First published: 31st July 2007
Yui Kee recently bid for a contract to build a website to host videos as an educational resource for teachers, parents and children. The bid was unsuccessful, but our proposal included a discussion of the child safety issues the project raised. We have decided to publish an edited version of that discussion here, to promote careful consideration of the issues:
When this issue was raised in the briefing session, the response mentioned obtaining parental consent for including the videos on the site. While it is right that parental consent should be obtained, it does not constitute sufficient action on child safety. Firstly, it may not be informed consent. Parents may not appreciate the potential of the internet to magnify this type of threat, and parents will tend to trust that the School and the EMB have studied the issue and taken all reasonable precautions before asking for consent. Secondly, obtaining parental consent without taking all reasonable precautions is passing the problem to a party that is less able to deal with it – parents who understand the problem will refuse consent, their children will be safe but will be excluded from some of the benefits of the site; parents who do not understand the problem will give consent, and their children will be at risk. The Schools and the EMB have a responsibility to protect all children in their care, not just the children of informed parents.
Regrettably, the world is not a safe place, even for children, and the communications revolution of the internet that has brought so many benefits has also provided new opportunities for criminals and undesirables. Of particular concern is the use of online information by paedophiles. In the context of this project, we have preliminarily identified three areas of concern:
- Salacious use of videos. Paedophiles would regard videos of children, especially if they featured sportswear or swimsuits, as arousing and a large collection of such material would be highly attractive to them.
- Stalking. A paedophile might use videos from the site to select and research potential victims. Being chosen to demonstrate a technique in a sport would be a strong indication that the child was interested in that sport, and incidental features might indicate friends or other interests. The information might be used to engineer a meeting, or gain the trust of the victim.
- Negative Publicity. If videos from the site were discovered in a paedophile's collection, the media could highlight the involvement of the site, the school and the EMB in enabling the activities of paedophiles.
Considering these threats, it should be remembered that paedophiles are not restricted to a particular location, race or educational background. Some are highly educated and technically competent, they are quite capable of developing sophisticated techniques and instructing the less able in how to use them. With the internet, distance is not a barrier, and, even though the proportion of paedophiles in the population is low, the numbers and capability of those that might cooperate to access and make “best” use of an attractive resource could be very high.
The approach to this issue we propose is a combination of Awareness, Restriction, Discouragement and Traceability.
Teachers will upload the videos, so the teachers should be made aware of the issues and given guidelines with the aim of making the content less useful or attractive to paedophiles. The guidelines should be developed in collaboration with experts in this field. Some preliminary suggestions are:
- Reduce identifiability. Choose a shot that does not show faces clearly in preference to one that does.
- Remove unnecessary personal information. Avoid full names, or don't use names at all.
- Consider the background and incidental details both when taking the shot and when choosing which shot to use. Incidental details might help with identification; background figures might be identifiable or inappropriate.
The policy should be to restrict the site to bona fide users, only teachers should upload and only teachers, students and parents should download. Realistically, considering the school population of Hong Kong and a requirement for ease of use, this is unachievable, inevitably user access credentials will be lost, shared, and disclosed. Still, ongoing effort and resources should be allocated to enforcing the restrictions, as this will reduce the number of accounts available for misuse.
The restrictions should include:
- Verification of status. Account applications should be referred to the relevant school administration for confirmation.
- Expiry. Accounts should be disabled when the user leaves the school.
- Monitoring. Logs should be analysed for patterns of misuse – e.g. simultaneous access from different locations.
- Investigation and action. Violations should be investigated and appropriate action taken.
One interesting possibility is using Hongkong Post eCert as a login credential. This would make account application and subsequent login easier for existing eCert holders – the registration process could be simplified, and they would not have to remember another password to access the site. It would also simplify verification of status – the school could check the HKID number against their records and be sure that the user had the correct eCert. If an applicant using an eCert falsely claimed to be a teacher, pupil or parent, that would be obvious, and the digitally signed application would be strong evidence of their lie.
Awareness, Restriction and Traceability do not prevent misuse, so the objective of discouragement is to warn paedophiles that they will get caught with the intention of persuading them to choose not to use the resources. This will take the form of notices on Child Safety, stating that logs of downloads are kept and suspected misuse will be investigated etc. This will also reassure legitimate users that precautions are being taken. However, the notices should not contain details of the precautions that could be used to circumvent them.
The objective of traceability is to facilitate investigations. This includes features omitted for obscurity. These could then be used in combination to trace those responsible for misuse. features omitted for obscurity kept as confidential as possible.
The Personal Data Privacy Ordinance should also be considered. omitted and linked user records constitute personal data, and must be handled in accordance with the law, including considerations of security and data retention. The vast majority of records will be of entirely innocent actions. It is our opinion that child safety is more important that privacy, but ways should be sought to safeguard both.