1) Recommends that e2e should be identified as a specific risk factor in risk assessments - does not go hardline against it, as many have recommended, but it's not out of the woods yet;
2) Recommends that anonymity be preserved, but that platforms discuss it and any mitigations in their risk assessment, and wants ICO to come up with a code of practice on privacy protecting anonymity (there is a lot of job creation for the ICO and Ofcom in this report, folks);
3) Wants electoral disinformation included in the Bill, or the Elections Bill, with some focus on data targeting a la Cambridge Analytica;
4) Avoids the issue of the Bill requiring age verification or age assurance for all services as part of the risk assessment process regardless of risk/proportionality, and goes all in on further supporting the AV and AA sectors within a code of practice on AA (more job creation);
5) Recommends replacing Clause 11 (e.g. any content which could be subjectively harmful to an adult) with a requirement to identify and mitigate content already defined in criminal law or which should be, per the Law Commission review (this is a big win for freedom of speech);
6) Acknowledges that giving the Secretary of State (currently, Nadine) powers to modify codes of practice, to instruct Ofcom to enforce them, and to exempt specific individual services from regulation gives her too much power and these clauses must be removed (good);
7) Journalistic content, what constitutes it, and what should be exempt from content moderation of it is still a dumpster fire;
8) They listened to me 🙌 on senior management liability - recommends liability only for systematic and serious failure to comply with reporting requirements & regulatory cooperation, as opposed to indulging wild west sheriff fantasies of content moderation through arrests;
9) Recommends a new joint committee on digital regulation to provide Parliamentary scrutiny of this Bill and other initiatives: but that will require them to scrutinise what is happening under these laws, not grandstanding or brainstorming about what they might want to happen;
10) Finally, there's discussion of the need to tie Ofcom's work to human rights standards such Article 10 of the ECHR, which is the HRA 1998; no discussion of what the plan B is for throwing out those babies with the European human rights bathwater.
11) Overwhelming impression is that the report focused on the individual issues raised. At the end, you still have a massive, sweeping, complex regulation, requiring multiple regulators, processes, codes, directives, and oversight, and that's before you even think of compliance.
12) I'm still unemployed and bored off my ****, hire me plz, thanks
13) I forgot to hashtag this thread #OnlineSafetyBill, because coffee.
14) Can confirm that "Parliament listens to me, you know" has no impact on a Glaswegian teenager.
15) The committee report was laid in the House yesterday and the debate was...stiff, muted, and free of bluster, rhetoric, and foot-stomping. It's as if after years of using the internet for grandstanding and headlines, they've realised this stuff is hard. hansard.parliament.uk/Commons/2021-1…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
There's been a seismic development over the past day where Ofcom - which, as an independent regulator, didn't seem to get the memo about purdah - has quietly sent a large swathe of the age verification industry homeward tae think again. 1/4
On the Today programme, Melanie Dawes confirmed what the entire digital rights field has been saying for years: the magic technological solutions that corporate lobbyists built the OSA around, quite simply, aren't fit for purpose.
(clip from behind a paywall, with thanks)
I instantly throught of the @REPHRAIN1 independent report into UKGov's pilot projects funded under the safety tech challenge, which found that not a single one did what they mean to do without violating fundamental rights for everyone else at scale. rephrain.ac.uk/safety-tech-ch…
I say this as half a joke, half not : at some point you’ll be better off using a 15 year old laptop with 15 year old software, not connected to the internet, not updated, and not snitching on you to 1200 adtech partners via legitimate interest while scanning your content with AI.
Me, I miss the good old days, when all you had to do to get the software you needed for your job was select a code off a sheet of paper, in front of a van, at The Barras, give the code to a guy with an earpiece, and wait ten minutes for the guy in the van to burn your CD-Roms.
As long as this tweet is hopping around, sometimes I occasionally remember that I wrote a book about foundational privacy for designers and developers. It's good. You'll like it. smashingmagazine.com/printed-books/…
My July post is exploding again, as people suss the fact that if a single precious British child can access your Mastodon server, full compliance with the UK's Online Safety Bill will hit you. I've only been warning about the OSB x OSS for four years. webdevlaw.uk/2022/07/11/you…
Also see this quick follow-up post about why small projects are in scope, and the attitudes your little server will be up against. webdevlaw.uk/2022/07/13/her…
Oh, and this too. We're about to destroy Wikipedia in order to own Silicon Valley and make a/v vendors a Great British Tech Success Story.
Gutted and angry to see that good people were taken advantage of by a dodgy conference. But relieved to see it all coming out immediately. Other communities take note.
Note to self: have that awkward chat with the spawn about how 50% of women in * (tech, business, etc) groups are legit and 50% are vanity moneyspinners. You've been putting it off long enough. dev.to/thisisjofrank/…
Great comments from @AlecMuffett here. ID companies are lobbing UK gov to introduce phrenology as an identifier for internet access. Yes, that means using the webcam to measure your head to determine that you are a precious British child. #SunlitUplandstheguardian.com/politics/2021/…
Incidentally, one of the companies promoted in this article is participating in the ICO's regulatory sandbox, e.g. developing along the very edge of privacy law.
But as you know, UK gov is preparing to deregulate pesky privacy law in favour of "innovation".
Follow that thought.
See how I said "precious British child" there? That's not hyperbole. We’ve also seen verification providers lobbying government to require not just age, not just ID, but *nationality* verification as requirements for internet access.
🧵You're going to read a lot today about the government's plans for the Online Safety Bill on #onlineharms, a regulatory process which has eaten up much of the past two years of my professional work. I suppose if I had a hot take to offer after two years, it's this:
1) If you see the bill being presented as being about "social media" "tech giants" "big tech" etc, that's bullshit. It impacts *all services of all sizes, based in the UK or not. Even yours.* Bonus: take a drink every time a journo or MP says the law is about reining in Facebook.
2) If you see the Bill being presented as being about children's safety, that's bullshit. It's about government compelling private companies to police the legal speech and behaviour of everyone who says or does anything online. Children are being exploited here as the excuse.