Feedback Request – Embedded Child Protection Solution for Telcos (Academic Research)
Hi all, I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure. As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach. Would you be open to completing a short, 10-minute questionnaire? 🔗 https://dcusurveys.qualtrics.com/jfe/form/SV_8oBhWiZMRrUh1zM We’d be very grateful for your insights. Happy to follow up with more technical or contextual details if helpful. Thanks in advance for your time! Best regards, Eva Bouchard
This policy enforcement should be done on endpoints/user devices. Not telco. Full stop. On Tue, Jun 24, 2025 at 5:02 PM evabouchard38--- via NANOG < nanog@lists.nanog.org> wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach.
Would you be open to completing a short, 10-minute questionnaire?
🔗 https://dcusurveys.qualtrics.com/jfe/form/SV_8oBhWiZMRrUh1zM
We’d be very grateful for your insights. Happy to follow up with more technical or contextual details if helpful.
Thanks in advance for your time!
Best regards, Eva Bouchard _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5PIWG4IP...
I concur with Stipo. Parents must be 100% in control. Telco’s should have no control, access, or visibility to such policy enforcement. Your statement that your startup is developing “real-time, embedded child-protection software for telecom operators” by definition directly contravenes 100% parental control. I recommend that you redesign this project to eliminate all telco involvement. You could easily do this using VPN technology, but there are already many competitors in the residential VPN space with child protection features, so you would need to have some significant distinctive advantages to compete. -Mel Beckman
On Jun 24, 2025, at 6:40 PM, Stipo via NANOG <nanog@lists.nanog.org> wrote:
This policy enforcement should be done on endpoints/user devices. Not telco. Full stop.
On Tue, Jun 24, 2025 at 5:02 PM evabouchard38--- via NANOG < nanog@lists.nanog.org> wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach.
Would you be open to completing a short, 10-minute questionnaire?
🔗 https://dcusurveys.qualtrics.com/jfe/form/SV_8oBhWiZMRrUh1zM
We’d be very grateful for your insights. Happy to follow up with more technical or contextual details if helpful.
Thanks in advance for your time!
Best regards, Eva Bouchard _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5PIWG4IP...
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/YH6XG677...
The only feasible way at the telco level here is TLS interception at some level, and with it being provided by the telco, there is no possible way to respect privacy since the telco will have 100% visibility into all traffic, encrypted or not. That'll be a lot of hardware and a lot of load, and require manual intervention/setup on each device - then the question comes down to filtering individual devices, because otherwise then you have to do TLS interception on the entire household, which would likely mean providing customized CPE that is doing it, instead.... and still requiring TLS interception. Often, carrier controlled CPE. Otherwise, you're back to individual endpoint control/software anyway.... -----Original Message----- From: Mel Beckman via NANOG <nanog@lists.nanog.org> Sent: Tuesday, June 24, 2025 9:50 PM To: nanog@lists.nanog.org Cc: evabouchard38@gmail.com; nanog@lists.nanog.org; Mel Beckman <mel@beckman.org> Subject: Re: Feedback Request – Embedded Child Protection Solution for Telcos (Academic Research) I concur with Stipo. Parents must be 100% in control. Telco’s should have no control, access, or visibility to such policy enforcement. Your statement that your startup is developing “real-time, embedded child-protection software for telecom operators” by definition directly contravenes 100% parental control. I recommend that you redesign this project to eliminate all telco involvement. You could easily do this using VPN technology, but there are already many competitors in the residential VPN space with child protection features, so you would need to have some significant distinctive advantages to compete. -Mel Beckman
On Jun 24, 2025, at 6:40 PM, Stipo via NANOG <nanog@lists.nanog.org> wrote:
This policy enforcement should be done on endpoints/user devices. Not telco. Full stop.
On Tue, Jun 24, 2025 at 5:02 PM evabouchard38--- via NANOG < nanog@lists.nanog.org> wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach.
Would you be open to completing a short, 10-minute questionnaire?
🔗 https://dcusurveys.qualtrics.com/jfe/form/SV_8oBhWiZMRrUh1zM
We’d be very grateful for your insights. Happy to follow up with more technical or contextual details if helpful.
Thanks in advance for your time!
Best regards, Eva Bouchard _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5 PIWG4IPNMNO3US4EB2672K4SEGOTPK3/
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/YH 6XG677WHTJBZCCY3RRK42F547WJXUU/
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/J5F5MKNF...
