Online Harms White Paper – the obvious problem

Some time ago I read a discussion of strategies online businesses might adopt to try to avoid the clutches of potential or actual Regulators. Without embarrassment or apology it was suggested companies deliberately bundle and entangle lots of things.  Why? At least in part because this would make it more difficult for anyone outside the business to understand what was actually going on or identify the causes of a given problem that appeared to be worrying people.

This is the same kind of thinking that brought us confusion marketing.

Opacity is a great shield

I don’t remember if the same piece also recommended the additional, very effective tactic of simply not telling anybody anything you are not legally obliged to disclose.  That is nevertheless commonplace in the high tech world, supplemented, where appropriate, by a liberal use of non-disclosure agreements.

Thus, if outsiders know anything about what goes on inside a company it will generally either be because of a leak or because an ex-employee decides to spill the beans. Alternatively, it could be the result of a journalistic exposé. If it is none of those things,  in all probability it will be linked to an internal PR decision the business took to permit a glimpse of a fragment of their operations.

Of course all this can be supplemented by research carried out by academics or by data released by the police or children’s groups but such sources,  and here we must also include leaks, confessions and exposés, are inevitably limited in nature and therefore they are often contested. “Contested” here is a euphemism for “dismissed and ignored.”

Über opacity : those obscure bodies performing public-facing functions

Alongside the tech companies there is an ecosystem of infrastructural bodies which, historically, were responsible for developing the technical standards that allow the internet to function.  I am speaking about organizations such as the IETFW3C, and ICANN .

The barriers to participation in them are enormous, revolving principally around money, time and high levels of technical knowledge.  The weakness of international institutions under those same headings – money, time and high levels of technical knowledge – means there is little effective external oversight.  IETF, W3C and ICANN serve their masters and their masters, by and large, not exclusively, are different bits of the tech industries. They have a reason for being in the room and the reason is money.

I am less familiar with the W3C but in the case of ICANN,  law enforcement,  most Governments and NGOs are constantly outgunned, all too often attending as under-resourced supplicants facing a battery of industry lawyers, accountants, lobbyists and pointy heads who regard them as intruders trying to mess up“their” precious world. I could name several large Governments from the prosperous North that simply don’t turn up to things because they don’t have the wherewithal in the right budget to pay the air fares and hotel bills. Civil society bodies, naturally, are in an even worse position.

Anything emanating from ICANN’s  Governmental Advisory Committee’s Public Safety Working Group is automatically treated with antagonistic suspicion.

Meanwhile the IETF tries to maintain the absurd fiction they are “only engineers” whose working groups have no role or remit to consider the public policy impact of any given project they might undertake.

The internet is therefore a peculiar mix of privately owned enterprises, and  a series of supporting bodies which, similarly, are private entities. Yet they are all nevertheless performing extremely important tasks. They sit at the heart of the way the modern world communicates and does business. All this is down to how the internet evolved, but that does not mean it has to stay that way forever.

Against such a background what are Governments to do?

All over the world people are making it clear they really don’t like the internet’s downsides. Governments are being pressed into action yet, for the reasons given, this is happening without them having a lot of information or insights that would help guide their political or legislative missiles.

Should Governments  give in to the  passive aggressive, silver tongued hostility of tech? Should they be brave and decide to stand as a buffer between their electorates and the tech companies, explaining how difficult everything is and how they believe the companies are doing their best but it is all very difficult?

Or should they plunge in and try to  do their best to meet their citizens’ legitimate concerns?  In publishing its White Paper on Online Harms the UK Government has opted for the latter course of action. All I can say is “well done,  right decision”.

Public policy-makers in the tech space remind me a bit of physicists in the early modern era. They knew some stuff but were unaware of a great deal we now take for granted. Nevertheless they pressed on.

Even so

I was prompted to write this blog because the other night I was with a group of very well-informed people who either work in tech, had recently worked in tech or were close observers of tech. The hot topic of conversation was the White Paper.

I heard complaints about the imperfections of policy making in British public life (who knew?), complaints about how much of what the UK Government was focusing on was linked only to the behaviour of a handful of businesses, the giants, and because of this a lot of collateral damage was likely to be done to other, smaller or better behaved enterprises.

