Age of consent for data purposes

Here is an update .

You will see Germany is down for 16 but I am told that should be regarded as provisional. Their imminent elections mean it just hasn’t been possible for the German government to take something to the Bundestag and all the  Länder in the time that was available. 

So, in effect, it is not that anyone has decided positively to endorse 16, it is just that, at the moment, the default position is the only visible show in town.

There is nothing in the Directive which says whatever age is operative next year cannot later be changed. It is not a once and for all decision. That said, it would be surprising, would it not, if 16 became the enforceable law on 25th May and then, a few days or months later it was something else? Maybe the big platforms will urge the Government to avoid such uncertainty and the possible need to chop and change and a way will be found to speed things up.

Stranger things have happened at sea.


Posted in Default settings, E-commerce, Regulation, Self-regulation

Number plates +

In a recent blog, inter alia, I used the analogy of a car number plate to suggest if  every internet user had to have one it might help reduce the level of bad behaviour online. Guess what? It seems something like it already exists. It isn’t in widespread use and apparently there is stiff resistance in some quarters to it being rolled out further.

I learned this from an article in New Scientist published on 12th August.  The authors, Sally Adlee and Carl Miller, were not advocating the solution they described so well.  On the contrary they ended their piece with these words

So yes, we could fix the internet and do away with all the crooks, trolls and general troublemakers. But perhaps these malcontents are the price we pay for a free and open online society. 

Adlee and Miller appear to think the most important value of the internet is as a political instrument in the fight against tyranny, oppression and totalitarians everywhere. In this they mirror all the noble optimism of the early years of cyberspace.

Yet across the whole world today a much overlooked fact is children constitute the largest single constituency of internet users. Thus, whatever else we might hope, want or imagine the internet to be it is every bit as much a medium for youngsters and families as it is a weapon in the armoury of liberal democracy.

Adlee and Miller glibly engage with high level geopolitics at the expense of any evident or deep concern for anything else. In this respect they remind me a little of guys in their late 60s or 70s who wear kaftans. Their sentimental attachment to the Summer of Love is sweet but so at odds with contemporary reality you worry.

A unique, permanent and traceable identifier – a handle

In the early 1990s someone called Robert Kahn, a co-developer of TCP/IP, created a system which would allow for the creation of a permanent, unique and traceable digital identifier, the shorthand for which is a handle. A handle could be assigned to every phone, laptop, document or part thereof. It could be attached to anything, including people.

Thus, instead of the internet being based on simply routing anonymous data packets from A to B, with handles the internet would, in effect, be connecting digital objects. I couldn’t send or receive an object unless I had a handle myself.

What is more it looks as if the technical standards which would allow the global deployment of a handle based system have already been agreed somewhere within the UN system. Countries like China, Russia and some Arab states want to start rolling it out. This has set alarm bells ringing.

A database of handles is required

The system hinges on a record  being created and maintained of every handle. These must find their way into a database. In all probability the databases would be administered nationally and integrated into a global system. The DNS comes to mind.

Let’s say my unique identifier is RKW48, my smartphone is RKW48a, my laptop is RKW48b and so on. If the database is controlled by my government or the police who decide I am being a nuisance and they want to cramp my style they could just “switch off” RKW48 and that’s it. I’m offline.

The dangers are obvious, but so are the advantages

It is  therefore easy to see the danger, but equally I think it is getting increasingly difficult to justify not doing something that would help make the rest of the world be a safer place solely on the grounds that some Governments might not enter into the spirit of it and use the same technology to do bad stuff.

We’ve already been through that argument in respect of filtering and blocking web pages containing child abuse images. Yes, it is true some Governments have used the same techniques to restrict access to materials which they think threaten their grip on power, but that cannot be a good enough reason to say to children who have been raped in Aberdeen or Arkansas that they must suffer images of their humiliation being accessible to anyone with a mind to look when tools are available that could at least get rid of some if not all of the horrible pictures.