On Tue, Jun 24, 2025 at 8:40 PM Stipo via NANOG <nanog@lists.nanog.org> wrote:
This policy enforcement should be done on endpoints/user devices. Not telco. Full stop.
Indeed. The whole point of a Telco service is to deliver your communications safely and privately without looking at the content of the message - common carrier. The second a provider intercepts a message and looks at its content, or has an automated agent look at its content. That is called a wiretap. And tapping into any of your customer's communication content generically (without a legal warrant) is the exact opposite of respecting privacy. You are not really a Telco anymore if you are tapping all your customers; that would be a fundamental infringement to the right to privacy. It's just as invasive as if the US mail were to start opening all the letters and resealing after scanning for suspicious correspondence. This is a technology that belongs in the endpoint with zero service provider involvement, And should only exist with the specific and continued consent of the owner of that device and full disclosure to its user. -- -JA
Ok, calm down everyone, I’ve got this from their website: "Chirp is not an App. Chirp is embedded in the fabric of the smartphone at point of manufacture so once you keep your password safe, it cannot be deleted or tampered with.” It’s not a telco stuff then. It’s in the FABRIC. —e
On 25.06.2025, at 04:16, Jay Acuna via NANOG <nanog@lists.nanog.org> wrote:
On Tue, Jun 24, 2025 at 8:40 PM Stipo via NANOG <nanog@lists.nanog.org> wrote:
This policy enforcement should be done on endpoints/user devices. Not telco. Full stop.
Indeed. The whole point of a Telco service is to deliver your communications safely and privately without looking at the content of the message - common carrier.
LOL! It’s not the deleting or tampering we’re worried about. It’s the surveilling, the third-partying, and the tyrannying. -mel
On Jun 24, 2025, at 9:22 PM, Endre Szabo via NANOG <nanog@lists.nanog.org> wrote:
Ok, calm down everyone, I’ve got this from their website:
"Chirp is not an App. Chirp is embedded in the fabric of the smartphone at point of manufacture so once you keep your password safe, it cannot be deleted or tampered with.”
It’s not a telco stuff then. It’s in the FABRIC.
—e
On 25.06.2025, at 04:16, Jay Acuna via NANOG <nanog@lists.nanog.org> wrote:
On Tue, Jun 24, 2025 at 8:40 PM Stipo via NANOG <nanog@lists.nanog.org> wrote: This policy enforcement should be done on endpoints/user devices. Not telco. Full stop.
Indeed. The whole point of a Telco service is to deliver your communications safely and privately without looking at the content of the message - common carrier.
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/7XCM5AET...
"Will Chirp detect and block harmful content in encrypted messaging apps? Yes, encrypted apps are among the most dangerous apps for children and our embedded technology will be capable of filtering harmful encrypted content and will alert you to any threats.” Uhh, yeah, right… Like Apple, Signal, WhatsApp (ok, sorry bad example) and others are going to hand over their encryption keys to some clueless startup? ---- Andy Ringsmuth andy@andyring.com
On Jun 24, 2025, at 8:39 PM, Stipo via NANOG <nanog@lists.nanog.org> wrote:
This policy enforcement should be done on endpoints/user devices. Not telco. Full stop.
On Tue, Jun 24, 2025 at 5:02 PM evabouchard38--- via NANOG < nanog@lists.nanog.org> wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach.
Would you be open to completing a short, 10-minute questionnaire?
🔗 https://dcusurveys.qualtrics.com/jfe/form/SV_8oBhWiZMRrUh1zM
We’d be very grateful for your insights. Happy to follow up with more technical or contextual details if helpful.
Thanks in advance for your time!
Best regards, Eva Bouchard
I bet they do on-device TLS MITM. Not sure how easy it is to do that these days, but let’s assume. What’s more interesting is what they do with the actual payload extracted from these encrypted sessions. Like, for videos in the hundreds of megabytes range. What and where analyzes that content? —e
On 25.06.2025, at 06:35, Andy Ringsmuth via NANOG <nanog@lists.nanog.org> wrote:
"Will Chirp detect and block harmful content in encrypted messaging apps? Yes, encrypted apps are among the most dangerous apps for children and our embedded technology will be capable of filtering harmful encrypted content and will alert you to any threats.”
Uhh, yeah, right… Like Apple, Signal, WhatsApp (ok, sorry bad example) and others are going to hand over their encryption keys to some clueless startup?
