Here at the IWF, we've created life-changing technology and data sets helping people who were sexually abused as children and whose images appear online. The IWF URL List , or more commonly, the block list, is a list of live webpages that show
children being sexually abused, a list used by the internet industry to block millions of criminal images from ever reaching the public eye.
It's a crucial service, protecting children, and people of all ages in their homes and places of work. It stops horrifying videos from being stumbled across accidentally, and it thwarts some predators who visit the net to watch such abuse.
But now its effectiveness is in jeopardy. That block list which has for years stood between exploited children and their repeated victimisation faces a challenge called DNS over HTTPS which could soon render it obsolete.
It could expose millions of internet users across the globe - and of any age -- to the risk of glimpsing the most terrible content.
So how does it work? DNS stands for Domain Name System and it's the phonebook by which you look something up on the internet. But the new privacy technology could hide user requests, bypass filters like parental controls, and make
globally-criminal material freely accessible. What's more, this is being fast-tracked, by some, into service as a default which could make the IWF list and all kinds of other protections defunct.
At the IWF, we don't want to demonise technology. Everyone's data should be secure from unnecessary snooping and encryption itself is not a bad thing. But the IWF is all about protecting victims and we say that the way in which DNS over HTTPS is
being implemented is the problem.
If it was set as the default on the browsers used by most of us in the UK, it would have a catastrophic impact. It would make the horrific images we've spent all these years blocking suddenly highly accessible. All the years of work for
children's protection could be completely undermined -- not just busting the IWF's block list but swerving filters, bypassing parental controls, and dodging some counter terrorism efforts as well.
From the IWF's perspective, this is far more than just a privacy or a tech issue, it's all about putting the safety of children at the top of the agenda, not the bottom. We want to see a duty of care placed upon DNS providers so they are obliged
to act for child safety and cannot sacrifice protection for improved customer privacy.
The Internet Services Providers' Association has announced the finalists for what its members consider as the 2019 Internet Hero and Villain.
The Internet Hero nominations this year include those campaigning to improve trust and confidence online; mapping out the UK's evolving broadband landscape; and working on global internet governance issues. While, the Villain nominees take in the
impact of new technical standards on existing online protections, the balance between freedom of expression and copyright online and the global telecoms supply chain.
This year's nominations for the 2019 Internet Heroes and Villains in full are:
ISPA Internet Hero
Sir Tim Berners-Lee -- for spearheading the Contract for the Web campaign to rebuild trust and protect the open and free nature of the Internet in the 30 th anniversary of the World Wide Web
Andrew Ferguson OBE, Editor, Thinkbroadband - for providing independent analysis and valuable data on the UK broadband market since the year 2000
Oscar Tapp-Scotting & Paul Blaker, Global Internet Governance Team, DCMS -- for leading the UK Government's efforts to ensure a balanced and proportionate agenda at the International Telecommunications Union Conference
ISPA Internet Villain
Mozilla -- for their proposed approach to introduce DNS-over-HTTPS in such a way as to bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK
Article 13 Copyright Directive -- for threatening freedom of expression online by requiring content recognition technologies across platforms
President Donald Trump -- for causing a huge amount of uncertainty across the complex, global telecommunications supply chain in the course of trying to protect national security
The winners of this year's Heroes and Villains will be chosen by the ISPA Council, and will be announced at the ISPA Awards Ceremony on 11th July in London
Update: Villainous ISPs decide that colluding with censors and snoopers is bad PR
The villains of ISPA have withdrawn their nomination of the heroic Mozilla as an internet villain. ISPA writes:
Last week ISPA included Mozilla in our list of Internet Villain nominees for our upcoming annual awards.
In the 21 years the event has been running it is probably fair to say that no other nomination has generated such strong opinion. We have previously given the award to the Home Secretary for pushing surveillance legislation, leaders of regimes
limiting freedom of speech and ambulance-chasing copyright lawyers. The villain category is intended to draw attention to an important issue in a light-hearted manner, but this year has clearly sent the wrong message, one that doesn't reflect
ISPA's genuine desire to engage in a constructive dialogue. ISPA is therefore withdrawing the Mozilla nomination and Internet Villain category this year.
TechDirt noted that the ISPA nomination was kindly advertising Mozilla's Firefox option for DNS over HTTPS:
ISPA nominated Mozilla for the organization's meaningless internet villain awards for, at least according to ISPA, undermining internet safety standards in the UK:
Of course Mozilla is doing nothing of the sort. DNS over HTTPS not only creates a more secure internet that's harder to filter and spy on, it actually improves overall DNS performance, making everything a bit faster. Just because this doesn't
coalesce with the UK's routinely idiotic and clumsy efforts to censor the internet, that doesn't somehow magically make it a bad idea.
Of course, many were quick to note that ISPA's silly little PR stunt had the opposite effect than intended. It not only advertised that Mozilla was doing a good thing, it advertised DNS over HTTPS to folks who hadn't heard of it previously.
Matthew Prince P (@eastdakota) tweeted:
Given the number of people who've enabled DNS-over-HTTPS in the last 48 hours, it's clear @ISPAUK doesn't understand or appreciate @mmasnick's so-called "Streisand Effect."
We are deeply concerned that a new form of encryption being introduced to our web browsers will have terrible consequences for child protection.
The new system 204 known as DNS over HTTPS -- would have the effect of undermining the work of the Internet Watch Foundation (IWF); yet Mozilla, provider of the Firefox browser, has decided to introduce it, and others may follow.
The amount of abusive content online is huge and not declining. Last year, the IWF removed more than 105,000 web pages showing the sexual abuse of children. While the UK has an excellent record in eliminating the hosting of such illegal content,
there is still a significant demand from UK internet users: the National Crime Agency estimates there are 144,000 internet users on some of the worst dark-web child sexual abuse sites.
To fight this, the IWF provides a URL block list that allows internet service providers to block internet users from accessing known child sexual abuse content until it is taken down by the host country. The deployment of the new encryption
system in its proposed form could render this service obsolete, exposing millions of people to the worst imagery of children being sexually abused, and the victims of said abuse to countless sets of eyes.
Advances in protecting users' data must not come at the expense of children. We urge the secretary of state for digital, culture, media and sport to address this issue in the government's upcoming legislation on online harms.
Sarah Champion MP;
Tom Watson MP;
Carolyn Harris MP;
Tom Brake MP;
Stephen Timms MP;
Ian Lucas MP;
Tim Loughton MP;
Giles Watling MP;
Madeleine Moon MP;
Vicky Ford MP;
Rosie Cooper MP;
Lord Harris of Haringey
The IWF service is continually being rolled out as an argument against DoH but I am starting to wonder if it is still relevant. Given the universal revulsion against child sex abuse then I'd suspect that little of it would now be located on the
open internet. Surely it would be hiding away in hard to find places like the dark web, that are unlikely to stumbled on by normal people. And of course those using the dark web aren't using ISP DNS servers anyway.
In reality the point of using DoH is to evade government attempts to block legal porn sites. If they weren't intending to block legal sites then surely people would be happy to use the ISP DNS including the IWF service.