that progress towards rapid reports to hosting companies is painfully slow.
This is almost orthogonal to the blocking issue, except in so far as the only real reason that there are sites to block is the inability of the hotline systems (or anyone else) to take any effective responsibility for getting this material taken down.
joe:
Jan 24, 2011 at 08:59 AM
In the UK, there is a particular "meme" that "blocking is effective", which is repeated by industry, the IWF and the government funded child protection organisations - and Mr Hawthorn, above. Nobody stops to ask.... effective in doing what, exactly?
* The website remains online, it doesn't stop anyone accessing the material if they want to,
* it can be used by the owner of the site to check if their activities have been identified by national authorities (especially if it is extended across Europe as planned),
* when the blocking list leaks as almost all in the world already have, it provides a "yellow pages" for anyone interested in the content,
* it reduces pressure on governments to take real action (compare the work with the USA on ACTA with the work with the USA to have the sites deleted),
* "self-regulatory" blocking/deletion of sites allows states to avoid investing in due process and even investigations and prosecutions,
* it is also not effective in stopping accidental access, because there is no evidence from the evolution of reports from citizens where blocking is in place that any fewer people access the material by accident than in countries where there is no blocking in place. Indeed, the reduction in reports in recent years has been BIGGER in Ireland (without blocking) than in the UK, which has blocking.
And still they continue to talk, unashamed and unchallenged, about the "effectiveness" of an approach which helps criminals more than it hinders them.
Nigel Hawthorn:
Jan 25, 2011 at 01:29 PM
Hopefully we're not going around in circles and simply repeating our beliefs without listeing to others, but there does seem to be a bit of repetition here, so I'll add to it by repeating my view, hope it helps.
1. I believe that take-down is the best solution and hope that there is no question of that.
2. In the UK, take-down is working, it works well, it is part of the IWF's remit and more important than the list.
3. if every country globally was a good at take-down, as fast, as effective and as committed I think that any list would be unnecessary.
Sadly, that is not the case.
So, let's all work together to promote take-down as the best solution, lobby all of our parliaments globally that this is by far the best result and use whatever positive evidence from other countries to show that take-down can and does work. (to hark back to the UK again, the yearly reports from the IWF of many years ago showed a significant portion of this material was hosted in the UK - the fact that this has reduced is in part to the take-down service being so effective).
So, hopefully we are all in agreement about that, and if all we want to do is to lobby for an ideal world, that is fine.
Meanwhile, the question that needs to be asked is "while waiting for take-down services in other countries to be as efficient as we'd like, do we do anything to stop that material from coming into our countries from elsewhere?"
I think we have two possible answers:
1. We are doing all we can in our country, sorry that the content we consider illegal is being hosted outside our juristiction, but there's nothing we can do about it except try to lobby them as we have no power to take-down ourselves.
2. We will try to take some responsibility even for content that is hosted outside our borders by delivering a block list of that content. At the same time, we will notify the take-down service in the country it is being hosted in, we will lobby their service to be fast and efficient, we will do all we can with InHope etc. to get to a global consensus, but in the meantime we will at least try to be effective at blocking the recipients of that content in our country.
It looks like we are primarily in agreement about the ultimate solution, but disagreeing whether we should take responsibility for content hosted outside our juristiction, my view is that we should take responsibility and offer a blocking service, however flawed it may be.
Joe, I think your points 1 and 2 are correct - though I'd take issue with all of the others - but once we take into account that the blocking lists are of those sites hosted outside the jursitiction of the country, then I think you'll see that a blocking list is better than not having anything.
My hope would be that any EU regulation includes take-down services as the primary measure and the list as secondary. Then, all EU-countries will have a powerful take-down program, then any EU-list will only need to cover sites hosted outside the EU (the majority of sites are already hosted outside the EU).
Richard Clayton:
Jan 25, 2011 at 01:48 PM
Nigel is entirely correct, the question is indeed "while waiting for take-down services in other countries to be as efficient as we would like, do we do anything to stop that material from coming into our countries from elsewhere?"
The problem is that he has missed out the best answer, which would read:
"3. We are doing all we can in our country, but almost all of the content we consider illegal is being hosted outside our jurisdiction, so what we will do is to deal _directly_ with the hosting companies, and where necessary the CERTS, police etc in those other jurisdictions. We already know that the banks are able to get material removed in very short time periods, so we will learn their techniques (we might even ask them to help by passing on their contacts, or donating some of their time to help) and we will soon be just as effective as they are. We will not waste consumer money on forcing the ISPs to build blocking systems that fool politicians into thinking the problem is "solved" and that are trivial for any who wishes to circumvent."
