Internet Watch Foundation

The Internet Watch Foundation (IWF) is a global registered charity based in Cambridge, England. It states that its remit is "to minimise the availability of online sexual abuse content, specifically child sexual abuse images and videos hosted anywhere in the world and non-photographic child sexual abuse images hosted in the UK." Content inciting racial hatred was removed from the IWF's remit after a police website was set up for the purpose in April 2011. The IWF used to also take reports of criminally obscene adult content hosted in the UK. This was removed from the IWF's remit in 2017. As part of its function, the IWF says that it will "supply partners with an accurate and current URL list to enable blocking of child sexual abuse content". It has "an excellent and responsive national Hotline reporting service" for receiving reports from the public. In addition to receiving referrals from the public, its agents also proactively search the open web and deep web to identify child sexual abuse images and videos. It can then ask service providers to take down the websites containing the images or to block them if they fall outside UK jurisdiction.

If found on the open web, it traces where the content is hosted (geographically) and either directly issues a notice to the hosting company to remove the imagery (if hosted in the UK) or works with a network of hotlines and police around the world who follow their own country's process for removing the imagery. More than 99% of all the child sexual abuse images found by IWF are hosted outside of the UK. In this instance, whilst work to remove the imagery takes place, IWF places the web address on its URL List for partners to block the content.

Aside from the IWF URL List, the IWF has developed many services which may be taken by internet companies to help stop the spread of child sexual abuse imagery online.

The IWF operates informal partnerships with the police, government, public, and internet companies across the world. Originally formed to police suspected child pornography online, the IWF's remit was later expanded to cover criminally obscene material.

The IWF takes a strong stance against the term 'child pornography' and on its website cites "we use the term child sexual abuse to reflect the gravity of the images and videos we deal with. Child pornography, child porn and kiddie porn are not acceptable descriptions. A child cannot consent to their own abuse".

The IWF is an incorporated charity, limited by guarantee, and largely funded by voluntary contributions from UK communications service providers, including ISPs, mobile phone operators, Internet trade associations, search engines, hardware manufacturers, and software providers. It also currently receives funding from the European Union by comprising one-third of the UK Safer Internet Centre.

The IWF is governed by a board of trustees which consists of an independent chair, six non-industry representatives, three industry representatives plus one co-opted independent representative with a specialism in human rights. The Board monitors and reviews IWF's remit, strategy, policy and budget to enable the IWF to achieve its objectives. The IWF operate from offices in Vision Park, near Cambridge.

It has been criticized as an ineffective quango that does not deserve its charity status, for producing excessive numbers of false positives, for the secrecy of its proceedings, and for poor technical implementations of its policies that have degraded the response time of the whole UK Internet.

IWF claims to have succeeded in reducing the percentage of the worldwide child sexual abuse images that are hosted in the UK from 18% in 1996 to 0.04% in 2018.

Background
During 1996, the Metropolitan Police told the Internet Service Providers Association (ISPA) that the content carried by some of the newsgroups made available by them was illegal, that they considered the ISPs involved to be publishers of that material, and that they were therefore breaking the law. In August 1996, Chief Inspector Stephen French, of the Metropolitan Police Clubs & Vice Unit, sent an open letter to the ISPA, requesting that they ban access to a list of 132 newsgroups, many of which were deemed to contain pornographic images or explicit text.

"This list is not exhaustive and we are looking to you to monitor your newsgroups identifying and taking necessary action against those others found to contain such material. As you will be aware the publication of obscene articles is an offence. This list is only the starting point and we hope, with the co-operation and assistance of the industry and your trade organisations, to be moving quickly towards the eradication of this type of newsgroup from the Internet ... We are very anxious that all service providers should be taking positive action now, whether or not they are members of a trade association. We trust that with your co-operation and self regulation it will not be necessary for us to move to an enforcement policy."

- Chief Inspector Stephen French, quoted in Web Control

The list was arranged so that the first section consisted of unambiguously titled paedophile newsgroups, then continued with other kinds of groups which the police wanted to restrict access to, including alt.binaries.pictures.erotica.cheerleaders and alt.binaries.pictures.erotic.centerfolds.

Although this action had taken place without any prior debate in Parliament or elsewhere, the police, who appeared to be doing their best to create and not simply to enforce the law, were not acting entirely on their own initiative. Alan Travis, Home Affairs editor of the newspaper The Guardian, explained in his book Bound and Gagged that Ian Taylor, the Conservative Science and Industry Minister at the time, had underlined an explicit threat to ISPs that if they did not stop carrying the newsgroups in question, the police would act against any company that provided their users with "pornographic or violent material". Taylor went on to make it clear that there would be calls for legislation to regulate all aspects of the Internet unless service providers were seen to wholeheartedly embrace "responsible self-regulation".

