Grainia Long Speech to Cyber Threat Summit
Good morning and thankyou to the team at Cyber Threat Summit for the
invitation to speak today. I cannot tell you how refreshing it is to attend
an industry-led think-in on the subject of cyber risk. You are rightly
focused on finding solutions to security threats, and you are clearly
going beyond the commercial benefits of good risk management, and
recognising that there is immense social value to be gained as well.
This is rare, and I commend you for it.
So, why am I here? I’m here because 37,000 contacts were made to
Childline in 2014 about abuse and violence, and much of this took place
online.
Childline has been a national listening service for many years, and it
enables children to access support, on a confidential basis. We are
living proof that technology, well used, can keep children safe by
keeping them connected. For a long time, the service was provided
through a phone line- making this available on a 24-7 basis was the
innovation of its time. But more recently we’ve engaged with children
through text, and through webchat.
What we’ve found in the past year, since these services were also made
available at night-time hours, is a willingness and in some cases a
preference from children to use new and emerging technologies to talk
about personal, sensitive and urgent issues.
So you won't be surprised to find that we think technology is a good
thing. As technology evolves and provides more opportunities to
connect, it is an incredibly exciting time to be developing and providing
services to children through new platforms. We have always been clear
that used in the right way and responsibly, technology is a key
communication and education tool for children and young people.
So Childline gives us an insight into what life is like for children... This
morning I want to focus on the impacts of cyber risks to children, and
what we can and must to do bring national urgency to the piece.
Child protection is everyone's business- that means all the arms and
levers of the state, of the independent sector and industry.
Earlier this year, I sat with some of my colleagues in Childline and child
and family support services, and I asked them, as any new CEO would,
what is worrying them about our services. I expected concerns about
excessive caseloads, insufficient investment in infrastructure or terms
and conditions. What I got instead was a picture of childhood at risk.
More and more of our interventions are with children who are at risk
online.
Girl (12): referred by her mother for sexualised behaviour. Amy
had taken a picture of her private parts and sent these to a boy
she was conversing with online. Details of picture were not
discussed as Amy was very embarrassed about the whole thing,
was remorseful and became visibly upset when it was mentioned.
Girl (14): posted explicit pictures of herself to Facebook (privately
to a male friend) however while the image wasn't shared past this
friend, rumours began to spread about her, perhaps when others
learned about this and she has struggled with school since. It’s
also worrying as rather than reduce her sexualised behaviour, it
has become worse.
What’s obvious from this is the long term damage this does to a child.
The first truth is that Online abuse, intimidation or bullying can be
pervasive.
It interrupts children’s lives, and intrudes into their networks. And
networks are acutely important for young people. As is their place in
that network. This disruption, and lack of control has a major impact on
young people, and in its worst form, can result in a child feeling unable
or unwilling to communicate, to anyone.
Only recently one child we are working with was suffering so badly due
to cyber bullying and her self esteem was so low that she struggled to
identify a single positive thing in her life.
For some children it's the intrusion and breach of trust that hurts the
most. One case of a child forced by bullies to walk around the house
with a camera so that the could see where she lived, which led to
judgement, and harassment. Exploiting personal privacy and data
online is essentially a major form of mistrust and impacts on children just
as potently as it does adults....
It can impact on a young person’s willingness to make and sustain
connections- potentially discouraging them from continuing friendships,
as a strategy of self-preservation.
Too many children ask Childline 'what have I done to deserve this?' how
can I make it stop? In too many cases we accepted that being online
bring risks, as if the fault lies with the victim for being online. Rather
than state clearly that bullying is unacceptable.
So since social networks are deeply personal, and since they encourage
young people to divulge information about their lives, online intimidation
becomes deeply personal- and its effects too are deeply personal.
We know from our calls to Childline that children often look at
pornography sites to learn about sex and sexual behaviour. The impact
on children’s mental health of viewing violent, abusive and degrading
images is profound, and there is increasing evidence of causality
between viewing this material and increased sexualised behaviour in
children.
