Safeguarding Podcast – Blinded by the Light
By SafeToNet Foundation
In this podcast recorded at the House of Lords we talk with John Carr OBE about digital gangsters, age verification, legislation & regulation and of course the impact of Brexit on safeguarding of children in the digital context.
Just in case you prefer to read rather than listen, here’s a lightly edited transcript:
Neil Fairbrother
Welcome to another edition of the SafeToNet Foundation’s safeguarding podcast where we focus and talk about all things to do with safeguarding children in the digital context. Today’s topic is regulation and legislation, which some of you may think is boring, but actually it’s a lot more interesting than it first might appear and it’s rather complicated and at times arcane.
Today’s guest is going to guide us through all this with consummate skill based on all of his experience. So John Carr, welcome to the podcast, you are very well known in this area and you have an illustrious CV. Perhaps you could give us a precis of your background and who you are.
John Carr OBE
Okay, well I’d describe myself as a recovering lawyer because that’s what my academic background was. My first work after university was in the field of human rights and the law and so on. But I got involved in computers and networks in very early on in the 80s, and got involved with children’s issues as a result of writing a column about the Internet for a magazine called Prospect.
And the children’s organization rang me up one day and said, hey, we like what you’re saying about this Internet thing we get, it’s going to be important for children. And I said, yeah, I suppose [it is]. That’s what got me thinking about the impact of the Internet and children, young people and that’s where it all began.
In 1996 I was a founding Director of the Internet Watch Foundation. I’ve since been a vice president of Myspace, I was on Microsoft’s Policy Board for Europe, Middle East and Africa. I’ve been an advisor to the United Nations. I’m currently working for UNICEF in Albania and have just finished a job for UNICEF in India.
So I’ve been around the track a few times. Of course, in Britain for the 17 years, I was a member of the British government’s main advisory body on internet policy and children, which originally was called the Home Secretary’s Taskforce on Child Internet Safety, which then became UKIS. But I came off last year, 17 years, paid my debt to society. I figured I could move on
Neil Fairbrother
indeed and move on you have, and you have an OBE?
John Carr OBE
Yes, that was very good. That was very pleasing that her Majesty gave me that honour. That was for my work in this space of protecting children in the online environment. I’m also senior visiting Fellow at the London School of Economics and I am published a lot, both in academic journals and pamphlets and magazines.
I do a lot of media work on these issues.
Neil Fairbrother
We’ll come on to a couple of your publications in a short while, but the regulatory world is a bit of an alphabet soup, when you start to peel back the layers? There are all sorts of acronyms, the list seems to be endless. It’s bewildering. Can you try to make sense of it all? Is there one body that is ultimately responsible for regulation of the online space as far as children are concerned?
John Carr OBE
No, that’s very easy question. The answer is no. The Internet is a global technology operated on a global basis and we don’t have a World Government – you may have noticed that by the way!
If we had a World Government, a single global body that had law-making powers and law enforcement powers, that would be the obvious place for rules to be developed. But as I said, we don’t.
The United Nations and in particular the ITU, the International Telecommunications Union, has some responsibility for developing policy around this space and it has done a lot of work in this area, in the realm of recommendations and advice, not law. Okay. Oddly enough, the ITU does have treaty making powers. It could make laws, but there’s been a huge amount of resistance to that.
Neil Fairbrother
The ITU, is the International Telecomm Union, so there’s a connection then between our online content and telecoms?
John Carr OBE
Yes, because of the connection, because of the overlap with the Internet. So it’s not strictly speaking about voice-to-voice and the traditional form of telecoms, but because the telephone networks at least historically where the basis on which the Internet first came to life, the ITU’s had a foot in the camp, but it’s controversial and not everyone agrees with it.
Then you’ve got other bodies, you’ve got the World Wide Web Consortium that makes the technical rules for how the web operates. You’ve got ICANN, which is a global body based in California that makes rules on the allocation of domain names and the number-based system that makes the whole thing work.
