It recently occurred to me that it might be possible for a proficient computer user with a bit of spare time to follow a fairly simple procedure that would have the twin benefits of helping to prosecute providers of online child abuse content and/or holding the Internet Watch Foundation to account in certain cases where it might be wrongly labelling legal online content as depicting child abuse. I am not a lawyer, though, and I’m not a specialist in this field, so I might be wrong. I just happen to be interested in minimising censorship and maximising child safety. And although I don’t have legal training or qualifications, I am an armchair lawyer and I also like thinking of simple, automated ways to achieve solutions to social problems, in cases where this can be done. Both child abuse and the presence of powerful, censorious, unaccountable institutions are social problems.
If I’m not mistaken, the four categories of online content the IWF seeks to blacklist are:
- Child sexual abuse images hosted anywhere in the world.
- Criminally obscene content hosted in the UK.
- Incitement to racial hatred content hosted in the UK.
- Inappropriate chat or behaviour with or towards a child online.
It’s the first and last of these that my proposal covers, and I’m going to suggest narrowing the focus to the USA, where the Child Protection and Obscenity Enforcement Act has for several years required producers of websites containing sexually explicit contents to cause to be affixed to every copy of any [such] matter , in such manner and in such form as the Attorney General shall by regulations prescribe, a statement describing where the records required by this section with respect to all performers depicted in that copy of the matter may be located. The Act goes on to state that the term copy
here includes every page of a website on which such matter appears.
The Wikipedia article above links to one such prescribed statement (also known as an 18 U.S.C. 2257 notice
), which states, among other things, that all people depicted on the site were at least 18 years of age at the time the depictions were created, and that the owners of the site have documentary evidence of this. It also includes an address where that documentary evidence is kept. Given the legal requirement that the statement must be as the Attorney General shall by regulations prescribe
, I think it’s safe to assume that all legitimate prescribed statements must have this information.
I think this is a pretty good system. Like I said, I’m not an expert on this, but I do think that child abuse is a serious issue, and that as long as there is an adult entertainment industry, measures like this to keep children out of it are generally quite sensible.
But do you see where else this is going? If the IWF has blacklisted a page hosted in the USA that contains such a prescribed statement, then either the statement is false (e. g. the page actually does contain explicit content of someone under 18) or the IWF was not right to blacklist it. (It’s worth noting here that as in the USA, the age of majority is also 18 in most parts of the UK, which means that in assessing material from the USA, the IWF would not have had to take a difference in age of majority into account when determining what constitutes child abuse.)
So, the next task is to discover whether there are any such pages. This is where things start to become difficult.
The IWF doesn’t make its blacklist public. It does offer to provide the blacklist to its member companies, though, so perhaps if you work for one of those companies you could simplify this step and leak me a copy 
Failing that, there is another way to get an indicator of the blacklist that should be adequate for the purposes above: using the method given by Richard Clayton. This only obtains IP addresses of sites that contain blocked URLs, but because of the requirement that all pages of such sites must provide an 18 U.S.C. 2257 notice, this will in many cases be sufficient. (The cases in which it might not are those in which, for instance, more than one site is hosted at the same IP address, but though these may create false negatives, they should not create false positives.) The Guardian reports that Clayton was able to scan 98 addresses per second over a dial-up connection. Assuming the use of a modest broadband connection around four times faster than that, the whole IPv4 range could probably be scanned in under 6 months.
Once the blacklist (or a list of IP addresses for sites with blacklisted URLs) has been obtained, these URLs or IPs could be scanned with a Python script or similar to determine, for each one, if:
- it is hosted in the USA, and
- its index page contains text indicating the presence of an 18 U.S.C. 2257 notice or a link to one.
The contents of the pages wouldn’t have to be saved, which is important because of the potential illegality of doing so, and a human being wouldn’t have to view the contents either. The script could simply make a note of the URL/IP, and perhaps the snippet of HTML in which the 18 U.S.C. 2257 notice appears. These notes, together, would comprise what I’d call the intersection list
: the intersection of being IWF-blacklisted, hosted in the USA, and nominally 18 U.S.C. 2257 compliant.
This brings me to one particular assumption that I haven’t yet addressed, and it’s this: that there are any such sites. I don’t actually have evidence that there are. But given that:
- the IWF blacklisted an album cover that’s being openly on sale in shops for 30 years, and
- the Child Protection and Obscenity Enforcement Act has been successfully enforced,
I think it’s clear that both sides have, in the past, acted wrongly, and that therefore it’s very likely that there would be some overlap. If there is overlap, then that’s worth knowing, because either: it could provide information leading to the successful prosecution of a nasty-piece-of-work content provider in violation of the Act, or: it could devalue the IWF by showing it had wrongly blacklisted content as child abuse. This would prompt further scrutiny of the organisation and, one hopes, its reform.
As for how it should be determined which of the two organisations is at fault (the content provider or the IWF), I’m not sure what the best procedure would be, but here’s my guess. The FBI has an ongoing program for spotting 18 U.S.C. 2257 violations. If I had obtained a list of intersection URLs/IPs as described above, I’d forward it to the FBI in the first instance, and I would ask to be kept informed about any subsequent investigation that might occur. If, after a reasonable time, the FBI had not acted against all the content providers, I would have to assume this was because they did not think all the content providers had committed offences. At this point, I’d refer any remaining URLs/IPs to the IWF, via what seems to be (the page is poorly written) their complaints procedure, explaining the circumstances, the automated nature of the investigation, etc. If all this proved inconclusive, I’d consider posting the results of the intersection scan to WikiLeaks for others to follow up – although I’d want first of all to be certain that it was legal for me to do so.
So, any proficient computers users with a bit of spare time on their hands reading this? You know what to do.