We know that it impacts on how children view relationships and on what
is acceptable and unacceptable behaviour in relationships. We know it
impacts on body image.
We need to understand much more about the impacts, and this in turn
must inform the services and responses we develop. What has gone
before is not going to work this time...
But we must not make the mistake of thinking we know what our children
need, in a landscape that we don't understand. Last week I spoke at the
launch of Vodafone research that found that actors the majority of age
ranges more than 50% agree or strongly agree that cyber bullying is
more harmful to children than drugs or alcohol misuse.
-
When I first read that finding I thought- I wonder will people find this
incredulous… what will our generation think? We have two
choices... To dismiss the finding as incorrect because they don't
correlate with what we believe to be true, or to accept it as a reality
for children today... And do something about it.
-
The children who took part in this survey are telling us something
serious and important. And they deserve to be heard.
-
There is a growing generational divide, and a mismatch
between the priorities we are setting and the priorities that children
consider to be important.
So the vast majority of children weren’t calling Childline because they
are victims of distribution of child abuse imagery, or victims of child
trafficking. Those children, unfortunately, are much much harder to
locate, and require ongoing EU wide infrastructure to ensure the
prevention, detection and criminal conviction of these offences.
But for the majority of children in Ireland, their cyber security lies in
another landscape----Child psychologists everywhere will tell you that one of the most
important aspects of childhood is having the space to BE a child. A
child’s emotional, social and cognitive development is determined by key
factors which include giving them a safe space to play, time to learn and
opportunities to take risks that are age appropriate.
Children’s rights lawyers will tell you of the child’s rights to freedom from
violence. Child protection professionals will tell you what happens when
these principles aren’t applied.
My Childline colleagues have reported a greater number of calls from
Children viewing inappropriate material, as young as 6 years of age and
up stating they are watching pornography and sometimes describing
what is happening while watching. Experienced Childline call facilitators
are of the view that the the sexual content is getting more explicit even
though the child often doesn’t fully understand what they are watching.
So, what do we do, and how do we respond?
We consider ourselves lucky when we get calls like this to Childline,
because these are the children who want to engage. But identification of
risks is increasingly challenging. A European Commission paper as part
of the 9th European Forum on the Rights of the Child in April of this year
reiterated that violence against children is still relatively hidden, and
under-reported with 90% of all abuse undetected, ranging from child
sexual abuse and exploitation to bullying and cyber-bullying.
But even when identification of risks is possible, when we know what we
are dealing with, the existing frameworks, rules and norms for response
may not work.
The traditional systems of child protection, child safeguarding and child
welfare are not used to working with virtual threats – or with risks that
may originate in another network, or jurisdiction. With risks that might
actually have little immediate impact but might impact on a child’s mental
health or emotional behaviour over time.
The Special Rapporteur on Child Protection Geoffrey Shannon puts this
well in his annual report to parliament when he reminds us that child
abuse imagery and grooming present profound child protection concerns
and are most likely to be perpetrated by people who are strangers to the
child immediately affected. However, the majority of child abuse is
perpetrated by people close to, or known to, the child. This is an
important point- the professional framework of child protection in Ireland
has been built around this norm- we need a different skills set and
culture of child protection for this new frontier.
Cyber risk therefore presents ‘a new normal’ in child safeguarding, and
with it must come new ways of prevention, detection, and response.
This will require genuine collective effort and an acceptance that shared
responsibility across statutory and non-statutory agencies is our best
approach. It will require statutory agencies and independent
organisations like mine working with, and listening to industry.
In turn, it will require industry to understand the capacity, logistical and
operational cultures within different sectors. We are working in an
environment where the laws have not been written yet, where
technology continues to evolve, and where innovation and excellence in
practice is not always easy to find.
Let’s briefly look at the law. There are two key Council of Europe
Conventions that could play a major role in bringing national urgency to
this problem- the Convention on Cybercrime (Budapest Convention) and
the Convention on the Protection of Children against Sexual Exploitation
and Sexual Abuse (the Lanzarote Convention). Ireland has signed both
but ratified neither. This is not good enough. Irish children deserve the
highest standards of protection and they deserve Ireland to be part of a
strong culture of international cooperation on this issue.