AI is becoming the new form of filtering and blocking. Societies all around the world are saying they have had enough. On a global scale a “peasants’ revolt” is underway. It is unstoppable and irreversible.

Too many disparate and  irreconcilable aims?

Adlee and Miller say

If (the handles solution) is adopted globally, the new regime might just destroy the online world as we know it.

Another way of saying the same thing might be to ask how much longer the present day internet can continue to accommodate so many diverse interests?

Posted in Child abuse images, Default settings, Privacy, Regulation, Self-regulation, Uncategorized

Impotence in the face of complexity?

As a service to my readers at the end of this blog I reproduce the full text of s.230 of the Communications Decency Act, 1996 (CDA). All the bold and italics have been put there by me for emphasis. Count the references to child protection issues, families and schools.

Unfortunately, the key parts of the CDA which were aimed at protecting children were struck down by the US Supreme Court in Reno v ACLU because the language used was “over broad” but a significant factor that weighed with the Court was that there were no

…detailed congressional findings, or even hearings addressing the CDA’s special problems…

Were they hinting that the politicians had not done a very good job? Been a bit too rushed?

What the Court emphatically did not say was that the Government’s objectives were illegitimate and forever irreconcilable with the First Amendment. This was pretty much an open invitation to try again, this time with narrower words, better evidence, perhaps calmer reflection.

However, one bit of s. 230 of the CDA  which did survive now forms that part of US Federal law which protects internet intermediaries from liability for material published on their platform by third parties. It’s the reason Backpage was possible.

An insider commentator said about s.230

no other sentence in the U.S. Code… has been responsible for the creation of more value than that one…

The same commentator put that value in the region of a trillion dollars. I have no idea how you ever get to such a figure but you can be sure s.230 has been worth a heck of a lot of, er, money. Ex post facto could that be the reason a range of interests have become so strongly attached to it?

It is quite clear from the circumstances in which s.230 was adopted that nobody could have foreseen some of the important consequences of its last-minute insertion. There is, therefore, something singularly both absurd and grotesque about the fact that the CDA- a measure Congress  and the President clearly intended to be about protecting children – could have been used to protect a site such as Backpage.

Today some speak of s.230 in hushed and reverential terms as a calculated, carefully calibrated, deliberate, insightful blow that was struck expressly to support free speech, to encourage or sustain democracy and innovation – to the exclusion of all others or as a superior right or consideration which trumps any and all other considerations.

By implication, therefore, any attempt to reform s.230 is characterized as an attack on those same values. That is rubbish.

Two US Senators have brought forward a Bill which tries to unpick the mess, at least in relation to child sex abuse and trafficking. It is running into a wall of resistance from the high tech industry. This is extremely disappointing.

The tech companies’ core point appears to be

Unfortunately, the proposed legislation does not address the underlying criminal behavior and playing whack-a-mole with URLs/domains in civil courts is unlikely to stop bad actor websites that will simply move overseas and change their URLs to avoid being shut down.

Four things to say about that:

  1. Of course we should address the underlying criminal behaviour, and that is a task for others e.g. law enforcement. It is not an alternative to you guys looking after that bit of the terrain where you can have an impact.
  2. The way copyright and trademark infringement have been approached seems to be working well and having a beneficial effect. Even if all a reformed s.230 does, in like manner, is make it more expensive or difficult for bad actors it will slow them down and therefore reduce the volumes.
  3. With judicial oversight what is there to fear?
  4. As is already done in respect of certain types of law enforcement activities, affected businesses can publish a list of requests received. This will introduce transparency, facilitate legislative oversight and act as a restraint against potential abuse.

Let me say upfront I found it difficult to work out exactly what the effects of the wording proposed by the Senators would be. Put that down to my inexperience in reading US Bills.

So instead I offer my own modest suggestion about a possible way out. Not in final or polished legal language, but here goes….

