Impotence in the face of complexity?

As a service to my readers at the end of this blog I reproduce the full text of s.230 of the Communications Decency Act, 1996 (CDA). All the bold and italics have been put there by me for emphasis. Count the references to child protection issues, families and schools.

Unfortunately, the key parts of the CDA which were aimed at protecting children were struck down by the US Supreme Court in Reno v ACLU because the language used was “over broad” but a significant factor that weighed with the Court was that there were no

…detailed congressional findings, or even hearings addressing the CDA’s special problems…

Were they hinting that the politicians had not done a very good job? Been a bit too rushed?

What the Court emphatically did not say was that the Government’s objectives were illegitimate and forever irreconcilable with the First Amendment. This was pretty much an open invitation to try again, this time with narrower words, better evidence, perhaps calmer reflection.

However, one bit of s. 230 of the CDA  which did survive now forms that part of US Federal law which protects internet intermediaries from liability for material published on their platform by third parties. It’s the reason Backpage was possible.

An insider commentator said about s.230

no other sentence in the U.S. Code… has been responsible for the creation of more value than that one…

The same commentator put that value in the region of a trillion dollars. I have no idea how you ever get to such a figure but you can be sure s.230 has been worth a heck of a lot of, er, money. Ex post facto could that be the reason a range of interests have become so strongly attached to it?

It is quite clear from the circumstances in which s.230 was adopted that nobody could have foreseen some of the important consequences of its last-minute insertion. There is, therefore, something singularly both absurd and grotesque about the fact that the CDA- a measure Congress  and the President clearly intended to be about protecting children – could have been used to protect a site such as Backpage.

Today some speak of s.230 in hushed and reverential terms as a calculated, carefully calibrated, deliberate, insightful blow that was struck expressly to support free speech, to encourage or sustain democracy and innovation – to the exclusion of all others or as a superior right or consideration which trumps any and all other considerations.

By implication, therefore, any attempt to reform s.230 is characterized as an attack on those same values. That is rubbish.

Two US Senators have brought forward a Bill which tries to unpick the mess, at least in relation to child sex abuse and trafficking. It is running into a wall of resistance from the high tech industry. This is extremely disappointing.

The tech companies’ core point appears to be

Unfortunately, the proposed legislation does not address the underlying criminal behavior and playing whack-a-mole with URLs/domains in civil courts is unlikely to stop bad actor websites that will simply move overseas and change their URLs to avoid being shut down.

Four things to say about that:

  1. Of course we should address the underlying criminal behaviour, and that is a task for others e.g. law enforcement. It is not an alternative to you guys looking after that bit of the terrain where you can have an impact.
  2. The way copyright and trademark infringement have been approached seems to be working well and having a beneficial effect. Even if all a reformed s.230 does, in like manner, is make it more expensive or difficult for bad actors it will slow them down and therefore reduce the volumes.
  3. With judicial oversight what is there to fear?
  4. As is already done in respect of certain types of law enforcement activities, affected businesses can publish a list of requests received. This will introduce transparency, facilitate legislative oversight and act as a restraint against potential abuse.

Let me say upfront I found it difficult to work out exactly what the effects of the wording proposed by the Senators would be. Put that down to my inexperience in reading US Bills.

So instead I offer my own modest suggestion about a possible way out. Not in final or polished legal language, but here goes….

By order of the Court the protection otherwise afforded by s.230 may be suspended or qualified in relation to a named entity or url where it is established that, upon notice, reasonable and proportionate, effective steps have not been expeditiously taken to mitigate or eliminate an identified criminal harm which is continuing at scale. 

In other words, I do not think internet intermediaries should ordinarily be liable for the publishing acts of third parties who use their platform or services. Most assuredly this should be the case where the third party in question is an occasional, small scale or intermittent publisher. Thus, as far as Facebook, Twitter, Google and similar are concerned I am not advocating for any significant change in the status quo.

But where the publishing activity complained of is taking place on a significant scale and on a continuing basis, if the evil is not or cannot be halted or reduced by the intervention of the platform owner, whether for technical or any other reasons, the court can step in. Innovation is therefore safeguarded as are free speech, artistic expression and other democratic rights while scoundrels are stopped in their tracks. Impotence in the face of complexity is no longer an acceptable defence.



