Your compliance obligations under the UK’s Online Safety Bill
webdevlaw.ukCan someone explain why this won't result in a renaissance for peer to peer and e2e encrypted chat/forums/social media etc.? When government or industry makes it nearly impossible for consumer needs to be met we inevitably see a grey and black market spring up to meet those needs. My prediction is that if legislation like this becomes widespread we'll see a freely distributed application rise to prominence among a gaggle of others, it'll dominate the chat and social market until even grandma is using it and the establishment will have a right proper freak out as other social media giants implode and everyone is communicating anything they want with zero oversight from the government or industry. This is roughly how I remember the Napster affair going when DRM was pushed hard by the recording industry, it eventually collapsed but not before dealing a massive blow to the status quo and forcing a transition to streaming.
More likely it will result in crippling the domestic UK tech industry while everyone else in the world ignores it. I really don't see most countries extraditing someone for the high crime of "let british users access a website without verifying their age".
This has been said about the EU, but the market has proven to just be too big to ignore.
It could also be the reverse (see authoritarian countries), with international players leaving the market and local ones filling the space.
By "ignore it" I mean "ignore the law", not ignore the UK market. At some point the idea that countries can regulate the internet outside their borders falls apart. The US succeeds in enforcing its gambling laws WRT Americans, but that only works because other nations agree to do the enforcement.
I just don't see that happening here. So maybe the UK becomes a no-travel zone for anyone in the worldwide tech industry? That would be sad, but it's a plausible outcome.
The US can enforce it for Americans because it's comparatively easy to see that somebody is making money from gambling, compared to visiting a website.
The EU's a bit bigger than the UK by a fair margin.
Probably by about 5x. If the UK makes things difficult, they can just be ignored.
It's actually 7x (65m vs 450m).
Depends on what consider a proxy for market size. EU GDP to UK GDP ratio is about 4.5
Very few websites comply with GDPR. Based on recent interpretations, it's essentially impossible for any US-owned or US-hosted site to comply with GDPR. The EU is just being extremely selective about its enforcement. If they ever decided to follow the law to the letter, most of the Internet would have to disconnect the EU. Theoretically the EU could make clones of all international sites like China has with Baidu and Weibo, but it's hard to see how that would be good for them.
The UK's law is obviously a bit different as international companies can comply with them, but it would essentially just limit legal websites to big tech who have enough market reach that all that compliance could pay for itself.
Well, the EU itself adheres to law very selectively itself. For example for surveillance. They retroactively legalized mass surveillance by European authorities to make the impression that the law is more relevant than it actually is.
Not really as GDPR has specific provisions for governments to collect data for national security/defence, prevention/investigation of crimes, etc . So they did not have to retroactively change anything as it was written into the law from the beginning.
> Theoretically the EU could make clones of all international sites like China has with Baidu and Weibo, but it's hard to see how that would be good for them.
We would have real privacy protection, and presumably in the very long term we'd see the benefits of that (more creative new ideas coming out of the EU, wealthy people preferring to live in the EU...).
Seeing how the EU political set also is trying to get rid of E2EE messengers and such, I get a feeling it will not shake out that way either. It might make it worse, because they would have full legal and extra legal thumbscrews to apply to these EU only companies.
> wealthy people preferring to live in the EU
Wealthy people care a lot more about taxes than vague notions of privacy protection.
> Wealthy people care a lot more about taxes than vague notions of privacy protection.
Wealthy people are already willing to pay a premium for the sake of privacy. Look at Zuck buying his neighbours' houses.
Actual physical separation and privacy. Not vague notions of privacy protection.
> If they ever decided to follow the law to the letter, most of the Internet would have to disconnect the EU
It's worth noting that it's the US that would be isolated here, not the EU.
A very large number of other non-EU countries have implemented/are currently implementing extremely similar legislation to the GDPR, including Brazil, Israel, South Korea, Argentina, Canada, Japan, India, New Zealand, Indonesia, etc.
If the world eventually splits into "privacy-required" vs "privacy-optional" internets, the US will be one of few major countries in the latter camp. Yes, clearly the US-based internet is a large chunk, but long-term isolating the US internet entirely from most of the rest of the world will have a meaningful impact.
The EU has an list of countries whose current protections they officially recognize as already equivalent to the GDPR here: https://ec.europa.eu/info/law/law-topic/data-protection/inte...
Regarding GDPR, citation needed - do you have actual links you can share to those claimed "recent interpretations", and whose in particular they are? I'd be quite interested to see them, if true ,which I seriously doubt - for the time being, as an EU citizen, my understanding is, and continues to be, that it's totally possible for US corpos to adhere to GDPR; it would just require some money and effort to be spent by companies that blatantly hoover and hoard personally identifying data in hopes of squeezing some monies from it. And having to spend some money on anything that is not an investment into more money in the future seems to always trigger over-the-top allergic reaction in corporations. Until they feel the teeth of real law in painful fines, when suddenly "impossible" things will magically become possible.
They're decisions by the governments of Germany, France, and Italy:
* https://rewis.io/urteile/urteil/lhm-20-01-2022-3-o-1749320/
* https://www.cnil.fr/en/use-google-analytics-and-data-transfe...
* https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/d...
So far they've just been enforced against companies that use Google Analytics, but the reasoning behind it has been that having users connect to a US server enables that server to know EU users' IP addresses (which are legally PII), which would be subject to US government subpoenas to collect such, and the US government has not agreed to handle data in compliance with the GDPR, therefore it's illegal to have users connect to any US servers. It has nothing to do with "hoover[ing] and hoard[ing]" data.
The only way for an American website to comply would be to form a separate company not subject to US control at all. However, at that point it's not really an American website, since no data or control can go to the US.
Theoretically you could use some international service to handle all primary routing and get users to waive their rights under the GDPR before connecting to your website proper, but I'm not aware of such a service at this time.
Doesn't seem so clear cut to me yet, but I see what you're hinting at. The first one seems about Google Fonts specifically, together with IPs indeed, but not mentioning US govt subpoenas at all (at least in the English translation of the abstract). Personally, I long believed Google Fonts are a risk from privacy standpoint and not really necessary, just easy - this seems to basically be reflected in the abstract and makes me quite happy. Interestingly, it seems to mention severity of the privacy abuse potential vs. benefit, which again sounds great to me. Now, the 2nd one mentions GA and subpoenas, so this becomes more tricky and I wonder what will come of it. Though for the time being, GA is exactly a target I hoped would be regulated, so again rather happy for now, though I see how this seems indeed a concern dealing with any US company. And how connecting the two (i.e. IPs as PII + US govt subpoenas) becomes a concern as well. IANAL, obviously, though. But interesting, thanks!
I don't really think being a good 'worldwide' business can exist when longterm there are conflicting views held by governments about what is right. The fact is some governments and societies values are objectively better than others
How does any of those things make it "essentially impossible for any US-owned or US-hosted site to comply with GDPR"? Is it legally required in the US, for example, to use Google Analytics?
No, but that's irrelevant. It's illegal for an American to host a home server with EU visitors for the same reason it's illegal for them to use AWS or Google Analytics. A GDPR-compliant website can't embed Google Analytics or Google Fonts or a US-hosted image because then the host could log those IP addresses and the host could be subject to a US warrant. Likewise, a GDPR-compliant site can't be operated or hosted by an American because then the operator/host could be logging visitor IP addresses and be subject to a warrant and be compelled to give the government the evidence.
> Likewise, a GDPR-compliant site can't be operated or hosted by an American because then the operator/host could be logging visitor IP addresses
Because you "could" be logging visitor IP addresses? First, why would you have to log them? Is this a legal requirement in the US? You can't serve a page over HTTP unless you log a crapton of stuff for the government? And second...I don't believe it's illegal to log IP addresses under GDPR as log as the user consents to it...or is it?
Yes, the EU says it's illegal if you could be logging them, regardless of whether you are or not.
And yeah, it's not illegal if a user consent to it, but the issue is that the user has to connect (with their IP address) to give you his consent or not. That's why I said theoretically you could use some international service to handle all primary routing and get users to waive their rights under the GDPR before connecting to your website proper, but I'm not aware of such a service at this time.
> Yes, the EU says it's illegal if you could be logging them, regardless of whether you are or not.
Wait, what? Where do they say that?
> That's why I said theoretically you could use some international service to handle all primary routing and get users to waive their rights under the GDPR before connecting to your website proper
Why would you do such a complicated thing?
US cloud act makes it impossible for any US company to both collect any personal data and be fully compliant with GDPR.
> If they ever decided to follow the law to the letter, most of the Internet would have to disconnect the EU.
Or those sites would have to comply with GDPR. Why is that not an option?
Because no US company can exempt itself from complying with US warrants. Thus, the EU always views data as being potentially shared with the US government. The GDPR prohibits even making a log of IP addresses if there's any US control over it.
I don't see how these multinational companies like Apple, etc don't end up with their own armies again like age old.
Apple HIMARS -- the missile pods have rounded corners (but aren't compatible with NATO standards).
Like Pepsi?
^^ Underrated comment of the year.
This definitely seems like a likely outcome, especially considering how the world has responded to GDPR: ignore it if you're out of the EU or throw resources at the problem to meet a bare minimum requirement (and cross your fingers) if you're in a country where it can actually be enforced.
After my ears bleeding from trying to understand the legislation, I know I'll be ignoring it.
> won't result in a renaissance for peer to peer
This horribly written law can easily be interpreted to apply to ISP's as well - so if the ISP is allowing these peer-to-peer systems that allow "unsafe" content to be shared, they're liable for it too, or they have to shut down the peer-to-peer systems.
Which again, is the point - to turn the internet into the easily regulable cable TV that they already understand.
> Which again, is the point - to turn the internet into the easily regulable cable TV that they already understand.
Unless the UK significantly increases its military capacity and sets up world government, they will not be able to shut down the internet. The internet will still exist. The best they can hope for is a great firewall / North Korea type situation which would require a much more authoritarian (moreover functioning) government than even the UK can muster.
1) The point isn't to regulate the internet, it's to regulate what UK citizens can see.
2) The great firewall was complicated by the design goal of accessing some, but not all, foreign websites. The UK could accomplish their goals in a day or two by just cutting all the underwater cables. That sounds like an impossible crazy thing, but so did Brexit a couple years ago.
The EU might see that as an act of war......
A large amount (if not the vast majority) of fibre optics from Europe to Americas, go though the UK and cutting them off cuts off the biggest parts of the world from each other.
Piggie in the middle submarine cables, not all go through the UK, but it is good to point out the covert politics & nationalism of entities providing tech services or infrastructure, strangely dominated by the US mil funded US tech sector. I wonder why?
The EU might also see the UK as an inspiration!
I do not think the European perception of the UK could accurately be described as "inspirational" at the moment.
The UK not. But if anything can be done against Google, Meta, Apple all ideas are welcome for the EU. Those don't pay enough taxes in the EU in relationship to the megaprofits they make and have no respect for the legal framework the EU stands for.
'Cutting' is extreme but the spooky filtering that is almost certainly already in place certainly isn't, as Chinese citizens are all too aware
It’s kind of you to say ‘even’ the uk could muster, but at this point functioning government seems a forlorn hope here.
Conservatives all over the world dream of setting up a chinese-style firewall in their countries. They are angry that it was first done by a clearly authoritarian regime which brings some resistance to the idea, but otherwise, in the name of fight against terrorism or child pornography, they would have set it up already.
From what I can tell it’s more the progressive wing of most countries who are pushing for authoritarian censorship of the internet. Just look at Canada
> ... it’s more the progressive wing of most countries who are pushing for authoritarian censorship of the internet
China, India, Pakistan, Saudi Arabia, UAE, Russia... Aren't progressive by any metric.
China is nominatively communist, the most progressive ideology in existence or at least in the running for the title. They even had one-child policy.
> China is nominatively communist, the most progressive ideology in existence...
There is no connection whatsoever between progressive social policies, and macroeconomic planning.
Denmark is an extremely progressive country, way more than China in all aspects, yet they run under a free-market capitalist economy.
I agree that the Liberal's current push to degrade Canadian's privacy is worrisome - and their excuse is "we need expanded surveillance powers to make sure your privacy is protected..."!?!
I disagree that this is a partisan thing however. Whether it's Canada, the UK or anywhere else it seems each party in power just pushes for more surveillance and more censorship, just using different excuses to justify their actions.
For example, Harper's conservative government put forth bill C-13 (online crime excuse) and C-30 ('think of the children' excuse), which arguably laid the way for much of the spying apparatus that is currently in place against Canadian citizens. And while Obama allowed the NSA's warrantless internet surveillance program, Trump extended it until 2024.
All governments want to spy on you, and all governments want to be able to control what you say, period. They just want you to beg for it first.
Both big government conservatives and big government progressives are pushing for more censorship. The only difference is the topics that they want to be censored.
(Side note: the American Republican party is big government conservatives. Their rhetoric is irrelevant - look at what they do, not at what they say they want to do.)
<Citation requested>
Is this common knowledge? It's the first claim I've encountered of Canada attempting Internet censorship.
It's a big topic right now in Canada.
Pre-Elon Twitter compared Canada's proposed regulations to North Korea and China.
>Newly released documents reveal Twitter Canada told government officials that a federal plan to create a new internet regulator with the power to block specific websites is comparable to drastic actions used in authoritarian countries like China, North Korea and Iran.
https://www.theglobeandmail.com/politics/article-twitter-com...
I googled it and found Bill C-11. Not going to dig deeper into it and confirm details, but maybe you didn't hear about it for a reason?
Yup. massive media black out on this. only know about it because a canadian youtuber/lawyer (runkle of the bailey) was talking about it
Thanks, I'm not living in .ca at the moment. I do believe Canadians appreciate their Internet freedom.
Progressives currently threaten internet freedom far more and it isn't even a competition here. They demand hate speech laws, people and content to be banned. They are just the new conservatives with their own dogma, sensibilities and aversion to free information exchange.
By conservatives, do you mean the same people who believe we should be conservative in our application of government?
Are you sure you are not speaking of liberals, who believe government should be applied liberally?
Not like any of them act as they speak, but if I am not mistaken, that's what the words mean.
> believe we should be conservative in our application of government?
No, they believe "traditional" systems should be retained (i.e. conserved).
> government should be applied liberally?
That is almost diametrically opposite to the use of the word liberal as applied to politics.
Conservatives are, by definition, people who want to conserve the status quo. They believe society is good as it is (or as it was in sine possibly imagined past) and seek to use the power of the state to prevent changes, and to revert any changes that are pushing society away from what they believe is the status quo. Conservatism has absolutely nothing whatsoever to do with "being conservative in application of government". In the USA, it happens that part of the status quo that many conservatives want to conserve is a weak federal government. In the UK, conservatives are typically monarchist, which is essentially the opposite position.