Then we fell to discussing details of how particular processes of concern to children and parents might work better. Conversations like that will be happening all over the place but they will be doing so, as this one was, against a backdrop of not knowing many crucial details. To use a footballing analogy, we ended up dissecting the off-side rule without first having agreed on the size of the pitch, the number of players there should be on each team, how long the game should last and so on.

This is not argument for tearing everything up and going back to the drawing board. We are where we are.  Carpe diem.

The role of the Regulator is going to be absolutely key

I am certain we must focus on ensuring the new Regulator that is to be established will have the right level of resources and the right combination of  powers. In particular it must have the power to require the production of information about any given company’s operations.  The information thus obtained  must form the core of the evidence that will be used to draw up the detailed regulations and codes that follow. Without such granularity the risk is the Regulator will keep missing the mark.

Self-evidently any and all of its actions  should be subject to judicial review with full transparency. The Regulator should publish assessments of companies’ performance.

Should the Regulator be a new body or be made part of Ofcom? Discuss. My gut feeling is so many of the tasks the Regulator will undertake are such a long way from Ofcom’s traditional territory that probably a new body is required.

The Government needs to step away asap

What is clear is this new Regulator must enjoy the confidence of the tech world, civil society, the media and law enforcement. I suppose it is inevitable the Government must appoint the person who will be its head but, harking back to my earlier point about the important role of the internet in the nation’s life, there is a strong case for this appointment being subject to approval by Parliament with all-Party agreement that whips will not be applied.

Moreover, while I can see the Secretary of State should have a power to direct the Regulator to look at a particular problem, I am uneasy about the idea that the Secretary of State has to agree any code of practice that might result from such a direction.

Perhaps here, again, Parliament should be required to approve whatever codes the Regulator might propose: either all of them or maybe only certain types, and these would definitely include any that had resulted from an initial direction by the Secretary of State.

Duty of care, platforms’ liability and terms and conditions

Thus, while I am saying in the absence of essential information it will be difficult, at this distance, to say what individual codes of practice should say or to prescribe particular approaches to specific problems that currently preoccupy us, there were three clear and overarching ideas  in the White Paper which ought to be included on the face of whatever Bill makes its way to Parliament.

First among these is establishing a “duty of care”. This is not a new idea but it has not previously been made explicit that it applies in cyberspace every bit as much as it already does in the physical world.

Second, without necessarily imposing a  general obligation to  monitor all activity on a site or platform, although my view on that is weakening,  businesses should be put under an explicit obligation to analyse every aspect of the services they provide so as to anticipate, mitigate or prevent potential problems that might arise  e.g. by deploying available technical tools as well as engaging in accessible educational and informational activity.

Third and closely linked to the second is the idea that for platforms to preserve their immunity from civil or criminal liability they must show they have taken reasonable and proportionate steps to  enforce their own stated terms and conditions of service. Ts&Cs should not be merely marketing hype.

Harmful content

I used to think that unless particular types of content were illegal there was no basis for Governments to expect internet businesses to remove them. That sort of remains my view but it is clear that it is impossible to come up with definitions which will be sufficiently clear and nuanced to cover all of the cases likely to arise. Context can be everything.

Again, what do you do? Throw your hands up and say you are powerless? It’s not even worth trying? No.

Maybe we should explore the idea of establishing within the Regulator an arm which is  essentially judicial or quasi judicial in nature. They should issue the guidelines on what type of  legal content will be considered harmful, and in what circumstances. They could also adjudicate should there be material doubt or a dispute.

In making decisions I would expect such a body to have regard to the nature of the audience known to be using the service. If children are present in significant numbers one standard should apply, whereas if they aren’t the standard could be altogether different and more liberal. This should help minimise the risks to free speech. 1 in 5 of all internet users in the UK are children. We simply cannot continue to pretend the  internet is, could be or should be an adults only medium.

Trying to be too many things to too many different interests

Much of the original, Utopian, wonderful idealism associated with the early days of the internet has been confounded by the harsh realities of the world. The internet as we know it is trying to be too many things to too many different people with too many diverse interests. It is not sustainable. Something very different lies ahead. It may not be an unqualified improvement on what we have now. It  could lose some of its edginess and dynamism but it will gain in other areas.  On balance, will it be a price worth paying? We shall see.