Full text of s.230 CDA

(a) Findings

The Congress finds the following:

(1) The rapidly developing array of Internet and other interactive computer services available to individual Americans represent an extraordinary advance in the availability of educational and informational resources to our citizens.

(2) These services offer users a great degree of control over the information that they receive, as well as the potential for even greater control in the future as technology develops.

(3) The Internet and other interactive computer services offer a forum for a true diversity of political discourse, unique opportunities for cultural development, and myriad avenues for intellectual activity.

(4) The Internet and other interactive computer services have flourished, to the benefit of all Americans, with a minimum of government regulation.

(5) Increasingly Americans are relying on interactive media for a variety of political, educational, cultural, and entertainment services.

(b) Policy

It is the policy of the United States—

(1) to promote the continued development of the Internet and other interactive computer services and other interactive media;

(2) to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation;

(3) to encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet and other interactive computer services;

(4) to remove disincentives for the development and utilization of blocking and filtering technologies that empower parents to restrict their children’s access to objectionable or inappropriate online material; and

(5) to ensure vigorous enforcement of Federal criminal laws to deter and punish trafficking in obscenity, stalking, and harassment by means of computer.

(c) Protection for “Good Samaritan” blocking and screening of offensive material

(1) Treatment of publisher or speaker

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

(2) Civil liability

No provider or user of an interactive computer service shall be held liable on account of—

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

(d) Obligations of interactive computer service

A provider of interactive computer service shall, at the time of entering an agreement with a customer for the provision of interactive computer service and in a manner deemed appropriate by the provider, notify such customer that parental control protections such as computer hardware, software, or filtering services) are commercially available that may assist the customer in limiting access to material that is harmful to minors. Such notice shall identify, or provide the customer with access to information identifying, current providers of such protections.

Posted in Child abuse images, Default settings, E-commerce, Facebook, Internet governance, Pornography, Privacy, Regulation, Self-regulation

Begging a question

Amazing statistics emerged last week courtesy of a body called WARC which presents itself as Your global authority on advertising and media effectiveness.

WARC was publicising a study carried out by Verto Analytics according to which, between them, Google and Facebook account for 25% of all of the time spent online by adult UK internet users. One might imagine the proportion in respect of children was likely to be higher but there is no information on that point.

In this context Google was represented by search, Gmail and YouTube. They took one in six (17%) of every UK minute. This amounted to the equivalent of 42.7 million days per month.

Not very far behind was Facebook, which included Instagram and WhatsApp. Their 11% equated to 28.4 million days per month. Microsoft (7%) and Apple (5%) were up there with the dear old BBC, at 2%, marginally ahead of Amazon.

Any way you look at it these numbers reflect the staggering grip these mainly American companies have on the attention of UK adults. I have no problem at all with that in principle but here’s one of the things that keeps nagging away at me and it is particularly relevant to mention it as the Backpage furore continues apace in the States.

In the USA s.230 of the CDA is not identical to the eCommerce Directive which operates here in the UK, and indeed across the whole of the EU.

Although the CDA provision was later eroded by other legislative measures, for example to address trade mark infringement and copyright theft, in principle it confers a more or less unqualified immunity from any liability which might otherwise arise because of the postings or activity of third parties on your site or platform. This is the reason Backpage was able to get away with it for so long.

By contrast, the EU’s eCommerce Directive’s protection only applies if, upon notice, the platform provider or website owner acts expeditiously to address an identified wrong.

And yet here in the UK, despite this difference, the large US companies somehow managed to carve out for themselves a substantial share of the market. Go figure.

So when US advocates argue for global standards is what they really mean ” current US standards”? Or to be more precise, “the standard dreamed up in the US in 1996 when we didn’t really know how things were going to pan out when Web 2.0 came along.”

s.230 has become a refuge for scoundrels and an alibi for indefinite inaction. Things have moved on a lot since 1996. Isn’t it time to revisit the clause in the light of what the Backpage scandal has revealed?

Why would anyone want to defend or preserve a system that allows something like Backpage to happen? Are we seriously expected to believe it is beyond our wit to devise a form of words which would allow judicial authorities to distinguish between political discourse, technical innovation, artistic expression and child sex trafficking?