Either way, many conservatives are collectivists: they believe the needs of society and preservation of tradition outweigh the desires of individuals, and so they tend to be in favor of concepts such as the traditional family excluding gay people, the rule of mothers in child rearing being more important than the freedom of women to pursue careers and so on.
The opposite of conservatives are progressives, people who believe the status quo is not generally good, and who seek to use the power of the state to change the status quo in a direction they believe is progress.
There are also many collectivist progressives, and as such tend to want things like egalitarian schooling even if certain extraordinary kids may be kept behind, or supporting progressive taxation such that those who have more have to give more to the collective.
On a different axis, we have liberals, who are the opposite of collectivists. Liberals can be conservative or progressive, but they ultimately believe that the most important value is individual freedom.
An example of a liberal conservative is someone like Ron Paul. He believes the status quo is generally good and shouldn't be changed to much, except where he thinks government has over reached. However, he also believes government shouldn't involve itself in people lives, even to preserve societal values, so he tends to support the legalization of Marijuana and perhaps even gay marriage (though given electoral realities, in not sure of his public position on the second). Contrast this to a more collectivist conservative like justice Clarence Thomas, who believes the state should ban gay marriage and even sodomy and contraception.
The fundamental core of conservatism is exemplified in Chesterton's Fence, the meaning of which comes down to "make changes with extreme caution", not "don't make changes at all". The inverse of conservatism is the desire for revolutionary change, which is not the same as progressivism (though it's certainly a popular idea with some). Anti-industrialism (e.g. the Ludites) was conservative. Environmentalism can be conservative. Politics has muddied the true meanings of "progressive" and "conservative".
I've heard the fundamental position of conservatism slightly differently: "if something doesn't have to change, then it must not change". As such, the opposite may well be "let's change this and see if it helps".
But behind this fundamental position, there still lies the position that the current state of affairs is fundamentally ok, or very close to it (or if not the current one, then some previous one that you aspire to return to). You can't truthfully be a conservative while believing everything is rotten and always has been - you would have no reasonable reason to oppose change, even change for change's sake.
You don't need to believe that the current state of affairs is "fundamentally ok, or very close to it", quite to the contrary. What you need to believe is that the current state of affairs could be made much worse if one is not careful.
I think most people agree that through history we've made a slow climb up a mountain. And it's always easier to fall down, than it is to continue climbing. One could look down into the abyss and say "we must be careful not to trip", or one could look up at the top of the mountain and say "we must get there at any cost". In this metaphor I'd say the revolutionary would be looking at another peak in the mountain range and say "we must descend into the abyss if we want to make it there".
Two corrections:
(1) This is a good overview, but conservatives don't believe in the status quo for the status quo's sake. They believe that our traditions are highly optimized, essential components to living a fulfilling life. We don't even know why many of the rules even exist, the exact problem they solve has long been forgotten to history; so we should be careful when changing these rules.
There is an element of caring for your long-term health as well as the larger society, and raising the next generation of humans, which most everyone agrees with in some form (even libertarians argue that absolute individual liberty is what produces the best outcome for society). This not necessarily make you a collectivist, in the way that progressives push for labor unions, economic planning, and intersectionality.
What you're missing is a description of when conservatives support use of force to promote social values. Modern American conservatives think that rights come with responsibilities, that neither unfettered libertinism nor enforcement of responsibility with police power is legitimate.
(2) Clarence Thomas has never spoken from the bench about what laws the state ought to pass, he is careful to emphasize he is not a lawmaker and that is not his job. When he dissents in Obergefell and other cases that rely on "substantive" due process, it's because i legal rationale invented to uphold slavery in Dred Scott v. Sandford.
You are mistaken.
No, I am not.
Shorter version: Yes, you are mistaken.
Longer version: this is a discussion of a bill in progress in the British parliamentary system, where the current government is by a party known as the Conservative and Unionist Party, or "Conservatives" for short. This should not be confused with any colloquial meaning of the term "conservative" that might be familiar to you from American vernacular usage.
Note that political party names undergo drift from whatever they originally described over a period of decades to centuries. For example, the Australian Liberal Party is anything but "liberal" in the US context -- they're roughly equivalent to the US Republican mainstream in terms of ideology. Nor is the Australian "Labour" party a party of organized labour. Neither is the British Labour party -- it used to be, but the party leadership embarked on a protracted and mostly successful campaign to cut it off from its grassroots over a decade ago.
Anyway: the Conservative and Unionist Party has a very specific policy platform, which is described by the word "conservative" in British political discourse and which does not map neatly onto the American concept of conservativism because large chunks of American conservative culture simply don't exist in the UK. Yes, there are out-of-the-closet libertarians and objectivists and Christian dominionists in the Conservative party, but they're minor factions. The main faction can loosely be described as post-Thatcherite free marketeers, with a recent influx of hard-right racists and xenophobes who migrated en masse from UKIP, the UK Independence Party, after the Brexit referendum in 2016. There is no equivalent of the US Constitution or the Declaration of Independence, so there can be no equivalent of Constitutional Originalism in British conservativism. It's a different animal.
Another version: no I am not.
I'm impressed with how many people really do not understand the meaning of these terms. The idea that the US is culturally divided makes a lot more sense to me now, reading all of these responses.
> I'm impressed with how many people really do not understand the meaning of these terms.
When multiple people tell you that you’re wrong and no one else is taking your side, the rational response is to consider that you may be wrong. But, as humans, we sometimes lack the willingness (or perhaps ability) to do so.
It's a losing battle - people are wise not to jump in. I'm even restraining myself from providing my own reasoning.
"eppur si muove"
> Which again, is the point - to turn the internet into the easily regulable cable TV
It's a tad more nefarious. Say what you want about cable tv, but it doesn't track your every move.
Actually the cable providers can and do track everything about what you watch. There are also no rules or regulations about how they can use the data they harvest from you.
https://www.quora.com/Does-the-cable-company-know-what-I-am-...
Sure, but there is some limitation to what they could feasibly restrict. Tor with WebRTC bridges?
You could conceivably implement a fully encrypted p2p social network over WebRTC within the browser. You would obtain the app by simply visiting a website that hosts it making it nearly unblockable since anyone could stand up a page. Public key crypto could allow you to verify your identity or send private messages across the network. The hardest part is establishing the initial connection but since this can be done with a variety of methods I'm sure a sufficiently creative person could come up with something fun and easy for people to use. Maybe some form of steganography where you post an image to your social feed and others can point their phone's camera at it and get the SDP offer and then post the answer as a reply or something. A more automated method would probably be better but that's left as an exercise to the reader.
I've looked into this the other month. There are a number of obfuscation networks that have tried this to some extent (including IPFS and GNUnet), but I am yet to find a network that works exactly as you've described: where you can just access a "tor web portal" in your browser or something. I think an obstacle would be preventing fingerprinting inside a non-fingerprint-proof browser. You might be able to do this if you ported something like tor's fingerprint-proof browser to emscripten and have it render to an HTML canvas!
So far Tor has implemented WebRTC[0], but that's just for bridging to their main network.
[0] https://snowflake.torproject.org/
P.S. I've also considered the "decentralized p2p social media" idea myself, but mostly because I believe the ideas we have currently behind online voting, ranking and moderation are completely at odds with IRL discussions which are P2P and based on "forwarding" ideas to known peers (friends, family, community members, countrymen) rather than posting and ranking content with anonymous peers (which are susceptible to Sybil attacks). The fact that so much discussion takes place on corporate-owned forums (Including this one, regardless of how benevolent ycombinator may be) presents a major threat to democracy in general.
Instead of "liking" or "upvoting" a post on a centralized forum, why not "rehost" or "forward" a post on a decentralized forum: essentially seeding it like in BitTorrent or "pinning" it in IPFS. "Followers" of a user donate their storage and bandwidth to them, combating bureaucratic attacks like delisting and DDoS against popular users.
If you could port IPFS to run completely in a browser you would have this complete "pseudo-social-media" functionality. They have something called "IPNS" where instead of giving someone the hash of a file like in BitTorrent's DHT, you could give them a public key which you use to sign the latest version of a file that is to be fetched. The Public/Private keypair could represent a user's identity, and the file in this case could be a blog or account page which is updated with new links to the user's posts, or links to other user's posts.
So if you ported IPFS to work within a web browser, it would just be a matter of implementing a user-interface. Boom, social media solved. You could maintain parity between desktop and web versions by using libraries like libdatachannel[1] and datachannel-wasm[2]
[1] https://github.com/paullouisageneau/libdatachannel [2] https://github.com/paullouisageneau/datachannel-wasm
> The Public/Private keypair could represent a user's identity, and the file in this case could be a blog or account page which is updated with new links to the user's posts, or links to other user's posts.
I built a small proof of concept along these lines a while back. The implementation was similar to what you're describing with peers seeding and forwarding messages. I didn't get as far as name resolution since that's a tough nut to crack in p2p but building off of IPNS would probably be the way to go. The prototype worked but it wasn't very attractive to use since it was only good for passing notes and there are better services out there with more features. I think something like it would only be worthwhile building if there really was a concerted effort to lock down all social media in a fairly heavy handed way.
I keep hearing this but there is a big difference between the public facing platform and the pipe to my house.
Where is the law vague? Your ISP is not a platform. I feel like this is a scare tactic.
The law could create a precedent that leads to greater censorship in the future.
Don't worry, blocking p2p is the next step and is extremely easy to do.
China has done it already and it's very effective:
* Force every service provider to register their IPs and domains (for CDN use)
* Force every ISP to do stateful firewalling and block every attempt to establish a new connection unless the destination IP is on a whilelist maintained by the government.
Problem solved.
Wifi mesh nets in the city. Sneaker nets in between
Matrix over avian carrier
IP over Avian Carriers https://datatracker.ietf.org/doc/html/rfc2549
ants carrying ATM packets
Haha, how many bird roundtrips just to carry the protocol overhead? Might want to use something a bit more efficient...
But ... the Anti Avian Artillery?
Deploy the wifi bats!
I imagining a post-apocolyptic plot... nodes of dense dendridtic clusters consisting of low-range meshes connected to eachother via hijacked defunct, satellite ISPs
Autonomous pirate satellite internet
Men with guns.
Yeah, they can't 100% win. They don't need to. In fact, even if they did 100% win, they'd still find reasons to need to crush some people just to keep people reminded of who has the guns.
The “men with guns” bit cuts both ways, though.
Not in the UK.
I wouldn’t be so sure. Riots don’t require guns to have an effect, as the UK has seen quite recently. Point being: an analysis that draws its conclusion from the presence of state violence is incomplete if it doesn’t also consider violence on the part of citizens/subjects.
High altitude balloon laser net
It’s very effective because people just use (illegal) streaming services instead :-)
Otherwise one can run p2p over VPNs, like for many other things.
Exactly. P2P file sharing only died due to the advent of streaming services.
In ultimate dystopia, invite-only mesh(ish) networking, WAN Parties
"Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." - Malcolm Turnbull, Former Australian Prime Minister.
This is their attitude.
They will legislate to achieve the outcome they want. If that means making it criminal to use encryption without backdoors, they will do that. If it means making it criminal to use P2P technology, they will do that.
They have and will use control over mainstream infrastructure (Internet traffic, software distribution channels, etc.). Use of non-mainstream infrastructure will be made increasingly difficult and used as an indicator of guilt.
The more sophisticated the technical workarounds required, the fewer people will be capable of using those workarounds, and even fewer people will be capable of building those workarounds. Fewer people are easier to control.
TrueCrypt, Lavabit, etc.
While you're absolutely right that this is their attitude, what they will do, etc. The laws of mathematics steadfastly remain consistent despite your latlon and it doesn't matter what random idiot politician thinks about it.
This too will remain constant.
That doesn't really matter.
The point Turnbull was making is something along these lines: https://xkcd.com/538/
No, they can't change the laws of mathematics to make all encryption have a government backdoor. They don't have to, though. They can just legislate to make use of non-backdoored encryption criminal. And if they want to make generating random streams of bytes a crime they can probably do that too.
It's not idiotic, it's authoritarian.
Sure, they can make thinking of a pink elephant criminal, too. That doesn't mean it will actually be effective.
You don't think so? I worry that it will be very effective, that it will be passively accepted by the public, and that we will see widespread injustice as a result.
Sure, but that will happen no matter what given the public are idiots and the authorities are authoritarian. And that goes double for places like Australia where both of these things are particularly so.
And yet it will still be possible to ponder pink elephants.
at some point e2e encrypted comms will be grounds for getting swatted
don't think this is a bridge too far, covering your face in the presence of public CCTV got you fined/arrested the week before covering your face with feel-good masks was compulsory
don't @ me telling me it's stupid, I know it is, but this govt doesn't believe in free and private communications and it's working hard in progressively eradicating what's already out there, with full support from the main opposition party
Fortunately, where there is a will, there is a way.
https://www.sciencedirect.com/science/article/pii/S209044791...
only a tiny fraction of the people will bother with the immense overhead of steganography
it would much more practicable to resort to alternative channels outside the internet, like mesh networking using direct comms (typically ad-hoc wifi modes and other radio protocols to avoid the liability/detectability of cabling), sneakernet, IP over Avian Carriers - those are all cumbersome and rather slow typically, but still orders of magnitude better than trying to pass stuff over ISPs using steganography
With network enabled SoC's costing $1 and associated charge controller, battery and solar cell coming in around $5 I could definitely see a future where people roll out their own clandestine internets in order to route around the centralized and regulated internet. The simplest form of this is a single access point set up as a piratebox allowing people within range to connect and download/upload files. It could be scaled to a large mesh network covering an entire city.
"We will just use technology to bypass this bad law" is a very convenient position for a technology-focused group to take. It feels weirdly privileged to just say "ah we will abdicate ourselves from the problem by using ever more complicated technology" rather than working to improve the legislation to benefit everyone.
If you were taken hostage and had access to a teleportation device that would extricate you from the situation, but was extremely difficult to use such that the vast majority of people would be unable to do so, would you be ethically obligated to risk your life making it more easy to use so more people could get out, or negotiate with the hostage takers, rather than just making use of the escape avenue you have clearly available to you?
Why is obeying idiotic unenforceable laws any different to this when it comes to technology, aside from the obvious of the stakes being much lower? Although the way the world is going, that may not be a given in the future.
I'd argue it may even be worse when it comes to cases of governments who are nominally democracies making idiotic laws for their populaces, because at least theoretically, those populaces could have voted in such a way that said idiotic laws would never come to be, and thus their misery, the stupid laws that they're subject to, etc, are somewhat self inflicted, and for those that do dissent it makes even more sense to feel zero obligation to the greater populace given that. I personally don't really buy this because in my experience, what people want in a democracy has very little with what they end up getting, and the same people that will scream blue murder about the right to self rule when it comes to a national group, will scream just as loud when it comes to an individual in the exact opposite direction.