The ISP Demon Internet regarded the police request as "unacceptable censorship"; however, its attitude annoyed ISPA chairman Shez Hamill, who said:

"We are being portrayed as a bunch of porn merchants. This is an image we need to change. Many of our members have already acted to take away the worst of the Internet. But Demon have taken every opportunity to stand alone in this regard. They do not like the concept of our organisation."

- Observer, 25 August 1996

Following this, a tabloid-style exposé of Demon Internet appeared in the Observer newspaper, which alleged that Clive Feather (a director of Demon) "provides paedophiles with access to thousands of photographs of children being sexually abused".

During the summer and autumn of 1996 the UK police made it known that they were planning to raid an ISP with the aim of launching a test case regarding the publication of obscene material over the Internet. The direct result of the campaign of threats and pressure was the establishment of the Internet Watch Foundation (initially known as the Safety Net Foundation) in September 1996.

Foundation of IWF
Facilitated by the Department of Trade & Industry (DTI), discussions were held between certain ISPs, the Metropolitan Police, the Home Office, and a body called the "Safety Net Foundation" (formed by the Dawe Charitable Trust). This resulted in the "R3 Safety Net Agreement", where "R3" referred to the triple approach of rating, reporting, and responsibility. In September 1996, this agreement was made between the ISPA, LINX, and the Safety Net Foundation, which was subsequently renamed the Internet Watch Foundation. The agreement set requirements for associated ISPs regarding identifiability and traceability of Internet users; ISPs had to cooperate with the IWF to identify providers of illegal content and facilitate easier traceability.

Demon Internet was a driving force behind the IWF's creation, and one of its employees, Clive Feather, became the IWF's first chair of the Funding Board and solicitor Mark Stephens the First Chair of the IWF's Policy Board. The Policy Board developed codes, guidance, operational oversight and a hotline for reporting content.

The Funding Board, made up of industry representatives and Chair of Policy Board, provided the wherewithal for the IWF's day-to-day activities as set down and required by the Policy Board.

After three years of operation, the IWF was reviewed for the DTI and the Home Office by consultants KPMG and Denton Hall. Their report was delivered in October 1999 and resulted in a number of changes being made to the role and structure of the organisation, and it was relaunched in early 2000, endorsed by the government and the DTI, which played a "facilitating role in its creation", according to a DTI spokesman.

At the time, Patricia Hewitt, then Minister for E-Commerce, said: "The Internet Watch Foundation plays a vital role in combating criminal material on the Net." To counter accusations that the IWF was biased in favour of the ISPs, a new independent chairman was appointed, Roger Darlington, former head of research at the Communication Workers Union.

The website
The IWF's website offers a web-based government-endorsed method for reporting suspect online content and remains the only such operation in the United Kingdom. It acts as a Relevant Authority in accordance with the Memorandum of Understanding (MOU) concerning Section 46 of the Sexual Offences Act 2003 (meaning that its analysts will not be prosecuted for looking at illegal content in the course of their duties). Reports can be submitted anonymously. According to the IWF MOU "If potentially illegal content is hosted in the UK the IWF will work with the relevant service provider and British police agency to have the content 'taken down' and assist as necessary to have the offender(s) responsible for distributing the offending content detected." Potentially illegal content includes:


 * Indecent images of children under 18 hosted anywhere in the world;
 * The following area was removed from the IWF's remit in 2017: Criminally obscene content hosted in the UK, or anywhere in the world if uploaded by someone in the UK (under the Obscene Publications Acts);

However, almost the whole of the IWF site is concerned with suspected images of child sexual abuse with little mention of other criminally obscene material, also within their remit. Images judged by the IWF using UK law to be images of child sexual abuse are blocked.

The Government said that the IWF would also be handling images of adult "extreme pornography", which became illegal for people in the UK to possess on 26 January 2009. This has not been part of IWF's remit since 2017. The IWF includes "extreme pornography" as an example under "criminally obscene content", meaning that they will report material hosted in the UK, or uploaded by someone in the UK, but regarding blocking sites "with those categories, our remit will only go so far as to refer sites hosted in the UK to the appropriate authorities."