Posted in Advertising, E-commerce, Facebook, Google, Internet governance, Microsoft, Regulation, Self-regulation

More on moderation – and car number plates

Turns out there is already a legal action underway concerning the position of moderators. It is being brought against Microsoft by two ex-employees. It will be interesting to see how the case pans out. Microsoft has almost always been a leader in the field so whichever way the final judgement goes I’m sure we will be able to learn from it.

This whole discussion about moderation reminds us that the internet is not a single thing, rather it is a mish-mash of all sorts of technologies which, ultimately, ride on top of the TCP/IP protocol that is the unifying thread.

Existential threat? Yes, or no?

Ordering a plane ticket from Easyjet or the groceries from Tesco Online hardly poses any sort of existential threat. Many, by no means all, of the most difficult challenges instead centre on the way in which Web 2.0  has provided anyone and everyone with the possibility to publish their own content on a more or less unlimited basis.

In and of itself this is not an issue or a problem. Quite the reverse but, the way things have evolved, unthinkingly we have handed a megaphone and a stage to some extremely disturbed, violent and malevolent individuals who can safely rely on the fact that the volume of problematic content or behaviour online is so vast that unless they are very unlucky or egregious, the chance of them ever being held to account are exceptionally close to zero.  Alternatively, the individuals responsible are so disconnected or determined they don’t care if they are tracked down or exposed. Perhaps they live within a failed state or a part of the world where the authorities don’t care, can’t or won’t intervene, maybe even collude with them.

We created a system and now need defending from it

A seemingly still growing army of moderators is now engaged in trying to protect the rest of us from the consequences of our lack of foresight and care.

I guess we can all hope that AI will eventually provide a silver bullet but even its most energetic proponents doubt it will ever be smart enough to address everything. Thus a decision to stick with the status quo, or even a substantial part of the status quo with regard to user generated content, is in truth also a decision to condemn others to watch or read some terrible stuff.

Extremely radical –  unlikely to happen any time soon or even at all, but…..

Can we discuss other possibilities? Admittedly these are extremely radical and therefore are not immediately realisable. However, I would be astonished if, somewhere in the world, various interests had not already worked out a way of doing either or both, or some variation. Obviously I am not claiming ownership of these ideas. I publish them as a warning or rather an encouragement to get to a better place sooner.

The first route envisages more or less tearing up the internet as we know it today and, in effect, starting again. Internet 2.0 would have security embedded at every level. It would slide in alongside the existing internet , would not connect to it but would eventually become such an overwhelmingly attractive alternative for the vast majority of people that Internet 1.0 would wither away. Increasingly it would become known as the place where only weirdos and crooks hang out. A bit like today’s Dark Web.

On Internet 2.0 no one could log in from anywhere unless their identity was known with a high level of certainty. Neither could they connect via a device that had not been certified as meeting stringent security standards. Permissionless innovation does not become history but the rate of innovation, at least in terms of physical devices likely slows down. Apps may take days longer to reach an App Store as they too are more rigorously examined prior to release. At the last count, there were 7,588 different ways to view a video of a cute kitten playing with a ball of wool. We may need to wait a whole extra week for the 7,589th.

User generated content might not be allowed to exist at all, or would only be allowed on those platforms that agreed they were its publishers. Smaller sites might make it.  Bigger ones perhaps wouldn’t. Traditional forms of journalism would re-emerge. Fake news would not vanish but it would reduce significantly. Facebook would adapt or die.

All the accoutrements of the B2B internet would be preserved as would B2C. Net neutrality would probably vanish because the pipes would belong to the small number of infrastructure companies that paid for the new thing to be built and marketed. Cable and telecom companies would likely be the mainstays.

As with the roll out of Internet 1.0 the USA and richer countries would benefit first and new countries could only connect when they agreed to meet and enforce the new regime. It would be messy and uneven but the vast majority of the world’s population would quickly find a way to live with it.  They might miss some of the edginess and unpredictability of the old order but as long a Netflix, Google Search, Amazon, email and the BBC were still there they would rub along.

Number plates

The second route is not quite as far out but it is still a bit on the wild side.  I’m thinking about car number plates. We have a worldwide system which does two things: allows for the very rapid and inexpensive identification of people who appear to have broken the rules of the road in any jurisdiction and because of that it also encourages the vast majority of people to be better drivers in the first place. Every country has an incentive to comply. People can drive around and do stuff anonymously. Only if there is a suspected infringement might one’s activities or whereabouts be scrutinised.