Sometimes technology is the way out. Sometimes the only way to fix the system is to create an alternative that circumvents it. Tools matter.
Improving legislation is a dead end strategy. Look at politics in the last 2 decades after 9/11. We have increased surveillance in every part of life. Sure, the largest amount of users doesn't understand or mind surveillance because the dangers are abstract right now. They will understand later when the owners of information use it against them. You could never achieve a success that way. We increase security without there being a problem, it is an intrinsic characteristic of old and aging democracies it seems.
No, the only strategy is to create realities just like the internet did with its inception, just like encryption was established. We would never have it if we tried to legislate it into reality.
Additionally legislation is completely ignored by state actors that put the population under surveillance. The battle for legislation was lost.
I don't think this sounds weirdly privileged at all. The trouble is people will solve problems typically through the path of least resistance. It's much easier to find legal loopholes than it is to try and comply. And contrary to the rhetoric, it's expensive and uncertain to simply buy law-making through lobbying.
Consider how hard it is in the United States to lay new fiber (and this is an imperfect metaphor). The ideal solution would be to get legislative branches to solve the telcos oligopoly problem. That has not and is not working. So what's happening? Wireless internet over LTE, and 5G being deployed everywhere. Route around.
Deploying 5G doesn't involve laying new fiber?
> working to improve the legislation
You mean like what the Pirate Parties, FSF, EFF, Mozilla, and countless others are trying to and failing? I never thought I'd see "well we have no political power to change things, but as disastrous as these laws are, for us specifically, maybe we can evade them for a little while longer if we're clever" described as "privileged".
It will probably just lead to a rise in VPNs to access services that block British users.
My immediate thought as well. As this law will apply to ANY service available to UK users the only feasible solution for smaller websites and app developers will be exclusion to avoid liability. So UK users will simply start using VPNs to by pass region blocks.
Ah, the familiar HN bubble, where people instinctively think of "simply start using VPNs" as the solution.
No; some tiny minority of UK users may do that, but the overwhelming majority will just use whatever services are "approved" (follow whatever rules they have to, to stay in the market) and remain available by default.
Loads of people in China use VPNs every day to bypass the great firewall and access foreign sites. They even rotate among many different VPN services when the ones they’re using get blocked.
I see no reason UK users couldn’t do the same. All it takes to get grandma on a VPN is for an enterprising grandson to set her up.
>Loads of people in China use VPNs every day to bypass the great firewall and access foreign sites.
For what it's worth, in my experience when I was in China it was trivial to bypass the firewall using a VPN service.
My twelve year old son told me very casually a few months ago that he had installed a VPN to bypass the schools internet filters. It was clearly no big deal to him, it sounds like that is what all his friends are doing. At home they are of course doing this to bypass any parent filters to allow them to look at certain content.
I suppose this is the new "google dorking for open CGI proxies."
Are there any YouTube users who still haven't heard of a VPN? They seem about as niche as TikTok at this point.
Funnily enough I had to explain what a VPN is to one of my kids this weekend.
But... if the need's there, people figure it out (as he's doing right now - for him it's something gaming related).
A VPN is a service that people who are not privacy conscious (which is most people) tend to only use if they have a particular need for it, such as circumventing a region block for some service they want to use. This isn't a very common problem for the average person living in Britain right now, but it's about to be. So I think it's pretty fair to assert VPN usage is going to become more common, as it is a pre-existing, ready-made solution to the problem millions of British people are about to have.
There are literally network television commercials that advertise VPNs now, and they've written software to make setup trivial.
I don’t think that’s the case. I know someone who has no involvement in anything technical in his entire life and is using VPNs and torrents fine. He can surely work it out if demand requires it.
Are you living under a rock? Do you not see whats happening in China? Go checkout youtube... You can see clearly what happens when the gov finally has total control... (after a few years of everyone bypassing, they will make using a VPN the punishable by death). First they did it with illicit drugs, created a wide wide laws to control the social classes, now the socail classes are easier to target more wholistically via the internet because everyone is dependant on it.
> If there is any hope, it lies in the proles.
Sucks to be us idiots that happen to be working on tech businesses in the UK.
I wonder if I can put an IP block on my own site and just ignore it all too. Dumbass country.
Congratulations Britain, you are now the Peoples Republic of China.
> Can someone explain why this won't result in a renaissance for peer to peer and e2e encrypted chat/forums/social media etc.?
Simple, because if that because popular, new laws will be drafted to ban all of that from all app stores for circumventing this or some other reason.
There are other methods of distribution than app stores. People didn't buy their copy of Napster from GameStop back in the day, they downloaded it from a website.
The logical next step would be to require devices sold in the country to only be able to use legal app stores, where "legal" is defined as "complying with the requirement to block any E2E apps without backdoors".
Everything is already in place for this, both hardware- and software-wise.
What, and mandate you have some authorization to maintain your ability to access software or to use electronics of any sort that doesn't have a compliant application store?
Nope, just ban importation of such devices. Existing ones will join the waste heap soon enough, and then why bother banning the activity if any device capable of it is inherently contraband?
> There are other methods of distribution than app stores.
And all of them are completely irrelevant because only us nerds would even know about them let alone how to use them.
> People didn't buy their copy of Napster from GameStop back in the day
Those days are long dead.
There isn't some magic bar of comprehension or indecipherable encoding. People will gravitate to acquire what they desire, regardless of prereqisites.
Which would be an absolute nightmare for any company in the UK that uses such things. Which I can't see going over well.
Facebook will be easier than what you mentioned.
Napster took off because it meant not spending 10 or 15 pounds or dollars or euros on a CD. THhe DRM came later, and what really killed DRM was the change in business model to iTunes with individual songs, the transformation of the 'star' from a face on a CD to a bigger product.
I certainly hope something results in a renaissance of truly private social spaces.
Yes there were risks, but zero oversight is how we built the internet byte by byte.
Anyone know if that “two computers talking directly to each other” patent has expired yet? Hard for companies to make those apps while patent-encumbered
It could mean choosing a life of crime if the regulations are too draconian. Now that your legit business enterprise can’t succeed because of Stasi tactics by the UK government, you are forced to go underground and build something to sidestep the measures.
"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." (A certain Cardinal Richelieu).
The truth is that we already are all violating laws, every day we live, mostly without being aware of them. That is exactly why there are so many of them. The only thing more draconian laws do is make people decide actively that they commit them.
Peer to peer needs a business model. E2EE social media involves storing tons of large binary blobs (images and video) for people, and they need to cover that cost somehow. Since it's already been established that social media is supposed to be free, a lot of people aren't going to want you to charge for it, no matter what advantages you have over other market participants.
Which appstore is going to allow apps that implement these protocols? They will just be forbidden. Back to square 1.
Because the bill will never pass. It will be quietly swept away when new Tory leader is elected.
I dunno. There's always a chance it's Braverman.
Fully agree with your point on the grey market aspect of things. I'm also curios about the actual implementations that they hope to see not to mention how they would hope to regulate "internal" chats and other internal communications channels which are, as far as I know, not in the scope of this bill. I had some thoughts on some of the many issues this type of thinking result in - https://psyonik.tech/posts/thoughts-on-the-uk-online-safety-...
TL;DR for the article: 1. Any technical solution will be imperfect and can potentially lead to hundreds if not thousands of cases being raised 2. Difficulties in clearing your name in the case of false flags (not to mention how this would actually be implemented) 3. No clear guidance on how such a system would work 4. A death to encryption services since any system that would entail some for of media transfer would be in scope 5. A grey/dark market place for custom software that will still allow encrypted communications run on VPSes/servers that might restrict UK access but could be accessible through VPNs that exit outside of the UK and thus wouldn't fall under the legislation (I think, feel free to correct me on any of these points ofc). 6. A host of other issues from overworked law enforcement trying to deal with the flood to the migration of individuals involved in any illegal activities far far deeper and thus more difficult to detect.
This is a clear as day example of what happens when people with no understanding of these topics (and many others, I'm sure economy, education and law enforcement is managed by people with no real world experience in said fields...) are allowed to legislate.
If UK government really cared about children, and not about surveillance and censorship, they would solve the problem another way.
The only way protect children online is to ban them from Internet. Children should not have access to normal laptops and smartphones, instead they should use "kid phones". Such phones would allow children to communicate only with people approved by parents or teachers and visit only approved sites. This way they will enjoy perfect safety which this Bill fails to provide.
Every site which wants to become approved, must fulfill all the requirements from the Bill and indicate this with a HTTP header. Kid phones and laptops should allow only to visit such compliant sites.
Kid-oriented phones and laptops must be visually distinctive: for example, have a shape of a cute animal. In this case teachers, parents or police will be able to instantly spot and confiscate illegal devices.
This is a win-win plan: kids would be safe and adults would be safe from government overreach. Obviously no government will agree to such plan.
The truth of cause, it is about control. The kids part is to allow for a moral panic that the government needs to "save the kids" from. It would be profitable if you could charge a monthly fee for a kids specific social network that parents had control over who the kids could chat to and what news they could read.
The funny thing is that if I created a phone that had a kids mode lock-down (with kids friendly appstore, social media, browser and education content) with a monthly fee and no-ads. The government would scream that I was harming competition and locking people out by daring to charge for a product that would be expensive to operate.
“We must do something, for the children, even if it saves just one life”
The great triple fallacy. Never wants you to stop for even a moment to think if doing something is a good idea if the some * we must do* is the wrong thing, if children be used for exploitation, and if not doing something could “save” more people long term than the feel good initial change”.
The problem I see with this is you are disadvantaged from your peers if you're the only kid without access to the internet. You can't just shield your specific kid from the world and then they go to school and their friends all show them tiktok/4chan/porn/gore/whatever.
We've crossed this line already, the internet is out there and everyone can access everything. Instead of being regressive and focusing on futile efforts like banning children from the internet (hint: never going to work), we need to embrace the new age we live in and adapt. I don't claim to know the answer, it is a difficult question on how to properly raise children in the globally interconnected world we live in, but I don't think simply closing our eyes and pretending the internet doesn't exist will solve anything.
I was born in the 90s, had access to dialup internet from since I was 5 years old, have seen all the horrors the internet has to offer and still turned out fine. I'm sure there is a way without censorship.
You can say the same thing about alcohol or cigarettes. Obviously, kids can find a way to buy them illegally but it doesn't mean that we should allow that.
I propose to make it illegal to help kids to obtain access to adult Internet the same way as it is illegal to help them to buy alcohol.
Alcohol and cigarettes physically harm you. As best I can tell internet access is no more harmful than gaming.
The two classes of risk are too different for the analogy to work.
If Internet access is not harming, then why do Bills like this exist?
Corporations like having less competition by putting up barriers to entry, old media disliked new media which carried over to big tech (and the inter-company PR wars have been brutal) and politicians like being seen to "do something" about whatever problems are in the news.
If ArkAngel were a real product and not just something from black mirror I bet we'd be seeing the same arguments in favor of it as above. Funny thing is, even in the fictional show they were aware enough that kids were sharing all the the crazy stuff they saw and the girl was just ostracized when she couldn't see it.
Exactly. But this laissez-faire approach is politically untenable. People would need to be distracted from that while simultaneously be empowered to educated their kids so they are able to deal with such content.
Okay, but what is the age bracket you are using to define a child? In the UK a sixteen year old is considered to be old enough to give consent in a sexual relationship. They're also old enough to enlist in the armed forces. Are you suggesting that sixteen year olds shouldn't be able to look up information about sex and war?
What about a fourteen year old that is feeling confused about their gender identity or sexuality. Are they not permitted to do some research or reach out to supportive online communities?
I've never blocked, monitored, or filtered my childrens' access to the web. I just parent properly, and try to make sure they are responsible users. You can't regulate your way around this type of problem. Kids will find a way around any barriers that are put in place, and to be honest, good luck to them.
> In the UK a sixteen year old is considered to be old enough to give consent in a sexual relationship.
Not quite. It's 16 unless with someone in a position of trust, e.g. your school teacher, social worker, doctor or care worker. A person under 18 cannot legally consent to that in UK.
> A person under 18 cannot legally consent to that
That's a bizarre way of putting it, isn't it? It's not as if the person under 18 would be committing an offence by giving consent, and the consent would still be valid for defending against an accusation of rape (as far as I know; see the Sexual Offences Act 2003).
> but what is the age bracket you are using to define a child?
At least 18, or more if local government considers it reasonable to raise the age.
> Are they not permitted to do some research or reach out to supportive online communities?
They are permitted as long as they use only compliant sites. Talking to random strangers about this is not a good idea.
> > Are they not permitted to do some research or reach out to supportive online communities?
> They are permitted as long as they use only compliant sites. Talking to random strangers about this is not a good idea.
"Stranger danger!"
I mean, when I was like 12 my friends and I got on BBS's and started to see naked pictures of beautiful women for the first time around 1991-ish. I mean at that point my computer was even more "adult" than my parent's usage of computers.
And yeah on AOL there were people that "lived near by and could hang out some time" but I already knew what a creep was... so.. why are kids these days so stupid? Is it because we treat them so?
As a parent, I don't think kids these days are any stupider. The tech has gotten easier for both good and nefarious purposes, and IMO the education around it has kept up. I think it's FUD that's leveraged (deliberately or otherwise) to influence and gain authority, more than anything.
I'm certainly biased as a more technical parent than most, but I don't think the average layperson knows that much less about the risks. If anything it's shouted from the news any time something remotely internet related happens, and people notice, because it plays on a pretty fundamental fear. I think awareness is up (not always in a good way) more than anything. There's a balance to strike between trying to make things safer and just teaching kids to navigate dangers that will always be there (and always be changing) and I tend to think these laws are a step or so too far into diminishing returns on making things safer. Even then, that's assuming we can even agree what safer means.
Only if you don't believe kids should have significant liberties (even in opposition to their parent's wishes) and also that a fundamental part of liberty is the right to make a bad decision that only harms yourself.
Should kids have the right to "ruin" their future by gaming instead of studying? Yes, and I think the solution should instead be to make it harder for anyone, kid or adult, to "ruin" their future by making it easier to get back on track at any point in life.
Only until you discover kids selling "adult phones" in the playground at school. This is as much as a parent problem as content author of a internet website. My parents tried, they installed web filters, everything. I still got round them.
I bought a BB gun at school, even a butterfly knife. I feel that it's education on how to use the internet that's missing. As well as finance.
Our system for our kids was no smart phone until ~14 and not taking it to bed until senior year. With all computers, each person has their own, in a shared family office. That and answering questions and talking to our kids about the internet, the good and the bad. No filters or other bullshit. So far (oldest is about to head to university) so good.
I plan to take it further. No smart phones at all until 18, and only a dumb phone (calls, texts, etc) whenever they start high school, or possibly a bit earlier if they're on public transport by themself. I see absolutely no reason for somebody till in school to need a smart phone.
Good luck with that.
