Crisis at AFRINIC

The African Network Information Centre (Afrinic), the African regional Internet registry (RIR) for IP addresses, has had its bank accounts frozen by court order, crippling its operations. The Supreme Court of Mauritius ordered the RIR’s $50 million account frozen as a result of its contractual dispute with Cloud Innovation. Cloud Innovation, run by Chinese entrepreneur LU Heng, has obtained nearly 7 million IPv4 addresses from Afrinic. Although the company is formally registered in the Seychelles, the majority of its operations are in Asia, where it leases the IPv4 addresses out to Chinese, Philippine and Hong Kong companies. Afrinic was trying to reclaim the addresses, asserting that Cloud Innovation violated its Registration Service Agreement. While contractual disputes between RIRs and their contracting parties are not that unusual, the legal tactics used by Cloud Innovation appear to be deliberately destructive in nature, and are perceived as a threat to the global address registry system. A more complete report on the topic will be published soon.

Surveillance by Design

Civil liberties and privacy groups are up in arms about Apple’s plan to modify its software to enable automated surveillance of the materials on iPhones to detect child sexual material. It has introduced two forms of client-side scanning that allow detection of certain types of images without directly breaking end to end encryption. Over 40 civil society organizations from around the world, including IGP, have signed a letter from the Global Encryption Coalition asking Apple to abandon these plans. You can sign on here: Apple Sign-on Letter.

An algorithm to detect sexually explicit images sent by users of its Messages app will now be built into all of Apple’s devices. When the algorithm detects an image sent to or from people identified as children on family accounts that triggers the algorithm’s nudity alert, it issues a warning to the user and notifies the owner of the account. Apple also announced that its operating system will now contain a database of hashes of illegal child sexual images. Every time its users upload a photo to iCloud, its hash will be scanned against that database. Once a certain threshold of matches is crossed, Apple will disable the account and report the user and the images to authorities. 

Apple is one of only two major mobile operating system platforms. Its action demonstrates its market power: its device and service customers did not ask for these measures and do not benefit from them. Time will tell, but there is no reason to believe that its actions will have a significant impact on child sexual abuse, most of which occurs within families or among people known to the child. Apple promises its users end to end encryption and has made strong stands in favor of privacy in relation to law enforcement demands in the past. As recently as January 2020, Apple’s privacy officer said that “Building backdoors into encryption is not the way we are going to solve [law enforcement] issues.” With this initiative, it is undermining its reputation as a leader in the privacy space. The civil society groups opposing the move are also concerned about the possibility that the move invites governments to pressure or force platforms to add additional hashes of other illegal material to the database. 

GIFCT working groups

The Global Internet Forum to Counter Terrorism (GIFCT) is an interesting exercise in transnational, private sector-led content governance. It was started in 2017 as an association of major online platforms, namely Facebook, Microsoft, Twitter and YouTube. Its stated mission is “To prevent terrorists and violent extremists from exploiting digital platforms.” The platforms have always been responsive to (and working behind the scenes with) government agencies. After the Christchurch shootings, however, the formation of the Christchurch Call Advisory Network formed a bridge to civil society groups. Although civil society organizations still lack formal decision making power within these government-industry networks, GIFCT and CCAN have made an effort to become more “multistakeholder.” In an attempt to broaden participation, GIFCT is now inviting people to apply to work in its Working Groups. These working groups have been in existence for only a year. They cover topics such as “Transparency;” “Technical Approaches: Tooling, Algorithms & Artificial Intelligence;” “Content sharing”; “Crisis Response and Incident Protocols.” Acceptance into these groups is not open, one applies and is vetted by GIFCT, but the opportunity for participation has been broadened.