 

Posted in Default settings, E-commerce, ICANN, Internet governance, Privacy, Regulation, Self-regulation, Uncategorized

More on DNS over HTTPS

The Sunday Times today reports on the threat that DNS over HTTPS appears to pose to child protection.

 

Posted in Uncategorized

The Not Scientist and others

On Tuesday the UK Government finally announced the trigger date (15th July) for those parts of the Digital Economy Act, 2017 which require commercial pornography sites to ensure persons under the age of 18 are not able to view their wares. For years the porn companies said they didn’t want kids looking at their stuff but refused to do anything meaningful to make it real. Seemingly that was someone’s else’s responsibility.  Those days are over.

The new law heralds the introduction of robust age verification for commercial porn. One way of looking at this is as an attempt, an experiment, to see if we can apply, in cyberspace,  the same or analogous rules that we routinely apply and accept in the physical world. I think we can and we should. Most certainly we should try. The internet is the home of innovation. This is innovation.

Smirking all the way to the bank

The UK’s laws and conventions surrounding children’s access to porn are not dissimilar to those in a great many, I believe the vast majority, of other liberal democracies. Anyone who thinks those laws and conventions are bad, wrong or ill-advised is at liberty to make the case and try to get them changed. However,  in the UK at least, for as long as we have such rules and expectations it is completely unacceptable for offshore companies to smirk all the way to the bank as they knowingly and persistently take advantage of the failure, hitherto, of national governments and of international institutions to find a way to make rules bite in circumstances such as these.

Call it another failure of self-regulation.  This is what prompted the UK to act. We are seeking to give our rules bite. We are following the money, with a reserve power to block access if necessary. If we can show it works other countries will follow. A great many are watching closely.

No rebuttal

Anyway for whatever reason, between the Act being passed and this week, there was no systematic rebuttal effort or major public information campaign explaining how the age verification rules would operate. Given the inordinate delay, attributable to Brexit blockage as much as anything, this has proved to be extremely unfortunate.

I don’t have a problem with people being sceptical about anything that emanates from Government, it would be worrying if they weren’t, but what we have witnessed here is something altogether different. Individuals and groups who, from  Day 1, were ideologically opposed to the very notion of trying to  regulate pornography, or had a vested interest in the status quo, have had a clear run at attacking the proposed new regime, telling what can only be described as “lies” or, if one was feeling generous, at least speaking in a way which suggests they have not been paying attention. Maybe their blinkers or closed minds were getting in the way.

For example

A few months ago I did the PM Programme on BBC  Radio 4. I was on with the Editor of Computer Which magazine. She told us her background was in journalism and then proceeded to announce to the world that, in fact, the whole plan to launch age verification had already been abandoned because the Government discovered it couldn’t actually work.

The BBC journalist presiding let it pass because they, rather obviously, knew nothing about the subject. It was left to me, self-evidently on one side of the argument, to tell the listeners this was simply not true. Trumpian alternative facts were having an outing in unexpected quarters.

Things like this have been happening a lot and for this I blame, at least in part, the Open Rights Group. (ORG). Their first press release on the subject of the (then) Digital Economy Bill said it would “outlaw erotica”. A blatant falsehood. I’m having difficulty now finding that press release to provide a link to it. I wonder why? But just to be clear: nothing that is legal today becomes illegal after the new law comes into effect. Shall I repeat it or find another way of expressing the idea so there can be no doubt about its meaning or intent?

OK, all kinds of crazy things get said by campaigning bodies with a declared agenda and on a live programme it can be difficult to step in, particularly when the clock is running down. But aren’t we entitled to expect professional journalists to check the facts? Is it OK to regurgitate uncritically a campaigning group’s press release and still claim to be engaged in journalism? No, and definitely not in the case of a journalistic outlet operating outside the pressures of 24/7  news reporting.

Which, sadly, brings me to the “New Scientist” (I am a subscriber, as indeed I am to Which). Or rather it brings me to the “Not Scientist”.

Baloney wearing a cloak of verisimilitude (look it up)

In the edition of 30th March, one James Ball wrote a piece called “No Porn Please We’re British”.  It is behind a pay-wall so I cannot provide a link to the whole article although there is a connection to a promotional item associated with it.