Neil Fairbrother
Domain names are things like .com .net
John Carr OBE
Yes. There are lots of bodies with small bits of it, but there’s no one body, certainly not a body with any kind of law making or law enforcement powers that can tell anybody to do everything. Which means each country, or each kind of government institution, is doing this on their own. I mean they talk to each other, and the European Union for example, has been a major player in this space, but it’s still pretty much left to each country to make their own way.
Neil Fairbrother
Right. So, from the perspective of the rights of the child and child protection, it’s a bit of a lottery then?
John Carr OBE
I’m afraid it is. We do have the UN Convention on the Rights of the Child, which was adopted in 1989. So in essence it’s a pre-internet document that sets out fundamental and eternal principles which have got legal force, but they don’t have a real Internet dimension to it.
Neil Fairbrother
Yes. But not every country has signed up [to UNCRC], notably the USA.
John Carr OBE
In fact, the USA is the only country that hasn’t signed up, every other country in the world has. And the reason the United States hasn’t is because making treaties for them is a much more complicated business. The individual States have to approve it and things of that kind.
But let’s be clear, signing the UNCRC doesn’t guarantee that every child in your country has a happy life, surrounded by milk and honey. In the United States where they haven’t signed it, every child is sadly and hugely oppressed. So, signing or not signing isn’t the thing; it’s the political will behind it. But signing it is an indication of the level of awareness of the issues.
Neil Fairbrother
Now you’ve produced, as you said in your intro, a lot of reports and in 2016 one of the documents that you published was called “When Free Isn’t, and there is an argument that says the free to use approach of the Internet, of the World Wide Web, is the cause of a lot of the problems, because it exacerbates bad behaviour because that generates more clicks and more activity, which justifies the advertising model. Then the only way to monetize through advertising and the way to get the advertising to work is to get more people, more viewers, more watchers. And the way to get that is to be more outrageous.
You came up with this beautiful phrase which I absolutely love, you wrote “The implications of the fact that the Internet was such a key part of children’s lives got lost in the grand drama and glamour of geopolitics, espionage and counter espionage. Children were seen as a responsibility of parents and schools. They were not the concern of those remaking the World through Cyberspace”, which I think is a fantastic phrase. What have been the consequences then of all of that?
John Carr OBE
The simplest way to sum this up is if you’re not paying for the service, you are the product. It’s precisely somebody discovered early on that if you could collect enough data about people, this would allow you as a business to tell advertisers how best to sell their products to tightly defined or easily identified demographics.
And that the money from advertising became the whole kind of engine which drove the Internet forward, which meant nobody had to pay for it because it was there being paid for in a different way. It doesn’t mean to say the Internet was not commercial. It doesn’t mean to say really the Internet was free. It’s just that the revenues that the businesses were making were being collected in a different way.
So, when an individual, a child for example, or an adult for that matter goes online, everything appears to be free because they’re not having to dig into their pockets to pay for it.
Link that with the lack of a clear-cut legal framework that was widely understood and potentially enforceable, and you have a recipe for the sorts of horrible stuff that we’ve seen.
We were all dazzled. We were blinded by the light. I think it was a Manfred Man record, not that I’m old enough to remember it, of course. Blinded by the Light. The Internet emerged from California as this kind of super cool hippy thing that was going to remake the world, make it a better place.
Somehow, we all fell for it. These businesses weren’t like businesses that we’d known before. We trusted them. We thought nothing can go wrong. And unfortunately, that’s not turned out to be the case.
Neil Fairbrother
Indeed. And that brings us to another document that you’ve written in conjunction with Sonia Livingstone and Jasmina Byrne “Internet Governance and Children’s Rights”, and in that you say that the rights that people have offline must also be protected online. But are those two things equitable? Are they the same? Can you actually have the same rights online as offline?
John Carr OBE
I think you can, broadly speaking, obviously there’ll be differences in the where the, the, they work out in practice and the enforcement mechanisms will be different. But the right to free speech, the right to access information, the right to publish your own things. These are real world rights, but there are also online price. But how you guarantee them and how you deliver them home and forced them differ because the medium is different.
But yes, I think in principle the idea is sound, but it hasn’t worked or rather in practice it hasn’t worked because, you know, child sex abuse has been illegal for a very, very long time and, in the real world it’s continued to be a problem. But it’s also started to manifest itself in the virtual world too, and that came as a shock to everybody. Nobody anticipated that this wonderful new technology was going to be used by very bad people in very bad that would hurt children.
