Legislation in the USA

Regular readers will be aware of the twists and turns of the debate surrounding the future of s. 230 of the Communications Decency Act, 1996. That is the thoroughly ill-fitting name for a law which has protected companies like Backpage from being prosecuted for facilitating child prostitution and trafficking.

Republican Senator Portman and Democrat Senator Blumenthal proposed an amendment to the law. Large swathes of the tech industry opposed it.

Not any more, it seems. Big tech has had a change of heart and, as a result, a slightly revised version of the amendment has just cleared a crucial hurdle in the Senate which apparently has, in turn, cleared the way for a final vote in both Houses.

No doubt people will speculate about the reasons why big tech has shifted its position and they are likely to conclude that they are running scared because of the obvious and still mounting anger in Washington over “fake news” and related matters. In other words, political will and political circumstances, in the end, are what count.

I trust this moral is not lost on members of the UK Parliament and the powers that be in the European Union.

Not everybody is happy but there you go. Seemingly bodies such as the Electronic Frontier Foundation still say it is an “awful Bill”. Why? Because they believe that in order to avoid any risk of being liable for facilitating child prostitution or trafficking internet businesses will “err on the side of removal”. Three cheers for that is all I can say.

Obviously, I am not in favour of innocent speech being wrongly deleted but if that is truly a concern perhaps it will act as a spur to find ever more ingenious ways of solving it. Erring on the side of protecting children is not a shortcoming as far as I am concerned. The wonder and the shame is that it has taken this long to get there.

Posted in Default settings, E-commerce, Internet governance, Regulation, Self-regulation, Uncategorized

Silicon Valley on the rack

This morning the Today programme carried a big piece about Twitter, Google and Facebook being up in front of a US Congressional Committee to explain how it was, during the last Presidential election, their platforms seem to have been exploited in highly undesirable ways, one of which appears also to be illegal.

The ostensibly illegal way concerns the manner in which 126 million Americans were exposed to Russian-backed election content. 120 “fake Russian-backed pages” also created 80,000 posts that were seen directly by 29 million Americans but were probably actually seen by many more through sharing, liking and following.

Now whether you were glad or sad that Donald Trump won is sort of beside the point. What is at issue here is the way something as fundamental as the system for electing the President was so easily manipulated. Did someone fall asleep at the wheel? And if “Big Tech” can get something like this wrong, what else might be amiss?

Remember Hilary Clinton got more votes than Donald Trump but her votes were “maldistributed”. The Electoral College got Trump across the line, not a numerical majority. The implication is that micro-targetting specific demographics in swing States was to some degree or other responsible for the outcome and micro-targetting is what the big platforms claim to be good at.

Before anyone in the UK starts getting uppity or superior about maldistribution, similar things have happened here, most notably in the 1951 General Election (no, I don’t remember it!). That year Labour got its largest ever number of votes and nearly 1% more of the share of the votes than the Tories but they got 321 seats to Labour’s 295. Winston Churchill was Prime Minister again. Enough already with the history lesson.

Now if there is one thing which is bound to get the attention of politicians it is someone else messing with the well- understood mechanisms and methods by which their elections are conducted.

I doubt anyone imagines, even for a moment, that any of the businesses currently on the rack positively wanted or intended to help Trump or harm Clinton. In a sense it is much worse than that. They were tricked or gamed by outsiders who obviously understood their technology better than they did and knew how to bend it for their own dark ends.

I guess if your motivating spirit is “move fast and break things”  or you believe it is always better to apologise than seek permission, something like this was inevitable.  But the gods will have their terrible revenge and we might be witnessing the beginnings of it on Capitol Hill right now.

So did Silicon Valley get Trump elected? That seems unlikely but what is astonishing, even shocking, is that nobody can say they didn’t or that there is even room for reasonable doubt. And this is all coming to light after the event with each of the companies acknowledging they had no idea they were being played in the way they were.

Saying “oops, sorry” somehow doesn’t cut it.

Turning to the UK again, I wonder how much of the EU referendum vote can be explained by similar skullduggery?

The ability to micro-target specific demographics to sell corn chips or holidays on the Costa Brava is one thing. But when that sort of power starts to engage with electoral politics it is very worrying particularly if, at the same time, it also allows unambiguous lies and the grossest distortions to be peddled with impunity or play into filter bubbles.

