IETF work on child safety and such

[Thomas Narten <narten@us.ibm.com>]

Anyone know more? This is obviously too ill-formed to go forward with
at this time, and has "oh joy" written all over it in any case. But we
got a request...

Thomas

Rachel O'Connell,
Director of Research,
Cyberspace Research Unit,
University of Central Lancashire,
Chandler Building,
Preston, PR1  2HE,
Tel. No. +44(0)1772893755
Fax No. +44(0)1772894984

Dear Mr Narten and Mr Nordmark,  

I am Director of Research of the Cyberspace Research Unit at the
University of Central Lancashire, UK, and I am writing to you with a
view to making a request to you to consider the merits of setting up a
discussion group in your area of the Internet Engineering Task Force
under the working title of Internet Strategic Action Committee (ISAC),
comprised, in part, of people with an understanding of technical
issues, crime preventative strategies and educational issues involved
in tackling the risks to children associated with both existing and
emergent technologies.  It is anticipated that the remit of this group
would include: conducting a review of existing and emerging networking
protocols with respect to enhancing child safety on-line, a focus on
processes underpinning industry's product development, exploration of
the options pertaining to, for example, product differentiation on the
basis of the end-user, creation of outlines of possible minimum
standards for industry with respect to child users, ensuring the
implementation of these standards, and development of mechanisms
whereby industry compliance can be tested so that there is an ongoing
evaluation process designed to establish the effectiveness of these
standards.

My background is in forensic psychology and I have been researching
criminal activity on-line since 1996 and I branched into the field of
Internet safety in 1999. I have both co-ordinated and been involved
with a number of EU funded projects, including the COPINE project -
http://copine.ucc.ie/ - and most recently with http://www.fkbko.net/ a
project which involved the development of web based educational
programs designed to empower children, parents and carers with the
tools knowledge and skills they need to navigate the internet
safely. In 2002 the CRU was commissioned by the Home Office Internet
Task Force in the UK to conduct an extensive program of research into
how children and young people use the Internet - report attached. I
also attend a number of conferences to speak about this area, for
example, the next conference I will be attending will be in New
Zealand and details can be accessed at
http://www.netsafe.org.nz/downloads/ISGNewsletter30Mar03.pdf

Being involved in this particular field of research has necessitated
attending countless meetings, for example, I sit on the Home Office
internet Task Force and the Department for Education and Skills
Internet Safety Strategy Group, in addition to numerous meetings with
project partners around Europe. Typically, government policy makers
and child welfare specialists, who have relatively low-levels of the
understanding of the technical issues that underpin the Internet,
attend these meetings. In addition, representatives from the Internet
industry also attend, whose remit frequently relates to their
company's public image. In addition the catch-phrase often used at
meetings of this kind is that we must search for 'technology-neutral'
solutions. Not surprisingly the documents produced by such groups are
quite low-tech material, for example, eighteen months of work on the
Task Force has led to the production of the recommendations for ISP's
regarding security measures and safety features designed to enhance
children's safety, for example
http://www.homeoffice.gov.uk/docs/ho_model.pdf

The result of this kind of approach to addressing child safety on the
Internet is that in effect child safety on the Internet is rarely
discussed by the sorts of people who may actually be able to properly
identify solutions that would be operable in the Internet environment,
i.e. the sorts of people who contribute to The Internet Engineering
Steering Group. Essentially documents like the one produced by the
Home Office in the UK, which outline guidelines for ISP's, whilst
certainly admirable pieces of work, they are not written in a language
for network engineers and product developers. I imagine that these
non-mandatory best practice documents are sent by the Industry
representatives to the their company's legal teams who review whether
or not there is any obligation on the company to put these
recommendations into effect. I suspect that they do not filter down to
the product development teams or the network operators and it seems
clear that the real work now will be to translate these wish list
items plus some additional ones so that they are operable.

However, I am also aware that the sorts of people with the appropriate
skill sets to discuss the issues surrounding how to work out viable
solutions to the issue of internet safety can display some disdain
toward this issue, primarily I suspect, because they see any
discussion of this topic as potentially involving some kind of
proposal to introduce regulation which would in effect violate the
whole ethos of the internet which is based on collaboration and
information exchange.

In my opinion, the formation of a working group in your area, which
would be comprised, almost exclusively of people with a good baseline
technical knowledge could potentially benefit the subject area of
child safety on the Internet greatly. Having an opportunity to discuss
ways in which for example, 3G based products are developed with a view
to maximising safety features either universally or perhaps in ways
which were more specific to the end-users needs would be an
interesting thread for a discussion.

Additionally protocols relating to interoperability could be explored
in such a way so that it is possible to discuss what the implications
are likely to be from, for example an investigative perspective. From
a pragmatic perspective police working in computer crime units have
acquired a useful working knowledge of the implications of on-line
criminal activity for investigative strategies and there are a number
of officers with a background in computing throughout Europe who have
expressed an interest in being involved in such a discussion group
with a view to contributing to the creation of a set of papers which
would outline for example key points that operational police officers
need to be aware of when investigating crimes which involve the
Internet.

Documents such as the guidelines prepared by the Home Office
http://www.homeoffice.gov.uk/docs/ho_model.pdf could be discussed more
thoroughly with a view to creating a document(s) which would provide
more depth and scope in terms of detailing how and in what
circumstances these recommendations and indeed more far reaching
recommendations would be implemented on various networks using
different programming languages whilst taking into considerations
issues surrounding interoperability. One of the key aims of this
working group would be to create a set of consultation papers which
would, for example, specify protocols in relation to enhancing child
safety in a format that is easily accessible to network and software
engineers who are the people who would be implementing the proposed
practices. This approach would I feel alter the landscape of this area
of discussion tremendously in a positive manner.
 
In addition, members of the project team on one of the current EU
funded projects that the CRU are involved with have expressed an
interest in becoming members of this proposed discussion forum and I
suggest that from this group 4 or 5 people could be selected to manage
the working group.

I am not sure if an attempt such as this to bring together two fields
of understanding with respect to Internet safety, i.e. practitioners
working in the field of combating risks to child safety on-line and a
community of network designers, operators, vendors, and researchers
concerned with the evolution of the Internet architecture and the
smooth operation of the Internet has been attempted before and if you
are aware of such a group?  In my opinion, the wealth of expertise and
knowledge that members of IETF have would benefit the discussion of
child safety on the Internet greatly. In addition, it seems that it
may be possible to secure some funding for the proposed working group
with which, for example, I could organise conferences etc.

I understand from a reading the 'IETF Working Group Guidelines and
Procedures' that you might think it best to consider arranging a BOF
(Birds of a Feather) initial meeting to assess the level of interest
in this idea and I would certainly be agreeable if you were to propose
such a course of action.

I realise that this is a lengthy email and that you are both extremely
busy and I would like to express my gratitude to you for taking the
time to read this introduction / proposal. I am looking forward to
your replyJ

Warmest regards,
Rachel