This article was first published in the NSPCC's How safe are our children 2019 report.
As the internet celebrates its 50th year (and the World Wide Web its 25th), its presence in every aspect of life has become a double-edged sword. On the one hand it has empowered knowledge-sharing and global communications; on the other it has exposed users to a growing range of online harms, with the greatest impact on the most vulnerable in our society. Among the most serious harms – alongside terrorist and extremist content – is how the internet enables abusers to have greater access to children and the greater sophistication it allows in how paedophiles and organised criminal networks operate – exposing children and young people to harm in new and disturbing ways.
Citizens have increasingly become aware of these online risks. While data privacy, intrusion and security have all been previous areas of public concern, online child abuse is the most significant example yet of a threat that blurs the physical and virtual worlds – at a time when young people are growing up more “tech savvy” than their parents and teachers. We believe that this idea of the internet’s inherent duality – that exposure to harm is part of its wider global adoption – isn’t something inevitable that we must accept. Instead, the rise of online child abuse is an opportunity to learn from history and protect future generations by rethinking the response across government, law enforcement, industry and the third sector. This is an idea that takes centre stage in a new report by PA Consulting, A tangled web: rethinking the approach to online CSEA (child sexual abuse and exploitation). The report draws on PA’s extensive experience in working with expert practitioners in this area and its work with the WePROTECT Global Alliance. By speaking with respondents from across the national and international landscape, PA found broad agreement on two things: that technology is significantly enabling offending, allowing increasingly sophisticated offender networks to mask their identities and share tradecraft, and that regulation alone will not be enough to stem the rising tide of online child abuse. Instead, there’s a collective appetite for increased joint working and cooperation to harness the collective skills and capacity of organisations across the landscape.
The first two eras of consumer concern
One only needs to look back at the history of protections against internet-related threats to see the way a collective action can enhance the response and alleviate consumer concerns. For example, the early widespread adoption of the internet saw the rise of hacking, outbreaks of viruses, denial of service attacks and online fraud. With this, the first era of consumer concern became a force for change. To stem the damage, multiple parties – industry, government and law enforcement – took steps to improve their approach. The development of antivirus technology, security standards, new legislation and the creation of the National Cyber Security Centre (NCSC) all helped to create a more robust collective response to the dominant online threat of that era. More recently, high-profile cases such as Cambridge Analytica and the rise of WikiLeaks shifted public concern towards mass intrusion of privacy and inappropriate use of personal data. This second era of consumer concern drove the arrival of “ubiquitous encryption” (the commonplace use of encryption mechanisms for everyday purposes such as web browsing and instant messengers), social media privacy controls by default and privacy standards, along with legislation in the form of the General Data Protection Regulations and the Investigatory Powers Act. Furthermore, it led to the introduction of the Information Commissioner’s Office and the Investigatory Powers Commissioner’s Office in the UK.
The third era of consumer concern – online harms
Which brings us to the third era of consumer concern. The suicide of Molly Russell, the livestreaming on social media of the Christchurch terrorist attack, and wider public awareness of the increased exposure of young children and vulnerable people to both online child abuse material and groomers, have all energised public appetite for a stronger approach to tackling online harms. In the technology sector we’ve seen content moderation algorithms for detecting harmful content, the use of Artificial Intelligence and databases such as PhotoDNA for identifying child sexual abuse material (CSAM).
There are also early moves towards industry standards, including the UK Council for Child Internet Safety guidance and the Australian eSafety Commissioner’s upcoming “Safety by Design” frameworks. Companies such as Gooseberry Planet (an online safety education platform), Crisp and Two Hats Security (content moderation providers), and Super Awesome (which designs safer online platforms for children and young users) have started to specialise in online safety. Meanwhile, in the government space we may see new legislation and an independent regulator after the consultation resulting from the recently published online harms white paper. We’ve seen significant strides made in the third sector around the removal of indecent material, research and policy development, government and industry engagement, and supporting victims and those at risk. At a law enforcement level, the national Serious and Organised Crime Strategy has set out a “whole system” approach that aims to put the online child abuse mission on the same footing as the collective responses to counterterrorism and cyber security. The UK approach is widely regarded as an international exemplar, with more than 400 offenders arrested each month and more than 500 children safeguarded.
The missing piece?
While progress has been made across separate strands of the approach towards online child abuse, PA’s research identified the need for a single entity – an Online Harms Safety Centre (OHSC) – to orchestrate the collective skills and capacity of organisations involved, allowing them to play to their primary areas of expertise while jointly tackling the end-to- end threat. More than ever before, the nature of the online child abuse threat requires an enhanced approach from those involved in the response – both individually and in terms of overall coordination.
PA believes that the government should create the OHSC, but that it should sit independently, replicating models established by the National Cyber Security Centre. Eventually, they envisage that the OHSC could become the central coordination entity for all activity across the online harms landscape, including preventing extremism, intolerance, self-harm and suicide related material. The recommendations outlined in A tangled web: rethinking the approach to online CSEA can help to protect society’s most vulnerable and shape a positive human future – that’s something truly worth working towards.