---- Andy Ringsmuth andy@andyring.com
On Wed, Jun 25, 2025 at 12:04 AM Endre Szabo via NANOG <nanog@lists.nanog.org> wrote:
I bet they do on-device TLS MITM. Not sure how easy it is to do that these days, but let’s assume.
Possible, but very difficult. Especially with HTTP/3 replacing HTTP 1.1. Also, surreptitiously defeating encryption of apps that can hold end users' most sensitive data in order to feed it to some other program or cloud server on the Telco network (intercepting and decrypting private data to send to someone else's computer for AI processing to detect violations) would be placing people at severe and unexpected risk. Those servers or apps would become an obvious target for criminals interested in the content of encrypted messages that can include payment details, or wallet keys, or whatever people think best to protect by e2e encrypted transport. With a surreptitious implant; it's possible the phone has even been resold or placed in the hands of someone who has not consented to this 3rd party exfiltration and data processing. A Telco should not want to touch that one with a 1000 foot pole. Just have the entity who does the chipping/ backdooring of the phones operate the infrastructure and hold the responsibility in case of malfunction or compromise of the service.
What’s more interesting is what they do with the actual payload extracted from these encrypted sessions. Like, for videos in the hundreds of megabytes range. What and where analyzes that content? -- -JA
On Tue, Jun 24, 2025 at 10:03 PM Endre Szabo via NANOG <nanog@lists.nanog.org> wrote:
I bet they do on-device TLS MITM. Not sure how easy it is to do that these days, but let’s assume.
Hi Endre, If you're being paid to provide an intentionally restricted Internet access service it's very easy: the middlebox simply blocks any protocol it can't decypher. Basic security protocol: deny by default. Any apps which won't work in that scenario... don't work. And that's what the buyer is paying for. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
[like] Jethro Binks reacted to your message: ________________________________ From: Endre Szabo via NANOG <nanog@lists.nanog.org> Sent: Wednesday, June 25, 2025 5:03:32 AM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Endre Szabo <endre.szabo@nanog-list-sfegrr.redir.email> Subject: Re: Feedback Request – Embedded Child Protection Solution for Telcos (Academic Research) I bet they do on-device TLS MITM. Not sure how easy it is to do that these days, but let’s assume. What’s more interesting is what they do with the actual payload extracted from these encrypted sessions. Like, for videos in the hundreds of megabytes range. What and where analyzes that content? —e
On 25.06.2025, at 06:35, Andy Ringsmuth via NANOG <nanog@lists.nanog.org> wrote:
"Will Chirp detect and block harmful content in encrypted messaging apps? Yes, encrypted apps are among the most dangerous apps for children and our embedded technology will be capable of filtering harmful encrypted content and will alert you to any threats.”
Uhh, yeah, right… Like Apple, Signal, WhatsApp (ok, sorry bad example) and others are going to hand over their encryption keys to some clueless startup?
---- Andy Ringsmuth andy@andyring.com
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GSTT5CIR...
[like] Jethro Binks reacted to your message: ________________________________ From: Endre Szabo via NANOG <nanog@lists.nanog.org> Sent: Wednesday, June 25, 2025 5:03:32 AM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Endre Szabo <endre.szabo@nanog-list-sfegrr.redir.email> Subject: Re: Feedback Request – Embedded Child Protection Solution for Telcos (Academic Research) I bet they do on-device TLS MITM. Not sure how easy it is to do that these days, but let’s assume. What’s more interesting is what they do with the actual payload extracted from these encrypted sessions. Like, for videos in the hundreds of megabytes range. What and where analyzes that content? —e
On 25.06.2025, at 06:35, Andy Ringsmuth via NANOG <nanog@lists.nanog.org> wrote:
"Will Chirp detect and block harmful content in encrypted messaging apps? Yes, encrypted apps are among the most dangerous apps for children and our embedded technology will be capable of filtering harmful encrypted content and will alert you to any threats.”
Uhh, yeah, right… Like Apple, Signal, WhatsApp (ok, sorry bad example) and others are going to hand over their encryption keys to some clueless startup?
---- Andy Ringsmuth andy@andyring.com
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GSTT5CIR...