The IWF states that it works in partnership with UK Government departments such as the Home Office and the DCMS to influence initiatives and programmes developed to combat online abuse.

They are funded by the European Union and the online industry. This includes Internet service providers, mobile operators and manufacturers, content service providers, telecommunications and filtering companies, search providers and the financial sector as well as blue-chip and other organisations who support the IWF for corporate social responsibility reasons.

Through their "Hotline" reporting system, the organisation helps ISPs to combat abuse of their services through a "notice and take down" service by alerting them to any potentially illegal content within their remit on their systems and simultaneously invites the police to investigate the publisher.

The IWF has connections with the Virtual Global Taskforce, the Serious Organised Crime Agency and the Child Exploitation and Online Protection Centre.

Management
Susie Hargreaves was appointed CEO in September 2011.

Andrew Puddephatt was appointed Chair in January 2018.

The Senior Leadership Team at IWF comprises:


 * Heidi Kempster, Deputy CEO & Chief Operating Officer;
 * Emma Hardy, Communications Director;
 * Chris Hughes, Hotline Director
 * Dan Sexton, Chief Technology Officer

Cross-border aspects
The IWF passes notifications of suspected child sexual abuse images and videos through the INHOPE network of hotlines across the world, whenever the content is traced to an INHOPE country. Where there is no INHOPE hotline, IWF works with the relevant police body in that country.

Previously, the IWF passed on notifications of suspected child pornography hosted on non-UK servers to the UK National Criminal Intelligence Service which in turn forwards it to Interpol or the relevant foreign police authority. It now works with the Serious Organised Crime Agency instead. The IWF does not, however, pass on notifications of other types of potentially illegal content hosted outside the UK.

Public procurement
Since March 2010, the Office of Government Commerce (OGC) has required all procurement specifications for the provision of Internet-related services to central government agencies and public bodies to require the Internet service provider (ISP) to block access to sites [sic] on the IWF list. The policy of blocking access to child sexual abuse content via government sites is described as "lead[ing] by example". ISPs would generally be expected to pay IWF for membership or access to the blocked URL list.

Blacklist of web pages
The IWF compiles and maintains a list of URLs for individual webpages with child sexual abuse content called the IWF URL List (previously referred to as the child abuse image content list or CAIC list). A whole website will only be included on the list if that whole domain is dedicated to the distribution of child sexual abuse images. It says "every URL on the list depicts indecent images of children, advertisements for or links to such content, on a publicly available website. The list typically contains 500 – 800 URLs at any one time and is updated twice a day to ensure all entries are still live". Since IWF began proactively searching for child sexual abuse imagery, and since the introduction of crawler technology, the list typically contains between 5,000 and 12,000 URLs every day with a daily 'churn' of content being added to the list and removed from the list as appropriate. Offending UK URLs are not listed as they are taken down very quickly; URLs elsewhere are listed only until they are removed. The list is applied by the ISPs of 95% of commercial Internet customers in the UK. According to the IWF website, blocking applies only to potentially criminal URLs related to child sexual abuse content on publicly available websites; the distribution of images through other channels such as peer-to-peer is a matter for "our police partners", and IWF has no plans to extend the type of content included on the list.

A staff of 13 trained analysts are responsible for this work, and the IWF's 2018 Annual Report says that on average, 376 new URLs were added to the list daily.

Between 2004 and 2006, BT Group introduced its Cleanfeed technology which was then used by 80% of internet service providers. BT spokesman Jon Carter described Cleanfeed's function as "to block access to illegal Web sites that are listed by the Internet Watch Foundation", and described it as essentially a server hosting a filter that checked requested URLs for Web sites on the IWF list, and returning an error message of "Web site not found" for positive matches.

In 2006, Home Office minister Alan Campbell pledged that all ISPs would block access to child abuse websites by the end of 2007. By the middle of 2006, the government reported that 90% of domestic broadband connections were either currently blocked or had plans to be by the end of the year. The target for 100% coverage was set for the end of 2007, however in the middle of 2008 it stood at 95%. In February 2009, the Government said that it is looking at ways to cover the final 5%. In an interview in March 2009, a Home Office spokesperson mistakenly thought that the IWF deleted illegal content, and didn't look at the content they rate.

Although the IWF's blacklist causes content to be censored even if the content has not been found to be illegal by a court of law, IWF Director of Communications Sarah Robertson claimed, on 8 December 2008, that the IWF is opposed to the censorship of legal content. In the case of the IWF's blacklisting of cover art hosted on Wikipedia just a few days prior, she claimed that "The IWF found the image to be illegal", despite the body not having any legal jurisdiction to do so.