Here are some verbatim extracts from Mr Ball’s piece.

“The day-to-day implementation of the UK’s age-verification scheme is being managed by AgeID, a subsidiary of MindGeek”.   Wrong. MindGeek is the world’s largest publisher of online porn so if the claim was true, at first sight this would be alarming.

But it isn’t true. Not by a very long shot.

If anyone can be said to be “managing the day-to-day implementation” of the new regime wouldn’t it be, er, the Regulator,  namely the BBFC? The idea that it might be in the hands of a single private company which, in turn is a subsidiary of a porn company is……… Well, you tell me what that is.

I have just learned that, on 10th April, in the online version of the article the New Scientist printed a “clarification” of the status of AgeID. Good but not good enough in respect of something of such obvious importance to the whole story.

More non facts

So far, the only major provider (of age verification solutions) is MindGeek. Quoth Ball.

Wrong again.  I  now know of about ten providers and there will be more by the time of the commencement.  True enough I don’t know what Ball meant by “major”. He doesn’t explain but it is clear what he intends to imply. Do your homework Mr Ball and the Editor should do some fact-checking before pressing the print button.

In correspondence the New Scientist prayed in aid that The Independent  said something similar.  Good to know they sub-contract out these matters in that way. I’ll see if I can get an Indie reporter to say the Earth is flat.

Phew what a whopper!

Then there’s this one, maybe the biggest of them all.

“Campaigners characterise the AgeID verification process as creating a UK-wide database of adults accessing pornography with no additional legal safeguards….”

If any “campaigners” did believe what Ball says they believe it can only be because they have not read or understood the law or the policy, or else they are choosing to misrepresent it.

Why didn’t Ball take the opportunity to point out these “campaigners” were getting it wrong, if only to reassure readers? Why didn’t the Editor step in? That’s what the New Scientist does all the time elsewhere on other subjects. In the name of the scientific method it loftily reprimands sloppy journalism. Not here.

We have privacy laws and an independent privacy regulator

Our privacy laws are essentially the GDPR rules, enforced by our independent privacy regulator. Under them, unless you give express consent, an age verification provider is legally barred from passing on any information about you to anyone else, other than  to confirm that you are above 18. “Anyone else” includes even a sister company or another part of the same company. A business cannot collect data for one purpose then use it for something else.

A porn site does not need to know your name, credit card details or anything else in order to decide whether or not you can see their stuff. All it needs to know is  “Has the account presenting here been reliably verified as  belonging to someone over 18?”  

Once through the age verification gate, if a person deals directly with a porn site and chooses to give them personal information or it uses a credit card to buy something, that is another matter entirely, nothing to do with the rules on age verification.  What profiles have porn companies been building up to now that went without comment or demur? If anything, the new regime could deliver even greater privacy, not less.

A hackable national UK-wide database?

For there to be a UK-wide database, the AV companies would have to work together to construct it. Not only is that a ridiculous idea and an  illegal proposition it is also an impossibility. Why?

Several large (major?) AV providers have made clear that, once the verification process has been completed they will not retain any data about you so even if they were hacked there would be nothing to find and their systems are anyway heavily encrypted. Comparisons with Ashley Madison are scaremongering. Pure and simple.

The New Scientist  should not be helping in that disreputable task.

Rather I would have thought the magazine should welcome the bravery, the vision and the intent behind what is, I say again, an experiment. A British experiment that is part of a mosaic of measures all geared to the same end. Helping children grow up to be healthy, well-adjusted adults. Will it keep all porn away from all under-18s? Unlikely, but it will most certainly work well enough keep graphic sexual imagery away from the eyes of 9 year olds. That will be a triumph and shame on the porn companies for not doing it voluntarily. They could have done.

The New Scientist should give equal prominence to another article which sets out more fully and accurately what is going on.

Posted in Age verification, Default settings, E-commerce, Regulation, Self-regulation

15th July. The date when the age verification rules kick in

The Government has just announced the trigger date for the new rules concerning age verification and access to commercial pornography web sites. It is 15th July, 2019.

This closes one chapter and opens another.

Now the hard work begins.

Will everything work perfectly from Day 1? Probably not. But we will learn and adapt.

The internet is the home of innovation and this is an example of it.

There is always an alibi for inaction. If you don’t try you’ll never succeed.

