1) Recommends that e2e should be identified as a specific risk factor in risk assessments - does not go hardline against it, as many have recommended, but it's not out of the woods yet;
2) Recommends that anonymity be preserved, but that platforms discuss it and any mitigations in their risk assessment, and wants ICO to come up with a code of practice on privacy protecting anonymity (there is a lot of job creation for the ICO and Ofcom in this report, folks);
3) Wants electoral disinformation included in the Bill, or the Elections Bill, with some focus on data targeting a la Cambridge Analytica;
4) Avoids the issue of the Bill requiring age verification or age assurance for all services as part of the risk assessment process regardless of risk/proportionality, and goes all in on further supporting the AV and AA sectors within a code of practice on AA (more job creation);
5) Recommends replacing Clause 11 (e.g. any content which could be subjectively harmful to an adult) with a requirement to identify and mitigate content already defined in criminal law or which should be, per the Law Commission review (this is a big win for freedom of speech);
6) Acknowledges that giving the Secretary of State (currently, Nadine) powers to modify codes of practice, to instruct Ofcom to enforce them, and to exempt specific individual services from regulation gives her too much power and these clauses must be removed (good);
7) Journalistic content, what constitutes it, and what should be exempt from content moderation of it is still a dumpster fire;
8) They listened to me 🙌 on senior management liability - recommends liability only for systematic and serious failure to comply with reporting requirements & regulatory cooperation, as opposed to indulging wild west sheriff fantasies of content moderation through arrests;
9) Recommends a new joint committee on digital regulation to provide Parliamentary scrutiny of this Bill and other initiatives: but that will require them to scrutinise what is happening under these laws, not grandstanding or brainstorming about what they might want to happen;
10) Finally, there's discussion of the need to tie Ofcom's work to human rights standards such Article 10 of the ECHR, which is the HRA 1998; no discussion of what the plan B is for throwing out those babies with the European human rights bathwater.
11) Overwhelming impression is that the report focused on the individual issues raised. At the end, you still have a massive, sweeping, complex regulation, requiring multiple regulators, processes, codes, directives, and oversight, and that's before you even think of compliance.
12) I'm still unemployed and bored off my ****, hire me plz, thanks
13) I forgot to hashtag this thread #OnlineSafetyBill, because coffee.
14) Can confirm that "Parliament listens to me, you know" has no impact on a Glaswegian teenager.
15) The committee report was laid in the House yesterday and the debate was...stiff, muted, and free of bluster, rhetoric, and foot-stomping. It's as if after years of using the internet for grandstanding and headlines, they've realised this stuff is hard. hansard.parliament.uk/Commons/2021-1…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
My July post is exploding again, as people suss the fact that if a single precious British child can access your Mastodon server, full compliance with the UK's Online Safety Bill will hit you. I've only been warning about the OSB x OSS for four years. webdevlaw.uk/2022/07/11/you…
Also see this quick follow-up post about why small projects are in scope, and the attitudes your little server will be up against. webdevlaw.uk/2022/07/13/her…
Oh, and this too. We're about to destroy Wikipedia in order to own Silicon Valley and make a/v vendors a Great British Tech Success Story.
Gutted and angry to see that good people were taken advantage of by a dodgy conference. But relieved to see it all coming out immediately. Other communities take note.
Note to self: have that awkward chat with the spawn about how 50% of women in * (tech, business, etc) groups are legit and 50% are vanity moneyspinners. You've been putting it off long enough. dev.to/thisisjofrank/…
Great comments from @AlecMuffett here. ID companies are lobbing UK gov to introduce phrenology as an identifier for internet access. Yes, that means using the webcam to measure your head to determine that you are a precious British child. #SunlitUplandstheguardian.com/politics/2021/…
Incidentally, one of the companies promoted in this article is participating in the ICO's regulatory sandbox, e.g. developing along the very edge of privacy law.
But as you know, UK gov is preparing to deregulate pesky privacy law in favour of "innovation".
Follow that thought.
See how I said "precious British child" there? That's not hyperbole. We’ve also seen verification providers lobbying government to require not just age, not just ID, but *nationality* verification as requirements for internet access.
🧵You're going to read a lot today about the government's plans for the Online Safety Bill on #onlineharms, a regulatory process which has eaten up much of the past two years of my professional work. I suppose if I had a hot take to offer after two years, it's this:
1) If you see the bill being presented as being about "social media" "tech giants" "big tech" etc, that's bullshit. It impacts *all services of all sizes, based in the UK or not. Even yours.* Bonus: take a drink every time a journo or MP says the law is about reining in Facebook.
2) If you see the Bill being presented as being about children's safety, that's bullshit. It's about government compelling private companies to police the legal speech and behaviour of everyone who says or does anything online. Children are being exploited here as the excuse.
It's taken less than three weeks for India to go from this to taking down posts critical of the government in a national emergency. Think that couldn't happen here too?
We, and other groups, have been very clear on how the UK's plans would hand a gift to authoritarian regimes. One MP's response to that, last week, in a Parliament committee: to hell with other countries.
So to recap, the British Internet for British People should set a "world-leading" example for other nations to follow, up to the point where other nations use our model to justify their authoritarianism, at which point we wash our hands of our "world-leading" influence.
I know we talk a lot lately about the UK's assault on e2e encryption, and it may seem a bit over the top, but it's important to understand what's on the table, and what policymakers are being told. Here a thread about e2e in the #onlineharms context.
It centres on a report released last month by the Centre for Social Justice, and endorsed by the former Home Secretary, Sajid Javid. Folks in power read these reports and follow their recommendations. Have a look at page 52. centreforsocialjustice.org.uk/wp-content/upl…
It calls for, as we've warned was likely, the use of e2e encryption to qualify as a violation of the "duty of care" in the Online Safety Bill. They note: "It will be insufficient for a platform to argue that introducing such a high-risk design feature will have benefits in other