Irish legislation also requires a review… there are many areas where our
laws are useful and fit for purpose. For example, the Child Trafficking
and Pornography Act 1998 was written to reflect the fact that technology
is ever evolving, and in many ways continues to meet requirements to
enable convictions.
The Criminal Law (Sexual Offences) Bill which is currently going through
the Oireachtas will finally make the viewing of child sexual abuse
imagery an offence, and will make grooming an offence. And about time
too. But these laws are only relevant when offences against children
online are sexual offences. There are many more offences, such as
malicious bullying, sharing of non-sexual imagery with a view to causing
distress. And of course, breach of a child’s right to privacy.
We must ensure that our law reflects the reality of life for children online.
A national review is necessary if we are to ensure that no one falls
between the gaps.
---All countries are legally required to protect children from violence- and
hold primary responsibility to establish comprehensive child protection
systems. TUSLA, the new Child and Family Agency in Ireland is
eighteen months in place and is investing time and energy in meeting its
new duties. It has our support and is an important partner.
But it is under-resourced. Its priorities are not in my view sufficiently
focused on cyber safety. To my knowledge, there are no dedicated
specialist teams within TUSLA focused specifically on online risks to
children. And this is not TUSLA’s fault.
The institutional arrangements in Ireland are not sufficiently specialist
and are ill-resourced to coordinate activity. In the UK, the NCA- CEOP
Command plays a critical coordination role. In Australia an eSafety
Commissioner ensures urgency and authority to drive strategy and
practice. In Ireland, despite good intentions, our institutional architecture
is letting us down.
A comprehensive institutional architecture of online child protection
doesn’t really exist because we don’t have a national legal framework or
a national strategy.
And perhaps a national strategy is not sufficient anyway, because
national borders are less relevant in this context.
Nevertheless- the legal obligations for the protection of children is on the
state, so this is not an excuse for us- and by this I mean all of us as the
Irish public- to absolve ourselves of our responsibilities.
For this reason, when an election is called- later this week, this month or
this year- the ISPCC will be asking all political parties to demonstrate
their commitment to keeping children safe online. We will be urging all
parties to recognise that online security is the child protection issue of
our time.
In the UK, the Conservative party committed to ensuring that all
pornography websites are placed behind effective access controls. This
is critical.
In a new programme for government, we would expect a clear national
strategy on cyber security for children- one which places children at the
centre, as proactive rather than passive participants; one which is based
on a robust legal framework, on good governance, well resourced.
One which changes the language we use to describe risks. Even
government still refers to the term child pornography- which entirely fails
to reflect the reality of this crime; pornography is sexualised imagery
intended for adult gratification. The abuse of a child and distribution of
these images is child abuse. We need to call it that.
A national strategy which places equal emphasis on prevention as well
as response.
We must ensure that clear commitments are made by government to
restrict access to age-inappropriate content. This will require agreement
between Internet Service Proivders and authorities on approaches to
blocking content. And it is just one solution in myriad of approaches.
This year the Children’s Ombudsman called on government to introduce
a national strategy to eliminate violence against children… the fact that
we don't already have such a strategy is an indicator of our culture of
‘response’ rather than prevention of abuse. We must up our game—a
new risk has emerged, for is generation of children. If we are too slow to
react, future generations will wonder how on earth we could let this
happen on our watch.
Finally... I talked earlier about listening to children. Those of you not
from Ireland will have heard that earlier this year we voted yes to an
amendment to our constitution to enable all couples to marry,
irrespective of their sexuality. The previous constitutional referendum
was less well known internationally but equally groundbreaking. In 2013
the Irish people agreed to put the voice of the child, and their interests at
the heart of all key policy considerations.
Right now, we need to take the spirit and intent of that change and make
it real and meaningful. We need to recognise the child protection issue
of our time, recognise that it's our responsibility to solve it set side
sectoral interests and make child protection everyone's business.
-----