Thus I could still log on as, say, RKW 48 (the registration of my dad’s first car – long since canned) and that is who I could be to the rest of the world unless or until I chose otherwise. RKW 48 could pop up as “Margaret” on one site or “Buffalo Bill” on another and as long as my alter egos stayed within the rules no one would know or care.

What if….and but….

I can already hear a litany of “what if’s and buts”,  and I am aware of the practical difficulties of getting such a system up and running on a global basis, yet consider where we are today in terms of what is or could be known about us and by whom, simply by virtue of connecting to the internet.  The number plates thing, at one level, would simply act as a reminder to everyone that while all the joys of the internet are open to them, they should remember they can now be swiftly identified should the need arise. My guess is that this one thing would do a huge amount to reduce the bad behaviour that is causing so much distress, not just to moderators but to the rest of us.

Whistleblowers and political repression

What about whistleblowers and those who live under politically repressive regimes? Yep. I acknowledge that’s an issue although I think its potential importance is hugely exaggerated, particularly by those who are against the basic idea anyway.  Even so I hope to find a way to avoid it. Maybe someone smarter than me can come up with an answer. However, saying leave things as they are won’t wash. In the long run it is not sustainable. Number plates might be the only way to save some semblance of what we currently think of as being the internet.

Posted in Default settings, E-commerce, Facebook, Google, Internet governance, Privacy, Regulation, Self-regulation, Uncategorized

Internet of toys – the impact on children of a connected environment

See the latest edition of the Cyber Policy Journal and an article entitled:  ” The Internet of Toys – the impact on children of a connected environment.” It’s an interview with me.

Posted in Internet governance, Regulation, Self-regulation

A follow up on moderation

Strange coincidence. Following on from my post about moderation which went up yesterday morning I learned that in the afternoon BBC Radio 4 also ran a piece on the same subject. It was on The Media Show. Sarah Roberts – whom I had quoted – was a guest on the programme along with a guy from Microsoft’s research division. The discussion starts around 19 minutes in although the first (and unrelated) item on what is happening today in the name of journalism is also worth a listen. It will not cheer you up.



Posted in Internet governance, Privacy, Regulation, Self-regulation

The price other people pay

I have just finished reading  The Secret Rule of the Internet. It is an extremely interesting and insightful account of the realities of how moderation works in practice within large social media companies. It is rather long but that appears to reflect the considerable amount of research that went into the writing. I feel rather embarrassed that I hadn’t seen it before.

The sub-heading speaks of the murky history of moderation and how it’s shaping the future of free speech.  However, it is by no means a dreary or predictable rant in favour of zero controls or maximum latitude to hurt, insult or offend.

I will not try to summarise the entirety of Secrets. It deserves to be read in full by everyone with a serious interest in internet policy. Look in particular at what it says, almost as an aside, about s.230 of the Communications Decency Act, 1996. Moreover, while there is a bit of good news there was nevertheless one aspect that conjured up disturbing reflections.

Near the beginning of the text we find an account of a moderator who had to look at a video someone had posted of something horrible being done to a child in a hotel room. Ten years later the image still haunts her. The issue of the welfare of the people who do the actual moderating is a major theme.

We are reminded that, ostensibly in the name of free speech, there is a human price that has to be paid in order to provide platforms for what are, in reality, some really sick individuals. But it’s not a price that is routinely paid by the golden, wealthy elites who own or have senior positions in the companies that give this stuff an airing. Neither is it normally paid by those who campaign so ferociously to defend the status quo. On the contrary. Moderation remains a relatively low-wage, low-status sector, often managed and staffed by women.

And guess what? A lot of it takes place offshore.

Secrets cites Digital Refuse, by Sarah Roberts in which the author shows us that the same places that are sent the unwanted physical waste of the more affluent world are now also being sent “our” virtual toxins.

child abuse and pornography, crush porn, animal cruelty, acts of terror, and executions — images so extreme those paid to view them won’t even describe them in words to their loved ones…

…there they sit in crowded rooms at call centers, or alone, working off-site behind their screens and facing cyber-reality, as it is being created. Meanwhile, each new startup begins the process, essentially, all over again.