The truth is in a first-past-the post Parliamentary system such as ours the outcome of a General Election is determined in a relatively limited number of seats by a comparatively small number of voters.  It is one of the reasons I became a convert to some form of proportional representation.

I trust the powers that be are on the case.

Posted in Regulation, Self-regulation

More problems with ICANN and WHOIS

Almost from the very beginning of the internet, or at any rate from the beginning of the worldwide web, there has been an explicit rule which says that the name, address and contact details of whoever owns or manages a domain must be accurately recorded and published in a way which is accessible to anyone who wants to know. It was repeated in the so-called “Affirmation of Commitments” (para 9.3.1) which for practical purposes is the modern foundational charter of ICANN.

It is a rule honoured more in the breach than in the observance. In a review published a few years ago it was found that of the then 220 million domain names in existence only 23% fully met the accuracy requirement. In other words to find accurate details of who owned a domain was very much the exception rather than the rule.

Why is this so? Because verifying the information given by people buying domain names takes time, costs money and potentially deters people from buying in the first place. Those things can impact adversely on the revenues and profits of Registries and Registrars, and therefore also, ultimately, ICANN itself.

Because of this ICANN has failed to take any meaningful enforcement action to secure compliance with its own rules and, instead, has set in train what feels like an endless cycle of reviews and re-examinations. The longer they can drag it out the longer the money keeps rolling in. If, eventually, they have to move then, c’est la vie, they milked it for all it was worth.  But the rest of the world has paid a terrible price.

Why? Because the volume of fraudulent and criminal misuse of the domain name system has overwhelmed the capacity of law enforcement agencies and other regulators. The amount of time it takes, the cost and complexity of determining who precisely did something which appears to be unlawful, is now so onerous unless it is an egregious instance most cases simply end up in an ever-growing inbox. The bad guys know this and play the odds. Yet it is hard to imagine that if all internet users knew they could be rapidly, reliably and inexpensively identified that there would be quite so much bad or criminal behaviour taking place.

This has nothing to do with being anonymous in the sense that, broadly-speaking, I could hardly care less what names people use when they log on to or use a service. What is important is that people know, rather like the position with car number plates,  if  it is necessary for the purposes of carrying out an investigation,  law enforcement or regulators in their country could quickly get a fix on them if a legitimate request came in which complied with the current rules of their own national law and international law.

However, now it seems a couple of Registries in Holland are saying the GDPR forces them not to publish details of who owns a domain. Their argument is partly technical i.e. if a Registry makes it a condition that a would-be purchaser of a domain name must agree to their personal information being published, as a condition of being able to buy it, that to some degree is coercive or it is called “bundling” and both are forbidden.

For now, ICANN appears to be objecting to this interpretation of the GDPR but I can imagine a great many interests in and around ICANN would be delighted if this Dutch view prevails. It musn’t.

PS: For the avoidance of doubt, in the end, I  guess I am less concerned about the names and addresses of domain name owners being published than I am about the data being accurate and easily and inexpensively accessible to law enforcement and regulators. Of course, it should be possible for consumers, should they be so minded, to check out who owns a site before they engage with it.

Posted in Default settings, ICANN, Internet governance, Privacy, Regulation, Self-regulation

Transparency and evidence

I recently heard  Professor David Finklehor most forcefully make the point about how little independent evaluation is done in the online child protection space. This restricted the opportunities for people to learn from each other, allowing poor or ineffective programmes to continue or even grow while better initiatives might be overlooked.

Then last week at Parentzone’s excellent conference Professor Andy Przybylski made the remarkable claim that only around 30% of the programmes he had looked at or was aware of could be replicated and achieve results similar to those claimed by the authors. The implication of this was clear. There could be a lot of dodgy science going on.

Now we all know that some things are difficult to measure and, applying the precautionary principle,  you don’t need to have absolute certainty about everything before common sense points you towards doing something.  Also evaluation costs money and not everybody wants their work to be looked at too closely by outsiders but without it there is always a risk that the activities in question are little more than a PR gimmick truly designed to serve a different and undeclared purpose or are a money grab with no higher objective than meeting the wages bill. That wasn’t meant to sound as pious as it came out. As a freelance for many years I think I am more aware than most about the precarious nature of this business.

More importantly, though,  the absence of sound evaluations suggests a lack of seriousness.  It is inconceivable that in the field of medical research, for example, or in other areas where public safety or welfare arises, that there would not be repeated testing and assessment before something was given any kind of official blessing or imprimatur, much less recommended to third parties.