In March 2009 a Home Office spokesperson said that ISPs were being pressured to sign up to the IWF's blacklist in order to block child pornography websites and said that there was no alternative to using the IWF's blacklist. Zen Internet previously refused to use the IWF's blacklist citing "concerns over its effectiveness". However it quietly joined the foundation in September 2009 while still maintaining its concerns.

As of 2009, the blacklist was said to contain about 450 URLs. A 2009 study by researcher Richard Clayton at the University of Cambridge found that about a quarter of them were specific pages on otherwise legitimate free file hosting services, among them RapidShare, Megaupload, SendSpace and Zshare. Listing these pages on the confidential blacklist of pages would cause all accesses to the sites hosting them to be referred to the IWF, potentially causing unintended interference as discussed below.

In 2018 the IWF URL List contained 100,682 unique URLs.

R v Walker
R v Walker, sometimes called the "Girls (Scream) Aloud Obscenity Trial", was the first prosecution for written material under Section 2(1) of the Obscene Publications Act in nearly two decades. It involved the prosecution of Darryn Walker for posting a story entitled "Girls (Scream) Aloud" on an internet erotic story site in 2008. The story was a fictional written account describing the kidnap, rape and murder of pop group Girls Aloud. It was reported to the IWF who passed the information on to Scotland Yard's Obscene Publications Unit. During the trial, the prosecution claimed that the story could be "easily accessed" by young fans of Girls Aloud. However, the defence demonstrated that it could only be located by those specifically searching for such material. As a result, the case was abandoned and the defendant was cleared of all charges.

Wikipedia
On 5 December 2008, the IWF system started blacklisting a Wikipedia article covering the Scorpions' 1976 album Virgin Killer, and an image of its original LP cover art which appeared on that article. Users of some major ISPs, including BT, Vodafone, Virgin Media/Tesco.net, Be/O2, EasyNet/UK Online/Sky Broadband, PlusNet, Demon, and TalkTalk (Opal Telecom), were unable to access the filtered content. Although controversial, the album and image are still available, both through Internet shopping sites and from physical shops. The image had been reported to the IWF by a reader, and the IWF determined that it could be seen as potentially illegal. The IWF estimated the block affected 95% of British residential users. The IWF has since rescinded the block, issuing the following statement:

[...] the image in question is potentially in breach of the Protection of Children Act 1978. However, the IWF Board has today (9 December 2008) considered these findings and the contextual issues involved in this specific case and, in light of the length of time the image has existed and its wide availability, the decision has been taken to remove this webpage from our list. Additionally, many UK Internet users were unable to edit Wikipedia pages unless registered and logged in with Wikipedia. This is reported to be due to the single blacklisted article causing all Wikipedia traffic from ISPs using the system to be routed through a transparent proxy server. Wikipedia distinguishes unlogged-in users from each other by their IP address, so interpreted all unlogged-in users from a particular ISP as a single user editing massively from the proxy address, which triggered Wikipedia's anti-abuse mechanism, blocking them.

Wayback Machine
On 14 January 2009, some UK users reported that all of the 85 billion pages of the Internet Archive (Wayback Machine) had been blocked, although the IWF's policy is to block only individual offending web pages and not whole domains. According to IWF chief executive Peter Robbins, this was due to a "technical hitch". Because the Internet Archive's website contained URLs on the IWF's blacklist, requests sent there from Demon Internet carried a particular header, which clashed with the Internet Archive's internal mechanism to convert web links when serving archived versions of web pages. The actual blocked URL which had caused the incident never became publicly known.

Of proxy server used by ISPs
Many ISPs implement IWF filtering by using a transparent proxy server of their own, unconnected with IWF. Quoting Plusnet "If the IP address matches that of a server that's used to host one of the websites on the IWF list then your request is diverted to a proxy server." The hosting server itself is not blacklisted, the problem is due to requesting a page from a server which also hosts a listed page. The IWF lists the Internet companies which "have voluntarily committed to block access to child sexual abuse web pages". These companies may use transparent proxies or other techniques.