So yes, we should take responsibility for material outside the jurisdiction, but promoting blocking is an abdication of that responsibility.
Nigel Hawthorn:
Jan 25, 2011 at 04:40 PM
Richards point 3 is a great one, at least in theory. However, IMHO I think it assumes a greater level of resources and inter-country trust and cooperation than is possible in reality.
Bank phishing sites come down for a couple of reasons - 1. The criminals are trying to catch people fast and take their own site down as soon as they have enough victims as they don't want to be followed and 2. Every country's law enforcement agencies understand the issue and agree that phishing sites are a bad thing (i hope it is "every" - perhaps it is only "most").
Perhaps there's an assumption in the US/EU that every other country thinks that child abuse images are worthy of fast action, sadly in my experience this is not always the case. If we chase the hosters from one country, they will go to another with more opaque laws and with 196 countries, the number of places we need to lobby and work with is huge.
So, yes, let's bring in anyone who can offer help, let's make as much noise about the problem as we can, let's lobby everyone but who's going to pay for this effort, who is actually going to roll up their sleeves and negotiate with every country (let's take an example, who knows the Ukrainian laws) and try to presuade them that our judgement on an illegal image is the same as theirs and they should trust us and take down an image on our say-so?
I could go off at a tangent and comment on how laws are written, what exactly is an illegal image, what is the age of consent in each country, how do you decide if an image breaks the law, is there a difference between real and psuedo-images and comment that some countries are slower at responding partly because the ISPs don't want to be sued by the content owner who claims that whatever action the ISPs take is removing their business and they take a case through the courts to sure the ISP for loss of earnings. I digress, but the problem here is that we cannot assume that there are any laws to enforce and that if there are any laws, that they are written in the same terms as ours.
So, despite the hope that we can implement Richard's plan, there's still a question about "what do we do in the meantime?" and I, for one, do not want to stand up in front of a parent and say "I'm sorry that the industry had techniques to address part of the problem, but because we were aiming for a higher goal, we didn't bother trying".
Richard Clayton:
Jan 25, 2011 at 06:49 PM
Nigel and I are clearly not going to agree, but just to address a couple of misconceptions about phishing sites (which I have been studying for many years). He says:
"The criminals are trying to catch people fast and take their own site down as soon as they have enough victims as they don't want to be followed"
I have never seen any evidence of this at all -- when the banks are unaware of sites they will stay up for extended periods, and the traceability of the criminals (and it is in fact seldom that any attempt is made to trace them) would not be substantially affected by them removing the sites. Additionally, most sites only snare a few dozen victims, and I doubt that many criminals would be satisfied with so few. This is why I have not observed the criminals removing sites off their own bat, and why I do not believe that they do it often, if at all.
He also says, "Every country's law enforcement agencies understand the issue and agree that phishing sites are a bad thing (i hope it is "every" - perhaps it is only "most")" and goes on to explain the practical difficulties that are encountered in dealing with child sexual abuse image websites.
I recognise _all_ of the difficulties he outlines from the stories I have been told by the companies and banks who successfully tackle take-down on a daily basis. That is why they regularly have to escalate difficult cases to CERTS and to law enforcement, and why their contact lists are so valuable in getting prompt action.
When it comes to take-down the only thing which is special about child sexual abuse websites, I would argue, is that many hosters will take this type of content more seriously than phishing, not less. I remain convinced that global cross-jurisdictional requests for take-down will be far more effective as a policy than the IWF and others appear to believe.
Nigel Hawthorn:
Jan 26, 2011 at 12:59 PM
I'm completely behind Richard's attempt to get cross-border cooperation and would recommend that the best place to start is InHope www.inhope.org rather than taking one of the national hotlines and trying to expand their purpose.
InHope currently have affiliate members in 33 countries that already cooperate with each other as they have all signed up to InHope's code of practice, so part of what you recommend is already underway.
However, there's a lot of countries not part of the scheme, so I guess phase one is trying to get hotlines set up in the other 160ish countries and bring them into InHope.
Then, perhaps it won't be necessary to expand InHope's role (or those of the individual country hotlines), but if it is, it will no doubt require resources; both people and money, as well as an agreement that this is possible, desirable and achievable.
I hate to be a bearer of bad news; InHope has been going since 1999, so it has taken 12 years to get 33 countries with member hotlines joined in this way - the list of countries is still dominated by European ones - sadly they are not all as successful as we'd like, as you can see from the IWF list of hosting countries.
Meanwhile, the web is global and if the take-down was as effective as we all hope, the commercial sites will move outside these 33 countries (if they haven't already) therefore I still believe that there's a good case for the blocking of sites not hosted in these 33 countries as well as stronger power of take-down for each of the hotlines that are members.