Neil Fairbrother
And yet in hindsight it seems obvious, but the other point you make in the report that you did with Sonia Livingstone and Jasmina Byrne was that a range of harms to children was identified, which included the obvious, child pornography, sexual abuse, sexual exploitation, grooming, bullying and harassment. These are kind of the obvious things, but the less obvious things, are that advertising and marketing are a harm or risk. How can that be a harm or risk to a child?
John Carr OBE
The most obvious I guess, is the way in which high fat, high sugar foods and drinks are promoted through advertising in online media that children use. They can’t do it in the same way in the real world because the newspaper and magazine Industry and TV industry recognized that it was ethically challenging.
In fact, it’s not allowed to promote those sorts of known unhealthy products and services to children in those environments. But the companies wanting to sell those products started doing it in the online environment because there were no rules at the time forbidding it.
So we started to see a huge increase in online advertising products and services that they simply couldn’t have done in the real world. Eventually we caught up with them.
But isn’t it striking? These companies knew that they couldn’t do it in the offline world, so they just shifted to the online world and they took advantage of the fact that there was no existing regulatory or legal environment that could have prevented them. That’s now changed, but it’s taken five, six, seven, eight years to get to that point. But there’s an example of a real harm.
In-App purchases, online gambling. I first got involved in the whole business of age verification back in 2002, 2003. Why? Because parents were ringing up the children’s organizations that I work with and saying that their child, typically a boy of 13 or 14 had been diagnosed as a gambling addict. A gambling addict? But the law is clear. You have to be 18 to be able to put a bet on a horse or a football match.
How had they become gambling addicts? Because they were going onto online gambling websites, checking a box and saying they were 18, getting through and blowing their pocket money. Completely wrong, but they couldn’t have gone into a bookie’s on the High Street and done that. They couldn’t have gone to a racetrack or a football ground and done that. But the online gambling companies had done nothing to make sure that the law was being observed. So that was another example of an actual risk and actual danger to children that was happening in the online world. That just wouldn’t have happened in their offline world.
Neil Fairbrother
Yes. Now, but when it comes to age verification, the social media companies in particular will say that’s a tick in the box, job done. They comply with the COPPA Act of the US, which says that you need to be 13 as a minimum to be on online. But it’s a bit of a fig leaf really because data came out only I think yesterday or the day before showing the vast number of under 13s that are actually on social media sites such as Facebook and so on.
So how could an age verification be implemented because it seems like an impossible thing. How’d you prove you are the age you are, particularly if you’re a child where you have less identity. Most young children don’t perhaps have their own passport, a driving license, credit cards, all the usual things that adults have. How do you prove the age?
John Carr OBE
There are lots of different ways in which it can be done, for example, it could be done through school. Your form teacher or somebody in the school office confirming to an age verification provider that you are the age you say you are. It could be done through parents. There are ID cards that can be bought, it’s done through the post and it’s manual, but nevertheless it works. It’s a question of will really. Unfortunately, up till now the big technology companies have shown no real interest in going down that route. But can it be done? Of course it can be done, if there is a will to do it.
Neil Fairbrother
Okay. Now there is an argument that says one of the reasons that the big social media companies, because they are West Coast based companies, they obviously are working under the laws and regulatory regime of West Coast America and they don’t want to take the risk that if they know that a child is at risk and don’t do anything about it, and something happens to that child, they are open to litigation and they don’t want that risk, which is why they have this kind of hands off approach. Do you think that is correct? Is that an argument with merit?
John Carr OBE
I think the principal reason that the big American companies don’t engage with age verification, is because they’re not required to do it and it is a tricky thing to do and it’s a cost. They don’t see any upside to it in terms of revenue, so they just don’t do it. But if they were legally required to do it, then of course they would do it.
They’re not intentionally breaking the law, but neither are they embracing what I think would be best practice. Now, there may be liability issues that could arise from it, but these are solvable providing companies acting in good faith reasonably efficiently. There’s no reason why they should become liable. But you’re absolutely right. I used to work for Myspace, I was a Vice President at Myspace and you know, in American companies lawyers and accountants decide everything.