I'm reminded of my own childhood years, where most families had television, but some didn't (because it would be bad for the children.)
Annecdotally the kids with no TV would visit, and all they wanted to do was watch TV. The ones who had tvs at home played outside.
In reality in environments where kids have phones, it's more important for your kid to have a phone, and learn how to use it, than see it as a forbidden fruit.
Plus of course the fact that you think your 17 year old doesn't have a phone is delusional. They have one. The only question is whether they share that fact with you.
I get where you are coming from, but scary as it seems children don't magically become adults, making good decisions, on the day they turn 18. They become adults by slowly learning how to handle the world, by being guided with each new step, by making lots (and lots) of mistakes.
The areas that you block off completely are the areas where they will be the least mature, the least able to exercise good judgement.
That's typically why "bans" lead ultimately to worse outcomes not better ones.
You will destroy their social life and make them outcasts. A smartphone is absolutely necessary to stay in touch with friends nowadays, everyone is using various messaging apps.
And a kid phone allows to stay in touch with friends (those approved by parents) without exposing a child to any risks.
Prohibition works and never has unintended side effects.
If you want to train your kids to lie and hide things from you, going too far in “their protection” is a good way to get there.
This sounds like what my religious nut parents would have done if smartphones had existed when I was a teen.
Their efforts to shelter me didn't work and caused me to feel guilt about seeking information about the outside world as I aged.
If you're really religious then you're not going to listen to me anyway, but if you're not then please reconsider depriving your children like this.
Nobody uses texts for anything, so they wouldn't be able to talk to anyone.
What exactly do you feel the need to protect them from?
Not protecting them from anything in particular, or maybe I guess you could say from themselves. Kids commonly have issues with impulse control and general irresponsibility. By 14 they seemed old enough to not immediately lose or break their phones. Not in bed is to try to lay a foundation of good sleep habits. Having the common computer room keeps the sense of 'being in public', which helps the impulse control part as your motivations work differently when you're alone.
If there is no obvious answer to such a question, you can always say Russians.
People posting on HN are both the least likely to be impacted by the stuff they're preventing, and the most likely to be able to find ways around it. I don't think the median child is going to be nearly as capable.
In my experience, kids will almost always find a way, or get someone to help them find a way, if they are sufficiently motivated.
We're actively discussing this at the moment, and the only solution we have is judicious bugging of a real 'adult' phone for the kid. If they're old enough to know Santa Claus doesn't exist, they'll also be old enough to know the phone company wasn't reporting on their naughtiness to their parents, it was just the phone that was rigged by their parents before they ever got a hold of it all along
Some kids can find a way to buy alcohol or cigarettes, but it doesn't mean that we should allow that for everyone. Adult phone should be discovered and confiscated by teachers or police if they see it.
You just came up with a better idea than the entire UK government ever has.
> If UK government really cared about children, and not about surveillance and censorship, they would solve the problem another way.
Like not allowing them to get off essentially scot free just by apologizing? https://www.birminghammail.co.uk/news/midlands-news/870-sex-...
(ironically, cant actually read that article atm because of the company firewall)
I personally think MOST legislative to do x to protect children is just BS reasoning to intrude on privacy.
This seems like the correct move. Legal culpability of the parents would ensure they only give their kids approved devices. The devices would get a govt kickback to the manufacturer and require 6 years of service, so the parents only have to upgrade their kids device once.
With respect to the politicians not turning up, it's worth noting that at least some of the candidates for PM are against the Online Safety Bill and want to scrap it. So for them, campaigning to become the next leader may actually be a more useful way to spend time than hearing what they already know.
It appears the OSB has become a victim of incoherent requirements specifications. It's grown enormously during its gestation period and is now trying to do way too much, including things that are self-contradictory. Some politicians recognize this, for example Kemi Badenoch:
https://order-order.com/2022/07/11/watch-badenoch-slams-onli...
but I recall others saying similar things. I just can't find the references right now.
Badenoch also has a degree in Computer Systems Engineering. She probably has a good understanding of the problems with this bill.
If I, a US citizen, started an online service that attracted Ofcom attention, what binds me to following UK regulations? The article mentions "extraterritorial enforcement", but what does that mean? Will the US extradite me to the UK if I don't put monitoring in place? Will I get arrested if I visit the UK? Will they try to sue me in US court?
I mean realistically if it became a problem I'd just IP-block all of the UK because they're small, but I don't understand what the legal framework for "extraterritorial enforcement" even is.
The Senior Managers Liability part means it's a criminal offence in the UK - so basically you could never visit the UK for fear of arrest.
as stupid as this sounds the US does the reverse already
In theory yes, in practice the US basically never extradites people to the UK and if they tried you would probably have a good defence (against extradition) under various parts of the constitution.
"From January 2004 to the end of December 2011, seven known US citizens were extradited from the US to the UK. No US citizen was extradited for an alleged crime while the person was based in the US."
https://www.whatdotheyknow.com/request/100739/response/25520...
https://www.telegraph.co.uk/news/politics/9237663/No-America...
Weird how it only goes one way, isn't it?
The UK is frequently reluctant to extradite to the US too - often on human rights grounds.
Well in this specific case it would be pants-on-head stupid because this person committed no crime while under UK jurisdiction.
Like how would it even work if Alabama made it a crime for anyone in the world to have an abortion, extraditions all around?
States aren't allowed to have treaties with foreign countries, so no country could have an extradition treaty with Alabama even if Alabama wanted to and that country agreed to it (in exchange for something has Alabama has to offer?).
It's not really weird. We have rights guaranteed to us in the United States that no other country has, so it makes sense we would not extradite.
The US extradites people, including US citizens. That is required from the federal government by extradition treaties that are signed voluntarily by the US (in exchange for extradition _to_ the US). It is uncommon because they require escalations through the Department of State and not many crimes are serious enough to justify extradition.
The US does not allow extradition to other countries for crimes, or the enforcement of civil judgements originating in other countries, that stem from conduct that would be constitutionally protected in the US. For example, a US citizen cannot be extradited to face a charge of blasphemy.
The US does not extradite for crimes committed in the US to other countries at least I'm not aware of any cases.
No, there is not a precedent for that AFAIK. But the US does extradite, as we don't have "rights guaranteed to us in the United States that no other country has".
I appreciate the candor. On my initial reading, I didn't get the scope of what you were saying; I agree.
...such as? For that matter, you don't think other countries have rights guaranteed to their citizens that the US doesn't have? The legal mismatches don't seem to be likely to make a difference here that could introduce a bias in extraditions.
> We have rights guaranteed to us in the United States that no other country has
Good god!
You really believe your own hype don't you? (I believe the American expression is "drunk the kool-aid").
LOL.
- Julian Assange
Is it?
I dread to think what this will mean for the free and open Internet - the source of much mirth, yes, and much dread. But that's just a reflection of the human condition. It should be just left be.
Another case of myopic, joyless stodges ruining what they don't understand.
I've paid enough taxes to this worthless, bloated institution that claims to 'protect my liberties' - is it too late to get a refund? Don't they owe me something for clear breach of contract? The 'social contract' isn't what it was when I was born!
Brits don't have freedom of speech AFIK. it was never in their social contract.
We had it through negative liberty, opposed to positive liberty. The approach was that everything was permitted except that which is forbidden.
So, instead of a 'right to' free speech, rather we _would_ have no laws restricting freedom of speech (libel and incitement excepted). This was the understanding that would've permeated Parliament, the courts, the palace, and the hearts and minds of everyone who understood it.
More or less, until 1997.
Until the Human Rights Act 1998 established it as a positive right.
> _would_ have no laws restricting freedom of speech (libel and incitement excepted)
This is optimistic ahistorical nonsense; the UK had a censorship regime until the Lady Chatterly trial. There has been intelligence service related censorship as long as those have existed, as well (see Spycatcher, Zircon). And let's not get into Northern Ireland. Nobody old enough to remember "Gerry Adams has his voice read by an actor" would claim the UK used to be a bastion of pure free speech.
Since HRA is just a bill, it can be trivially overridden entirely or on a case-by-case basis by any other bill, requiring only a simple majority in the Parliament, thanks to parliamentary sovereignty. So it doesn't really meaningfully protect anything.
Kind of a constitutional problem, but of course until Brexit it was guaranteed by international treaty. And still is in Northern Ireland:
https://www.dfa.ie/media/dfa/alldfawebsitemedia/ourrolesandp...
"The British Government will complete incorporation into Northern Ireland law of the European Convention on Human Rights (ECHR), with direct access to the courts, and remedies for breach of the Convention, including power for the courts to overrule Assembly legislation on grounds of inconsistency."
The ECHR does not meaningfully guarantee free speech.
> The European Court of Human Rights has upheld the conviction of an Austrian lecturer who suggested that the founder of Islam, Prophet Mohammed was "a pedophile" for marrying a 6-year-old child.
https://neonnettle.com/news/5449-austrian-woman-convicted-fo...
> Woman’s conviction in Austria for calling the Prophet Mohammed a paedophile did not breach her right to free speech, European Court of Human Rights rules
https://www.dailymail.co.uk/news/article-6316567/Woman-corre...
The constitution's amendments are different from other laws. Instead of restricting the people, it restricts the government power. It is there to make it harder for the government to devolve into a tyrannical one. The historical context (the US fighting against the monarchy of England for independence) is why it's there and it explains many of its regulation (including the right to bear arms, which was needed in order to fight against England).
The UK doesn't have it, which makes it a lot less stable, as seen in 1997
What happened in 1997?
I assume he means the McLibel case (https://en.wikipedia.org/wiki/McLibel_case).
There's a 84 minute documentary about it: https://www.youtube.com/watch?v=V58kK4r26yk
What happened in 1997?
The onset of Blairism, which accelerated all previous statist trends with a smiling face and suave media personality.
So we ended up with the Communications Act (2003) and its dreadful Section 127. As well as admission to PRISM, and making ourselves one of the CCTV capitals of the world.
And he's still taking aim at freedom from beyond the grave: https://www.spectator.co.uk/article/does-tony-blair-think-fr...
The Communications Act Section 127 was based on the existing Malicious Communications Act (1988) passed by the Thatcher government. And the UK has had plenty of other speech restrictions like blasphemy laws (abolished by Blair) to suspiciously broad offences against obscenity existing since time immemorial.
The Online Safety Bill is the brainchild of a Conservative government, included as a flagship commitment in a Conservative manifesto aiming to appeal to conservatively minded voters, a successor administration to the Conservative government who brought us the national porn block. Nothing makes it easier for such legislation to be passed more than revisionist nonsense about how the wonders of negative liberty meant we never needed any of the positive protections this law specifically supersedes and it's all the left's fault anyway.
Probably the Treaty of Amsterdam - one of the EU's more entertaining reads
https://www.europarl.europa.eu/topics/treaty/pdf/amst-en.pdf
The UK Human Rights Act landed in 1998. Schedule 1 Part I Article 10 covers "freedom of expression"
https://www.legislation.gov.uk/ukpga/1998/42/schedule/1/part...
Even prior to the Human Rights Act the UK was bound by Article 10 of the EChHR, it just wasn't directly enforceable by UK courts (one first had to exhaust domestic legal challenges and then bring a case in Strasbourg at the ECtHR)
What happened in 1997?
There is a noisy contingent extremely proud of that fact for some bizzare reason. I can only hope they are an extreme minority.
Err... you might want to give the ECHR a read, and in particular Article 10.
Woman’s conviction in Austria for calling the Prophet Mohammed a paedophile did not breach her right to free speech, European Court of Human Rights rules
The woman, named only as Mrs. S, 47, from Vienna, was said to have held two seminars in which she discussed the marriage between the Prophet Mohammad and a six-year old girl, Aisha.
According to scripture the marriage was consumated when Aisha was just nine years old, leading Mrs S. to say to her class Mohammad 'liked to do it with children'.
She also reportedly said '... A 56-year-old and a six-year-old? ... What do we call it, if it is not paedophilia?
https://www.dailymail.co.uk/news/article-6316567/Woman-corre...
https://www.bitchute.com/video/8KMsE7YCsR3t/
When this video is a criminal offence in the UK, you don't have freedom of speech.
Well said. Breach of social contract. The problem is that others think it is advantageous to close their mouth. Of course this is not possible by the laws of Nature.
Precisely. What cannot be said will find an outlet elsewhere. We'll soon find that having some potty mouths are far better than the alternatives.
I expect it means more "feudalism" in the sense of relying on frontends that handle things like age verification for you, in those jurisdictions that require it. Perhaps Cloudflare and Netlify will someday offer services.
> Or it would have, if the nine MPs across three parties who were scheduled to attend actually showed up. Only one did.
Everything else aside, if MPs don't show up for a scheduled meeting they should just be sacked.
How many of us can just blow off meetings like that with no consequence?
It should be noted this meeting was in the middle of a political crisis where half the government had resigned. I don't know who those MPs were or what they were doing, but I'm betting they suddenly found themselves overloaded with this crisis and this meeting fell through. It's not that uncommon for something like this to happen. I'm not saying it's great this happened, but it happens – MPs are humans too.
I wouldn't be so quick to judge in this case. I think the extremely high expectations and little room for error ("they should just be sacked") is part of the problem. If you bollock a child every time they do something slightly wrong they will learn to lie and hide things very quickly.
It just underlines what should be fairly obvious: that such official meetings are not how things are actually decided in representative democracies.
I mean that's even more explicit in a parliamentary system, where members are nearly always expected to vote the party line or face consequences.
> I mean that's even more explicit in a parliamentary system, where members are nearly always expected to vote the party line or face consequences.
yes, that is a feature (not a bug) of a parliamentary system. A complementary feature is that parliamentary systems tend to have representational seat distribution. So a party that wins 35% of the vote gets 35% of the seats. And those seats are expected to vote as a block unless there is an extreme question of conscience.
You could contrast with for example the US system, where the original intent was that the senators/representatives would represent their state, not the party. Worked well for a while. Now, however, they also follow party line or face consequences. But there are realistically only two parties, and the the "first past the post" system locks us into 2 parties.
> parliamentary systems tend to have representational seat distribution
> the "first past the post" system locks us into 2 parties.
What you say is true, but while we're discussing an article about the UK, it is worth stating, for the avoidance of doubt, that the UK also uses the First Past The Post electoral systems (for its national parliament) and therefore doesn't have a representational seat distribution.
Indeed, that may be part of the reason that such an extreme policy from such an unpopular party is being put forward at all. (The current government won 43.6% of the vote at the last general election, with 67.3% turnout, meaning it had the support of 29.3% of the electorate, but won 56.2% of the seats).
It would be nice if those who didn't vote actually affected the power of the parties. Not voting is a valid choice, it says, "All the options you gave me suck. Try again." Otherwise you run into a system where people start trying to calculate the delta between two evils and think we're making progress.
How do you see this work in practice, and wouldn't it just lead to calculating the deltas between three evils, the third being abstention? How would this be better than getting rid of the first-past-the-post system?