By order of the Court the protection otherwise afforded by s.230 may be suspended or qualified in relation to a named entity or url where it is established that, upon notice, reasonable and proportionate, effective steps have not been expeditiously taken to mitigate or eliminate an identified criminal harm which is continuing at scale. 

In other words, I do not think internet intermediaries should ordinarily be liable for the publishing acts of third parties who use their platform or services. Most assuredly this should be the case where the third party in question is an occasional, small scale or intermittent publisher. Thus, as far as Facebook, Twitter, Google and similar are concerned I am not advocating for any significant change in the status quo.

But where the publishing activity complained of is taking place on a significant scale and on a continuing basis, if the evil is not or cannot be halted or reduced by the intervention of the platform owner, whether for technical or any other reasons, the court can step in. Innovation is therefore safeguarded as are free speech, artistic expression and other democratic rights while scoundrels are stopped in their tracks. Impotence in the face of complexity is no longer an acceptable defence.



Full text of s.230 CDA

(a) Findings

The Congress finds the following:

(1) The rapidly developing array of Internet and other interactive computer services available to individual Americans represent an extraordinary advance in the availability of educational and informational resources to our citizens.

(2) These services offer users a great degree of control over the information that they receive, as well as the potential for even greater control in the future as technology develops.

(3) The Internet and other interactive computer services offer a forum for a true diversity of political discourse, unique opportunities for cultural development, and myriad avenues for intellectual activity.

(4) The Internet and other interactive computer services have flourished, to the benefit of all Americans, with a minimum of government regulation.

(5) Increasingly Americans are relying on interactive media for a variety of political, educational, cultural, and entertainment services.

(b) Policy

It is the policy of the United States—

(1) to promote the continued development of the Internet and other interactive computer services and other interactive media;

(2) to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation;

(3) to encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet and other interactive computer services;

(4) to remove disincentives for the development and utilization of blocking and filtering technologies that empower parents to restrict their children’s access to objectionable or inappropriate online material; and

(5) to ensure vigorous enforcement of Federal criminal laws to deter and punish trafficking in obscenity, stalking, and harassment by means of computer.

(c) Protection for “Good Samaritan” blocking and screening of offensive material

(1) Treatment of publisher or speaker

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

(2) Civil liability

No provider or user of an interactive computer service shall be held liable on account of—

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).

(d) Obligations of interactive computer service

A provider of interactive computer service shall, at the time of entering an agreement with a customer for the provision of interactive computer service and in a manner deemed appropriate by the provider, notify such customer that parental control protections such as computer hardware, software, or filtering services) are commercially available that may assist the customer in limiting access to material that is harmful to minors. Such notice shall identify, or provide the customer with access to information identifying, current providers of such protections.

Posted in Child abuse images, Default settings, E-commerce, Facebook, Internet governance, Pornography, Privacy, Regulation, Self-regulation

Begging a question

Amazing statistics emerged last week courtesy of a body called WARC which presents itself as Your global authority on advertising and media effectiveness.

WARC was publicising a study carried out by Verto Analytics according to which, between them, Google and Facebook account for 25% of all of the time spent online by adult UK internet users. One might imagine the proportion in respect of children was likely to be higher but there is no information on that point.

In this context Google was represented by search, Gmail and YouTube. They took one in six (17%) of every UK minute. This amounted to the equivalent of 42.7 million days per month.

Not very far behind was Facebook, which included Instagram and WhatsApp. Their 11% equated to 28.4 million days per month. Microsoft (7%) and Apple (5%) were up there with the dear old BBC, at 2%, marginally ahead of Amazon.

Any way you look at it these numbers reflect the staggering grip these mainly American companies have on the attention of UK adults. I have no problem at all with that in principle but here’s one of the things that keeps nagging away at me and it is particularly relevant to mention it as the Backpage furore continues apace in the States.

In the USA s.230 of the CDA is not identical to the eCommerce Directive which operates here in the UK, and indeed across the whole of the EU.