Neil Fairbrother
Okay. Now, one of the other pieces of work you do is that you produce prior to General Elections in the UK, what you call a “Digital Manifesto”. And in the last one in the runup to I think the 2015 General Election, you identify 10 key points, one of which in particular stood out, as it seems to me like a no brainer, and that is that there is a legal right for victims of child sex abuse to obtain financial compensation from persons found in unlawful possession of an image of that person. Now that seems to me like extreme common sense. What is the issue? Why is that not something available to British victims of child sexual abuse?
John Carr OBE
It’s not in our law yet. We’ve raised it with the civil servants in the Home Office and the Ministry of Justice and we intend to return to it, because I agree with you, it’s a no brainer.
In the United States there was a leading case that went all the way up to the US Supreme Court called “Amy versus Paroline”. Amy, it’s not a real name, was raped by her uncle when she was eight years old. He was caught and sent to jail for a very long time. She got a great deal of help from psychotherapists and social counsellors and so on and made a very, very good recovery. Then when she was about 17, she discovered that the images of her being raped were available on the Internet. She had a complete and total breakdown as a result of that discovery.
Mr Paroline was a rich man and he was found in possession of images of Amy being raped, and so she was able to sue him, and the quantum, the amount of the damages that the Supreme Court agreed were due to her, in other words, the financial level of compensation that she should have received a was in excess of $3 million.
So that was a recognition by them of the scale of harm that can be done by this type of unlawful exchange. We want something similar in the UK. It was in our Digital Manifesto in the runup to the 2015 election, as you say, and the 2017 election because that followed very shortly afterwards. And it’s an issue that we intend to return to again.
Neil Fairbrother
And what is the resistance to it? Why would somebody argue against it, or is it simply a lack of the time? It’s not on the agenda?
John Carr OBE
The police didn’t particularly like it when we discussed it with them, because it would require them to notify the victims every time somebody was arrested and found in possession of one of the images. It’s administratively potentially complicated, so the Cops never, well very few organizations actually, embrace and welcome new responsibilities and new burdens.
But for us it’s a simple matter of justice and there must be ways of doing it administratively, particularly in these days of high tech and so on, that the notification system could work routinely.
And by the way, the notification that an image had been found in the possession of somebody that police had just convicted, I think wouldn’t necessarily go directly to the child, but it would go to their lawyers.
Because you can imagine how it wouldn’t necessarily be in the best interest of the child to learn every single time that somebody else had found a picture of them being raped or sexually abused.
Neil Fairbrother
Yes. And the volume is vast. Susie Hargreaves of the IWF said in her podcast that one of the victims that they helped rescue, at least one image had been circulated some 70,000 times.
John Carr OBE
Yeah. I mean it’s the volumes that make this whole thing so complicated; volume and speed and jurisdiction. Those are the three things that essentially make the Internet environment so difficult for everybody to grapple with.
Neil Fairbrother
Now you run a blog called Desiderata, which makes for fascinating reading, and in one of your recent posts, you say that tough new powers are needed to curb Facebook’s “Digital Gangsters”. What do you mean by “Digital Gangsters”?
John Carr OBE
I can’t claim credit for coining the phrase “Digital Gangsters”. That honour has to be given to Damian Collins, Conservative Member of Parliament who is the Chair of the DCMS Select Committee.
And in the Committee’s report, which came out I think about two weeks ago now, he described Facebook as being a “Digital Gangster”. And he said, and I quote, “They intentionally broke the law” to maximize their revenues, by selling people’s data or processing people’s data of which they knew were unlawful in certain jurisdictions, presumably not in the US jurisdiction, but in other jurisdictions.
Now, that’s strong stuff. But the point I made, the point that I think he was making, and it’s everybody’s been making for several years, is that we’ve all been dazzled, dazzled, by these high-tech companies from California, and the fantastic technology that they’ve invented. But actually, at the end of the day, they’re not Albert Schweitzer. They’re not Mother Teresa. They are businesses whose primary purpose is to make money for their shareholders. And they’re going about it in an extremely efficient way.