 There is a reference to a Wired story from 2014 where Adrian Chen documented the work of front line moderators operating in modern-day sweatshops. In Manila, Chen witnessed a secret army of workers employed to soak up the worst of humanity in order to protect the rest of us.

However, in offices located  elsewhere, we are told

To safeguard other employees from seeing the… images… (the moderators were) sequestered in corner offices; their rooms were kept dark and their computers were equipped with the largest screen protectors on the market. 

Even so….

Members of the team quickly showed signs of stress — anxiety, drinking, trouble sleeping — and eventually managers brought in a therapist. As moderators described the images they saw each day, the therapist fell silent. The therapist… was “quite literally scared.”

I wonder how many therapists there are in Manila?

It is not all doom and gloom. Reassuringly we are told

 Some large established companies like YouTube, Pinterest, Emoderation, Facebook, and Twitter are beginning to make headway in improving moderation practices, using both tech and human solutions.

Let’s hope that is correct but again we have to take it all on trust because everything is surrounded by secrecy.

Poor people in poor countries, desperate for work, are not often described as being the foot soldiers, the poor bloody infantry, of free speech. Yet that is the reality.

In another part of the forest and under a variety of guises, there has been an entirely proper focus on the supply chain companies use to manufacture or deliver their products or services. Typically these initiatives have been designed to eliminate child labour, slavery or environmental harms. Isn’t it time Silicon Valley was pressed to do something about the huddled masses who daily have to face the unfaceable?


Posted in Internet governance, Regulation, Self-regulation

Looks like 13 for the UK

Yesterday the British government announced its intention to bring a Bill to Parliament to enact the provisions of the GDPR, thereby embedding them in UK law. Brexit? What Brexit? The story led the news throughout the day. There is no doubt about the overall importance of this measure. In certain circumstances companies can be fined up to £17 million or 4% of their turnover if there is a breach.

On page 17 of the Government’s  statement of intent in respect of the forthcoming Data Protection Bill the following appears

In view of all these considerations, we will legislate to allow a child aged 13 years or
older to consent to their personal data being processed.

One of these considerations was referred to in the following way

No respondents to our call for views expressed a firm view that the minimum age to
consent to data processing should be set higher than age 13.

Strictly-speaking this is true. The bulk of the children’s organizations simply pointed out that no one had made a positive, broadly-based  case for 13 and that before any final decision on the age limit was agreed two things needed to happen: children ought to be consulted directly and there should be some thorough, scientific, independent research to establish precisely how children of different ages experienced and understood the modern internet, in particular its commercial and privacy dimensions. Neither of these things has happened.

The children’s organizations also relied in part on an undertaking given in March, 2017 by the Office of the Information Commissioner. In their consultation on consent the following appeared at page 27

We’ll be developing further specific guidance on children’s privacy. It will include more detail on identifying an appropriate lawful basis for processing children’s data, and issues around age verification and parental authorisation.

This was linked to a promise to consult. This too hasn’t happened. Will Parliament say this is not acceptable before allowing the Bill to pass?

One other comment by the Government particularly caught my attention.

…..age checks at age 18 are increasingly commonplace online but at that age it is possible to check credit records, driving records and electoral records. These do not exist for children aged 13 to 16 and most websites therefore start by asking questions, building trust and then investigating unusual behaviour or complaints.

I put this last part in bold to draw attention to it. I know this is what social media companies say they do but it has been a longstanding complaint by the children’s organizations that there has never been any verified quantification of this assertion, neither has there ever been an independent assessment of how well the companies perform such vital tasks.

In the forthcoming internet safety strategy review this must change. It is clearly in the public interest for there to be a body, independent of Government, which has the legal power to require companies to provide it with information about their operations insofar as they affect children. Logically, based on an analysis of whatever information it receives, such a body ought also to have the power to make legally binding decisions which require companies to act in specified ways to safeguard children.

These things are too important to be taken wholly on trust. The internet is too intimately embedded in all of our lives, and above all children’s lives, for internet companies to be exempt from scrutiny. Internet exceptionalism no longer rules. OK?

Posted in Age verification, Default settings, E-commerce, Facebook, Google, Internet governance, Privacy, Regulation, Self-regulation, Uncategorized