We saw this is the Netherlands a while ago. There was a referendum about whether there should be closer relations between the Netherlands and Ukraine, and the options were "agree" and "disagree", but many people who were in favor of closer relations chose not to vote at all, hoping that the referendum would fail to hit the minimum turnout. So the minimum turnout was hit, and afterwards they were all whining about it, because they disagreed with the result, but had intentionally chosen not to vote.
Your example isn't quite the same thing.
More or less, I want my lack of voting to be a signal to the Democratic party that, "Your vision is out of whack and does not serve me". Today, when someone doesn't vote the party and constituents try some mental gymnastics to put fault on people who don't vote as if they don't care.
Vote for an independent. Any one. Just to show you did bother to vote. If enough people do that, the major parties will try to win those "stolen" votes back by offering you what you want.
Some % of people don't vote because it's too much hassle. Not voting doesn't send a message, or more accurately it sends whatever message the receiver wants to hear.
I think voting is too hard, so it tells me that voting is too hard.
I'm a Conservative so it tells me the liberals aren't turning out because (as I know) their message is weak.
I'm a Liberal, so it tells me the exact opposite.
I think all politicians are bad, so frankly I don't care who wins.
You get the point. Not voting doesn't send a message. It sends every message.
Incidentally, if you care about the nuances within a party, then voting in primaries is where the real difference is made (traditionally also the voting with the lowest turnout.)
> yes, that is a feature (not a bug) of a parliamentary system. A complementary feature is that parliamentary systems tend to have representational seat distribution. So a party that wins 35% of the vote gets 35% of the seats.
Important context since this is about the UK: we don't have a representation seat distribution like that, we have first past the post. In the last election (2019) these are the results for each party with at least 10 MPs:
- Conservative Party, 43.6% of votes, 56.2% of seats (outright majority).
- Labour Party, 32.1% of votes, 31.1% of seats.
- Scottish National Party, 3.9% of votes, 7.4% of seats. The SNP only campaign in Scotland and win most seats there, which makes them extremely over-represented by FPTP.
- Liberal Democrats, 11.6% of votes, 1.7% of seats.
In 2015 UKIP got 12.6% of the votes, making it the third-largest party in terms of votes cast by quite some margin, and they got just one seat.
In 1983 the Conservatives had 1.5% fewer votes compared to the previous 1979 election, but ended up with 7.7% mote seats resulting in the largest majority in decades.
I think it's a real missed opportunity that the Blair government didn't change anything when they had a large majority in the 90s/00s. They said they would, but it fell by the wayside. The problem is that Labour always thinks this time it will be different and this time they will come out on top. And for a while they will, right up to the point they don't.
> You could contrast with for example the US system, where the original intent was that the senators/representatives would represent their state, not the party. Worked well for a while.
That was (and to a degree, still is) also the intent in the British system: you would primarily represent your constituency, not your party. This is why you have constituency surgeries where you meet your constituents, maybe address some concerns, etc. which are similar to the "town hall meetings" you have in the US. The US essentially copied the British system.
I don't know how well it worked in the past as I'm not that familiar with the history; in HMS Pinafore there's already a joke about it ("I always voted at my party's core and never thought of thinking for myself at all"[1]) which is from 1880 or thereabouts, so I'm guessing not very well shrug
It's natural for like-minded people with similar ideas to gravitate towards each other and form political parties for strategic and social reasons. In the US the founding fathers set up the system to work without parties, only to found the first political parties themselves a few years later, so that idea broke down pretty quickly.
> a party that wins 35% of the vote gets 35% of the seats
At the last general election to the UK parliament (2019), the Tories won 44% of the votes, and ended up with 56% of the seats - first past the post strikes again!
> And those seats are expected to vote as a block unless there is an extreme question of conscience.
Actually no. It depends on the "whip" guidance (in the UK)
> So a party that wins 35% of the vote gets 35% of the seats. And those seats are expected to vote as a block unless there is an extreme question of conscience.
Yes, essentially we can just keep the main leaders of each party and assign them everyone's votes from their respective parties (35% in your example) that "won" and get rid of everyone else and end up with the exact same outcome, except orders of magnitude cheaper and more expedient. If you're a member of x party and x party won, why are you actually needed if you're not the leader? Your salary, benefits, retirement and as well as every single person on your staff are all a waste at that point, because you're going to vote for x's position, which is decided by the leadership.
In that scenario you are one of those who chooses the leadership, perhaps running for it yourself, and helps decide what x's position is going to be (through party room / caucus processes).
> A complementary feature is that parliamentary systems tend to have representational seat distribution. So a party that wins 35% of the vote gets 35% of the seats.
lolnope, this is a FPTP country.
The last election, the Conservatives got 43.6% of the vote and 57% of the seats.
Even more extreme, although overall irrelevant, the SNP got 45% of the popular vote in Scotland, resulting in 48 out of 59 seats won in Scotland.
> members are nearly always expected to vote the party line or face consequences
Reason #2458729349 why political parties should be banned everywhere.
>How many of us can just blow off meetings like that with no consequence?
Parliamentarians aren't employees, they're elected officials and this meeting is a lobbying effort (the author being 'head of policy' for some web3/crypto startup) and representatives are accountable only to their constituents, who can 'sack them' in elections.
who also has skin in the game about being on the receiving end of the most horrific online abuse
Do people just not get educated in online literacy anymore? An adult getting abused online is like getting third degree burns because you laid your hand on a hot burner and refused to take it off. If people saying mean things to you is disturbing your groove so much you're calling it "abuse" maybe you should stop reading them. This is stuff from the first week of 1990s computer class in elementary school.
I don't think you've really experienced online abuse.
If you get in an argument with someone and they start saying nasty things, then it's simple to disengage. You just stop replying and you don't go back to the thread. In this scenario, your comment makes sense, but you should count yourself very lucky if this is the worst you've experienced.
Personally, I pissed off a cult leader and she sent her followers to harass me. They used email and social networks, among other methods, to send me regular messages accusing me of all sorts of horrible things. If I followed your suggestion of "stop reading them" it would mean I no longer check my email or social networks...
For those inexperienced with these matters, it may seem like I can just block the messages, but in many cases that's near impossible. A "professional" abuser knows all about VPNs and will just keep creating new email addresses.
I have, and he's right
also, learn not to overexpose yourself with your real id online, also from 1990s internet 101
the idiotic model of the 2020s with everybody posting their entire private lives with their real names and profiles that have their mugs in circles, and then proceed to broadcast hot takes they're afraid to get feedback on - it doesn't work and it's stupid
I'm not convinced the "solution" to abuse is to remain completely anonymous online.
It's not just a solution to abuse, but also protection from nasty governments and good infosec
What's wrong with it as a solution?
Seems a bit paranoid for one thing.
Also, it's unfair and cruel to put the responsibility for preventing abuse onto the abused. The person engaging in dysfunctional behavior is the problem, not their victims.
Sure, you can avoid being bullied by staying hidden all the time, and I guess that works for some people but it doesn't sit well with me.
the dysfunctional behaviour online is that of the 2020s, not the 1990s
the draconian legislation attempts we're seen now are the govt's weaponisation of 2020s dysfunctional behaviour to shut down the free internet wholesale and substitute it with a heavily surveilled and censored alternative that actually benefits from the child-like narcissism of the 2020s
Not a coordinated campaign like yours but I've been doxxed and had half a dozen death threats.
A "professional" abuser knows all about VPNs and will just keep creating new email addresses.
You had no luck with keyword filters? You have my sympathy.
Keyword filters simply don't work unless the abuse follows a very specific pattern that legit messages do not. It's not an effective method of curtailing abuse.
You're talking like someone who doesn't live in a hyper-connected, hyper-online society. The same poor argument could made to verbal harassment. "Put in some headphones!"
You don't have to be hyper-online or hyper-connected.
I spend time with people in person or on the phone usually. We, gasp, _do things_ like go to restaurants or go camping. Sometimes we all sit on the sofa in a big pile and share snacks and watch movies or talk about life.
It's nice. Sometimes I'm even alone and get to read a dead tree book or just enjoy nature.
What happens "on the internet" is of very low importance, slightly below my choice of socks or what brand of snack to get.
If you don't engage with the system whose regulation is being discussed at all, and don't care one way or the other, then volunteering this information in a discussion of the regulation and how it relates to the problems you don't have is the lowest effort form of decreasing the signal-to-noise ratio of the conversation.
and don't care one way or the other
Obviously we do care, otherwise we wouldn't comment. You don't have to be terminally-online to have an opinion about what we should be allowed to do online.
I would make that argument if I could push a button and make that person disappear from my sight and hearing. Ironically verbal harassment is much more protected. I'm free to get a group of people together and go chant "You're a cunt!" outside the Palace of Westminster.
Unfortunately headphones don't work that well. If it were possible to have whitelists and blacklists of people you could see and hear in real life then yes, headphones would be a solution.
While I don't disagree with you, it's important to remember that these companies spend billions of dollars to literally make their product addictive.
In school we teach kids how to be responsible with alcohol and drugs. But some still become addicted. The same applies to social media.
The difference is that instead of the pusher being some shady character at the back of the school bus, it's a massive company with marketing, public relations, and lobbying teams.
Sure, and doomscrolling, misinformation, and the constant need for external validation are horrific problems. I don't think they're quite on the subject when we're talking about people's refusal to disengage with online hostility. It's like trying to make it illegal for people to flip you the bird in traffic. Is it a nice thing to do? Absolutely not, but letting it ruin your life is completely optional. The same thing applies to people on Facebook telling you to go fuck yourself.
> An adult getting abused online is like getting third degree burns because you laid your hand on a hot burner and refused to take it off
This analogy is broken on quite a few levels. When did the internet become a hot burner?
The internet is not designed to get hot - it's not a cooking device. If your laptop consistently got so hot it burned your lap, you'd try to fix it, not say "of course it does that".
> If people saying mean things to you is disturbing your groove so much you're calling it "abuse" maybe you should stop reading them
There are laws governing abusive behaviour in person. Our society does not just advice people to "just not listen".
Why would you expect different principles to apply to online and in-person behaviour?
https://www.cps.gov.uk/crime-info/verbal-abuse-and-harassmen...
Why would you expect the internet to be governed by different laws to in-person behaviour?
Because you can't instantly erase someone from your perception in person to person interaction. Online you can even proactively protect yourself, such as by adding words and phrases you don't like to your blocklist. Suppose I decide I don't ever want to interact with someone who still uses the word "retard". My computer can preemptively block those people on my Twitter, my email, even pages containing the word on my browser. It takes only seconds to wipe entire categories of people and opinion from every facet of your online experience.
> instantly erase someone from your perception in person to person interaction.
As easily as you can block a message, so too can abuser create a new account.
Online harassment can be as persistent as in-person harassment - there's countless stories of people being continuously harassed. If it were so easy to block people online 'cyberstalking' wouldn't be such a big problem in the same area.
That's when you create a new account. The obsession with linking your real life to your online life is the most toxic change to internet culture since the web started.
Thank you. I see so many people here who seem intent on linking their online identity to their real life identity, a trend popularized by social media and which is in direct contravention to the common sense advice we used to give people: don't upload PII on the internet.
I understand many people rely on social media for professional networking but there's absolutely no reason why you have to use this professional networking account to trade verbal jabs with people on contentious topics, or confront trolls, or start political debates, etc. Make an alt if you want to slum it in the comments section. Again, this was common sense 20 years ago, and now seems like it's lost knowledge.
Exactly. I can't count the number of people whose professional output I greatly admire but who destroyed themselves in my eyes by being fuckwads on Twitter.
> The obsession with linking your real life to your online life is the most toxic change to internet culture since the web started.
Seconded.
As the saying goes; "What is the difference between posting something on the internet and a tattoo on your arse?..... It's easier to remove the tattoo."
Because that personal information you posted or 'offensive' joke you posted when pissed will stay around forever to haunt you.
all ephemeral, leave no trace or context
> If your laptop consistently got so hot it burned your lap, you'd try to fix it, not say "of course it does that".
Not if the fix isn't worth the price and will be abused to stiffle competition and for governments and companies to get control over interpersonal communication.
And yet people keep complaining about "cancel culture".
People saying things about you can affect you even if you don't read them.
No, it is not. Examples of online abuse that go well beyond "disturbing your groove" are well documented. Online abuse, like climate change, is proven beyond reasonable doubt and we should probably do something about both.
And every case of online abuse can be solved by returning to the pseudo anonymity style of the 2000s. Have an email address for just your friends, etc.
This is NOT regulation of big tech.
This creates a barrier to entry that allows ONLY big tech access to the playing field.
These types of barriers to entry already exist in other areas like the pharmaceutical business and finance. Now we're getting artificial barriers created in IT.
Sadly, the only safe way for startups to ensure compliance will be to block IP blocks of any country they're not intentionally doing business in. You will start by intentionally doing business in your country of incorporation, contract out with a consultant to ensure that you are meeting your compliance requirements in your local jurisdiction, and only expand intentionally from there. Sure, users can use VPNs to bypass IP blocks, but at least then you have a defense that the user "traveled" to a jurisdiction where you do operate.
Or - you take a leaf from the pirate's book and throw caution to the wind. Which will be pretty much the only way to get the growth that investors expect, even as investors will refuse to invest without at least the appearance of legal certainty of the first option.
This woman is a great writer!
This article doesn't really apply to anything I'm doing (at present), but I enjoyed the read.
The OSB has become a big bucket which UK politicians can point to and say "see, we're doing something". When faced with a question about the internet, the stock response of Tory MPs is to say "wait for the Online Safety Bill". In that way, it's quite similar to the situation before Brexit, where representatives would evade responsibility for policy by claiming that their hands were tied by Brussels.
Good example of why you need to fight even for big tech rights.
The “reigning in big tech” thing that’s been going on for all this while is really a ruse to limit citizen freedom while coming up with laws that only big tech can comply to.
I wish it was more widely recognized and understood by more folks.
>a ruse to limit citizen freedom while coming up with laws that only big tech can comply to.
Which law in particular?
Have you read TFA?
> If a British child could merely type your URL into a browser, the site is in scope.
Seems incorrect, no? The visit is more important than just typing URL. Worst-case scenario I will check your IP and if its in UK/GB scope, you will see "Unable to browse this site due to your-stupid-anti-blah-blah-UK-policy"
Well, they'd have to press enter. Once that happened, it sounds like you'd have to run through certifications to make sure that the phrase "your-stupid-anti-blah-blah-UK-policy" isn't potentially harmful to minors, and then also (at a minimum) put in business processes to make sure that the approved text didn't change.
Then, moving forward, whenever you changed any (unrelated) business process, you'd need to re-up your business process certifications.
The whole article is written like this - hyperbolically presenting the least generous reading she possibly can of the proposed law.