Using a transparent proxy has the unintended side effect, quite independent of IWF filtering, of appearing to websites connected to as originating from the proxy IP instead of the user's real IP. Some sites detect the user's IP and adjust their behaviour accordingly. For example, if trying to download files from a file distribution website which restricts free-of-charge usage by enforcing a delay of typically 30 minutes between downloads, any attempt to download is interpreted as originating from the ISP's proxy rather than the user. The consequence is that if any user of that ISP has downloaded any file from the site in the last half-hour (which is very likely for a large ISP), the download is not allowed. This is an unintended consequence of the ISP's use of proxy servers, not IWF filtering. File sharing sites distribute files of all types; for example. Linux distribution files, which are very large. The use of proxy servers is also reported to have caused the problem with editing Wikipedia (but not the blocking of the actual offending web page) reported above.

Ineffectiveness
IWF filtering has been criticised as interfering with legitimate Internet activity while being ineffective against anyone intending to access objectionable content. One discussion, while opposing such things as child pornography and terrorism, points out that filtering has side effects, as discussed in this section, and would not stop access to material such as images of child sexual abuse as it would not stop email, FTP, HTTPS, P2P, Usenet, IRC, or many other ways to access the same content.

Charity status
In February 2009 a Yorkshire-based software developer lodged a formal complaint regarding the IWF status as a charity with the Charity Commission, in which he pointed out that "regulating the worst of the internet" was "not really a charitable purpose", and that the IWF existed mainly to serve the interests of ISPs subscribing to it rather than the public. An IWF spokesperson said that the IWF had attained charitable status in 2004 "in order to subject itself to more robust governance requirements and the higher levels of scrutiny and accountability which charity law, alongside company law, brings with it".

The IWF publishes details of inspections and audits on its website which includes a hotline audit every two years by independent experts, quality assurance inspections by INHOPE, the hotline umbrella body, its ISO27001 compliance and a human rights audit of the organisation which was carried out by Lord Ken Macdonald in 2014.

Authority and transparency
Following the IWF's blacklisting of the Wikipedia article, the organisation's operating habits came under scrutiny. J.R. Raphael of PC World stated that the incident had raised serious free-speech issues, and that it was alarming that one non-governmental organisation was ultimately acting as the "morality police" for about 95% of the UK's Internet users. Frank Fisher of The Guardian criticized the IWF for secretiveness and lack of legal authority, among other things, and noted that the blacklist could contain anything and that the visitor of a blocked address may not know if their browsing is being censored.

Pressure to implement filtering
The government believes that a self-regulatory system is the best solution, and the Metropolitan Police also believe that working with ISPs, rather than trying to force them via legislation, is the way forward. The IWF has a list of URLs considered to host objectionable material (distinct from the actual, confidential, blacklist of pages) which is available to ISPs, but ISPs are not obliged to subscribe to it.

Legality
As a "self-appointed, self-regulated internet watchdog, which views user-submitted content and compiles a list of websites that it deems to contain illegal images" there have been questions raised regarding the legality of their viewing content that would normally constitute a criminal offence.

IWF has a memorandum of understanding between the Crown Prosecution Service and the NPCC to "clarify the position of those professionally involved in the management, operation or use of electronic communications networks and services who may face jeopardy for criminal offences so that they will be reassured of protection where they are acting to combat the creation and distribution of images of child abuse".

Secrecy
The IWF has been criticized for blacklisting legal content and for not telling websites that they are being blocked. In these circumstances, the owner(s) of the blocked webpage might not even know they have offending content on their site, which means that the content would still be readily available to anyone outside of the UK.

Technical issues
Internet companies which deploy services across the world implement the IWF URL List to help prevent people from stumbling across child sexual abuse imagery. The blocking methodology is implemented by the company taking the list and the IWF's good practice to blocking guide recommends companies use a splash page so that people know why a page is being blocked from view, rather than simply delivering a "page not found" message.

Lord Ken Macdonald carried out a Human Rights Audit. Addressing the IWF's Members at its AGM on 26 November 2013, Lord Macdonald said he was "deeply impressed" with the quality of staff and their "commitment and attention to freedom of expression and privacy rights".

Historically, the blacklisting of sites may have been concealed by a generic HTTP 404 "page not found" message rather than an explanation that the content has been censored. The exact method of censorship is determined by the implementing ISP; BT, for example, return HTTP 404 pages, whereas Demon returned a message stating that the page was censored, and why.

At the time of the Wikipedia blocking, performance issues accessing the site from the UK were reported.

In October 2014 users on Sky Broadband reported very slow and intermittent performance of image host Imgur. Clicking on an image would typically result in the site appearing to be down. Accessing via HTTPS causes images to load normally because it bypasses the proxy used on sites with blacklisted content.