Law, Science and technology | Australia

8 June 2021

Despite the Australian Government’s efforts to safeguard children from exploitation, child sexual abuse content is flourishing unabated on Australia’s Cocos (Keeling) Islands Top-Level Domain and must be stopped, James Mortensen and Samuel Bashfield write.

One of the most effective ways of limiting access to – and thus demand for – child exploitation material is to keep it off the open Internet. To this end, limiting access to certain domain addresses is a fundamental part of preventing abusive material from being indexed, searched, and accessed by users.

However, the regulation of domain addresses is largely dependent on each individual domain, many of which are country-based – such as .uk, .au or .nz.

But some domains were created for places that did not have sovereign governments. In the early days of the Internet, country-code Top-Level Domains (TLDs) were created for each country and dependent territory.

As a result, in addition to .au for Australia, TLDs were created for Australia’s territories – .cx for Christmas Island, .hm for the Heard and McDonald Islands, .nf for Norfolk Island, and of course, .cc for Cocos Islands.

Though the Australian Government has regulated .au, both .cc and .hm are in the hands of private interests. In the case of .cc, the domain was claimed in 1997 by a private company, and its administration now rests with American tech giant Verisign.

This lack of government oversight has likely contributed to a focus on making the domain profitable, rather than accountable. Historically, .cc has been a low cost, high volume domain, where companies have sold cheap addresses to customers with little oversight or regulation.

More on this: Welcome to the “managed” Internet

Anyone can buy a .cc address, often for a much lower price than other domains.

Due to its low cost, lack of geographical or legislative oversight, and its visual similarity to .com, the domain has long been associated with spam, phishing, and other unsavoury behaviour.

Of particular note, .cc is such a popular TLD for offshore gambling firms that Australian independent member of parliament Andrew Wilkie in 2018 stated that “the federal government must take immediate action to shut down these [gambling] sites and stop them offering illegal services to Australian customers.”

While the Australian domain regulator (auDA) boasts that .au “has significantly lower abuse rates than global average,” according to the Internet Watch Foundation .cc ranked as the tenth-most abused TLD in 2019 for hosting child sexual abuse material.

Unfortunately, this is not the first time .cc has found itself in the top 10.

Australia should not let this misuse of .cc stand – and precedent shows that it doesn’t have to.

More on this: Why Australia needs a cyber security strategy

In 2004, France, dissatisfied with the existing administration of .tf, the TLD of the French Southern and Antarctic Lands, successfully pursued its redelegation to the French Network Information Centre (AFNIC).

AFNIC is a non-profit association which manages .fr and other French TLDs and has close ties to the French Government – it is functionally similar to auDA.

The transmission and dissemination of child sexual abuse material that occurs on the .cc domain does not have to continue. TLDs can be redelegated if governments are willing to petition – as France’s success in regulating .tf demonstrates.

In the short term, the Australian Government, through the Departments of Infrastructure – conveniently responsible for both the Cocos Islands and the Australian Communications and Media Authority – and Home Affairs should use its legitimacy as the responsible government of the Cocos Islands to clean up .cc and ensure it is no longer a haven for child sexual abuse material.

While removing .cc addresses from child abuse sites might not stop the abuse itself, .cc is being used as a vehicle to spread such material globally, providing a regulation black hole for criminals to transfer abhorrent material through the domain.

By removing platforms for this material, the Australian Government will be doing its part to limit the reach of such abusive content. Allowing criminal activity to flourish on .cc calls Australia’s commitment to fighting child exploitation into question and damages the reputation of the Cocos Islands. .cc need not be synonymous with child sexual abuse and scams.

Australia must hold .cc and its other territory TLDs – .cx, .hm and .nf – to the same high standards as .au. This can be achieved through increased regulation of the disparate domain administrators, or even formal redelegation of these domains to auDA.

France’s redelegation of .tf is a compelling example of successful territory domain redelegation and regulation that worked for the betterment of France’s Internet community and Australia should follow suit.

The long history of .cc acting as a vehicle for child sexual abuse material and scams proves existing Australian regulation and oversight is woefully inadequate. The Australian Government must close this regulation black hole and ensure that the Cocos Islands – a part of Australia’s sovereign territory – is no longer used to advertise the exploitation of children to the world.

Back to Top
Join the APP Society

One Response

  1. Garth Miller says:

    What would have been interesting for this article, would have been for the authors to point to particular policy failure in the administration of .cc the has lead to abuse.  As experts, what specific policy or technology changes would they recommend – simply advocating for regulatory intervention or a change of manager without specifying what policy or technology needs to change is not especially helpful.

    While the true back end registry operator of .cc is American owned and controlled, so is the back-end registry operator of .au.  

    While the authors note .cc is #10 on the IWF list for 2019,  .afNIC the French manager of .fr ( which they  a “compelling example of successful territory domain re-delegation” ) is #7 on the same list and .NZ is #9…  

    The researchers seem to have cherry picked data, choosing to use the 2019 data not the most recent (and publicly) available IWF 2020 annual report.   It should be noted that in the most recent report .cc does not appear in the top 10.  It also does not mention that the back-end registry operator is a member of the IWF, having joined in March 2020.  

    As experts and researchers with access to readily available and more current data from the same sources they quote, ( that show proactive approach by the manager if .cc, and a year on year improved effort to combat abuse ) one has to wonder why this was ignored, or how exhaustive their research is.

Back to Top

Press Ctrl+C to copy