> [A pretty reasonable set of questions that companies must consider regarding how children might be harmed on their service]
> "you’re probably curled up in a ball crying"
No actually, I wasn't.
Filtering out the breathless commentary, the actual proposals don't seem that bad...? Certainly no worse than GDPR obligations and nowhere near the kind of regulatory compliance industries like Manufacturing, Construction and Medicine have to meet.
Admittedly I didn't make it to the end of the article because the tone was beginning to grate too much.
> presenting the least generous reading she possibly can of the proposed law
It's fine if you don't like the flourishes in her writing, but this is the correct way to read proposed legislation.
If the uncharitable reading describes the law enabling/preventing things in a way the authors don't intend, all they have to do is clarify the scope in the text of the bill.
The light least favorable to the drafting party is needed now. In 5 years when there are legal cases over the bounds of the law, the courts will use the text of the law rather that call in the authors and politicians that voted for it and check what they intended for the law to mean. Or maybe they would, I don't know how British courts work.
Tone aside, she does point out one clear way this bill does hurt tech compared to other industries.
The cost of entry into this space is really low compared to most other industries. You can very cheaply provide a reasonably competitive product.
One of the aspects of this bill that I do find worrying is that there are clear costs being added on that we're obligated to pay likely before we've validated the business works.
I do feel a lot of side-projects that could have gone to become viable businesses will never be released with this bill in place. Who wants to expose themselves to costs to try out a fun idea?
A lot of what she's arguing for could have been covered similarly to GDPR if there were carve outs for smaller entities, which would have been easy to mention, the absence of them lends weight to her assertion that the goal of this bill as it stands is to generally increase political control of the tech sphere.
Even if that control only extends to and harms UK businesses...
Do you think prosecutors won't use the least generous reading of the law?
If this applies to every site that hosts user generated content then that's nuts. When the internet first started, part of the appeal is that you could just make stuff without people looking over your shoulder, asking for forms, etc. Seems that the internet we created today is technically the same as the one from before, but now with governments throwing up red tape at every corner.
Makes me wonder what a site like HN would have to do in order to stay in compliance. While on the one hand HN could make the argument that the site is not geared towards children so this kind of stuff is not a concern, regulations will say: well TECHNICALLY a child could use HN, and TECHNICALLY a predator could message with them, and therefore there is TECHNICALLY a risk, so please pay up $20k/yr for compliance costs.
I use HN as a stand in example for many many sites and services out there. IMO, I don't think it will be that enforceable. Sure the big tech companies will comply, anyone that runs a smaller service outside the UK will just tell the UK govt to kick rocks if they come knocking (what can they do besides blocking the site in the UK).
If this bill gets passed were going to get the following:
- Big tech company scandal over CSAM.
- A heartbreaking story over some small time website owner facing prison time over non-compliance.
- Opinion pieces from the tech community about how it's a terrible idea all around.
- Puff pieces from non-tech outlets that praise the legislation without fully understanding the technical ramifications.
- Flame war between techies and non-techies over competing puff pieces.
We're also going to get the big companies triggering investigations of smaller up-and-comers to stamp out competition. Better Reddit? Think of the children. Better Twitter? Think of the children. Facebook without the algorithm? Think of the children.
Just like what we see with the DMCA. Cheaper toner cartridges? Think of the creatives!
Honestly this impact can't be overstated. If the bill passes I'm leaving the UK
I'll admit, I haven't read the entire article - but the obvious question to me - using your example of HN - what authority does the UK have over a website hosted in another country at all? They can pass all the rules they want, but how do they propose to enforce them on a company that does not operate in the UK?
If that was possible, wouldn't CCP or Russia be ordering websites all over the world to shutdown to control information they don't like be visible?
Our government can't enforce rules on foreign owned websites, but they can force ISP's to block them.
Which is fine, the UK users and economy will be the one losing really.
But hackernews does operate in the UK. I have accessed it from there before.
The UK government can't influence the US government (or any foreign government at all) to enforce their laws.
So companies can choose to comply or not.
You and I are probably violating several (severely) punished laws from around the world every day but the respective authorities can't do anything about it.
I wonder if it could apply to internal company systems. Like the corporate SharePoint or file server. And a lot of those kind of systems have external users also. If a client uploads some data do I have to scan it for illegal content?
right now or say 10 years ago til now, before the whole encrypted chats came into the picture, how many people have been convicted of CSAM in the UK, USA or somewhere else? is it in thousands? millions? if people were not getting convicted left and right before encryption, why is suddenly encryption the #1 enemy?
Because its not about the children, it never was.
In addition to this, if they actually cared about children they would up the penalties for crimes. In the US it is 4 years in prison. Let's make it 20 years per image. That is what Maxwell got for literally trafficking children. But hey, let's add some red tape to the internet, mind numbing.
Is sharing an image as bad as, say, destroying someone's knees? Because 20 years is the kind of sentence you'd get for deliberately doing that.
over the last 10-15 years there has been an open war on the early, wild internet model - not just from governments (early on it was just the so-called autocracies, now it's pretty much all of them) but also from Silicon Valley/Big Tech themselves
this will set a massive barrier for all but a few whitelisted giant entities to host user-generated content, and then it will be massively censored and used to prosecute people
> Makes me wonder what a site like HN would have to do in order to stay in compliance.
Easy answer: geoblock the UK.
It seems to me that the solution to all the woes of this bill is to just not allow any content to be shared. That basically eliminates this being a problem for 95% of all companies.
Correct, taking down all of one's websites is the easiest way to comply with this bill.
That, and hiring a large number of lawyers, paying regulatory fees, etc.
The bill covers this site... HN.
And it covers Stack Overflow.
And Mumsnet.
And basically any site that takes user generated content of any kind.
Content presumably includes prose.
Yes? Aside from some explicit videos, explicit prose is probably the most dangerous.
Yep, this is the point.
Prevent people being able to communicate except through a handful of controlled middle men who can spy on or block content the government dislikes. The end goal is complete control of the communication of its citizens.
The whole thing is so completely and utterly braindead that it must surely be an attempt to shift the overton window & subsequently pass something slightly toned down.
The article says:
"Is it possible for your site, service, or app, which allows content to be shared and/or people to communicate with each other, to be accessed by any adult or any child within the UK?
Then you’re in scope.
NB “accessed” doesn’t necessarily mean that a user can set up an active account on your service. If a British adult can merely download your app on the app store, the app is in scope."
However, the draft bill doesn't seem to say that. I found the draft here: https://www.gov.uk/government/publications/draft-online-safe... (and note that the article doesn't seem to link it, which seems odd).
The bill says:
"In this Act “user-to-user service” means an internet service by means of which content that is generated by a user of the service, or uploaded to or shared on the service by a user of the service, may be encountered by another user, or other users, of the service.
That seems reasonable to me. There are more details, but as far as I can see, the ability to merely download an app does not put it in scope contrary to the claim in TFA.
I now find myself doubting the the other claims made by this author.
Perhaps you missed the "which allows content to be shared and/or people to communicate with each other" phrase? That seems to be the author's phrasing of the bill's wording "content that is generated by a user of the service... may be encountered by another user."
A site or app that doesn't allow user content isn't in scope. But just add a comment section and suddenly you have this world of regulatory requirements with mandates to age-verify all users, which bars anonymity.
In practice this will end discussion and comment sections from all but the largest sites that can afford all the regulatory compliance.
> A site or app that doesn't allow user content isn't in scope.
I agree, but the article's author's phrasing, IMHO, claims the opposite.
> In practice this will end discussion and comment sections from all but the largest sites that can afford all the regulatory compliance.
My possibly contrarian (for HN) opinion is that the Internet's "wild west" approach of disclaiming liability when republishing and algorithmically editorializing content on a platform isn't acceptable, so I'm actually in favour of this. Otherwise we have people being harmed with nobody to hold to account.
If when tracking down an offender the offender cannot be found, then they're effectively being shielded by the platform, and the platform should be held liable. They shouldn't be able to have it both ways.
I don't think this would necessarily exclude all discussion or comment sections because I'm only talking about (my definition) a "platform". I would exclude "mere conduit" direct communication apps. This bill probably doesn't achieve the distinction and exception I want though.
>However, the draft bill doesn't seem to say that. I found the draft here: https://www.gov.uk/government/publications/draft-online-safe... (and note that the article doesn't seem to link it, which seems odd).
You're linking to the draft bill. Burns has linked to the actual bill as amended in the Commons: https://publications.parliament.uk/pa/bills/cbill/58-03/0121... (it's linked under the heading of "How to read this post")
Ah, thanks. Looks like there's not an actual bill yet, but there is a second draft bill.
However, I looked at the definitions in there and they remain essentially the same. My concerns still stand.
> Ah, thanks. Looks like there's not an actual bill yet, but there is a second draft bill.
No, there's definitely a bill. It's had its first and second readings and it's in committee stage in the Commons: https://bills.parliament.uk/bills/3137
The "has links with the UK" portion of the "regulated service" definition says if UK users are a "target market", or if the "service is capable of being used in the United Kingdom" and there's user generated content with a "material risk of significant harm" then it "has links".
If an app is available in an app store are the users who can access it not a target market?
I'm not really sure what "material risk of significant harm" means for the second qualifier but if it means "users can potentially post bad things" then that seems very broad too.
I feel it's telling that they had a need to make exceptions explicitly for email/voip/sms texting.
If it's not a "user-to-user service", then it's not a "regulated user-to-user service" either and therefore not a "regulated service". Whether or not it "has links" or is a "service is capable of being used in the United Kingdom" is therefore moot.
Surveillance and censorship by way of enforced regulation - Hello 1984!
The worst thing is, with the EU DSA coming in, a lot of this is probably completely unnecessary. So it creates extra bureaucracy, and gives the UK establishment a new boot to place on the necks of those that carry others' speech (and also pose a threat to traditional media), for very limited gain.
What is the current direction of that looking like?
As someone from the EU, with no money or anuthing coming in from the UK, why would I even care about this?
The GDPR has teeth only because the EU is big enough to make companies care. It is a watered down version from some privacy rights compared to the old laws in my country. But the old laws were ignorde by US tech because why wouldn't they.
So as the UK left the EU, they are now a small country in the computer world. I'll ignore its laws just as I ignore Afghan laws requiring women to stay at home or whatever country's laws to forbif gays from existing.
Yeah, this already happens to some extent with American and Asian sites blocking Europe and the UK because they don't want to deal with GPDR.
If this UK bill passes, I'd simply return HTTP 451 with a note that although the UK is blocked from my site, VPNs are not.
Promoting VPN usage could be construed by the UK courts as an attempt to commit subterfuge or dodge jurisdiction. They will not take kindly to this. You really want to make it perfectly clear that you want nothing to do with Britain as long as they have crazy laws on the books.
Related point: if you're intending to get out of GDPR, blocking the EU doesn't really help, because the law applies on the basis of citizenship, not territory. If an EU citizen accesses your website in America, that's still within GDPR scope. If you have EU business assets, ship things to the EU, or have any other ties to the EU, then they still have jurisdiction and you certainly still have to comply with GDPR.
However, the GDPR doesn't really apply if you don't intend to target Europeans(2)
And the GDPR is a way way more sensible law than whatever the UK is trying to do here, nobody will comply and no body will care, its only going to Hurt UK citizens and The UK's economy.
I care about privacy and really like what the EU has passed with the GDPR and DSA, but unfortunately we will have countries that does stupid things like this. Hopefully they aren't that important so no one complies.
> If an EU citizen accesses your website in America, that's still within GDPR scope.
No, that's not correct. You have to be clearly intending to (not just incidentally happening to) offer goods or services to an EU data subject.
> ship things to the EU
This wouldn't be enough to make the GDPR applicable. You'd have to be specifically targeting EU customers in some way, such as allowing users to pay in euros - not just incidentally selling some stuff to folks who live in the EU. Your other examples (such as having EU business assets) hold because they would make you an EU entity.
Targeting EU data subjects with goods and services is just one of two ways GDPR asserts extraterritorial jurisdiction.
The other is when you are processing personal data of EU data subjects that is related to "the monitoring of their behaviour as far as their behaviour takes place within the Union".
There's a recital that adds:
> In order to determine whether a processing activity can be considered to monitor the behaviour of data subjects, it should be ascertained whether natural persons are tracked on the internet including potential subsequent use of personal data processing techniques which consist of profiling a natural person, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.
Unlike the recital that explains the goods and services case, which talks about it only applying if you envisage offering goods and services in the Union as opposed to your site merely being accessible from the Union, the monitoring case doesn't seem to have any requirement that you are intending to monitor EU data subjects.
That's pretty broad as written. From what the recital says it even applies if you are gathering data the could be used for profiling even if you are not actually currently profiling.
As noted in the article at gdpr.eu that a parallel commenter cited:
> If your organization uses web tools that allow you to track cookies or the IP addresses of people who visit your website from EU countries, then you fall under the scope of the GDPR. Practically speaking, it’s unclear how strictly this provision will be interpreted or how brazenly it will be enforced. Suppose you run a golf course in Manitoba focused exclusively on your local area, but sometimes people in France stumble across your site. Would you find yourself in the crosshairs of European regulators? It’s not likely. But technically you could be held accountable for tracking these data.
> That's pretty broad as written. From what the recital says it even applies if you are gathering data the could be used for profiling even if you are not actually currently profiling.
I'm not aware of legal cases that have specifically hinged on this issue, but Soriano v Forensic News LLC (from 2021) touched on this clause, and seemed to doubt that merely collecting information (e.g., using cookies) without further processing it with the intent to profile would make you subject to the GDPR.
I didn't specifically mention Article 3(2)(b) - the clause you're citing - because the post I was responding to didn't really mention profiling in any way. Still, it's good to note that the legal landscape on this particular point isn't totally clear as far as I'm aware.
>Related point: if you're intending to get out of GDPR, blocking the EU doesn't really help, because the law applies on the basis of citizenship, not territory.
Argh, why won't this misinformation die? You are completely, utterly, 100% wrong.
The GDPR applies if either the data controller is established in the EU or the data subject is physically in the EU.
Article 3 (territorial scope) is incredibly short, read it: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:...
Yes and this may be a UK citizen on a trip to Paris
> because the law applies on the basis of citizenship,
No it doesn't. depends on location only. A US, or any other, citizen is protected by GDPR when they access the web from within the EU
As an American visiting the UK and the EU, I got to see what the GDPR has done to the online experience over there for the first time.
Wow, does that suck. I see about 20% of the "cookie track consent" popups Stateside that I saw browsing from the EU.
Well that's the websites problem, no body told them to include 50 trackers. And there are many filters to kill cookies banners. Also AFAIK now there is an enforced Reject All button.
It's also the user's problem because there aren't websites to go to that aren't showing those banners.