Although the CDA provision was later eroded by other legislative measures, for example to address trade mark infringement and copyright theft, in principle it confers a more or less unqualified immunity from any liability which might otherwise arise because of the postings or activity of third parties on your site or platform. This is the reason Backpage was able to get away with it for so long.

By contrast, the EU’s eCommerce Directive’s protection only applies if, upon notice, the platform provider or website owner acts expeditiously to address an identified wrong.

And yet here in the UK, despite this difference, the large US companies somehow managed to carve out for themselves a substantial share of the market. Go figure.

So when US advocates argue for global standards is what they really mean ” current US standards”? Or to be more precise, “the standard dreamed up in the US in 1996 when we didn’t really know how things were going to pan out when Web 2.0 came along.”

s.230 has become a refuge for scoundrels and an alibi for indefinite inaction. Things have moved on a lot since 1996. Isn’t it time to revisit the clause in the light of what the Backpage scandal has revealed?

Why would anyone want to defend or preserve a system that allows something like Backpage to happen? Are we seriously expected to believe it is beyond our wit to devise a form of words which would allow judicial authorities to distinguish between political discourse, technical innovation, artistic expression and child sex trafficking?





Posted in Advertising, E-commerce, Facebook, Google, Internet governance, Microsoft, Regulation, Self-regulation

More on moderation – and car number plates

Turns out there is already a legal action underway concerning the position of moderators. It is being brought against Microsoft by two ex-employees. It will be interesting to see how the case pans out. Microsoft has almost always been a leader in the field so whichever way the final judgement goes I’m sure we will be able to learn from it.

This whole discussion about moderation reminds us that the internet is not a single thing, rather it is a mish-mash of all sorts of technologies which, ultimately, ride on top of the TCP/IP protocol that is the unifying thread.

Existential threat? Yes, or no?

Ordering a plane ticket from Easyjet or the groceries from Tesco Online hardly poses any sort of existential threat. Many, by no means all, of the most difficult challenges instead centre on the way in which Web 2.0  has provided anyone and everyone with the possibility to publish their own content on a more or less unlimited basis.

In and of itself this is not an issue or a problem. Quite the reverse but, the way things have evolved, unthinkingly we have handed a megaphone and a stage to some extremely disturbed, violent and malevolent individuals who can safely rely on the fact that the volume of problematic content or behaviour online is so vast that unless they are very unlucky or egregious, the chance of them ever being held to account are exceptionally close to zero.  Alternatively, the individuals responsible are so disconnected or determined they don’t care if they are tracked down or exposed. Perhaps they live within a failed state or a part of the world where the authorities don’t care, can’t or won’t intervene, maybe even collude with them.

We created a system and now need defending from it

A seemingly still growing army of moderators is now engaged in trying to protect the rest of us from the consequences of our lack of foresight and care.

I guess we can all hope that AI will eventually provide a silver bullet but even its most energetic proponents doubt it will ever be smart enough to address everything. Thus a decision to stick with the status quo, or even a substantial part of the status quo with regard to user generated content, is in truth also a decision to condemn others to watch or read some terrible stuff.

Extremely radical –  unlikely to happen any time soon or even at all, but…..

Can we discuss other possibilities? Admittedly these are extremely radical and therefore are not immediately realisable. However, I would be astonished if, somewhere in the world, various interests had not already worked out a way of doing either or both, or some variation. Obviously I am not claiming ownership of these ideas. I publish them as a warning or rather an encouragement to get to a better place sooner.

The first route envisages more or less tearing up the internet as we know it today and, in effect, starting again. Internet 2.0 would have security embedded at every level. It would slide in alongside the existing internet , would not connect to it but would eventually become such an overwhelmingly attractive alternative for the vast majority of people that Internet 1.0 would wither away. Increasingly it would become known as the place where only weirdos and crooks hang out. A bit like today’s Dark Web.