[like] Jethro Binks reacted to your message: ________________________________ From: Endre Szabo via NANOG <nanog@lists.nanog.org> Sent: Wednesday, June 25, 2025 5:03:32 AM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Endre Szabo <endre.szabo@nanog-list-sfegrr.redir.email> Subject: Re: Feedback Request – Embedded Child Protection Solution for Telcos (Academic Research) I bet they do on-device TLS MITM. Not sure how easy it is to do that these days, but let’s assume. What’s more interesting is what they do with the actual payload extracted from these encrypted sessions. Like, for videos in the hundreds of megabytes range. What and where analyzes that content? —e
On 25.06.2025, at 06:35, Andy Ringsmuth via NANOG <nanog@lists.nanog.org> wrote:
"Will Chirp detect and block harmful content in encrypted messaging apps? Yes, encrypted apps are among the most dangerous apps for children and our embedded technology will be capable of filtering harmful encrypted content and will alert you to any threats.”
Uhh, yeah, right… Like Apple, Signal, WhatsApp (ok, sorry bad example) and others are going to hand over their encryption keys to some clueless startup?
---- Andy Ringsmuth andy@andyring.com
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GSTT5CIR...
On Tue, Jun 24, 2025 at 6:39 PM Stipo via NANOG <nanog@lists.nanog.org> wrote:
This policy enforcement should be done on endpoints/user devices. Not telco. Full stop.
*eyeroll* The bottom line is that if folks were willing to pay an appropriate extra fee for an Internet access account whose PPPOE or equivalent session terminated at the child-safety box instead of your other equipment, you'd be all over it. But it *would* be an extra fee because it costs more money to do that and it would be outrageous to propose that folks who don't want or need that service subsidize its cost. A Houston startup called iExalt tried to do just that a little over 25 years ago with enhanced dialup service. Not enough parents ponied up the cash. Unless parental attitudes have changed, that's where the conversation stops: with dollars and sense. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
This policy enforcement should be done on endpoints/user devices. Not telco. Full stop.
Luckily that is what they appear to be doing. “Chirp is embedded in the fabric of the smartphone at point of manufacture so once you keep your password safe, it cannot be deleted or tampered with.”
I don't do surveys, for a lot of reasons. But I'll offer you this: there is no chance whatsoever of this project succeeding. It *will* be neatly undercut by the persistent and systemic security problems in the underlying infrastructure, and it *will* be co-opted by governments for their own purposes. (They don't have to build a surveillance engine. They just have to wait for you to build it for them at your expense, then take it over. Much cheaper.) And on top of both of those largely-unsolvable problems, it will be highly susceptible to insider attack -- which is rather likely because of the massive amounts of money and power that can be brought to bear. (It's what I would do if I were your adversary and had sufficient resources. It's an obvious move and one that's been quite successful on multiple occasions, so why not?) This project should be shut down immediately. Oh, I know: it probably won't be, because the ignorant newbies behind it have money and their egos are on the line. But it should be. Right now. ---rsk
Eva- The solution analyzes data traffic on children’s devices to block harmful
content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
Reviewing their website and referenced patent, Chirp appears to be software embedded in a device operating system. End user devices are, for this context, not part of telco infrastructure. What an end user does ( or doesn't ) run on their devices is a no-op for the network. Unless it's causing a problem, we don't care. It's just bits. On Tue, Jun 24, 2025 at 8:03 PM evabouchard38--- via NANOG < nanog@lists.nanog.org> wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach.
Would you be open to completing a short, 10-minute questionnaire?
🔗 https://dcusurveys.qualtrics.com/jfe/form/SV_8oBhWiZMRrUh1zM
We’d be very grateful for your insights. Happy to follow up with more technical or contextual details if helpful.
Thanks in advance for your time!
Best regards, Eva Bouchard _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5PIWG4IP...
On 6/24/25 10:27, evabouchard38--- via NANOG wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators.
Seems like a poor name, searching "chirp software" brings up a Free Software project. Do you have a link to the product in question? -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
Do you have a link to the product in question?
https://chirpfamily.com/ It's OS level spyware (even though they say it's not) wrapped in 'save the children' clothes. On Wed, Jun 25, 2025 at 12:05 PM Bryan Fields via NANOG < nanog@lists.nanog.org> wrote:
On 6/24/25 10:27, evabouchard38--- via NANOG wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators.
Seems like a poor name, searching "chirp software" brings up a Free Software project.
Do you have a link to the product in question?
-- Bryan Fields
727-409-1194 - Voice http://bryanfields.net _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/CZBMBFQJ...
On 2025-06-24 09:27, evabouchard38--- via NANOG wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach.
Would you be open to completing a short, 10-minute questionnaire?