Well, except the big, commonly-used ones where you've already consented (or not). Facebook, for instance. It's like this law was hand-tuned to consolidate users into only visiting a few commonly-accessed sites to save themselves the UX annoyance at the cost of the broader Internet's discoverability.
I don't agree, many websites don't have it. Its a choice that these we sites that they want to still track everyone, and they are paying for it in bad UX.
It's the safest choice given the incentives.
So you prefer being tracked without you knowing rather than being asked and easily opt out?
Personally, yes. I think most of what the GDPR intended to accomplish could have been accomplished more easily by public education campaigns and broad cultural adoption of no-track plugins. That would have done a lot less damage to the user experience than naively assuming that if one pushed the educational burden onto sites, the sites would cease to do the tracking that triggered the educational burden rather than just bother their users forever with government-mandated information placards.
Especially given that what constituted "tracking" was so broad that a lot of sites took the "better safe than sorry" approach because it was cheaper than a full audit of their tracking and a lawyer to interpret whether, say, Apache logs that show IP address constitute "tracking."
If the article is to be believed, then simply ignoring this law would open your company's leadership up to criminal liability in the UK. This probably doesn't matter too much, assuming they never fly through Heathrow or something.
I mean you can just ban all UK IPs and be done with it.
Its clearly not a sensible law, and blocking users will send a clear message to them that they should complains about it.
According to the article, you'd still need to document the technical process you use to ban the IPs, and also the business processes you haven in place to govern the technical process. That all has to be sent in to the British government with a filing fee, and it's unclear whether even that is enough to appease their regulators or not.
Realistically, are they going to complain? I don’t ever remember a mass revolt over US websites blocking EU users because of GDPR.
The GDPR is a way way more realistic law, there is no comparison here.
Also the EU is a way bigger user base than the UK, and being complaint with the GDPR is actually possible without needing to pay anyone anything.
I think the affect of this law is going to be way bigger than the GDPR.
Imagine if they fly through Stansted. That's a punishment in itself!
Doesn't matter if they ignore the laws as then they have to pay fines which bolsters the Treasury anyway. It's win-win. That's why the EU itself loves to regulate in this way because dishing out tickets to American big-tech is a big money spinner for a superstate that is fast running out of money. The real problems start when these fines are being seen in the halls of power as disruptive to trade; as then it becomes a bilateral political issue which can of course blow up in a full blown trade spat very quickly.
Also your example of ignoring Afghan laws on women doesn't work. If you tried to setup a business in Afghanistan that was say an online tutoring programme tailored for Aghan women. How quickly do you think your DNS will get pointed to 0.0.0.0 on the Afghan internet? And how quickly will they seek to prosecute you as a director of that business? As a foreigner living abroad, you'll probably be fine but you won't be making money from your target market. So you're finished. The law worked and you didn't ignore it.
the louder someone tells me in advance they don't care, the more they care about something going on here, and in your case its to talk about the EU and the UK. This was an article about the UK, if you didn't care you didn't need to post here at all, just as people from the US don't need to post to say "I'm from the US, why do I need to care about EU laws?" you don't, but you also don't say anything intelligent about it by saying you live somewhere else.
Posting to say you live somewhere else and don't care about the article doesn't contribute to any intelligent conversation, and usually means you do care about something involved, strongly, but aren't willing to say so.
But it does. Laws like this tend to spill over to other countrys, unless the politicians in question have to tiptoe away from the mess they created. So one way to fight this law is to make clear the rest of the world is not going to play along.
So as a person, I of course do care. The UK used to be fairly good concerning human rights, privacy, cooperation, ... This represents another step back. So the best thing to do is ignore this insanity as good as possible.
the rest of the world is not a monolith, and nobody speaks for the rest of the world in aggregate, so 'making it clear' doesn't matter. They left the EU so they could control their own laws, I don't think someone from the EU being childish about "I live in the EU, I don't care" about UK law makes a persuasive statement about politics.
So as the UK left the EU, they are now a small country in the computer world. I'll ignore its laws
Laws like this tend to spill over to other countrys, unless the politicians in question have to tiptoe away from the mess
Pick a lane.
These are different things.
You can ignore its laws by blocking users, and clearly saying you won't comply with such stupid laws.
Being concerned that this can spread to other countries is a big reason why you have to be clear about not playing along.
Here's something novel, then: I've lived all over the world, but I wouldn't step foot in post-Brexit, xenophobic Britain if you paid me. I'm reading this gleefully thinking of ways to flout whatever implementation is settled upon, while homegrown British companies rot. I am, in fact, rooting for your economy to utterly collapse.
Out of interest, have you seen the list of potential future PMs. I would say it is far more diverse and less xenophobic than most European countries.
But yeah believe what makes you happy. Just don't let the hate get to you to much.
At least one of whom has stated that the bill in question would not be taken forward under her leadership.
AS an australian, i am sick to death of dealing with the legacy of the UK and wish nothing more then this to come true. Unfortunately, the UK is the worlds offshore banker, makers of the tax haven scam. Thats how they maintain their power post colonialism.
Which of the candidates aren't British?
In perception polls on xenophobia across Europe, UK scores very well. Here is a report from the EU from 2019:
https://fra.europa.eu/sites/default/files/fra_uploads/fra-20...
As I said, its not that you don't care, its that you care very very strongly, but wanted to pretend you didn't care, which was why you posted to say 'but I don't live in the UK' as if it was relevant to anyone but you.
You're responding to two different people as if they were the same person.
didn't notice, but again, same thing with both of them. "Here are some laws in the UK" - they respond with "let me tell you about the UK, I don't care about it but here are the reasons why I care..."
> So as the UK left the EU, they are now a small country in the computer world.
Umm yeah no. Perhaps regulation wise but no, the uk is not a “small” country in the “computer world”.
What else would it be? There's about 67 million people living in the UK, compared to the 447 million in the EU - depends on your definition of "small", but our company will likewise ignore any specific UK regulations. The handful of customers there isn't worth any additional overhead compared to the EU+US.
Of the countries in the world, the UK ranks sixth in GDP.
The problem with that measurement is that top GDPs fall off quickly. While the UK is the sixth, it's only around 3-4% of the global GDP, and while I can't find values from the same year at the moment, likely has a lower GDP than California. The EU is around 18% of the global GDP; the US, China, and EU together make up around 65% of global GDP, and each of them has at least triple the GDP of any other individual country.
Most of that money is bound in the financial industry, though. Unless you're in the sector, the GDP rank doesn't matter much for doing business with the UK.
The UK exists right now as a shell company City of London who are the tax havean bankers of the world. The UK knows your financial secrets, and thats how they keep themselves relevant.
Perhaps we should be counting computers, rather than people, in the "computer world". Although I am not saying you'd come to a different conclusion.
A quick search suggests the UK digital market was nearly $50 billion on 2021.[1]
1. https://www.statista.com/topics/7208/digital-economy-in-the-...
It has fewer people than Germany, and only low double digits compared to the EU.
With this legalization I would IP ban the UK, then grow the service and look into opening up for the UK when my service was big and the lawyers didn't matter.
Typing this using a british designed arm cpu powered phone using the protocol made by a british guy on a forum cofounded by a british american venture capitalist. But the UK is “small” in the “computer world”. Perhaps we should ban german IP instead so we can read less about german nationalist pride and instead focus more on what makes countries competitive and what not in modern tech.
I think (as a Brit myself) you're being overly defensive and inferring insult where there was none.
Suggesting that the market size of the UK might not be big enough to make up for the costs of complying with a law like this is not at all the same as saying that people from the UK are not capable of making using industry contributions.
You are right i am overly defensive.
The term small used by op can also be read as a pejorative term meant to describe uk’s would be weakness post brexit - often used by a small but vocal number of eu citizens that like myself (a uk person as well) have been against brexit. And i’ve it read as such.
The uk market may be small in size in comparison with the whole of the eu, but the uk is by no means a small player in the “computer world”, whatever that means.
Indeed due to its size it may not hold much legal clout over the eu, and the eu being protectionist as it is it might even seek to punish british isps or web companies by the excuse of having different laws. Thats not in anyone’s interest and it reflects poorly on the eu and on those people here proposing a ban on uk ips because of some silly laws. I despise the mindset of those who only seek “sanctions” and “punishment” instead of actual solutions and are constantly spewing nationalist nonsense as if, say, germany isnt full of crap and a root cause of quite some major issues on the continent right now.
So yeah I am pretty much bored by all this nonsense. How can we fix the issues that such legislation is causing? Before the righteous ban our ips - not that we’d lose much.
That is all well and relatable, yet those „silly laws“ you mention explicitly state that I am committing a crime in the UK, while my business is perfectly legal in most other countries. They even mention these laws being enforced extraterritorially, which I’m sure they’re not going to be able to do, but I’d like to go on vacation in London some time again, so there’s that. Effectively, my choice is to skip on the few potential customers the UK has to offer, or risk legal trouble. I’m not sure why anyone would risk that for the comparatively small market of your country: Banning British IPs seems to be a valid, cheap, and low-risk solution to overreaching legislation from a single, unstable government.
That isn’t righteousness, it’s simply taking the most logical step to protect myself and my company.
I am not pretending that Britain hadn’t done interesting and important things in the past. I am saying that only a small number of people live in the U.K. jurisdiction and so it is worth a comparative amount of admin.
yeah that's all good for you but it doesn't change the fact that the UK is not that big of a market to cause all this trouble
We're all sitting here shaking our heads wondering how we got here.
The answer is we demanded it.
Instead of parents taking responsibility for what their children see on their phone, we tried to push a parental responsibility into the service provider, that they're simply unable to logistically comply with.
This is the end result of trying to solve a problem in meat space with legislation. Everyone that sat around going "Hurr hurr XKCD! Slippery slope! Seat belts and road safety!" are complicit.
One of the candidates for the Tory party leadership has already spoken out against it. I get the impression its not that popular and might well be scrapped or dropped.
I found the comparisons to the EU privacy regulations a bit annoying. I think the article would be stronger without them. I think they give too rosy an impression of the EU regulations (which can also be bad or burdensome) and that makes me think the U.K. regulations are less bad (rather than that they are so bad they make the EU regulations look good, I suppose).
Just ignore it - if everyone ignores it it will be impossible to enforce.
Whilst this draft bill is laughable and outrageous, isn't a similar concept in the making for the EU? One not emphasizing children but copyrights and such instead? Article 13, I think it's called.
I consider them conceptually similar because in both cases it means that permission-less publishing will ultimately die. Right now the consensus is to allow publication, after which a reasonable effort is made to moderate, including the typical "report" function where you correct after publication.
It looks like we're swinging in the direction where whatever you publish (by means of your users) makes you fully accountable hence the only way to dodge that legal liability is to pre-check instead of post-check.
There's some hope in the sense that none of this can actually work nor is it enforceable. GDPR is a fine example of that. In my country, privacy authorities are a few hundred in staff only. When you report a violation to them, absolutely nothing will happen. They're 2 years behind and the cases they do handle almost never lead to any kind of verdict. No government is going to add thousands in staff just to regulate cookies, as surely they have better things to do with a budget. As such, the strategy seems to be to occasionally make an example out of a few by applying severe fines, just to scare everybody else and remind them that this legislation is a thing.
Let's also not underestimate the ability for people to revolt. If memory serves me well, article 13 had a modification so that people can continue to meme, lol.
> In addition to the risk assessments, you will have administrative compliance obligations to Ofcom as your content regulator. [long list follows]
So everybody around the world could and should register with them and basically perform a DoS at that very first step of the process?
The extra-territoriality part is interesting. It's still part of the post-Brexit hangover. GDPR got enforced globally because a) it covered 500 million rich europeans so you could not ignore that market b) it was the first and not insane.
This is insane - and worse the UK is just, just small enough that you could if you wanted, turn off the service to those geo-IPs and carry on.
I wonder. If any non-English speaking country tried it, it would almost be guaranteed
What is the mechanism that allows it to apply extraterritorially? How can they make me comply?
Arrest you when you change planes at Heathrow. It's nuts; most of the Internet will be locked off from UK users.
First they cane for my cookies and I said nothing because I just had to shill 30bucks...
Do you think non-giant non-UK websites will be just ignoring this, even though theoretically if their website is accessible to those in the UK, the UK wants their compliance?
My belief is that the open internet began to pose a threat to those in power, they now seek to divide the internet back up along national boundaries via absurd regulations in order to for the traditional institutions to maintain their power. We are already seeing it with many sites being unwilling to deal with the compliance headache of GDPR and just blocking European users, plus it seems like half the internet is off limits to China because everyone blocks Chinese IP addresses because of their bad behavior.
Ultimately the only people who benefit as the internet gets more and more locked down and more and more regulated is the people at the top who are able to reassert control of the information those unwashed masses receive.
TBF, it's not just those in power; there are differences between nations (in terms of both culture and rights perceptions), and a lot of policies like these have popular support as well.
From the American point of view, the entire EU has bought into something very heavy-handed in terms of the GDPR, but IIUC the GDPR is pretty popular in the UK (though full compliance with it technically requires one not even run a default-configured Apache server).
I think its really unfair to compare the GDPR with this, the GDPR is a good law, which is actually possible to comply with and has reasonable limits to where it applies[1]
> As with the previous post, this is tremendously long: 4100 words. There’s really no way to make it shorter.
There definitely is.
What do each of the Tory leadership candidates think of this bill? I'll back anyone who'll scrap it.
Kemi Badenoch seems to be anti.
British politicians envy the spying, I mean, access American politicians have on private stuff traveling in US big tech.
They want their cut. At least about their own cattle, I mean, they surely see British people as.. people?
As an American who has no desire to visit the UK, is there any particular reason I need to care? The article says it would affect me but they don't have any jurisdiction over me.
When this bill passes, I am going to do everything to make my internet traffic hard to track. Mainly as a FU to this country.
hmmm how many countries are there 180+? must be fun to be compliant to all of them. Either rules should apply to only within the country or be handled by international organization. About time we created lawmaking internet committee, there are many for technical standards already.
> Online Safety Bill, plus amendments as was published on 28 June 2022. Unfortunately, it is only available in PDF (that link opens up the document, which is 230 pages).
The total size of legislation should be constitutionally limited. So that if someone wants to add 230 pages of new legislation, he should point to other 230 pages of the older legislation that should be eliminated.
So I think.
What happened with GDPR: Some small independent hobby bbs/forums got worried, closed down, and members moved their discussions to facebook.
The safest tbi g to do is cut off access from the UK to you web-site or -service.
I like how the English write. Maybe it's because it was originally their language and so they teach it well in their schools.
As an American, I rarely see young people able to write like this anymore.
On the topic: are they trying to kill their startups? Because this is how you drive startups out of the UK.
Does anyone have a tldr? Respectfully to the author, I don’t have the patience to read through this blog post full of metaphores and anecdotes. So what happened?
tldr: In the name of "protecting the children," the British government wants to create an ultra-efficient police state so they can instantly hoover up information about every British user of the Internet, on a scale that would make the Chinese government blush.