I am sure the new system will work well enough to keep graphic sexual images away from the eyes of young children.  That is something the porn companies said they cared about but actually did nothing to deliver. Now they will be compelled to do so or risk losing money. They really care about money.

And adults’ privacy rights will be respected.

Will people with ideological objections to the whole idea try to break it? Probably they will. They will fail.

Someone famous once said, in relation to the internet, we should “move fast and break things.” Here we are trying to move fast and mend things.

 

 

 

Posted in Pornography, Regulation, Self-regulation, Uncategorized

Scary stuff

Over 90% of households in the UK receive their domestic broadband service via one of the “Big Four” ISPs. Each supplies customers with a set of family filters to restrict access to content considered unsuitable for children. These filters are widely used.

100% of mobile phone networks do something similar as do a growing number of providers of WiFi in public places, meaning spaces where one could reasonably expect children to be present on a regular basis e.g. in Starbucks and McDonald’s.

And by the way in all three environments child sex abuse material is also blocked courtesy of a list of addresses generated by the Internet Watch Foundation (IWF).

All of this is now under threat, not just in the UK but globally. Why? Because an obscure body called the Internet Engineering Task Force (IETF) has developed a new protocol, a new standard, called “DNS over HTTPS”  (DoH).  DoH is intended to be incorporated into web browsers.

Mozilla (owners of Firefox) have already implemented DoH and are looking to launch it as a default. Google have also implemented it within Chrome but, at least for now, individuals who want to use it must sort it out for themselves.

What is DoH?

At the moment if you type in a web address on any internet enabled device or in an App, in effect what happens is your ISP, mobile operator, WiFi provider or the App developer, checks if there is any reason why it shouldn’t let you go there e.g. because it is an address on an IWF blocking list, or it is a site or service restricted by the family filter. Normally this happens on the relevant company’s DNS server or on the home router.

With DoH all of the addresses will be hidden in the browser.  Your usual DNS server will not be able to see them. They will be invisible to your family software. The IWF blocking list becomes inoperable. I believe DoH implementation has the same effect on much or all malware protection software used to prevent viruses and other harms.

But while the addresses are rendered invisible to your current defences, they will not  be invisible to the browser company.  The browser retains full visibility of all consumer web searches and tracking data – while simultaneously denying the same to their competitors.

Overnight and at a stroke a wide range of vulnerabilities will be visited upon an unsuspecting, unprepared, non-geeky public, including millions and millions of children. You couldn’t make it up. But Silicon Valley just did.

With the obvious exception of public WiFi, it has always been possible for individuals to opt out of using family filters or other types of protective software. There has generally always been an option for individuals to choose alternative DNS servers. But something on the scale now being contemplated, and the  manner of its implementation, particularly if introduced by default, takes us to a whole other place, and not in a good way.

Why is this happening?

The protection of journalists and dissidents are frequently mentioned as the major justification for the IETF creating DoH. Such nobility is raising a few cynical and suspicious eyebrows. See above for the reasons why.

In essence what is being said is “the network is the enemy”. The web itself is inherently unsafe from a privacy point of view. There are several different “listening points” or points of interception and bad actors are exploiting these weaknesses in ways which flout universally recognised human rights standards or established privacy laws.

There is no doubt certain governments have blocked access to content they don’t like or, through their security services, have gained access to user information through snooping.  A number of commercial concerns have consistently shown a cavalier attitude  towards their users’ data. But is this the right or the only answer?

Here’s the thing

I attended an IETF meeting once and did, for a while, try to keep up with the mountain of emails, messages, phone conferences and discussion papers it generated.  However, unless you are a full-time geek, which normally means you are employed by a high-tech company or you hope to be, or maybe you are an academic with an interest, you will have neither the time nor the right level of technical knowledge to engage in a meaningful way.

I went to that particular meeting because it was clear to me there were social policy implications arising from the new protocol the IETF sub group was then developing. Unfortunately, almost everyone in the room said they had no brief to consider such matters. Their bosses sent them because the new protocol would massively expand their ability to make money. They just wanted to get it done. It wasn’t quite a case of “we are only following orders” but it was close.