Posted in Regulation, Self-regulation

The Green Paper and other things

I have now read all of the Green Paper more thoroughly and there is no doubt in my mind, in terms of its scope and much of its language, it is extremely good.  Of course, at its heart, is the fundamental problem of laws/no laws, to which I referred in my last blog and we’ll see where things end up on that score.

Last week’s  edition of The Spectator (a publication of the Thinking Right)  came out on Friday. It could hardly have been clearer in terms of calling for legal restraints or obligations to control the internet giants. The previous day in the Guardian the same businesses were likened to cars without brakes, saying they must be reined in. Let’s overlook the mixed metaphor and just accept the spirit of it.

Beyond that Jenkins produced this memorable paragraph

The internet is passing through the robber baron phase of capitalism, as manufacturers did in the 19th century. Then, as now, governments were too scared to regulate companies, which grew big and arrogant, and collapsed. I bet this happens to the internet.

It is becoming increasingly difficult to find anyone to speak in favour of the status quo unless, of course, they are in one way or another a client of it or hope to be.

Returning to the Green Paper, there are a couple of surprising omissions and a few issues that will probably generate more heat than light but, as usual with something like this, I am going to be consulting with all the children’s groups in the UK’s Children’s Charities’ Coalition on Internet Safety before responding in detail. So watch out for a blog nearer 7th December – which is the closing date for comments.

Posted in E-commerce, Facebook, Google, Internet governance, Regulation, Self-regulation, Uncategorized

One more visit to the Last Chance Saloon

Today saw the launch of the long-awaited Green Paper (consultative document)  setting out the UK Government’s thinking on what a new internet safety strategy might look like. Containing almost 60 pages of densely written text, it pretty much covers the entire online child safety and child welfare horizon plus a couple of extra bits e.g. fraud and older people. In addition, while online dating sites and hate speech have not, historically, been part of the children’s internet agenda, the fact is they definitely are now so well done to all for including them.

I am not going to try to sum up everything in the Green Paper today but here are three  of what I think are key headlines:

  • The Digital Economy Act, 2017, requires a Code of Practice to be developed to guide or at any rate describe how social media platforms are expected to behave across a broad spectrum of issues. This we already knew. What the Green Paper makes clear is that this could become linked to sanctions regime to ensure compliance. Gulp!  I must have missed that but the key word there is “could”.   We shall see.  Sanctions, or the threat of them, certainly seem to be doing the trick in Germany.
  • A levy is to be established to fund awareness raising and preventative activity although here it is clear they would really like it to be voluntary. What is unclear is if the expectation is that, if such a levy were to be established, would it simply siphon off funds companies are already spending e.g. on initiatives such as  Internet Matters or would it go into a kitty that the Government would control\/
  • Without wishing to diminish the importance of either of the above, for me the truly encouraging bit of the Green Paper concerned what the Government are asking for in terms of transparency.

We simply do not know the truth about the real scale and nature of what is happening to children and young people on the different platforms and how well, or otherwise, the companies responsible are addressing them, within what timescales and so on. And just to make it clear, the we here is not just policy wonks, it is parents, teachers and children and young people themselves.

Given the absolutely central role the internet plays in all our lives it is no longer acceptable for companies to ask everybody to take everything on trust. With great power comes great responsibility and with great responsibility also comes a need for accountability.

There can be no real accountability without transparency.  The transparency dimension is also to be voluntary but on the  Today programme on Radio 4 this morning Karen Bradley MP, Secretary of State  with responsibility in this area, was quite clear (paraphrasing)

If this voluntary approach does not work we will legislate.

I guess I have a rather world-weary sense that that’s where we are going to end up so I am disappointed we didn’t take that final and inevitable step now. Instead, we are making one more visit to the Last Chance Saloon. Apologies for mixing metaphors but I am reminded of the boy who cried “wolf!”.

And was it a coincidence that just as the Green Paper emerges today we learn that Ofcom, or at any rate its CEO finally seems to accept both that the internet can be regulated and that the big internet platforms are in fact publishers?

The wind has been blowing in this direction for quite a while but when even conservative-old Ofcom starts tacking you sense that it looks like turning into a gale.

Closing date for comments on the Green Paper is 7th December.