And we’ve got to shed this idea that they’re simply all about making the world a kinder, better place. They’re not. That’s what we were all sold originally. And we’ve the scales have now fallen from our eyes and now we have to take a more hard-headed and realistic view about how to regulate these very complicated, very big and powerful companies.
Neil Fairbrother
But it can’t just be the companies themselves. Their shareholders, and in particularly the large shareholders, the institutional shareholders, must also be held to account here because they have the power to vote with their money.
John Carr OBE
Well, it’s funny you should mention that. There is a group of ethical investors in the United States and I’m an advisor to them. These are Christian organizations by and large, the Catholic Church, various Methodist churches and so on, who’ve got billions and billions of dollars invested in all kinds of businesses over there and they’ve got this committee of advisors that’s at the moment looking at high-tech companies and I’m one of those advisors and they are doing exactly what you’ve just mentioned.
They accept that as investors in these businesses, they have an obligation to try to get them to behave more ethically or better. And that’s what’s going on right now. The problem is when you’re a chartered accountant you tend to think about the next month, the next six months and the cash coming in, rather than the long term.
Neil Fairbrother
Now it’s early March and uh, time is marching on and we have a bit of a buffer, a railway buffer coming up towards the end of the month, which is Brexit and we can’t really avoid that because there is an impact, or there may well be an impact, on child safe guarding, particularly in the online environment because it’s a numbers game.
As a member of the EU, as we are today, we are in a geographic region of some half a billion people and there are common rules, laws, regulations, call them what you will, that affects everybody, like half a billion people in all of those countries and obviously all of the children too. And were the EU able to pass some laws, rules, regulations to help protect children online, then we would be automatically included in that, assuming we agreed and voted and didn’t visa or whatever. But outside of the, we are not necessarily obliged to follow EU laws, rules, regulations. Is that right?
John Carr OBE
Well I have two things to say about that. I am a consultant to the Council of Europe. I’m also a consultant to a global NGO based in Bangkok. I travel a lot around the world and I often visit small countries outside of Europe. One of the things that they almost all say is we can’t get anybody to listen to us.
You know, they ask me if I can help them make a connection with Facebook or Google or Microsoft or one of the big American companies, and of course I do because I work with these people and I know them. But it’s simply this, these small countries, small markets, the big companies don’t care that much. I mean, obviously they will never say it like that, but that’s the reality.
The European Union, different kettle of fish. They have to care what the European Union says and does because it’s the biggest single and richest market in the world and if we’re outside it, who knows?
II can remember years and years ago before we formed the European coalition of children’s organizations, going to talk to big American companies and saying, we don’t think thisis right. We want to explore this. And they would say to us, oh, it’s funny, you’re the only people saying this anywhere in the world. We never believed that, but they were able to say it.
Once we got our act together, and once we formed this European-wide coalition of children’s organizations, we knew perfectly well that what the children’s groups in the other European countries were saying is pretty much identical to what we were saying.
So being in big international blocks such as the European Union is incredibly important and it’s an another of the many tragedies that will follow if we do in the end Brexit, although I think we’re going to have to stay aligned broadly speaking to EU rules. I mean if the United States and China are going to have to adapt their policies to make sure they can sell and work in Europe, I’m pretty sure that an independent Britain outside of Europe, outside of the European Union, is going to have to do the same.
Neil Fairbrother
And we’re seeing that impact with GDPR, because at least one of the largest social media sites, I forget which one it is now, has raised their minimum age to 16, and others presumably will at some point follow suit. So there has already been that impact of EU legislation on these North American social media companies.
John Carr OBE
The GDPR is going to be a Global standard and it was developed within the European Union. The Americans are going to have to adjust their rules to it. The Chinese are going to have to do the same because if they don’t, they will not be able to trade in the European market. And it’s the biggest and richest market in the world.
Neil Fairbrother
Okay. John, I think we’re going to have to wrap it up. Thank you so much for your time. Thank you for inviting me into the House of Lords. It’s actually a magnificent place to be.
John Carr OBE
Thank you.