It is happening now

Last Tuesday Mozilla released a paper in which they announced (para 1) they had implemented DoH and“would like to deploy it  by default for our users.” They tell us (para 3) the implementation“may” be different in different regions.

In para 4 we learn users in default on areas will be informed and be allowed to turn off DoH, but I cannot be alone in wondering how easy and transparent such a process is likely to be, say, in the very homes that run family software to protect their children?

Mozilla will certainly face a challenge in terms of GDPR compliance with the rules about securing genuine, informed consent.

Will we be forced back to a world where filters have to be set device by device?

The arrogance

We all know the use of encryption is on the rise but while it is one thing for Apple to refuse to co-operate with the FBI by helping them crack the encryption on a known terrorist’s iPhone, isn’t it a matter of an altogether different order of magnitude for private companies to take to themselves the right to decide to put everyone out of sight forever?

Nowhere in the world is the right to privacy absolute. Technology companies are deciding to make it so. The arrogance is breathtaking. Where arrogance leads hubris soon follows.

Privacy rights were not a gift from the gods

The human rights laws being prayed in aid as a reason for creating  DoH were not a gift from the gods. They did not magically appear from nowhere. They were forged and adopted by politicians drawn from Governments and Legislatures around the world  (I’ll just repeat that –  by politicians drawn from Governments and Legislatures around the world), led by visionaries who were intent on embedding liberal democratic values in a  framework of international standards.

What was made by human hand can be unmade.

Does anyone seriously believe when these laws were created or the standards adopted the politicians involved seriously intended to help criminals or put children at risk? Did they happily contemplate the possibility they would  be delegating to profit-driven tech companies the right to make far-reaching decisions of this kind? I don’t think so.

It might not be long before today’s politicians drawn from the same Governments and Legislatures might be forced to come together to rethink the whole thing. Nobody  envisaged we could end up with such absurd results. It is already happening nationally and DoH by default is exactly the sort of thing that will give it a major boost internationally.

We live in democracies, not technocracies.

Posted in Default settings, Google, Internet governance, Location, Privacy, Regulation, Self-regulation, Uncategorized

No surprises but it’s still radical!! Big round of applause

The UK Government’s long-awaited White Paper on Online Harms finally appeared today. It has been warmly welcomed by children’s, parents’ and other civil society organizations. That’s because it is a first-rate document, signalling the beginning of a new approach to internet governance in the UK. However, everyone knows  what is happening here has a contemporary echo in practically every liberal democracy in the world. There is a reason for that.

Here are my headlines:

Who is in scope?

The companies that are “in scope” are those which “allow users to share or discover user-generated content or interact with each other online.” I guess that’s another way of saying “social media” but potentially it could go wider than companies conventionally thought of as being social media sites and services.

A statutory duty of care

The  centrepiece of the White Paper is the declared intention to establish a new statutory duty of care to make companies take more responsibility for the safety of their users and tackle harms caused by content or activity on their services.

Compliance to be enforced by an independent regulator

A new, statutory regulator will be established.  In codes of practice it will set out what is expected of qualifying companies. If companies want to fulfil a stated duty in a manner not set out in a code, they will have to explain and justify to the regulator how their alternative approach will effectively deliver the same or greater level of impact.

A company’s terms and conditions acquire a new importance

Businesses’  terms and conditions of service will have to be clear and accessible, including to children and other vulnerable users. This is already a GDPR requirement that is likely to be spelled out more fully in the code of practice on age appropriate design which the UK’s privacy body (the ICO) will soon (?) publish.

More generally, the new regulator will assess how effectively a company’s terms and conditions are being enforced. To inform its reports and to guide its regulatory action, the regulator will have the power to require annual reports from companies.

Reasonable and proportionate

The regulator will take account of the capacity of companies to meet regulatory requirements, including the reach of their platforms in terms of user-base and the severity of the harms.

This proportionate approach will also be enshrined in the legislation which will make clear that companies are required to take reasonable and proportionate action to tackle harms on their services  (my emphasis).

The regulator will set clear expectations of what companies should do to tackle illegal activity and to keep children safe online.

There is no intention to abandon the principle of platform immunity but

“the new regulatory framework (will take) a more thorough approach (by increasing) the responsibility that services have in relation to online harms”

I expect this will lead to a greater level of deployment of PhotoDNA and algorithms which can detect paedophilic and other harmful behaviours such as bullying.