Posted in Default settings, E-commerce, Facebook, Google, Internet governance, Microsoft, Regulation, Self-regulation

The Holy Father takes a stand

I have had several comments, ranging from the wry,  sarcastic, through astonished, to utterly disbelieving or critical about my having attended a conference organized by the Catholic Church to discuss child abuse. In Rome of all places! At a time when two senior officials of the Catholic Church are awaiting trial or investigation in relation to child abuse.

As someone who was brought up a Catholic, attended a Jesuit school and has two cousins who are Catholic priests, I think I can claim some sort of, at least minimal, insight and I know with absolute certainty that the massively overwhelming majority of Catholics, and above all the clergy and the leadership, are righteously angry with the individuals within the Church who betrayed the trust placed in them by children. More than once reference was made to child abuse being a “sacrilege” and in Catholic-speak it doesn’t get much stronger than that.

All of the Catholics I know have also been hugely disappointed by the dreadful mistakes the Church as an institution sometimes made in relation to their handling of a number of cases of child abuse when they came to light.  I don’t want to put words in anyone’s mouth but I have an inkling the energetic way in which the Catholic Church’s senior leadership is attacking the problem of child abuse today, particularly within the Church, is at least in part motivated by a desire to expiate and atone for the sins of their collective past.

And if we won’t sit down with the Catholic Church, who will we sit down with? I cannot think of a single institution that has brought adults and children into close proximity that has not experienced exactly the same problems and challenges as those which have beset Catholic bodies. Secular and religious organizations alike have let down kids. Secular and religious alike now know that unless you actively intervene to safeguard children abuse will almost certainly happen and you will not be able to escape the moral and possibly also the legal responsibility for it.

Of course the fall from grace, so to speak, is all the more spectacular, wounding and depressing in an institution such as the Catholic Church which unambiguously founds itself on deeply held ethical principles but the hard-headed fact is the Catholic Church is populated by humans, with all their attendant frailties, failings and weaknesses. If we had forgotten that once, we will never do so again.

Yet it remains the case that the Catholic Church in general, and Pope Francis in particular, exert a unique authority in the world so the fact that they are taking up spiritual arms in the fight for a better internet for children is an event of enormous importance. I was both honoured and delighted to be part of it.

The conference

I have never been to anything like it before. There were several notable absences,  and I have no way of knowing how they came about – could have been simply diary clashes – but otherwise there was an astonishing spread of leading researchers and child protection advocates from across the world. It would be invidious to single out anyone in particular but I was particularly pleased to be able, for the first time, to listen to Michael Seto. I was even more delighted when, by chance, we ended up in the same workshop and could carry on a more direct conversation.

Many of the other speakers I had both met and heard before and it was great to see them again but one complete newbie for me was Professor Elizabeth Letourneau from John Hopkins University. She confidently asserted that child sex abuse is preventable. In Letourneau’s view the problem is too few policymakers believe that and, as a result, do not invest sufficiently in preventative strategies. Individual children and society as a whole consequently pay a much bigger and more terrible price further downstream.

The Declaration of Rome

The major outcome of the conference was the Declaration of Rome which Pope Francis put his name to yesterday morning. Because this was, as it were, both a statement by a religious leader and also a Head of State the wording had been chewed over and worked- on days, possibly weeks, before. Would I have written it differently if it was entirely down to me? Almost certainly, but even so I could not have improved on statements like these, addressed as they were

To the parliaments of the world to improve their laws to better protect children and hold those accountable who abuse and exploit children.

To leaders of technology companies to commit to the development and implementation of new tools and technologies to attack the proliferation of sex abuse images on the Internet, and to interdict the redistribution of the images of identified child victims.

To government agencies, civil society and law enforcement to work to improve the recognition and identification of child victims, and ensure help for the massive numbers of hidden victims of child abuse and sexual exploitation.

To governments, private industry and religious institutions to undertake a global awareness initiative to make citizens in every country more alert and aware regarding the abuse and sexual exploitation of children, and to encourage them to report such abuse or exploitation to appropriate authorities if they see it, know about it or suspect it.

The Declaration of Rome – Part 2

Everybody who attended the conference was assigned to a workshop. Within them there was a rich and varied set of debates and discussions where several quite detailed and specific points were sharply expressed.

These will be reflected in a further statement or supplement to the Declaration of Rome and this will also carry the full weight of Papal authority.

My search engine tells me that crossing fingers probably had pagan origins so it might be inappropriate to invoke it here. But if it wasn’t, that’s what I’d be doing. Watch this space.

Posted in Child abuse images, Default settings, E-commerce, Regulation, Self-regulation