🔗 https://dcusurveys.qualtrics.com/jfe/form/SV_8oBhWiZMRrUh1zM
From the content of the survey and your website, your team seems well aware of where your app sits in the network stack: on the user's device, not in telco space. Honestly, the survey reads a bit like a sales pitch to residential ISP product managers. I'm mildly curious what they would think of offering this app. Does your solution require equipment deployed on the ISP network?
We’d be very grateful for your insights. Happy to follow up with more technical or contextual details if helpful.
Personally, I haven't found any value in my home ISP's value-added services (like Norton Anti-Virus). But that would certainly vary by locale. Also, historically, I know pattern matching software works well when the content to be filtered is relatively static, like malware. Pattern matching works less well with images, audio, and human-generated text. As an engineer, I would want a more thorough description of your filtering strategies to understand why your app might work where others have failed. Real-world false-positive and false-negative rates would be key if I were a parent. Any LLM integration would also need to be detailed, to understand where a child's data might be shipped for analysis.
Thanks in advance for your time!
Best regards, Eva Bouchard
Thanks, -Brian
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators.
The moment you put the point of child protection on the telco you open the telco up to all sorts of liability lawsuits. A stunningly bad idea. Anne -- Anne P. Mitchell, Esq. Internet Law & Policy Attorney Legislative Advisor Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) CEO Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus, eMail Abuse Prevention System (MAPS)
Anne, your background is impressive, and you’ve inspired me to reach out to the group. I’ve spent the better part of a decade privately developing and funding a federated runtime architecture for AI governance — built to preserve privacy, ensure auditability, and support human supervision over autonomous systems. Think of it as a DNS-like layer for federated intelligence, designed to align distributed actors without compromising sovereignty or context integrity. I’m reaching out to ask: * Are there members of this group working on similar architectures or standards-based frameworks around federated trust, privacy-preserving infrastructure, or AI accountability? * Are there active working groups, discussion forums, or policy-focused venues (beyond NANOG) where these conversations are happening at the infrastructure or protocol layer? If this is not the right venue for this kind of inquiry, I welcome the correction — and would appreciate any redirection you can offer. Thanks in advance for the thoughtful space this group provides. Craig Bueker Founder, CBI Connect, Inc. Founder, The Connected Autonomy Organization On Jun 25, 2025, at 5:06 PM, Anne P. Mitchell, Esq. via NANOG <nanog@lists.nanog.org> wrote: CAUTION: External E-mail I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The moment you put the point of child protection on the telco you open the telco up to all sorts of liability lawsuits. A stunningly bad idea. Anne -- Anne P. Mitchell, Esq. Internet Law & Policy Attorney Legislative Advisor Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) CEO Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus, eMail Abuse Prevention System (MAPS) _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/GPQ6TMGL...
* Are there members of this group working on similar architectures or standards-based frameworks around federated trust, privacy-preserving infrastructure, or AI accountability?
It appears that Anne P. Mitchell, Esq. via NANOG <nanog@lists.nanog.org> said:
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators.
The moment you put the point of child protection on the telco you open the telco up to all sorts of liability lawsuits. A stunningly bad idea.
I take your point, but he's in the EU, not the US, and I wouldn't be surprised if EU regulators expected their telcos to do something about CSAM sent as messages to or from their phones. There are technical issues, too, like how reliable the fingerprinting is and what the consequences of false positives and negatives are, but they're different from the legal issues. R's, John
I take your point, but he's in the EU, not the US, and I wouldn't be surprised if EU regulators
Well, he did specifically query NORTH AMERICAN network operators, and never said anything about limiting his market to EU. -mel
On Jun 25, 2025, at 7:32 PM, John Levine via NANOG <nanog@lists.nanog.org> wrote:
It appears that Anne P. Mitchell, Esq. via NANOG <nanog@lists.nanog.org> said:
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators.
The moment you put the point of child protection on the telco you open the telco up to all sorts of liability lawsuits. A stunningly bad idea.
I take your point, but he's in the EU, not the US, and I wouldn't be surprised if EU regulators expected their telcos to do something about CSAM sent as messages to or from their phones.
There are technical issues, too, like how reliable the fingerprinting is and what the consequences of false positives and negatives are, but they're different from the legal issues.
R's, John _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/BVZ6NXZW...