Not before time.

Naming, shaming and transparency

The regulator will have considerable power to require companies to provide it with information. Transparency is going to be a key part of the new regime. Companies that are not up to snuff will be publicly identified.

Fines, blocking and criminal responsibility

The regulator is going to have a range of tools to underpin and support the policy including an ability to levy substantial fines, potentially even to require sites or services to be blocked. Making senior executives criminally liable for failures is also on the cards.

White tinged with green

It is being said the White Paper is heavily tinged with green. This means there are a lot of extremely important details to be worked out.  Two of the most important are the identity and powers of the regulator and how it is to be funded.

A lot to play for

There is a formal consultation period of three months but there can be little doubt that these matters will concerns us far beyond that. Legislation will be required. Brexit apart, that is rarely something that can be hurried.

Another brave experiment but it has widespread support 

Of course there will be arguments over important details but all of the major political parties are broadly aligned in relation to the key points in the White Paper and that is because public opinion is solidly behind these kinds of measures.  There will be the ideologues who still think Governments and Parliaments should stay away from matters of this kind but when even Mark Zuckerberg is calling for statutory regulation I doubt such extremists will get any serious traction.

The doors of the Last Chance Saloon have been nailed up and sealed.

Posted in Default settings, Internet governance, Regulation, Self-regulation

Three choices

As regular readers will know, in the UK, Government policies typically, or at any rate often,  emerge  in the following way: arising from events or a manifesto commitment a “Green Paper” is issued as a consultative document. It sets out the Government’s thinking on a particular issue and asks questions about the best way to proceed.

At the end of the consultation, having looked at the evidence presented and listened to the views expressed, the Government responds with a “White Paper” which lets us know what conclusions they have reached. If one of the conclusions is legislation is necessary a draft Bill will appear in Parliament and off we go.

In what we used to call “normal times” the governing Party, or latterly a coalition, would have an overall majority and they would get their business through although there is always scope during the passage of a Bill for sometimes quite important details to be amended or tweaked. It depends how heavily committed the  Government is to the aspect of policy in question but whoever is in power a good argument will usually get a hearing even if it doesn’t always get a result.

It should have been yesterday

My “normally reliable sources” were all adamant. The long-awaited White Paper  on online harms, governance, transparency et al, was going to be published yesterday. Everyone was expecting it to be trailed in the press on Sunday. That didn’t happen. Can’t think why. Not.

Only the announcement of a General Election (unlikely but not impossible) could bring everything to a halt but even if  that were to happen it would not change the underlying reality. It would only postpone things. Why? Because there is a very broad consensus within the political class, heavily supported by major media outlets which, in turn, are buoyed up by public opinion. The status quo has to end.

Internet regulation is definitely going to happen in the UK, probably underpinned by a newly formulated “duty of care” which will somehow finesse the rules about intermediary liability and be enforced either by a wholly new regulator, or by some rearrangement of the powers of existing bodies, or some permutation thereof. Companies may well be required to show that their Terms and Conditions of service are not simply a pious hope or piece of marketing hype. If serious efforts are not being made to enforce them the business could be penalised.

I gather when the White Paper does appear it will have lots of “green edges”. In other words the Government hasn’t fully made its mind up on a number of things. There will therefore definitely be a lot to play for in several areas but it is crystal clear what topic is going to dominate the debate and the headlines.

Whither social media?

When the Bill makes its way into Parliament the political forces will line up under three broad headings.

There  will be those who want to be seen to be Extremely Tough on social media companies.  There will be those who want to be seen to be Very Tough and then there will be those who risk being denounced as Silicon Valley stooges because they are content to be seen merely as being Tough. It won’t take much to drive this last group into one of the other categories.

How has it come to this? The answer is so obvious  I can’t bring myself to write the words.

Under these conditions there is a great deal of scope for things to go wrong. As the Bill progresses, which brave soul is going to be willing to enter the lists to  make proposals or suggest alternatives that appear not to be so harsh or demanding on tech companies even if they are likely to be more effective? Most of the children’s groups will be willing to do so in respect of child protection issues but I doubt that that will be a major battleground.

Who ever imagined this is where we would end up?

Posted in Internet governance, Regulation, Self-regulation