Child abuse images, or child pornography as it is still more commonly known in many jurisdictions, are one of the signature crimes of the internet. From the first realisation that the internet was being used in this way in many countries around the world the internet industry, children's organisations and the police have collaborated in creating internet hotlines to receive reports about the online location of the vile images. Typically, or perhaps I mean "ideally", once an online address is confirmed this would trigger a process that led to the swift removal of the illegal images from view, the arrest of everyone involved in making, distributing or downloading them and hopefully the identification and rescue of the children depicted.
The first three hotlines were established in Holland, Norway and the UK. The European Union deserves a great deal of credit for recognising very early on the importance of the issue and the potentially valuable role that hotlines could play in helping to deal with it. Through the Safer Internet Programme the EU swung in behind hotlines with substantial financial backing at a time when the concept was anything but proven.
Yet proven it eventually was and today there is a flourishing network of hotlines in 37 countries on all continents. The hotlines in 36 of the 37 countries belong to an association called INHOPE which, inter alia, sets quality standards for the work of hotlines. The EU also provides substantial financial backing for INHOPE.
However, nothing stands still. Technology changes and more particularly late last year the EU passed a new Directive on child abuse, child sexual exploitation and child pornography. This constitutes a new, uniform law which applies to and sets minimum standards in all 27 Member States.
Article 25 of the Directive makes it mandatory for every EU Member State to establish and maintain processes which will enable them to secure the deletion of child abuse images hosted on web servers which are physically located within their jurisdiction. All bar two Member States already have such machinery in place. The two that appear not to have must put that right by the end of 2013.
Where images are hosted on machines which are outside their own jurisdiction Member States are expected to "endeavour" to secure their removal at source. In addition, with appropriate safeguards, the Directive also creates a discretionary power allowing Member States to require images hosted outside their jurisdiction to be blocked pending their deletion. Typically it would be Internet Service Providers (ISPs) and other access providers that would be expected to do the blocking.
Article 28 of the Directive creates a specific obligation requiring the Commission of the European Union to report to the European Parliament and the Council of Ministers on how Member States have implemented Article 25.
The Safer Internet Programme is coming to an end
Nothing stands still forever. Almost coinciding with the new Directive the Safer Internet Programme is now coming to an end. It will be replaced in 2014 by the wider "Connecting Europe" initiative. This means, if it has not already done so, it is probably inevitable that the Commission will have to review its policy in relation to hotlines and INHOPE.
Even if the Commission were minded to carry over the status quo into the "Connecting Europe" programme, in my view the adoption of the new Directive makes that impossible. The Directive changes everything. Things cannot carry on as before. Although the EU's early and continuing support for hotlines and INHOPE was and is of huge importance the fact is that over the years collectively they have not adapted swiftly enough to the new environment.
Moreover differences in the legal frameworks of EU Member States which have severely impacted on how different hotlines and INHOPE operate have not been addressed. The Commission, Europol, INTERPOL, whoever, should have gone in to bat very vigorously to get those national laws changed or found work arounds. They didn't. "Harmonization" is not just a word we all pay lip service to, it is an urgent necessity in some areas and this is one of them.
The 27
A review of the kind I am suggesting is needed is bound or ought to prompt other questions. For example, do we have to have in each Member State a fully blown hotline with identical and perhaps extensive resources? I doubt it but any review should be given permission to consider all options.
Is the hotlines' overwhelming focus on the web and Notice and take Down still as important as it was? Should hotlines be doing more to help law enforcement with Peer2Peer networks and other technologies? Are we confident we are picking up addresses which are visible in Europe but maybe are not getting reported to hotlines because the primary language used on the site or service is not a majority language in any single EU country?
It is acknowledged and wholly accepted that in every jurisdiction there must be a distinct reporting mechanism and a person or persons on the ground whose function is to liaise with the local police, internet industry and child protection agencies. But what about all the back office functions that hotlines perform? Must they be replicated up to 27 times? Could there be one focal point to which each country feeds their data? Could we get to a position where a single set of skilled, practised analysts examines, confirms and classifies reports before passing back their conclusions to the country the report came from to be acted on? Could the INHOPE Secretariat be reconstituted to be that focal point? Perhaps.
What do we need now?
It makes no sense to start the review I think is essential by looking at INHOPE, as such, or by trying to look at how each individual hotline operates and relates to INHOPE. That may well be necessary at some stage but questions about how we got here are much less important than what we do now. The starting point has to be what is implied or required by the new Directive and in particular by the reporting requirements it has created.