On Internet 2.0 no one could log in from anywhere unless their identity was known with a high level of certainty. Neither could they connect via a device that had not been certified as meeting stringent security standards. Permissionless innovation does not become history but the rate of innovation, at least in terms of physical devices likely slows down. Apps may take days longer to reach an App Store as they too are more rigorously examined prior to release. At the last count, there were 7,588 different ways to view a video of a cute kitten playing with a ball of wool. We may need to wait a whole extra week for the 7,589th.

User generated content might not be allowed to exist at all, or would only be allowed on those platforms that agreed they were its publishers. Smaller sites might make it.  Bigger ones perhaps wouldn’t. Traditional forms of journalism would re-emerge. Fake news would not vanish but it would reduce significantly. Facebook would adapt or die.

All the accoutrements of the B2B internet would be preserved as would B2C. Net neutrality would probably vanish because the pipes would belong to the small number of infrastructure companies that paid for the new thing to be built and marketed. Cable and telecom companies would likely be the mainstays.

As with the roll out of Internet 1.0 the USA and richer countries would benefit first and new countries could only connect when they agreed to meet and enforce the new regime. It would be messy and uneven but the vast majority of the world’s population would quickly find a way to live with it.  They might miss some of the edginess and unpredictability of the old order but as long a Netflix, Google Search, Amazon, email and the BBC were still there they would rub along.

Number plates

The second route is not quite as far out but it is still a bit on the wild side.  I’m thinking about car number plates. We have a worldwide system which does two things: allows for the very rapid and inexpensive identification of people who appear to have broken the rules of the road in any jurisdiction and because of that it also encourages the vast majority of people to be better drivers in the first place. Every country has an incentive to comply. People can drive around and do stuff anonymously. Only if there is a suspected infringement might one’s activities or whereabouts be scrutinised.

Thus I could still log on as, say, RKW 48 (the registration of my dad’s first car – long since canned) and that is who I could be to the rest of the world unless or until I chose otherwise. RKW 48 could pop up as “Margaret” on one site or “Buffalo Bill” on another and as long as my alter egos stayed within the rules no one would know or care.

What if….and but….

I can already hear a litany of “what if’s and buts”,  and I am aware of the practical difficulties of getting such a system up and running on a global basis, yet consider where we are today in terms of what is or could be known about us and by whom, simply by virtue of connecting to the internet.  The number plates thing, at one level, would simply act as a reminder to everyone that while all the joys of the internet are open to them, they should remember they can now be swiftly identified should the need arise. My guess is that this one thing would do a huge amount to reduce the bad behaviour that is causing so much distress, not just to moderators but to the rest of us.

Whistleblowers and political repression

What about whistleblowers and those who live under politically repressive regimes? Yep. I acknowledge that’s an issue although I think its potential importance is hugely exaggerated, particularly by those who are against the basic idea anyway.  Even so I hope to find a way to avoid it. Maybe someone smarter than me can come up with an answer. However, saying leave things as they are won’t wash. In the long run it is not sustainable. Number plates might be the only way to save some semblance of what we currently think of as being the internet.

Posted in Default settings, E-commerce, Facebook, Google, Internet governance, Privacy, Regulation, Self-regulation, Uncategorized | 1 Comment

Internet of toys – the impact on children of a connected environment

See the latest edition of the Cyber Policy Journal and an article entitled:  ” The Internet of Toys – the impact on children of a connected environment.” It’s an interview with me.

Posted in Internet governance, Regulation, Self-regulation

A follow up on moderation

Strange coincidence. Following on from my post about moderation which went up yesterday morning I learned that in the afternoon BBC Radio 4 also ran a piece on the same subject. It was on The Media Show. Sarah Roberts – whom I had quoted – was a guest on the programme along with a guy from Microsoft’s research division. The discussion starts around 19 minutes in although the first (and unrelated) item on what is happening today in the name of journalism is also worth a listen. It will not cheer you up.



Posted in Internet governance, Privacy, Regulation, Self-regulation