On Jun 25, 2025, at 9:41 PM, Mel Beckman via NANOG <nanog@lists.nanog.org> wrote:
I take your point, but he's in the EU, not the US, and I wouldn't be surprised if EU regulators
Well, he did specifically query NORTH AMERICAN network operators, and never said anything about limiting his market to EU.
This. Anne -- Anne P. Mitchell, Esq. Internet/Email Law & Policy Attorney Legislative Advisor Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) CEO Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus, eMail Abuse Prevention System (MAPS)
HI Anne, On Wed, 25 Jun 2025 at 23:06, Anne P. Mitchell, Esq. via NANOG < nanog@lists.nanog.org> wrote:
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators.
The moment you put the point of child protection on the telco you open the telco up to all sorts of liability lawsuits. A stunningly bad idea.
We have decree 123 here in italy that obligates all providers to offer it free of charge for residential users in effect for over a year now. This year it also requires equipment vendors of cpes to offer it. see how lucky we are ? Brian
The moment you put the point of child protection on the telco you open the telco up to all sorts of liability lawsuits. A stunningly bad idea
Or not. Many ISPs already offer “parental control” services and have for many years. Similar services are offered by a wide range of other parties in the marketplace.
I don't chime in often, but the Telegraph app was used recently by a government to trick, trap, and then murder a widely popular dissident using something very similar to what you are proposing. At least here in the USA, telcos already hand over all your records to any agency that asks with nothing more than a sticky note. You see what good you can do without seeing what harm will arise from the misuse. Your scheme amounts to giving the telcos full access to every byte of data that flows across their network. Every group, from organized crime to unpopular regimes, will want that data. It will be misused to prop up oppressive regimes. It will be misused to suppress dissenters. Pedophiles will use it to locate the very children you are seeking to protect. It will be used to find those who dare to speak out so that they can be silenced. It will be used to harass and murder. Until you have been subjected to this, until you are the one who is being hunted, I doubt you'll ever understand. Let me tell you a story. We built an ATM network that utilized both thumbprints and PINs for withdrawals. In the country where it was to be installed, beating people up and forcing them to give their PIN code was a common practice. We had hoped that by tying this to a thumbprint, we'd stop some of the violence. Reasonable, sane, meant to be kind, all the same good things I see from you. Keep reading my cautionary tale. The short story is that it didn't help at all. It made things worse because instead of just a beating, people ended up getting their thumbs cut off. We promptly ripped the whole thing out. At least we had the option to remove it. Once you deploy what you're talking about, there is no going back. On Tue, Jun 24, 2025 at 7:03 PM evabouchard38--- via NANOG < nanog@lists.nanog.org> wrote:
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach.
Would you be open to completing a short, 10-minute questionnaire?
🔗 https://dcusurveys.qualtrics.com/jfe/form/SV_8oBhWiZMRrUh1zM
We’d be very grateful for your insights. Happy to follow up with more technical or contextual details if helpful.
Thanks in advance for your time!
Best regards, Eva Bouchard _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5PIWG4IP...
-- Thanks, Jimi
Hi all,
I'm part of a postgraduate team at Dublin City University working with Chirp, a startup developing real-time, embedded child-protection software for telecom operators. The solution analyzes data traffic on children’s devices to block harmful content and alert parents to risks such as grooming, cyberbullying, or self-harm — all while respecting privacy and working natively within telco infrastructure.
As part of our MSc practicum, we’re seeking feedback from telecom and network professionals on the commercial, technical, and regulatory feasibility of such an approach.
This proposal has the hallmarks of Jeremy Benthams Panopticon, being a naïve attempt to use radical transparency for good, seemingly beneficial reasons, with no regard to the myriad of bad uses it will immediately utilised for. As such, it will fail the Bentham utilitarian test, seeing as the balance between good and evil will topple rapidly in the wrong direction. As you have been told repeatedly, in many different ways, it is in effect a very bad idea and should go no further than meeting this polyphonic choir singing "No". /Måns, late to the party. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 I'm reporting for duty as a modern person. I want to do the Latin Hustle now!
participants (20)
-
Andy Ringsmuth -
Anne P. Mitchell, Esq. -
Brian Knight -
Brian Turnbow -
Bryan Fields -
Craig A. Bueker -
Endre Szabo -
evabouchard38@gmail.com -
Gary Sparkes -
Jay Acuna -
Jethro Binks -
Jimi Thompson -
John Levine -
Livingood, Jason -
Mel Beckman -
Måns Nilsson -
Rich Kulawiec -
Stipo -
Tom Beecher -
William Herrin