Like the Chinese, they propose to put executives of ISPs and websites in jail if they fail to assist the government in the creation of this police state.
Unlike the Chinese, part of the plan is to make a few companies [more] fabulously wealthy: Namely the biggest tech giants like Alphabet and Meta who can afford the enormous costs of compliance, as well as certain homegrown British companies who specialize in estimating a user's age by using AI to analyze the size of a user's head in a webcam image.
Super-important points:
1. This is not about "adult content" websites. It covers just about any website that uses technology more advanced that static HTML files, regardless of content.
2. The provisions apply to any website worldwide that can be accessed in Britain.
3. The provisions make it effectively impossible to browse the Internet anonymously in Britain. The government also wants browser makers to make special British versions of browsers to assist them in deanonymizing users.
4. The cost of compliance for any small business will be so astronomical that GDPR compliance will seem trivial by comparison.
Thank you. This seems like an extension to the already existing TELECOM laws across EU, where the companies must provide customer information if requested by the gov. I think I recently saw something about "web hosting" companies in EU being forced to provide customer and user data on request as well - but this one didn't really make the news.
Orwell was prescient.
> What I’ve come to realise since then is it’s not a joke. That’s the intention. Make it too prohibitive, risky, or impossible for public discourse to flow on smaller platforms and services; require the larger ones to become speech police and societal monitors
This is, I believe, also the intention behind the calls to repeal Section 230. It takes politics back to the simpler age where there were just a few entities deciding what the public were talking about, and they could be reached with either a bribe or an arrest warrant.
For a lot of politicians, who don't understand social media and mostly receive criticism on it, I can imagine them not caring if the costs of pre-screening all content ended up making social media accounts require annual payments. That would have the immediate effect of removing anonymity from users, and limiting online comments to people with disposable income (who could be profitably sued for insulting politicians).
I don't know about intentions, seems like the intention behind a ton of this stuff is to "protect the children", or "fix a problem" etc etc, but there just isn't enough awareness of possible side effects - not unique to tech legislation - just look at the policy ratchet of "you can always run by being tougher on crime, very hard to run on being not as tough"
--
and arguably there is also some interaction with tech companies doing malicious compliance as well which generally means that the original intent of the legislation gets lost and user experience further degrades (cookie popups anyone?)
--
I think it's too simplistic to make this a "politicians want to control the discourse" - there's always a bunch of tradeoffs in these things, and arguably the edge cases /are/ the base case (anyone that has done content moderation for a reasonably large community knows that it is very hard to make any sort of blanket rule, even if you have blanket rules)
It's a good mental practice to always be aware that stated intentions and actual reasons are entirely separate things.
They do sometimes, mostly by chance, coincide.
The advanced level of this is to be aware this applies even to your own actions.
A great book to realize that the reasons people give for what they do are not the real reasons is Elephant in the Brain
https://www.amazon.com/Elephant-Brain-Hidden-Motives-Everyda...
A great book to realize that the reasons you give for what you do are not the real reasons is Strangers to Ourselves
https://www.amazon.com/Strangers-Ourselves-Discovering-Adapt...
Yes, I learned much of this from Elephant In The Brain. Biggest shock to my belief systems this century.
May have to read Strangers to Ourselves as well.
The super advanced level is to realize it applies to all of your /thoughts/ which is mostly a pattern matching brain and personality built around the ways it found to make sense of some things justifying the chaos in retrospect :D
Correct but this is a different phenomenon. You are talking about post hoc justification for your behavior, where your brain is very good at making up stories that have nothing to do with the original motivation.
I believe GP is referring to the fact that the true aim of much of this legislation had nothing to do with protecting kids from the beginning. They use that rhetoric because it's easy to get people on board and much more difficult to explain the real world implications for security.
I didn’t get that impression. You’re not wrong that something can be justified “for the children” but have an ulterior motive. But I think what’s being argued is that the initial motive is actually honestly for the children and that that goal blinds people to the reality of how bad or pointless or even perversely harmful the proposed solution is.
I think it's a mix of cynical PR campaigns and honest activism, and I'm not smart enough to say which is the biggest factor in each instance.
Separately, the honest activists are often lying to themselves, in the sense that their real motives are not what the they tell themselves and others.
That's not intent, that's pretext. Pretext is the justification you tell people to get them to agree with your plan. Intent is the effect you actually want it to achieve, which you don't tell people. It is important to distinguish between the two. I think the intent of most laws is "Get me reelected," and that is where we need to discuss Perverse Incentives of professional politicians. Reelection pressure is clearly not working as an incentive for keeping politicians focused on the public good.
>That would have the immediate effect of removing anonymity from users, and limiting online comments to people with disposable income (who could be profitably sued for insulting politicians).
This must be what they meant by "Singapore on Thames" coz it's certainly not about good economic policy or building enough social housing.
This is absolutely the intention.
Western Governments are looking to control the discourse and are following the footsteps of China.
Honestly sad to see the web move in this direction :/
To be fair re Section 230, the interpretation the court have of it is... wildly on the side of the platform. In particular, it allows a company to wiggle out of its TOS if it seems the TOS could be construed at being more stringent than Section 230.
There is definitely some change to do to section 230. I do not think it needs a repeal, but i do think it needs some rethinking and probably some more regulation on privacy and safety.
Bullcrap. There is nothing to wiggle out of because they don't have any actual obligation. Terms of service are a mutual courtesy and not a legal contract. They cannot have you arrested or fined for posting swears on their Christian Minecraft server but they can ban you.
Right, the problem is the other way around. Like if you are doing something bad to someone else, like impersonating and using that to damage them. Even if the TOS says it is not allowed and the person impersonated come to the court and ask for this to stop, they are not obliged to do anything.
At some point, we are going to have to be able to do something about it. At the very least have some ways to handle this kind of problems.
If there’s an “I Agree” button you have to click, it’s a “clickwrap” contract, which courts in the US generally treat as enforceable. [1]
If the terms are just linked somewhere, it’s a “browsewrap” contract, which may or may not be enforceable. [2]
Other jurisdictions may differ.
Larger businesses have economies of scale in all things, including regulatory compliance. It's a great reason to be thoughtful when crafting regulations. Although, in this case, as you point out, that may be a feature.
> ended up making social media accounts require annual payments
So, an end to social media companies that are actively hostile to their users? No more psychologically deceptive tactics to force engagement at any cost? No more ad tracking? An end to foreign spam accounts?
Looks like quarterly ARPU is about $12 per US user per month. So a $5 a month subscription would destroy their business model. However go back 6 years and $5 a month was what they were bringing in from ads, and Facebook wasn't exactly suffering as a business 6 years ago.
In Europe, ARPU is just $6 per month right now, though I'd presume UK is higher, since EU is very diverse in terms of country economies.
Of course most people would leave Facebook if it was $5 a month.
> So, an end to social media companies that are actively hostile to their users? No more psychologically deceptive tactics to force engagement at any cost? No more ad tracking? An end to foreign spam accounts?
We pay for TVs (the physical objects), and most of them are still riddled with ads. They will double dip if they can. The reasoning won’t be “if we charge them this much we can drop ads and not lose money”, it will be “if we charge them this much we can have it on top of however much we are doing with ads”.
> They will double dip if they can
If they can, yes. But it will now open them to competition.
Not to mention, if the law is structured in such a way that advertising-based business models remove their (UK equivalent) of Section 230 while purely fee-based models don't (as you'd assume fee-based models benefit equally from any content, where as ad-based models benefit from certain content more than other) then they can't double-dip since the extra liability will wipe out any advertising profits.
That is because the price of TVs has been dropping while the # of features (and sizes of the TVs) have been increasing.
Modern smart TVs are subsidized to heck and back.
You can actually get smart TVs w/o lots of ads, Sony's Android TVs give you a slew of opt-out options when you first turn them on.
Roku is the worst about this, they show ads to customers and try to collect $ from the streaming platforms.
Those things won't change, the charge will just be on top.
And if they judge you broke a rule that will be an extra $50. But you can appeal for $200?
> And if they judge you broke a rule that will be an extra $50. But you can appeal for $200?
The fact that money is involved would put them under legal scrutiny. It may not actually be a bad deal - the fee can be refunded if the appeal is legitimate (the fee is just to deter spammers) and if they still act maliciously you can take them to small claims court since there's now a defined monetary loss.
> the charge will just be on top.
Disagreed - if ad- and engagement-based social media becomes a regulatory minefield then other monetization models suddenly become attractive. The final price will always only be limited by what the market is actually willing to bear.
What are the alternatives from a advertiser's perspective though? Put an ad in the paper? TV? Radio? Those just don't have the viewership anymore.
> Put an ad in the paper? TV? Radio? Those just don't have the viewership anymore.
Ultimately people have a specific amount of disposable income regardless of how much advertising you throw at them, so the market will rebalance. There might be less advertising overall, which is a good thing for many reasons but one of them would be that the advertising that remains becomes more effective. The mediums you mention currently don't have the viewership because all attention is consumed by social media - this may very well change.
In addition, the issue only applies to the common definition of internet advertising. Advertisers can still produce first-party content just like any other user on the platform and people will like/follow/share it if it's useful or entertaining to them. Product placement will still work, and so on.
> [Preventing public discourse] is, I believe, also the intention behind the calls to repeal Section 230
What do you think about calls to remove platform immunity from algorithms that have an editorial effect?
>What do you think about calls to remove platform immunity from algorithms that have an editorial effect?
You mean, "repeal Section 230"? Because the entire point of Section 230 is to allow imperfect biased moderation without having to eliminate all user content. Such calls are ridiculous, stupid, or malicious on a host of levels. Making editorial decisions about what to allow on your own private property is core 1A Freedom of Speech, with caselaw dating back to well before the web.
"Editorial effect" is also an utterly meaningless phrase. You probably have some silly politics thing in mind, but moderating against porn or violence also has an "editorial effect". So does having a forum devoted to aircraft or cats. I think trains and birds are great too. But if I want to run a forum specifically about aircraft or cats, I need to be able to delete train or bird posts, and if necessary ban users who won't follow the rules. This is all completely biased and has the editorial effect of shaping the forum to a specific niche of speech, there is nothing common carrier about running a focused forum. And politics could indeed enter into it, what if some political group proposes a law banning aircraft or cats? Rallying and organizing against that could include being biased against those who want to support that law. Colorful and strident invective may be featured. Such is life in a free society.
If you want a soap box that does something else, the law also protects your ability to make that (or to group up to do it or pay someone else to do it or whatever else). And as a practical matter it is now easier and cheaper to do so and get to a potential global audience then at any time in human history (let alone the history of the US). Win the argument in the marketplace of ideas, not using the state monopoly on violence.
The main thing I have in mind is machine learning algorithms that optimize for engagement. Those aren't necessarily biased in favor of a specific political position, but tend to amplify rumors over well-sourced reporting, demagoguery over reasoned debate, and often malicious false claims.
Off the top of my head, I don't have a good way to differentiate those algorithms in legal terms. As another comment points out, even sorting chronologically has an editorial effect of sorts, but these things are different and I know it when I see it. Perhaps someone wiser than me has an unambiguous definition.
OK, that's at least a more reasonable thing to be worried about [0], but as you say trying to use the law there would be damn near impossible. Take the case of a law against airplanes/cats again. I'd definitely feel very, very strongly about such an effort, and want very, very much to defeat it. In the democratic system that means rallying a critical mass of fellow citizens. If it so happens my airplane/cat platform is pretty popular and likely would share my interests amplifying that would be a reasonable way to go about it, using algorithms that optimize for results. You might say "well, commercial use restricted only" but how would that be different the typical ad testing runs which have existed forever, where they are constantly testing to try to figure out what engages people and what doesn't? If it's "malicious false claims" then that's already a violation of defamation, there isn't any need for additional law on that front, but for anything else how can we decide in a way that can't be used the other direction?
That's always the rub and the core issue of free speech: there are no oracles. You have to imagine what your worst most hated enemy demagogue would do with the tools you propose to create, because they will have them. Nobody can be trusted with the power. It is hard though, and I won't completely dismiss the idea that the scale networking/storage/ML offers can create emergent effects that don't show up at a smaller level. The legal notion of tracking for example.
----
0: though "amplify rumors over well-sourced reporting, demagoguery over reasoned debate" = the tabloids that exist right there at a large percentage of supermarket checkout aisles, remember nothing new under the sun, you might be surprised at some of the content of regular newspapers for that matter in the 1800s say.
I'm also wary of solving issues with speech or information technology[0] through regulation. That said... if I run a microblogging site HN-rumors.com, somebody might post "xoa is a thief", and harm might come to you because of that. You could sue the poster, but you could not sue me. This holds true even if I moderate the site and remove other content. Good so far, right?
Now what if I hand-curate a front page? If I feature this libelous rumor on it, I'm acting like an editor/publisher rather than a platform and the chances you can successfully sue me go up. What if I pick the users who have been most responsive to that sort of content and email it to them in the hope they'll visit my site and spend more time there as a result? I see my legal risk increasing even more.
Of course it's easy to hold a person responsible when a person is making the decisions. It's harder to say exactly what criteria an algorithm can use, and not the sort of thing I'd want a politician or bureaucrat deciding. Perhaps what I really want is for people to voluntarily stop using corporate social media so much, but I don't know how realistic that is.
[0] Other technologies are better-suited to regulation; I think I wouldn't want to fly on an airplane that got only the maintenance the market demanded.
This is a great argument. I couldn't put it better.
If the goal is to prevent the ambiguous harm of "editorial effect", then I don't think it is fair to remove all platform immunity and punish the platform every time it fails to implement the correct, government-approved "editorial effect" instead of its own.
It seems like the proponents of such a rule change are being underhanded, thinking "We can't ban companies from having a political bias, so we'll say that if the company has a political bias (i.e. any editorial/content policy), it becomes liable for any libel, or scams, or threats (written in any language) that appear anywhere on its platform".
I might support a narrow form of this, though, which says that if a platform doesn't let you opt out of (legal content) filtering/re-ordering of content, then the platform has profited from you receiving messages with an unwanted bias (i.e. commercial speech), and therefore owes the user a small amount of statutory damages each time the user suffers some harm.
Absurd. It would effectively make personalized social media timelines illegal. This idea also doesn't make any logical sense, we all expect that a person or entity that posts illegal content is liable for posting it, foisting that legal burden on the website where it is posted is clearly the wrong thing to do (unless the site is soliciting the upload of illegal content or is refusing to remove illegal content, both of which is already illegal).
>algorithms that have an editorial effect?
Isnt this every non-chronilogical sorting algorithm?
Even chronologically sorting ones. Any choice made is an editorial choice.
It is called the goddamned First Ammendment. What you are stating is legally speaking speaking complete nonsense like insisting that a coffee shop cannot be a resturant.