By Sarah Smith, Technical Projects Officer at the Internet Watch Foundation

The internet is a wonderful world-without-frontiers that has transformed how people in every part of the globe communicate, learn, socialize, pay bills, and shop. Unfortunately, there is also a dark side to this technology. Some people are quick to take advantage of advances in technology – exploiting domain names to use for sharing pictures of children being sexually tortured and abused. Since domain names play a central role in how people navigate the web, it is important that we investigate how to keep internet users safe and free from malicious content.

This problem occurs not only across established generic Top-Level Domains (gTLDs) – like .COM, .ORG and .BIZ – and country code Top-Level Domains (ccTLDs) – like .US and .RU – but it also plagues more recently created domain name extensions, known as new TLDs (nTLDs) or new gTLDs.

Since 2014, a rush of new gTLDs have been released to meet a growing demand for domain names. In 2015, IWF analysts started seeing websites using the new gTLDs to share child sexual abuse imagery. Many of the sites were entirely given over to this criminal content, and the domains apparently registered specifically for the purpose of sharing that type of content.

The IWF took action in 2015 against 436 URLs on 117 websites that were using new gTLDs. In 2016, IWF took action against 1,559 URLs on 272 websites using them – up a shocking 258% on the previous year. Out of these 272 websites, 226 were solely distributing child sexual abuse content. In 2017, IWF fought against 5,002 URLs on websites using new gTLDs – a 221% increase since 2016.

To combat this alarmingly rising trend, the IWF teamed up with established registries like Public Interest Registry (PIR) as well as other new gTLD registries to help prevent sites being used to parade imagery of children being sexually abused. Our Domain Alert Service helps the registration sector to disrupt criminals’ attempts to distribute child sexual abuse materials (CSAM). The IWF immediately notifies members who use the Domain Alert Service when a website abusing one of its domains is identified, so the member can take appropriate action.

A top priority for our domain name industry members is to ensure that the members’ domains remain trusted and secure, and the partnership with the IWF is integral to that ethos and objective.

PIR actively participates in IWF’s Domain Alert Service. The service works so that when highly trained IWF analysts discover instances of CSAM in PIR’s domains – predominantly the .org domain – they report them to the registry’s internal legal and operations management teams. Once a notification has been received, PIR alerts the National Center for Missing and Exploited Children (NCMEC), which is in the International Association of Internet Hotlines (INHOPE), a network that tackles online CSAM in the United States. IWF also provides notices to NCMEC, but PIR reinforces the process by choosing to do so as well. PIR takes further action by working with the registrar to either ensure that the content is removed from the site, or to suspend the website if the CSAM has not already been taken down. Partnering with IWF reflects PIR’s commitment to playing its part in removing CSAM from the internet and using Domain Alerts allows the registry to be proactive in that process.

PIR also co-founded a CSAM Referral Discussion Group for registries and registrars (which holds its get-togethers at ICANN meetings). The goal of the working group is to share recommended practices and institutional knowledge for the effective finding and removal of CSAM. PIR had invited the IWF to share insights at that forum at ICANN63 in Barcelona as part of the drive to encourage more domain companies to do more to rid the internet of CSAM.

It’s heart-warming for the IWF that PIR and other registries, including Nominet, Donuts and Afilias, are standing tall in the battle against CSAM online. It shows that the domain name sector is eager to work quickly and decisively to identify the best way to remove the criminal content, with the least impact to those who are not responsible for it. Partnership with IWF provides an important security component, not only for registrants and the general internet user, but also to safeguard the well-being of members’ own anti-abuse teams, insulating them from exposure to such disturbing and distressing material.

The IWF sees first-hand how our domain name industry members, like PIR, share our zero-tolerance policy of child sexual abuse material. We applaud our members’ commitment, urging others in the industry to step up and do the right thing to help effect prompt and definitive actions to stamp out CSAM.